Interview with Ram Levi, Cyber Defense Specialist, CEO of Konfidas Ltd

And Guy-Philippe Goldstein, lecturer at the Ecole de Guerre Economique

SDBR: Israel has been called a "start-up nation". Did that promote the development of cybersecurity in Israel?

Ram Levi *: Israel has become a Cyber ​​start-up nation because the imperative of security has become essential due to the country’s growing reliance on its digital systems. This primary importance means the required full engagement of all stakeholders on cybersecurity issues, all under the direct leadership of the Prime Minister [Chief Executive in the Israeli parliamentary system]. Accordingly, this new security priority has been rightly prioritized by members of the ecosystem, but it must be also highlighted that on this specific topic, the Prime Minister has really taken the lead. Indeed, there has been a genuine, personal involvement by the Prime Minister and this should be all the more stressed that it is actually something quite rare in terms of cybersecurity governance worldwide. Of course, this "Top-Down" ambition could only be fully realized but because there were already Bottom-Up capabilities in Israel. Since the beginning of the 2000s, the country has created superb high-tech capabilities and the topic of cybersecurity has subsequently been identified as a strategic matter. In 2010, the existence of the Stuxnet malware [against uranium enrichment centers in Iran] was made public. We knew what was possible. So, we understood what others could do against us as well. Thus, we also needed new protection.

Guy-Philippe Goldstein **: The expression "Start-up Nation" comes from the 2009 essay by Dan Senor and Saul Singer of the Council of Foreign Relations, that tried to explain Israel's great breakthrough in the information technology industry. The book mostly deals with economic development and tries to highlight some key factors. On the chicken and the egg issue, aka what factors have contributed the most to the development of Israel’s cyber industries (the increased dangers from the growing attack surface? Or the local strength of a potentially civilian-military dual ecosystem?), one could answer: both !  and it is actually the intersection of these two factors, and the increased awareness of this intersection, that made it possible for the Israeli ecosystem to really stand out (an appreciation that can be also seen, though to a lesser extent, in Estonia). Everything really started in the early 1990s, with the rise of the digital industries as a result, in part, of a new funding program that opened up the local ecosystem to foreign VC funds. This first wave saw the rise of the first successes for the Israeli cyber industry, such as the antivirus publisher Checkpoint, founded in 1993 and IPO’d three years later at Nasdaq. At the government level, there is a growing awareness in the second half of the 1990s in the new cyber risks for civilian infrastructure, at about the same time as the Americans. Then, in the 2000s, the second Intifada yields one of the first examples of cyber-guerrilla warfare, though at a very low intensity level. However, it did highlight the beginning of Israel's exposure to digital infrastructures’ risks. And then, later in the decade, new operations reinforced this awareness, from the continued successes of certain military units, such as unit 8-200, to Israel's participation in the extraordinary US cyber-operation "Olympic Games" against the plants for uranium enrichment in Iran, as recalled by Ram. This combination of both vulnerabilities and successes converged in the early years of this decade at the highest level of government. It reinforced the strategic importance of the field for Israel’s government, as stressed Ram. And in turn, this governmental impulse helped to further accelerate the development of the ecosystem. That being said, when critical governmental decisions were made in 2011, there were already about 150 cybersecurity startups operating in Israel - a figure still not reached in France 8 years later. Again, to explain the incredibly successes of Israel in the cyber-field, on needs both the chicken AND the egg.

What is the Israeli government's cyberspace philosophy?

Ram: In terms of cyber defense approach, we do not have a “philosophy” per se, but rather a strategy. It comes on three levels. The first level consists in the robustness of the technical, human and organizational systems. All activities and markets need to reach some basic levels of cybersecurity. A second level is that of resilience. On this dimension, the government needs to work with relevant institutions and organizations, based on criticality analyses developed to improve resilience capacity. All this requires the proactive involvement of the government and the organizations concerned, accompanied by the development of the necessary tools, knowledge and know-how. The third level is that of active defense. Here, you need to be proactive again, as can be seen in many other security topics. For example, a terrorist group should be arrested before it even enters a shopping center. In cyberspace, state capabilities must be employed to identify and stop before it’s too late certain groups of hackers. Intelligence capabilities and other tools must be used to degrade or to destroy these enemy abilities. This is typically done at the national level of defense - where state action is expected.

