There are only two types of people in the world: “those that have been attacked, and those that don’t know that they have been attacked,” declares Bridgadier General Doron Tamir, a founding member of the Israeli National Cyber Bureau in the Prime Minister’s Office, and current Chairman of The Floor Cyber.
From the Russian hackers that altered the outcome of America’s 2016 presidential elections, to the malicious spam links in email inboxes, cyber attacks have become a part of everyday life. “The dark net is moving much faster than any government or police. They know how to use the technology for all purposes,” Tamir says.
In an exclusive interview with GovInsider, the former top intelligence officer shares the secrets to staying ahead in the game.
Finance is one key sector where cybersecurity needs to be fortified. Banks are popular targets for hackers looking to make a quick buck. In 2016, a record-breaking US$81 million was stolen from a Bangladeshi bank from a hacked computer – all in mere hours.
Governments need to ensure that banks in particular are well-guarded from malicious attacks, according to Tamir. “They are giving service to the public. If they will be harmed now, the public will be harmed.” To protect its banks and other institutions, Israel established a data centre that collates and pools information on cyber attacks. Tamir recommends other governments take the same approach.
Banks can then analyse information from the data centre to guard against specific modes of cyber attacks. But a problem remains: banks do not like disclosing that they have been hacked, and this puts other banks at risk. “None of the banks like to expose that they have been attacked,” he says. “[But] why should the other banks not know about the corruptive ways? Tomorrow, I can be attacked the same.”
As a result, the data centre now shares information on the cyber attacks, but keeps the identities of their victims confidential. “If we do expose only the data, everybody can learn from that,” Tamir notes. Other banks will then be able to “pull information about cyber attacks that is concrete to them without exposing others”.
Make cybersecurity popular
A “world phenomenon” in cybersecurity is the lack of skilled professionals, says Tamir. Israel has tackled this challenge by making cybersecurity an attractive subject for students and teenagers. “It has to be popular; you ask everybody, it’s sexy. It’s something that is improving your life,” Tamir shares.
The country has done this by making the topic a part of the education system at a much earlier stage than other countries – starting from sixth grade. It is the only country in the world which has cybersecurity as an elective for high school matriculation exams. High scorers are recruited into the military’s cybersecurity unit during mandatory national service, where they are given specialized training.
Israel is the world’s first country to offer a PhD in cybersecurity as an independent discipline, rather than as a computer science subject. The country is home to six university research centres focused on cybersecurity.
More generally, governments need to make mathematics more attractive to graduates as the subject is at the core of how computers work. Israel is finding ways to make this subject popular too. For one, the University of Tel Aviv set up a space studies course so students can develop mathematical skills while following their passion for outer space. “It doesn’t matter tomorrow [whether] you are on the rocket to the moon, but today, you learn a lot of mathematics,” he notes.
Together, all these education programmes create a strong career path for Israelis in cybersecurity and tech. “If you have some kind of ecosystem, it’s stable and you can rely on it,” he notes. “We go 10 years from the sixth grade and high school into the military and academia. It’s part of one big system.”
The next step is to then put your money where your mouth is. Governments must invest in developing cybersecurity technologies and create a supporting ecosystem for startups to test new ideas. Israel is home to 400 cybersecurity startups, and in 2016, it accounted for 20% of the world’s cybersecurity investments.
The Israeli government financially supports startups to test their solutions. “In the first steps, the proof of concept, and they are subsidising them, they’re giving them money.” Projects that show potential are then further funded and put on the market. “Israel is also a very good place that investors from abroad are investing in this infrastructure,” he adds.
There are, of course, risks associated with this funding: of Israel’s 400 cybersecurity startups, only about 10% would succeed, he says. “It could be sometimes we have to spend money given you’ll not see the money back.” But all is not lost when a project fails; the country encourages a healthy culture of risk-taking, he adds. “If we fail, we don’t give up; we try and get up.”
It’s about throwing as much as possible at the threat and adapting constantly. Israel’s success comes from its constant iteration and metamorphosis. Every part of the nation – from the education system and digital economy to its high tech defence industry – is aware of the importance of cybersecurity.