It’s a sobering fact, yet one which surprisingly fails to create more than an
occasional ripple: The government’s Internet portals are the most targeted
networks in the world, coming under relentless attacks by cyber jihadis and
Furthermore, national defense planners remain
concerned about potential attempts by skilled hackers to break into and sabotage
computer systems that manage our vital national infrastructures, from the train
system to the electricity grid.
Yet the vast majority of the attacks
fail, and even those that do succeed are quickly neutralized.
night, some of the people who are, or who were recently, responsible for
defending the nation’s online assets, gathered at the Interdisciplinary Center’s
Institute for Counterterrorism in Herzliya and shared some fascinating inside
information on a daily battle which plays out on a mostly silent – yet
increasingly important – arena.
Speakers at the IDC’s International
Conference on Cyber-Terrorism included Assaf Keren, who until recently was
tasked with securing all government sites and portals.
several of the most common attacks he faced, including denial of service,
defacement of websites, theft/corruption of government data and threats to
government online services or funds.
“Every time there is a crisis, we
see lots of actions against the websites of the prime minister and the Foreign
Ministry website,” he said.
During Operation Cast Lead, there was a
doubling of defacement attacks.
When Deputy Foreign Minister Danny Ayalon
became involved in a diplomatic entanglement with Turkey in January, Keren
identified an impending largescale Turkish hacking attack on government sites,
and ordered all Turkish ISPs blocked for a day – “to let them cool off,” he
“We know that specific countries are sources of attacks, like
Turkey, Saudi Arabia and Iran, and we just block them automatically when we
detect that it is approaching,” Keren said. “We instruct personnel in the
operations room to adopt a loose trigger policy during these times. They are
free to block many more suspicious ISPs than usual.”
During times of
armed conflict, denial of service attacks, in which millions of computers are
hijacked by malicious software and are ordered to send phony coordinated
requests for accesses to servers, leading to a crash, reached new
In what could be the largest denial of service attack ever, some
15 million requests per second were sent during Operation Cast Lead in Gaza,
though Keren’s counteractions meant that the networks emerged largely
“The sites being targeted give citizens information about what
is going on.
During the Georgian-Russian war [of 2008], Georgia’s
websites were taken down by hackers, and its Foreign Ministry was forced to use
a Blogspot [free blog service] account... this hurts national pride. We don’t
want that to happen to us,” Keren added.
He spelled out some of the basic
steps involved in the security operation. “A number of security rings have been
established for each government service,” he said.
The first ring of
security is based on an operations center staffed at all times, with a minimum
of three people per shift. It monitors and logs all attacks, and has the ability
to take basic countermeasures.
Further out along the virtual security
perimeter, analysts sift though logs of all previous attempted attacks. After
identifying new threats, they update defenses, in effect immunizing
Online defenders must also deal with the threat of hackers who try
to break into servers and quietly change their content, or steal sensitive
Recently, hackers succeeded in penetrating the Bank of
Israel’s website, and defaced it. They could have done far worse damage had they
altered one or two exchange rates, and only declared their actions months later,
forcing the bank to reevaluate all other rates, leading to economic chaos,
according to Keren.
The Bank of Israel’s website has since been moved
from its private server and placed within the fortified government
DURING MONDAY’S panel discussion, Brig.-Gen. (res.) Nitzan
Nuriel, director of the Counterterrorism Bureau, said his organization has been
spending the past few years ensuring that government ministries were taking
steps to defend critical national infrastructure from hackers.
been asking: What type of civilian critical infrastructure should be defended by
the state? Above all, the casualty question is most important.
people may be killed [in the event of an intrusion?] The railway system is one
obvious example; if someone can take control and creates a train crash,” Nuriel
“Should hospitals be protected by the state? When we analyze the
threat, we find the damage that could be caused by someone taking control of the
IT system of a hospital can create a major mess that can lead to many
“A second question is the economy: What will be the level of
economic damage? And the third question is the morale effect.”
those criteria, the Counterterrorism Bureau has created a high priority list of
sites that must be fully defended, such as the heavy industrial plants in Haifa,
filled with hazardous substances.
Similarly, the bureau has been engaging
the private sector in attempts to reach understandings on Web protection, Nuriel
said, adding that companies such as cellphone networks were critical to the
maintenance of any modern state.
“Insurance companies... hold 30 percent
of our cash. What do you need to do to prevent an attack on them that would
leave all of us without money? This is a real threat. We are walking into a new
world... and we need to find new tools [of defense],” he said.
a nationwide exercise simulating a major cyber-terrorist attack were also being
drawn up, he added.
The Counterterrorism Bureau has asked all
directors-general of government ministries to take a series of steps to ensure
that Web defenses of infrastructure under their jurisdiction were prepared for
the threat.Yaakov Lappin is author of the forthcoming book
Virtual Caliphate (Potomac Books, Inc.)www.yaakovlappin.com