Ex-’Israeli NSA’ chief: Cyber doomsday scenario avoidable

Zafrir said he was concerned that technology and network administrators “will lose confidence in the network."

Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel (photo credit: REUTERS/AMIR COHEN)
Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel
(photo credit: REUTERS/AMIR COHEN)
The cyber doomsday scenarios that many experts have been predicting can be avoided, even though nothing is hack-proof, the ex-commander of IDF Unit 8200, Nadav Zafrir, said on Wednesday.
Speaking to the Cyber Week conference at Tel Aviv University, Zafrir, current head of the cyber security firm Team 8, kept driving home the message that experts’ warnings about worst-case scenarios have made people paranoid – but that even though every system has some vulnerability, the right approach can overcome system failures.
Zafrir, whose earlier IDF Unit 8200 is considered to be the “Israeli NSA,” said he was concerned that technology and network administrators “will lose confidence in the network… We sit here and talk about… drones crashing, planes going down, grids going down. This creates a level of anxiety and paranoia which could lead to closing down systems.”
If this happens, he said that many positive advances which could be happening will be missed.
He added, however, that “this doomsday reality is not a must. If governments share intelligence, if there is cooperation, if we create a village [including cooperation with the private sector] and bring in the right talent, then we can start fighting back and go back to an equilibrium.”
Echoing some similar messages, senior US homeland security and cyber official Christopher Krebs said the key was to focus on “distilling from a risk management perspective, [which] things are truly important and to integrate resilience.”
Clarifying with examples, he said that if a cyberattack temporarily blocked 20-dollar bills from coming out of some ATMs it would be an inconvenience that could be coped with, as long as wholesale payments, GPS timing for aircraft and electricity generation kept operating.
Krebs gave the analogy that when an escalator breaks, it can still be used as a stairway. “If there is a system failure, but it fails gracefully and we move into a position where it can still deliver its essential functions with no system-wide failure,” then countries can be in decent shape to withstand hacks.
An example he gave of being resilient related to a US investigation of Russia’s interference with the 2016 US election which concluded that Russia did not delete any voter information.
The US cyber official said that if Russia had deleted voter information, there were still procedures in place for the person to vote by presenting certain identification information and voting with a provisional ballot.
Also, he concurred with Zafrir that collective security on cyber issues and connecting key human beings at different levels to assist each other were the keys to success.


Tags Unit 8200