To stop Russia and other hackers, we need to overhaul the internet, says top Israeli cyber expert
Internet pioneers didn’t need to prioritize defending against cyber warfare, but we must, says Prof. Isaac Ben-Israel, who developed Israel’s cybersecurity agencies and hosts next week’s prestigious Tel Aviv Cyber Week 2017
22 June 2017, 3:21 pm 11
Professor Isaac Ben-Israel during a 2011 press conference with Prime Minister Benjamin Netanyahu announcing the establishment of a national bureau to focus on Israel’s information protection capabilities and supervise development of the cyber sector (Kobi Gideon / Flash90.)
The professor and ex-general who runs Israel’s prestigious annual cybersecurity conference, and who was central to the establishment of Israel’s pioneering cyber protection agencies, is calling for a radical overhaul of the internet in order to counter cyber warfare.
In the course of a wide-ranging interview with The Times of Israel ahead of next week’s Tel Aviv University “Cyber Week 2017,” which will include presentations by serving and former US administration cyber officials, Prof. Isaac Ben-Israel said he had absolutely no doubt that the Russian government meddled successfully in the US presidential elections, and that Moscow sought in vain to influence the recent French presidential elections.
He said Israel also faces incessant efforts to breach its cybersecurity. Although it is relatively well-protected, he noted dryly, Israel is a relatively prominent target.
Ben-Israel highlighted that it is extremely rare for cyber criminals to be caught, and lamented that “almost no effort” is being made to catch them. What is urgently needed, he said, is to address “the problem of attribution”: The protocol that governs the internet does not enable a recipient to establish who is sending material, because that was not initially a priority. This needs to change, he said.
The pioneers sough to establish a robust, non-centralized internet that could not be physically destroyed by attacking a few key communications centers, and that could ensure secure communications, Ben-Israel recalled.
“But every day, nowadays, there are millions of attacks,” he said. “Nobody goes after the criminals. So why not develop the technologies to do so? Change the internet protocol,” he urged. “You need to re-engineer the internet to enable identification of the source of everything.”
Prof. Isaac Ben-Israel at his Tel Aviv University office, June 19, 2017 (DH/Times of Israel)
Ben-Israel, 67, is one of Israel’s foremost scientists, and an ex-general and former MK. Among a dizzying array of roles, he currently directs the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, heads the university’s Yuval Ne’eman Workshop for Science, Technology and Security, and chairs both the Israel Space Agency and the National Council for Research and Development under the auspices of the Science Ministry. In a 35-year military career, he held a range of senior and sensitive positions, notably in research and development, in the Air Force and the General Staff. Post-army, he was central to the establishment of Israel’s National Cyber Bureau and other authorities protecting national civilian and security infrastructure from cyber attack.
The Times of Israel spoke to Ben-Israel in his small office at Tel Aviv University, a room decorated mainly with posters featuring Albert Einstein. He was candid and generous with his time — consenting to a second meeting to address issues we had not had time to cover in the first.
‘There are five top players. Offensively and defensively, they’re the same. Not in order: Israel, the US, Russia, Britain, China’
The conversation was not exactly linear, to put it mildly. Asked a question about Israel’s vulnerability to cyber attack, Ben-Israel opened by talking about Sudan and Estonia. Queried about Russia’s relationship with figures in the Trump administration, he talked first about Israeli espionage in Egypt pre-1967. Questioned about the allegation that Israel mishandled the Stuxnet virus, he began with a story from the 1973 war. In every such instance, his answers were all the more illuminating for the detour.
What follows are edited excerpts from the two-part interview. What were the Russians up to ahead of last year’s US presidential elections, and why didn’t they succeed with similar efforts only a few months later in France? How worried should we be by the panic that a teenage kid could cause across the globe with hoax bomb threats telephoned from his Ashkelon bedroom? What should we make of the recent revelation that Israel allegedly considered detonating a nuclear device in the Sinai in 1967? And how — theoretically of course — would Israel go about recruiting a Syrian air force general? Read on.
The Times of Israel: How vulnerable is Israel to cyber attack?
Isaac Ben-Israel: Well, let’s start by saying that Sudan, for instance, is less vulnerable, because it has a low level of computerization. Most of its critical infrastructure is manually controlled.
I just came back from Tallinn [the capital of Estonia]. In 2007, it was paralyzed for three weeks [in a hacking attack that targeted ministries, parliament, banks, broadcasters, et al]. Russia attacked Estonia because of an argument over the relocation of a Soviet-era memorial. Estonia was cyber-attacked because it is super-sophisticated. It’s all internet. It made the right decisions after the collapse of the former Soviet Union. But it had no defenses.