Guy-philippe: In terms of ecosystem development philosophy, there has been organizational thinking for this new industry around three pillars: the state (including the military authorities); the private world, which allows flexibility and adaptation; and finally the university world - an even more prominent aspect in the Israeli model than, for example, in the United States. The enforcement of this vision drives the Beersheva ecosystem, still under construction, with the idea that you will find within a radius of 300 meters, a few minutes’ walk, these three poles all together. There are also some important distinctive elements of the Israeli vision and it is critical to emphasize them. First, when one speaks of the private/business world, it means first and foremost startups in Israel - NOT the great national champions that need to be protected, as it is thought of in some countries with hardcore “Colbertist”/ top-down traditions. These “top-down” traditions are unfit to our current network economy. Why? Because breakthrough innovation is much more likely to happen in small, tightly-knit startups than in large organizations run by several layers of committees and hierarchies. This was already the case in aerospace at the time of the “Skunk Works”. It's even more obvious in the digital world. Additionally, no one in Israel is really focused on favoring and preserving a “golden nugget” company or technology. What needs focus is the ecosystem - that is, the critical concentration of human talent, formed by the State and the Army, financed by Israeli and foreign VC funds. This requires a holistic thinking in terms of culture, education, university research, tax system, market conditions, intellectual property law etc ... No matter what champion or technology: what really matters is talent, that should remain in the country and whose concentration constitute the ultimate guarantee to react to a new threat, in a constantly changing environment. Additionally, from the economic point of view of an American corporate acquirer, why getting rid of talent and risking then making the company an empty shell? And why replacing it with talent from Silicon Valley, that is way more expensive than in Israel for an equivalent quality? Finally, there is the idea that it is vital to make an opportunity out of what is initially a security challenge.  Indeed, like old alchemists, the magics is to turn “the lead” of the cyber aggression into the “gold” of commercial conquest.  To do this, one must accept a certain risk level and one must believe in its ability to adapt and to overcome the risk. But then, it is in the spirit of Israel, a highly resilient  country, which in any case has never had any other choices but to adapt to survive.

Has Israel become the Cyber ​​Lab of the United States ?

Guy-philippe: Israel has become one of the Cyber ​​Labs for the United States – in itself, an important statement, since the US has obvious tremendous capabilities and legacy in that matter. Indeed, both from a civilian and a military point of view, it is clear that Israel is a very privileged partner for research and development - perhaps even more, in some respects, than some other historical partners of the United States. At the military level, one can take the example of Stuxnet, mentioned above with "Olympic Games", as a case of deep Israeli-American cooperation, in the context of very advanced, quasi-experimental technologies. This type of cooperation, on such sensitive, intelligence-related issues, with such new technologies, and even without the opportunity for joint commercial development of weapons systems after action – that’s actually quite rare in the history of military cooperation. At the civilian level, there is also all the venture capital funds from the US that are being invested in cybersecurity startups, or all the other investment funds being injected into the capital of Israeli companies listed on the US markets, such as Nasdaq. And then, one needs to add to these the numerous R & D centers - more than 250 - where cybersecurity is one of the areas of research (eg the EMC Center of Excellence in Beersheva).

Ram: Yes, but we can also say that Israel has become a "Cyber ​​Lab" for a much larger number of countries other than the United States!

Does Israel have an objective view of the "bad guys" in cyberspace ?

Ram: Israel is constantly busy identifying potential adversaries and thinking where to focus in these risks. Different responsibilities are assigned to different organizations. The army is essentially in charge of the threat that comes from Syria or Lebanon. External intelligence services, such as Mossad, will be more oriented towards threats like Iran, or even more distant opponents. Domestic intelligence services are focused on cyber threats that may endanger the democratic system or that may be related to counter-intelligence issues. In addition, there is a constant assessment of the threat from actors such as China, North Korea or Iran, in order to develop the most relevant cyber responses to these potential "cyber adversaries".

Guy-philippe: Israel, a country firmly in the Western block, shares with all its allies a common perspective on the threats from a geopolitical point of view. But then, as with all other allied countries, there are, of course, nuances peculiar to its situation as well as to the Middle East. Iran plays a special role here in terms of threats, as is the case anyway at the conventional level. Iran's areas of action against Israel are varied. They include, for example, influence operations on American social networks in order to fan hatred against Israel. Iran has also managed to get strong reactions from Pakistan’s online population in late 2016, by broadcasting online a fake story evoking a nuclear threat from Israel if Pakistan would sent troops to Syria. Russia, which has rather good relations with Israel in the context of the Syrian situation, is also suspected of having attempted to interfere in the electoral campaign for the April 2019 parliamentary elections in Israel. The idea may have been, perhaps, to try to practice the type of online disinformation campaign that has been seen in many other Western countries.

How is it an art to defend against the threats of the cyberworld ?

