Isaac Ben-Israel, the man who kickstarted the Israel’s cyber revolution, gives insight into cybersecurity’s many facets
The annual international cybersecurity event CyberWeek is kicking off on Monday, hosted in Tel Aviv. The event will gather cybersecurity experts, industry leaders, startups, investors, academics, diplomats and government officials, and offers a thought-provoking exchange of knowledge, methods and ideas related to the cybersecurity industry and the fields surrounding it. The event will run for a full week and include over 40 roundtables, panels, workshops, forums, BSides and competitions.
Professor Isaac Ben-Israel is the director of the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University and co-founder of the annual event. Ben-Israel is a retired Major General in the IDF, where he served in several top defense technology units until his retirement in 2002. In 2011, Ben-Israel submitted the National Cyber Initiative to the government: a plan which laid the foundation for Israel’s cyber revolution during the past decade.
How would you define the fundamental idea of CyberWeek? Is there really enough to go over to take up a whole week?
“From the beginning, the main idea was – and still is – to regard cyber activity as a kind of interdisciplinary discipline. It’s not only about technology. Although most of the problems in the 21st century we tend to solve with technology, many times those problems are not purely technological. Solving these problems, many times, may depend on variables, like the psychology of the user, or sometimes the psychology of the masses, when looking at things like social media. Often one has to take into account legal problems: the conflict between different sets of values, like security on one hand, and privacy on the other hand. As well, we could make cybersecurity much more efficient if we disregard the privacy or human rights of our own citizens, which is, in a way, a philosophical question. These factors have nothing to do with technology.
“Next week, you will find people from many disciplines: computer scientists, engineers, etc; but there are also people that are involved in policy and legal issues, psychology, you name it, all the issues that I mentioned. That is the nature of CyberWeek, from day one until today. That’s why we need a week. We started with a one day conference and then we said ‘okay, but we have to discuss the legal issues, we have to discuss ransomware, we have to discuss human psychology, business issues. We had to keep extending it.”
Do you see CyberWeek as “the big Israeli cybersecurity conference” or as “the big cybersecurity conference, that happens to be in Israel?”
“There is not much difference between the two, because while we didn’t invent the technology in Israel, we were among a very small group of countries which used it for intelligence and defense.
“What we were the first to do is to, in a way, come out of the closet with our cybersecurity knowledge. In 2011, we decided not to keep it a secret anymore. We made it a legitimate subject for normal civilian activity: we started to develop academic centers. It’s hard to believe but when we started in 2011, there was not even one university on the globe in which you could go and study cybersecurity. Why? Because if you publish a paper about it in university, the enemy will also read it. So the attitude was to keep it secret.
“Today, we are the only country in the world in which we teach cyber security in high schools. But that gives us an advantage. When people all around the world would like to go and see what is in the faultline or cybersecurity, they will usually find it in Israel.”
Moving away from CyberWeek, I wanted to pick your brain on the cyber warfare that was reported at the onset of the Russia-Ukraine conflict. Why haven’t we heard about more cyber attacks between the two countries as the war has waged on?
“Usually when you build a certain offensive capability – tanks, aircraft, submarines – you can assume that 20 years from now the situation will be different, and everything you prepared 20 years before may not fit the new battle arena. So part of military organization is to track the changes on the other side, and if you come to the conclusion that the weapons that you already have do not fit the situation anymore, you modify your weapons or develop a new generation of weapons. It’s an endless game: you prepare certain capabilities, you follow the chances on the other side, you modify your capabilities.
“The same holds also for cyber weapons; the only difference is that the timescale is very short. You cannot expect tools that you developed six years ago to operate today, because the probability that the victims will have the same architecture is almost zero. In the cyber field, six years is like five generations.
“If you want your capability to be adaptive, you have to invest a huge effort in maintaining this capability. Russia didn’t do that, and that’s why when the war started, you saw certain cyber actions, but that was the end of it.”
Does the same idea apply to the back-and-forth of cyber attacks between Israel and Iran?
“It’s not the same, because outside of a wartime scenario, both sides have a lot of time to develop their attacks. Our exchange of attacks aren’t really things that are improvised on the spot; if you need another month, you can take another month to develop. It’s different.
“Still it demonstrates other things: until now all the Iranian attempts to cause damage to Israel via cyber technology have been very marginal. This may change at any time, but until now, they’ve tried, but failed. That shows us that the tools we built for protecting ourselves are effective – but that doesn’t mean that we can sleep on the job, because they’re definitely trying.”