Cybersecurity as a Priority in Israeli National Security

• By Majd Ziadeh and Anis Jamil Saffouri (Center for Arab Unity Studies),
• Translated by Mohamed SAKHRI.

Humans have tied themselves more closely to technology alongside the establishment of an industrial capitalist character. This connection has created significant opportunities for development and eased life across various fields, including political, economic, social, military, and security aspects. With the growing importance of technology, new risks related to cyberattacks have emerged. The first recorded cyberattack in history dates back to 1834, aimed at stealing information related to the French financial market by accessing the French telegraph system. As technological advancement and the digital revolution increasingly intertwined with human life, cybercrime began to emerge in the late 20th century. Initially, these crimes involved isolating individuals and institutions from their data (Wolf, 2024). Over time, the importance of electronic security accumulated, leading to its inclusion in the national security of various nations, with Israel being one of the foremost countries to emphasize cybersecurity.

Israel’s approach centers around the importance of technological superiority to protect its security, a belief that has been evident since its establishment and the formation of its security concepts. David Ben-Gurion placed significant importance on Israel’s technological superiority, and this perspective has been upheld by successive Israeli institutions and governments to protect Israel and combat its enemies (Anatbi, 2022). However, despite this relentless pursuit of superiority, Israel remains increasingly vulnerable to cyberattacks. Indeed, Israel was one of the most targeted nations for cyberattacks in the world in 2023, with a total of 1,480 cyberattacks (Jeffay, 2024). This raises the question: what is the potential relationship between Israel’s technological superiority and its exposure to cyberattacks?

To answer this question, several related inquiries arise that lead to potential conclusions. It is crucial to understand the types of global cyber threats. The desired Israeli security superiority is linked to ensuring safety amid modern challenges. Addressing the question of what the key global challenges are relates to Israel’s efforts to maintain cybersecurity, as does the question regarding what the main Israeli tools are known to ensure this superiority amidst global challenges. Additionally, why did the battle in 2021 emerge as one of the most significant conflicts affecting the concept of cybersecurity globally? How has the ongoing war since October 2023 impacted this sector?

It is assumed in this context that the more a state engages with and utilizes technology, cyberattacks become a more effective tool of influence. Israel is deeply integrated technologically across all levels, and this integration, both domestically and internationally, is likely a significant vulnerability for the country in the event of a cyber attack.

Within this quest for answers, a set of foundational difficulties arises, such as the recognition of a lack of visibility regarding the tools employed or strategic means due to the secretive nature of warfare in general and cyber warfare in particular. This indicates weaknesses in cybersecurity operations and Israeli cybersecurity for several reasons, including the absence of a clear declaration regarding Israeli national cybersecurity and the inability to access potential tools for cyber defense and offense. These tools could have a more considerable impact but remain shrouded in secrecy due to the nature of work in this field, which relies on infiltration and breaches. Thus, the findings presented in this research article aim to outline the most permissible aspects within this domain.

First: Global Cybersecurity

The definition of cybersecurity encompasses a wide range of contexts amid rapidly increasing cyber threats. These multiple contexts range from network security, application security, information security, operational security, business continuity, disaster recovery, cyber awareness, and risk prediction. These contexts exist within a backdrop of a significant uptick in the volume of global cyber challenges (Kaspersky, 2024).

Cyber threats have been rising annually, prompting an equivalent increase in spending on cybersecurity. The number of breached records between 2018 and 2019 rose by 112 percent over the same period in each year. Forecasts suggest that global spending on cybersecurity will surpass $260 billion by 2026 (Kaspersky, 2024).

Global cyber threats can be categorized into three primary motivations: political, criminal, and terrorist. A distinguishing feature of cyber threats is that they fundamentally require knowledge, giving individuals, groups, nations, and organizations relatively easy tools for targeting. Each of these categories aims to achieve its goals based on the type of threat: criminal offenses, politically motivated attacks, and terrorist-directed assaults (Kaspersky, 2024).

Types of attacks are operationally classified according to several methods designed to achieve attackers’ goals. These include malware, injection, phishing, Wi-Fi attacks, denial of service attacks, malicious software, romance scams, and Emotet. Malware includes programs categorized under viruses, Trojan horses, spyware, ransomware, adware, and botnets. SQL injection refers to a type of malware aimed at stealing data, while phishing involves using emails for breaches. The Wi-Fi attack method aims to intercept communications. Denial of service attacks focus on preventing a target from reaching its requested service. Malware constitutes programs responsible for global assaults that disrupt services across various sectors, such as those seen in 2019. Romance scams exploit personal relationships for breach and extortion, while Emotet refers to breaches targeting weak passwords (Kaspersky, 2024).