Ram: Cyberdefense is based on an implicit know-how, an "art", that is difficult to communicate, and that develops itself as conflicts grow in cyberspace. This know-how must take into account many non-technical elements. For example, the cost of action needs to be related to the economic impact if no remedial actions were taken – a key consideration in business risk management. In a more general approach, all the managerial components of the response are often much more important than the technical aspects. The capacity to react in this human and financial complexity, in an ever dynamic environment, is characteristic of a “know-how”, an implicit knowledge, and therefore of an art, not of an exact science.

Guy-philippe: Ram, who had already very convincingly explored this theme during his speech at the Trustech Conference in Cannes, is perfectly right to speak, to date, of an "art of Cyber". There is also a particular reason for this, which prevents cyber-defense from being transformed into "science": this domain is in fact organized according to the contentious dialectic of the attack and of the defense. There are no immutable laws, but rather a strategic dynamic where each action of one actor yields a reaction from its opponent. The struggle in cyberspace is echoing other domains of conflict: for example, we do not speak of a science of warfare but of the art of war. Furthermore, as “all warfare is based on deception”, to reuse one of Sun Tzu’s most famous sentences, it is illusory to propose invariably winning observable tactics - since surprise is one of the keys to victory! To put forward a particular method and to systematize it would actually create a vulnerability. This is a lesson that should be well known in France, a country marked by the “Maginot line as formidable defense” fallacy before WWII. Focus on a specific defense system - and the enemy will avoid it and it will attack elsewhere.

What could be Israel's contribution to a cyberworld police ?

Ram: Israel’s contribution? Technology, knowledge and also, it is important to emphasize, an "intellectual leadership" approach. When we talk about "cyber risks", we are talking about risks that come from a malicious actor - from someone. However, many people in the West are still not well accustomed to this adversarial approach toward cyber threat. The state of mind in Israel, influenced by the hostility against the country and materialized by wars or terrorist attacks, is on the other hand very much marked by this adversarial approach. Cyber-risks are no acts of nature. There’s someone behind – may it be, for example, a criminal group or a Nation-state. The technology developed in Israel is influenced by this understanding of the cyber threats we face.

Guy-Philippe: Israel is already playing an important role in reducing cyber risk through the development of its incredible ecosystem of startups in cybersecurity. There are 450 startups active in cybersecurity today - three times more than in 2011 - for a total of about USD 1.2 billion raised in 2018, representing 20% ​​of total global investments. The contribution is obvious here: it is that of constant innovation in the service of securing the global network. Israel, acting with its main allies, also allows pushing further the technical demonstration of what the cyber domain can do. This was already the case with Stuxnet - and it can be said that the effectiveness of the action, as well as its deterrent impact, may have been significant factors helping major Western powers to compel Iran to negotiate the agreement on the nuclear power. I would also stress that Israel offers a development model that other cyber forces in the western world should observe and understand. Again, the focus is not on national technologies or “golden nuggets” companies, but on the ecosystem as a whole, i.e. on the concentration of human talent. There is also an important understanding of what cyber really is: not just a technological struggle, but first and foremost an intellectual confrontation between the attackers and the human defenders. To miss this dimension and not to understand the criticality of the ecosystem favoring talent - that is to take on the wrong battles and to risk then strategic defeat.

Is there in Israel as in France a problem of human resources in cybersecurity ?

Guy-philippe: the Israeli civilian cybersecurity industry experiences the same recruitment and retention problems that are observed in other Western countries. This stems in part for the same reasons, especially with regards to diversity issues. If fixed, gaps could be filled. These problems may be linked to the core group of founders, frequently males. They will consciously or unconsciously favor a male-dominated company culture that does not attract female talent – quite the contrary. However, at the military level, Israel has managed to integrate women into the cyber force of the army. Thus, in the elite unit 8-200 dedicated to electronically intelligence ("Signal Intelligence"), more than 55% of the workforce is now female and mixed teams are now the norm.

 * Ram Levi is the CEO of Konfidas, a consulting firm specialized in cyber defense. A former IDF (Israel Defense Army) officer from "Mamran" elite IT unit, Ram is an adviser on cybersecurity issues for the National Research and Development Council and a member of the national committee for cybersecurity research. He was also the former Secretary of the Government Task Force on Israel's Cyber ​​Defense, which led to the creation of the NCB (National Cyber ​​Bureau) in 2011.

** Guy-philippe Goldstein is a professor at the Ecole de Guerre Economique in Paris, a contributor to the academic journal of INSS (Institute for National Security Studies) in Tel Aviv, and advisor on cyber defense issues for PwC and for ExponCapital, a  venture capital fund. His novel, "Babel Minute Zero", which describes a cyber-conflict scenario, was published in first France in 2007 and then and Israel in 2010, where it gained readership among some senior officials in charge of cyberdefense, including Prime Minister Netanyahu.