IDF ‘cyber-chief’ Moscovitch: Today’s online attackers are gaining on the defenders

At National Security Studies annual cyber confab, Maj.Gen. says trying to predict the expansion of cyber warfare is problematic.

By YONAH JEREMY BOB
Uzi Moscovitch (photo credit: Wikimedia Commons)
Uzi Moscovitch
(photo credit: Wikimedia Commons)
Despite Israel’s successful defense from a Monday cyber attack by online “hacktivist” group Anonymous, the IDF’s Maj.-Gen. Uzi Moscovitch said on Tuesday that cyber “attackers are advancing faster than defenders.”
Moscovitch, head of the army’s J6/ C4i Directorate – which puts him in charge of many of the IDF’s cyber operations, among other functions – made his comments at the Institute for National Security Studies annual cyber conference.
His units face a “wide span of threats,” he said.
He noted that trying to use the current stages of cyber warfare to predict the expansion of future cyber threats and developments was like trying to predict the massive impact of air power in the 20th century based on its early World War I uses – where sometimes an airplane’s main firepower was a hand-dropped grenade.
One issue on which he specifically elaborated was that “the distinction between rivals and foes can be ambiguous.”
Moscovitch said a big threat was rivals suddenly and without warning “becoming the enemy, where there is a time gap between when you realize he is the enemy.”
Another threat he discussed was “the proliferation of knowledge, where within six months you can see the same software move from one continent to another.”
Several other speakers picked up on the theme of needing to redefine how the country conceives of defending against cyber threats due to its adversaries’ rapid improvement in the area (Under conference rules, however, certain views could not be attributed). Talking about threats in the wider sense, including those in the civilian sector, one speaker noted that 80 percent of cyber security investment went into prevention and only 20% went into detection and fixing problems.
The speaker said this approach was misguided, since no one still believed that all security breaches could be blocked.
The speaker said that the security industry was at an inflection point and that in the future, people would realize that 80% of investment should be spent on detecting and fixing cyber problems, and only 20% on prevention. Nonetheless, firewalls are still necessary, the speaker said.
An overlapping view that arose at the conference was that at the current stage, being proactive did not mean one needed to know or focus one’s energies on guessing what rivals were doing. Rather, as it is impossible to block problems from cyber rivals completely, the key is to direct energies toward transforming those parts of the country that are slow and vulnerable cyber targets, and making them less vulnerable and more agile.
The idea is to flip the asymmetry of fast and small attackers hitting slow, large targets, instead forcing attackers to go after harder-to-hit, less-centralized targets that offer less pay-off for hackers.
On the subject of managing threats that could not be completely stopped, another key point that arose was the need to prioritize which areas society needed to protect, and to focus protection in those areas while leaving most other, less vital areas unprotected.
Dr. Eviatar Matania, head of the Prime Minister’s Office’s Cyber Bureau, discussed Israel’s holistic approach to cyber issues.
Matania, whose office acts as a liaison among cyber branches in different parts of government, said it was important to consider all the relevant playing fields – including the security sector, private business sector, academia and law – when addressing challenges in the cyber sphere.
He mentioned that his bureau was establishing cyber research centers in Tel Aviv University and in Ben-Gurion University to broaden the country’s knowledge base and better train future cyber leaders.
He added that it was important to come up with national cyber strategies that could last five to 10 years and would not need to be adjusted whenever there was a change in technology, but that would still be flexible enough to deal with new developments.
US R.-Adm. (ret.) Norman Hayes, a vice president of SGB Technology Solutions, emphasized the need for new laws and much greater international cooperation in bringing hackers to justice.
When they engage in cyber attacks, he urged, “go after these people and make it hurt.”