Second: Key Israeli Tools for Cybersecurity Defense

1. The National Cyber Matrix

Israel has proposed a national cyber matrix to protect its increasingly vital cyberspace, which is tied to a wide array of economic, social, political, and military interests. Over time, the importance of technology in human life has significantly increased, particularly with the advent of a technologically interconnected era affecting most aspects of life. As such, protecting this cyberspace has emerged as a priority due to a range of challenges. Israel established the national cyber matrix to shield the electronic space from any potential attacks and risks that may affect the state and its citizens (State of Israel, National Cyber Security Authority).

The Israeli national cyber matrix aims to achieve five fundamental objectives: defense, economic resilience, leadership and innovation, international strength, and strategy and policy. In terms of defense, the matrix seeks to protect cybersecurity and discover errors at the national level. Regarding economic resilience, the goal is to enhance the economy’s and public’s capability to defend and prepare through skill employment and increased awareness. Under leadership and innovation, the focus is on fostering human capital and encouraging research and innovation. The matrix also aims to elevate Israel’s global standing through self-development and international and global alliances. Finally, in terms of strategy and policy, the objective involves operationalizing the Israeli strategy at local and international levels and creating a central professional authority in this regard (State of Israel, National Cyber Security Authority).

2. Unit 8200

Unit 8200 is responsible for cybersecurity within Israeli military intelligence (Aman). The unit’s primary mission lies in achieving intelligence superiority across security, military, and political levels. Its responsibilities include developing and operating tools for information collection and analysis and relaying information to relevant executive agencies within and outside the military. The unit received acknowledgment from the Chief of Staff of the Israel Defense Forces in 2013 for its achievements. It gathers signals intelligence (SIGINT) and performs code decryption. Military publications refer to this unit as the central information-gathering unit of the Intelligence Corps, and as the Israeli National SIGINT Unit (ISNU).

This unique unit, alongside others, safeguards Israeli weapon systems against cyberattacks and enables advanced weapon systems to operate in areas prohibited for GPS (Egozi, 2019).

3. Lahav 433

Lahav 433 operates within the Israeli police, focusing on national and international crime detection and public corruption. It comprises several divisions, forming a total of eight sections: the National Fraud Investigation Unit, the International Crimes Investigation Unit, the National Economic Rescue Unit, the Auto Theft Detection and Recovery Unit, Unit 33, the Cyber Unit, and Unit 105. These divisions consist of six working teams, which are overseen by a permanent evaluation and oversight committee (Israel Police, Lahav 433 leads a systemic struggle to reduce severe crime phenomena at the national, international, and public corruption levels).

Third: The 2021 Conflict

The shift in the international landscape towards a multipolar world with significant military competition presents a considerable challenge to Israeli security, particularly in cybersecurity. Global competition between the great powers affects the Middle East and the ongoing conflict resulting from the occupation of Palestinian and Arab territories, making the region a battleground for proxy conflicts among diverse international parties. This situation allows Israel’s enemies to acquire new technologies, weapons, and experiences, increasing the challenges and risks to Israeli security (Anatbi, 2022).

The conflict that occurred in May 2021 emerges as one of the most significant tests for the Israeli cybersecurity system. New cyber tools were utilized during this conflict. New threats became evident during the 2021 conflict; among these were advanced technologies possessed by both state and non-state actors hostile to Israel, while Israel leveraged artificial intelligence as one of its key instruments in the conflict (Anatbi, 2022).

In the 2021 conflict, Israel integrated artificial intelligence with the air force, which effectively assisted in target identification. The 2021 war was dubbed the first artificial intelligence war, and its operational performance, combined with AI, received extensive coverage in international media. Besides targeting, AI integration with air force operations for implementing assassinations, Israel also improved the Iron Dome and intercepting capabilities using AI and operated a fleet of drones guided by artificial intelligence that contributed to target identifying (Anatbi, 2022).

Fourth: The October War of 2023

Since October 7, 2023, Israel has been engaged in a multi-front war. These fronts extend beyond geographic dimensions, with one of the most critical battlegrounds being the active cyber warfare (Daniel, 2024). Since the war’s onset, there has been a substantial increase in cyberattacks from Iran and Hezbollah. Gabby Portnoy, Israel’s cybersecurity chief, stated that cyberattacks have tripled, and cooperation between Hezbollah and Iran poses a tangible threat to Israel, especially following the attack by the Lebanese group Arz, in collaboration with the Iranian Ministry of Intelligence, on Zev Hospital in Safed. Although the attack did not disrupt hospital operations, the attackers were able to steal significant and sensitive information during this breach (Wrobel, 2024).

Despite Israel’s technological superiority, both in general and within cyberspace, the events of October 7 highlight genuine risks in this domain. According to Israeli reports, the attacks conducted by Israel’s enemies require minimal material resources while simultaneously yielding significant impacts across multiple levels. These attacks aim to affect Israeli society and exacerbate internal divisions, a phenomenon that experts refer to as deep influence. This is in addition to targeting, infiltration, information theft, and sabotage. The effects of these targeting efforts are amplified by the “democratic” nature of Israel and the economic interconnectedness that supports the country’s liberal capitalist character (Daniel, 2024).