The Bronze Soldier of Tallinn memorial (Pronkssõdur / Gette from Stavanger, Norway / Wikipedia)
The same goes for the US elections. We know Russian groups interfered. Just read the memo to that effect that was signed by the various US intelligence chiefs. We know for sure that the attack was done by Russia. (“We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US Presidential election,” the memo states. “Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”)
When I saw that memo, I was worried. Intelligence agencies do not publish material like this.
Because the country involved starts looking for the leak. I didn’t understand. Then, two days later, Russia announced it had arrested one guy (Ruslan Stoyanov) from Kaspersky (the anti-hacking and cybercrime investigators), and one (Sergei Mikhailov) from FSB (the KGB-successor security agency). They were charged with treason. The way I see it, they were the (alleged) source. They had been arrested before the memo was published, and the US intel chiefs knew this. It’s clear to me the Russian government was involved (in efforts to influence the US vote).
Russian President Vladimir Putin meets then-US secretary of state Hillary Clinton on her arrival at the APEC summit in Vladivostok, Russia, Sept. 8, 2012. (AP Photo/Mikhail Metzel, pool, file)
When were the first cyber attacks?
Maybe it was on the Siberia gas pipeline (allegedly by the CIA in 1982).
The first documented case where the attackers were caught and jailed was in 1986, on computers at the Lawrence Berkeley National Laboratory in California (a government facility conducting scientific, including nuclear, research). It was a group of criminals from East Germany. The FBI busted them. The group was headed by a KGB operative. The rest of the group didn’t really know what they were doing or who they were working for.
The entire Soviet military approach is completely different. Disinformation. Fake news. They have a military doctrine — maskirovka, deception. They don’t go to war without a strategic plan for deception. The US didn’t think in this way, at least not until the 1990s.
So, coming back to my question about Israel’s vulnerability?
We’re well protected. Tallinn is well protected now! The rest of the world is starting to wake up. Until it hits you on the head, the world is very slow.
Israel has had an authority for the defense against cyber attack of critical civilian infrastructure — water, electricity, transportation — since 2002. Most countries don’t. The US doesn’t.
‘The Russians have a military doctrine — maskirovka, deception’
Since the late 1990s, we were developing technology, and we realized, of course, that it could be used as a weapon. At the time, the Arab states were mostly manual. Only we were vulnerable [in this region].
In 1999 I wrote to the prime minister. I was head of “MAPAT” (weapons development and technological infrastructure) in the army. I said we could get attacked. So in 2002, the agency to protect vital infrastructure was established.
We were the first in the world to do civilian protection. But I can’t say we’re protected enough. We’re relatively very good. We’re also relatively potentially a high target.
How do we rank globally?
In terms of protection, we’re in the top three.
There are five top players. Offensively and defensively, they’re the same. Not in order: Israel, the US, Russia, Britain, China. Israel is the best in the region. But relative to the threat, there’s no such thing as good enough.
Every two days, there’s something new. It began with DDoS — Distributed Denial of Service attacks. All kinds of groups do those. They’re relatively primitive, and relatively easy to defend against. That’s what happened in Tallinn. More recently there was ransomware.
Cyberwarfare, cyberattacks — these are the dark side of the computer. And we’re so dependent on computers.
So we face planes being hacked out of the sky? Computers taking over automated cars?
There’ll always be bad guys. They can always use that dependence not for the benefit of society, but for their benefit at our cost.
Computers, like the moon, have a dark side. And the pace of cyber development is like the pace of computer development. It’s like Moore’s Law. [In 1965, Gordon Moore] predicted that the amount of information on a chip would double every one and a half years. Basically a computer generation is one and a half years. With cyber it’s even less. Every year to a year and a half, comes a new generation of cyber techniques. It’s a crazy pace. I cannot tell you what the cyber threats will be in five years — even though that’s my profession.
Iran’s then-president Mahmoud Ahmadinejad visits Natanz in 2008 (Zero Days screenshot)
In 2010, after Stuxnet (the virus that played havoc with Iran’s uranium enrichment centrifuges at its Natanz enrichment plant) made headlines, it was realized that the world would wake up. The prime minister asked me to put together a five-year program setting out all the possible cyber threats, and what Israel would need to counter them. I told him, I don’t know what those threats will be. Five years? That’s four generations in cyber. The equivalent of 120 human years! Where to start?
