Cyber security developments in Israel

Since the early 1990s, the State of Israel, ‘The Start-Up Nation’, has maintained its position as a leading powerhouse for cyber security innovation. It has been providing novel solutions, which have enhanced the robustness, resilience and security of other nations and organisations around the world, making a global impact that is non-proportional to Israel’s material size. As of today, Israeli solutions are more prevalent than ever before, protecting billions of people, sustaining the continuous supply of vital services, safeguarding governments and economic infrastructure, and ensuring the security and safety of business and individuals across the globe. The Israeli cyber security industry — relying on its skilled and creative human capital and empowered by long-standing government support and a unique synergy with the world-renowned Israeli academia — has been a key component of the local vibrant security-oriented ‘ecosystem’. It is a prosperous ground where cyber security exceptionalism and excellence can flow and thrive. As such, Israel serves as a global incubator for corporations and individual entrepreneurs alike; those that seek to tap into and embrace Israel’s unique culture, which cultivates entrepreneurship, fosters ingenuity and celebrates the audacity to undermine conventional thinking. When one reviews the ‘Six cyber threats to really worry about’ in the MIT Technology Review and focusing on the ‘ransomware in the cloud’ and the ‘cyber-physical attacks’ options, something is missing — the attacks are sure to happen, but how will they spread out? What is the most likely attack vehicle? As cyber security products are becoming better and more sophisticated, a potential attacker needs to take into account the multiple barriers that they will encounter when trying to launch a cyberattack on a certain enterprise. The attacker, though, has one great advantage; in most cases, they can run a full model of the cyber-security scheme that they will be facing. The cyber specialists that work for a cybercrime organisation live among us; they dig into the same WikiLeaks information, and take part in various conferences and expos. A resourceful cybercrime organisation can set up a complete model of their targeted victim and sandbox their attack. A resourceful attacker will not use ‘plain’ statistical attacks such as a ransomware campaign, knowing that if they target a bank or insurance company, it is most likely that they are well protected against those ‘standard’ attacks (assuming that they follow best practices for cyber security). The attacker may decide to attack an enterprise by using a counter-artificial intelligence (AI) methodology that can outwit existing AI detection algorithms. Another great attack vehicle would be through the use of manipulated hardware or firmware introduced into the organisation through an internal abuser or supply chain. As some cybercrime organisations still ‘support’ legacy crime activities, such as a silent penetration into a facility, obtaining employee extortion and basic human manipulation, ‘qualifications’ that resonate well with their goal of physical penetration into the organisation. In addition, as the use of cloud-based services becomes even more frequent, the cloud vendors themselves become the ultimate prize — the Holy Grail — if you can gain access to a regional data centre and access the data running in it, substantial gain awaits you. The cloud vendors are considered state-level targets as well, owing to fact that cloud vendors heavily guard their data; a ‘promising’ attack would be to tape-out a manipulated chip (ie, a serial peripheral interface [SPI] bus controller) that will ‘find’ its way to the motherboard later when assembled in a server supplied to a cloud vendor. This paper will familiarise the reader with Israel’s cyber security scene and its specific strong points. An analysis of 2017’s cyber security incidents will be conducted, upon which an analysis of the forecast for 2018 will try to predict what to expect in 2018. Various startup companies in Israel can shed some light of what are perceived to be the next threats.