Three types of targeting emerge within the ongoing war: cyber espionage, social manipulation via social media, and destructive attacks. Israel’s adversaries, particularly Iran, attempt to extract as much information as possible through cyber espionage. The significant potential for deep influence on social media at a global level also seeks to target and affect Israeli society, coupled with circulating a wide array of images and videos that harm Israel and shape an antagonistic public opinion against it. Finally, adversarial entities attempt to target Israel through a series of destructive operations against Israeli infrastructure, which not only results in physical damage but also erodes public trust in the government’s ability to protect its citizens, particularly when targeting is directly felt by individuals (Daniel, 2024).

Fifth: Manifestations of Israeli National Security Doctrine on the Future of Cybersecurity

Israeli technological and technical superiority is directly linked to national security. This connection arises from the necessity for qualitative superiority within the Arab homeland, which possesses substantial quantitative advantages. Within Israeli society, ideas are proposed to ensure this superiority in the cyber domain to meet future challenges, which are likely to intensify due to lessons learned from adversaries and ongoing adaptation to strike at Israel. In this context, the idea of comprehensive multi-dimensional defense emerges, encompassing all fronts, including the cyber front (Daniel, 2024).

To achieve comprehensive defense in the realm of cybersecurity, a series of practical steps are suggested, expected to be effective and positively impactful. Continuous updates to the defense and offensive systems stand as pivotal practical steps, necessitating increased investment in this sector, along with enhanced cooperation between the government, its allies, and the private sector, including technological giants (Daniel, 2024).

Estonia’s experience serves as a model for Israel. Russian cyberattacks compelled Estonia to enhance its defenses, ultimately making it a leading country in cybersecurity. Estonia faced extensive cyberattacks in 2007 which led to the simultaneous crippling of 58 websites. This led Estonia to exert genuine effort in cybersecurity, enabling it to become a world leader and to establish cooperation agreements with various nations for advancement (Daniel, 2024).

Conclusion

Israel is highly aware of the significance of technological and technical superiority for its national security, along with the increasing role of technology in the economic sphere. However, this type of warfare poses a greater burden for capitalist nations. The nature of the cyber front is intertwined with the state and institutions’ technological and economic developments. The more a state engages and progresses economically and technologically, the more critical this arena becomes. As an engaged nation in global social media, Israel faces greater opportunities for influence deep in its internal social front compared to nations like Iran, which significantly limit social media access, or China, which has developed its own programs subject to direct government oversight. Similarly, the more institutions digitize for user convenience, the higher the susceptibility to cyberattack threats.

At the same time that a state’s socio-economic nature affects the ease of cyber targeting, the manifestation of attacks with simple means and minimal costs poses a real dilemma for nations, including Israel. Finding a vulnerability within a sprawling, complex, and interlinked system is far easier than fortifying it against breaches. The financial cost of an assault is less than the continual effort required for defense in a milieu rife with chaotic targeting opportunities. The cyberspace does not have clear boundaries or battlefronts; it is an interconnected arena where any party, whether a state, individual, organization, or company, can incapacitate entire entities and influence the world. In such scenarios, the concept of deterrence favors those less integrated economically, socially, politically, and technologically in the age of the digital revolution.

Sources:

• Arctic Wolf. 2024. “A Brief History of Cybercrime.” Accessed June 21, 2024. Arctic Wolf.
• Egozi, Arie. 2024. “How Israel Is Leading the Global Cyberwarfare Race.” Defence IQ. Accessed June 20, 2024. Defence IQ.
• Jeffay, John. 2024. “Israel Was the Number One Cyber Attack Target in 2023.” ISRAEL21c. Accessed June 25, 2024. ISRAEL21c.
• Kaspersky. 2024. “What Is Cybersecurity? Types, Threats and Cyber Safety Tips.” Accessed June 10, 2024. Kaspersky.
• Wrobel, Sharon. 2024. “Cyberattacks by Iran, Hezbollah Have Tripled During the War, Says Israel Cyber Czar.” The Times of Israel. Accessed June 21, 2024. The Times of Israel.

Hebrew Sources:

• Anatbi, Liran. 2022. “The Technological Arena: The Challenge of Maintaining Israel’s Position.” Tel Aviv: Institute for National Security Studies. Accessed June 18, 2024. INSS.
• State of Israel, National Cyber Security Authority. Accessed June 16, 2024. Government of Israel.
• Intelligence Division Unit 8200. “Introducing Unit 8200.” Accessed June 21, 2024. Unit 8200.
• Israel Police. “Lahav 433 Leads a Systemic Struggle to Reduce Phenomena of Severe National, International Crime, and Public Corruption.” Accessed June 21, 2024. Israel Police.
• Cohen, Daniel. 2024. “Cyber and Influence in the ‘Iron Swords’ War.” The Arena, Diplomacy and Foreign Relations, Reichman University: Institute for Diplomacy and Foreign Relations. Accessed June 21, 2024. Arena Journal.