Instead, I recommended that we set up the ecosytem, and do it now, strategically, with people capable of dealing with whatever turns up in the years ahead. And that we include people from the cyber industry, academia, and the government/security establishment.
In 2010, by the way, there was only one cyber research center in the world. That was at Oxford. Israel and the US had none. There was no way you could do a bachelor’s degree in cyber. You would do math, computer engineering or computing, and then do a master’s or doctorate. Now at TAU, you can do a bachelor’s in cyber, or a cyber major in other faculties. We’re the only country where you can do a high school matriculation, up to five units [the biggest amount], in cyber.
I said to Netanyahu, we can become a world center of knowledge. As with high-tech, so with cyber. One day, everybody will need it. He said yes straight away, and he stuck with it.
I made 13 recommendations. After four discussions, all were endorsed by the cabinet. Twelve were approved right away. The thirteenth took three more meetings. That was the budget. An additional billion shekels per year added to budgets. If the prime minister doesn’t back you, you don’t get that money.
‘I cannot tell you what the cyber threats will be in five years — even though that’s my profession’
Back in 2002, when the Shin Bet was in charge of defending civilian infrastructure against attack, there were 36 critical infrastructures on my list. These were defined by either of two criteria: if the loss of life in one attack would be over 500; and if the economic cost of an attack could amount to half a percent of gross national product. Those criteria reduced my list to twenty-something.
In 2010/11, how many critical infrastructures do you think there were? We stopped counting at a thousand. So much more is computer controlled. High-tech is the main engine of the Israeli economy.
The idea of the Shin Bet [domestic security agency] saying, we’d like to go into your computers. Well, that wasn’t going to work. China tried to do that. Facebook and Google are gone from China. We didn’t want to kill the goose. We needed to find the balance between privacy and security.
We had two options. One was to widen the umbrella of Shin Bet protection. But that’s not democratic, among other problems. And the second was to set up a new body, advising and supplying services. That’s what we did.
Are the Russians capable of hurting us?
There are four kinds of threat.
One, spying for state purposes. Material is on computer, and states are trying to spy on it and always will. There are all kinds of treaties, but nobody ever tried to draw up a treaty on spying. It won’t work. Our allies do it too. The key is don’t get caught. And it’s all gray areas anyway. Getting information is an ambassador’s job. It’s his job.
‘We’ve had people who were fooled by foreign intelligence, and they had one foot on the other side before they realized it’
Two, spying for economic purposes, to steal your technology. The US does not do that to us. China does. Most China cyber is industrial espionage.
Three, attacks and preparing for attacks. The Israel Electric Corporation, the water authority. Trying to work out how your servers work. Placing “logic bombs” — suspended until you send the trigger to operate them. Almost all of the states I mentioned don’t do that to us.
And four, influencing public opinion. Disinformation. Fake news. What we saw in the US elections.
Do we see it here?
Yes, and done by the Americans too, but not by the US government. A few weeks ago there was a fake news report, disseminated by right-wing groups, that (former Obama-era defense secretary Leon) Panetta had said the administration tricked Israel on the Iran nuclear deal.
Back to the Russians.
In the US elections, the Russians hacked the Democratic National Committee, got hold of files, played with them and distributed them. They hacked Hillary Clinton and (former secretary of state Colin) Powell. They influenced the election. Now, they would have less success.
Because the defenses would be better?
Because lessons are constantly learned. (New French President Emmanuel) Macron had a head of digital in his campaign, a Moroccan-born Frenchman, Mounir Mahjoubi. The Russians hacked his campaign. And they published the materials five hours before the end of campaigning. But Mahjoubi, anticipating the hacking, had planted fake files. Those files came out too, with ridiculous content. Macron told the journalists, This is all rubbish. And the press agreed. End of the story.
French President-elect Emmanuel Macron holds hands with his wife Brigitte during a victory celebration outside the Louvre museum in Paris, France, Sunday, May 7, 2017. (AP Photo/Thibault Camus)
Compare the impact of the Russian hacking of the elections in the US and France. The Russian influence was not in the fact of them penetrating the DNC and Clinton’s emails and Powell’s. It’s not the hack that was the big deal. It was the planted material. They created doubt regarding Clinton — her health, corruption; created doubt about her capability to serve as president. I met many smart people who you’d have expected to vote for Clinton. They said, I can’t vote for Clinton because she’s corrupt. I said, On what basis do you say that? They said, There’s stuff. But they had nothing specific. Six months later, now people realize that there were fake files. With Macron, by contrast, they had zero impact.
The Russians have a need for conspiracy. Students here at the university, you wouldn’t believe what they’re prepared to believe.
People think Trump is “run” by the Russians. There’s a misunderstanding of what an agent is.
Let’s talk about 1967. We had somebody, at the highest level, in the Egyptian government. Ashraf Marwan. Unfortunately we blew his cover. He was then “suicided.”
Egyptian spy Ashraf Marwan (Raafat/Wikimedia Commons)
How do you recruit someone like him? You can recruit by ideology. Communism. Philby, etc. You’re not going to recruit too many people via communism today.
How would we recruit, say, theoretically, a Syrian air force general? We’d say, “We’re a Norwegian firm that works on air force products. Your country can benefit from some of our products. Be our representative. Sell our product. Benefit the Syrian air force. It’s for Syria’s benefit. Legitimate business. You get rich.”
And then, “Here’s another great product we have.”
And then, “Now, what else is the Syrian air force missing?”
That’s the next half step. Now, he’s telling you things. It can take years, step by step. At some point he’ll realize that you’re “running him.” He mustn’t realize that it’s the Zionists. We’ll tell him, It’s the Russians. He won’t want to think it through. At some point you might ask him to cross the line. Or you might never ask him.
I read everything about [Trump’s short-lived national security adviser Michael] Flynn [who is under investigation for ties to Russia]. It’s classic recruitment. A businessman who has been fooled by the Russians. The Russians are the champions at this.
Have Israelis been duped in this way?
We’ve had people who were fooled by foreign intelligence, and they had one foot on the other side before they realized it. We told them. Most wised up. Some fled. Some went to jail.
I want to ask you about the so-called JCC hoaxer — a kid in Ashkelon who caused panic worldwide with thousands of fake bomb threats. One kid was able to cause vast chaos. Hundreds of schools evacuated. Airplane emergency landings. That’s pretty worrying, no?
He called. He made the threats. Yet he didn’t penetrate computers. It shows what a kid can do.
A president can do a lot more damage. The US president is destabilizing all kinds of basic elements. What does he call journalists? Fake news media. Judges are “enemies of the people.” And we know what you do about your enemies.
An Israeli-American teenager, accused of making bomb threats in the United States and elsewhere, in a courtroom in Rishon Lezion on March 23, 2017. (Flash90)
With technology, we live in a world where everything is connected. You can get from anywhere to anywhere. That requires us to show more responsibility.
In the case of the kid, once the threat rose to a certain level, they started investigating and they caught him. Wasn’t so hard.
But in the internet generally, with cyber crime and cyber warfare, there is almost no effort to catch the bad guys. How many people do you recall being jailed in Israel for cyber warfare? I recall one case of a couple who planted a Trojan [virus]. Maybe there’s another case that’s slipped my mind. But every day there are millions of attacks. Nobody goes after the criminals. And it’s hard to get them, because they’re in different countries.
So why not develop the technologies? Change the internet protocol.
Could you explain what that means, and what it would involve?
The internet was built to be robust and non-centralized.
In 1973, we bombed Egypt’s communications centers, which was an important factor in the war.
The internet was set up to insure it could not be incapacitated by that kind of physical attack?
How does the internet work? You want to send me an email. You have a supplier. Netvision, say. Netvision has Wi-Fi. You’re in contact with a local server, one of thousands. It takes your note and breaks it into packets, each of which has its own ID. That server sends all the packets to all the servers it is in touch with. And all those servers send all those packets to all the servers they’re in touch with. It’s a global infrastructure. Now, one of those servers is my local server. It puts all the packets together and delivers your note to me.
Why was the internet set up like that? One: You’d have to destroy half the world to prevent your note being delivered to me. Two, no single packet has all the information. So everything is secure. That’s how the internet was set up by DARPA.
The Defense Advanced Research Projects Agency [in the US Department of Defense, which developed the networking heart of the internet]. It’s relatively impenetrable.
You don’t know who sent the material to you. You get a set of protocols, but you don’t know who from. It’s called the problem of attribution. You need to re-engineer the internet to enable identification of the source of everything.
If you rob a bank and you get caught, you might get jailed or killed. If you try to rob a bank online, either you’ll succeed or you’ll fail. But if you fail, they won’t catch you. So we have to solve the problem of attribution.
For the pioneers, physicists at CERN communicating with their friends, this wasn’t an issue. It is now.
I want to come back to Stuxnet, and the assertion — central to the 2016 documentary “Zero Days” — that Israel screwed it up by pushing it too hard, too fast.
‘Any weapon you use, there is a risk that people will realize what it is, will defend against it, will act against it, will use it against you’
In the 1973 war, we failed against Russian ground-to-air missiles in Syria. After the war, in the Israel Air Force we worked day and night for a solution to meet that threat. We developed smart weapons and drones and electronic warfare capabilities. In 1982, we initiated the Lebanon War. It was against Fatah, not against Syria. But we knew that the Syrian forces were deployed in Lebanon. Basically the same number of missile batteries as from the Golan in 1982. The same deployment. We didn’t know if they would fire on us this time.
The IAF chief, David Ivri, called me in and said, Can you build me a model to tell us, if we go to war, whether we should use the weapons we’ve developed? Because if we use our new capabilities, the Russians, with their missiles in Syria, will see what we have.
I developed a model based on research by [American political scientist] Robert Axelrod. He wrote about when to use weapons of surprise. He compared them to money in the bank, and argued that using it now is less valuable than if you leave it in place to earn interest. I took this model and I went to Ivri and I explained it to him. He said that made a lot of sense. But, Ivri also said, if we use our weaponry now and destroy the Soviet missiles, we push off future dangers. We would deter them, and give them the sense that they couldn’t outwit us.
So we used those weapons, and we destroyed the missiles, and since then the Syrians haven’t fired a shot at us. The attack impacted them for decades.
Robert Axelrod (Courtesy)
Years later, I got an email from a certain Bob Axelrod on an unrelated matter. I asked him if he was the same Robert Axelrod who wrote about when to use weapons of surprise, and he said he was. I told him, I used your model in 1982.
He said, I’m so happy. Only two people I know of have ever used my models in real life. One was on the evolution of cooperation (Axelrod’s best-known work). My wife’s friend used that when she got divorced. She decided not to fight him and she ended up getting nothing. And now you’re telling me about your case.
I didn’t have the heart to tell him that we ultimately rejected his model because we added another element — the accumulation of deterrent.
So, to come back to Stuxnet.
With any weapon you use, there is a risk that people will realize what it is, will defend against it, will act against it, will use it against you.
The Iranian nuclear scientists knew something was going wrong. Eventually they realized what it was. In retrospect, you could say it should have been used more, less. Easy to be smart in hindsight.
And where is Iran’s nuclear program now?
The deal took them back. The most vital element, fissile material, they were three months away from having the fissile material for a bomb.
They would have had a bomb in three months?
We don’t know about other elements — detonators, triggers and so on. But on the key element of fissile material, they had gotten to three months away. And that was more than a year before the deal.
And then they turned to the West and said, We’ll negotiate, because the sanctions are hurting us. And we won’t do those next three months [of advances]. They stopped themselves for more than a year. Then the deal was signed. The deal took them back to a point that is more than a year from the bomb.
One: They pledged, We’ll never build a bomb. Go know if that is true. Two: There are bars and inspections of all kinds for 15 years if they keep the deal.
If they break it, we’ll have more than a year until they get back to where they were. If you ask me, it’s a great deal. If you ask Bibi [Netanyahu], in 15 years, they’ll have an arsenal. And you know that Bibi himself has said that the head of Mossad at the time, Military Intelligence, the IDF chief of staff, the Shin Bet, all disagreed with him. [The late former Mossad chief Meir] Dagan talked about it publicly.
Key negotiators of the nuclear deal: Then US secretary of state John Kerry, left, talks with Iranian Foreign Minister Mohammad Javad Zarif, right, in Vienna, Austria, on January 16, 2016. (Kevin Lamarque/Pool via AP)
There are cameras where we want them. Surprise visits. Yes, there’s a mechanism for surprise visits [so they’re not instant]. The Iranians actually said, You’ll turn up in Khamenei’s bathroom. So there are delays. But radioactive materials have a footprint of 10,000 years. You can’t hide that. And radioactive materials are the key. Other materials you can’t monitor anyway.
The deal is very good. Will they keep it? I don’t know. I don’t trust the Iranians, but we’ll know in enough time. We’ll have a year to decide what to do.
Finally, what can you tell me about the claim by the late Itzhak Yaakov, which emerged this month around the 50th anniversary of the Six Day War, that Israel considered detonating a nuclear bomb in the Sinai in 1967?
If you read the books by foreign experts, they all agree that in 1967 Israel had the bomb. So you can choose to believe the story. And you can think that it’s part of Israel’s deterrent. Even now. We let a story get out. And if we had that capacity in 1967, you might think, then for sure we have it now. Except we’re not saying it.