IDF’s cyber defenders preparing for attacks by ‘Lebanese opponent’

Officers from the secretive Cyber Defense unit tell 'Post' about the daily need to stay one step ahead of sophisticated cyber enemies, who seek to target IDF networks.

By YAAKOV LAPPIN
IDF cyber defense war room (photo credit: MARC ISRAEL SELLEM,REUTERS)
IDF cyber defense war room
(photo credit: MARC ISRAEL SELLEM,REUTERS)
Hezbollah’s notoriety comes from its enormous rocket arsenal and well-trained forces, but the Iranian-sponsored terrorist group also poses an increasingly significant cyber threat to the IDF, senior officers of the Cyber Defense Unit told The Jerusalem Post this week.
Maj. G., commander of the Ramat Gan-based unit that is part of the C4i Corps, is responsible for all of the IDF’s cyber defenses. His unit defends the operational networks and IT systems that keep air force jets flying, navy ships sailing, and missiles hitting their targets.
Asked to describe some of his principal foes, Maj. G. said, “There is an opponent here who is Lebanese. It knows how to acquire technology and adapt it. It knows who it is up against. It is changing all the time; it is changing its devices and personnel, and it has targets.”
He added, “Our assumption is not to believe what we see, but to look for the enemy, everywhere.”
Cyber defenders need to be able to monitor the IDF’s networks and detect an illegitimate infiltration quickly, he said. “They need to manage investigation crews that can track down a hostile presence lurking in the IDF’s networks.
They need to carry out cyber attack forensics, be aware of standard network threats like viruses that are generally out there, as well as attempts to uniquely target the IDF.”
Lt. S. heads the unit’s academy for computer and cyber defense training, which instructs operators from across the IDF. They receive four months of intensive training, and then begin a lengthy period of operational experience in their units, he said.
“There is no such thing as a fully closed network,” Maj. G. warned. “Think of your home computer. Someone can insert a USB flash drive into it, or tell it to download updates. Someone can accidentally connect it to something. There is no hermetic closure.”
Nevertheless, the Cyber Defense Unit develops secure programs and IT networks. It teaches engineers, programmers, and cyber defense personnel how to keep enemies out, and cooperates closely with Israeli defense industries.
“We are building an operational military ‘Internet.’ We have to install alert systems in it, to allow cyber defenders to know what is going on,” Maj. G. stated.
A model city sprawls across a room at the unit’s headquarters.
“We call this Sim City,” said a Cyber Defense Unit member.
Sim City where IDF cyber defenders hold their war games. (Photo credit: Yaakov Lappin)
The city has a train that circles around a track, an airport with a revolving radar, a missile defense battery, a nuclear power plant, an electric grid, and other infrastructure representing modern components of cities.
Each of these potential targets has its own miniature supervisory control and data acquisition system that can be hijacked and manipulated.
Should such cyber attacks succeed in real life, they could have catastrophic consequences.
Here, the unit holds some of its war games. One crew attacks the city, and can make the train speed up to the point that it derails. Attackers can cause the nuclear power plant to shut down. Missile defenses can be hijacked and used to fire on the very city they were built to protect. Near the model city are two computers – one used to create viruses that can take over other computers, and eavesdrop on all of the information that passes through the target, and another that is the ‘victim’ of the attack.
Nearby, training center contains rows of computer screens on desks. “This is a frontal environment, where pupils learn the material,” said a unit member.
“What is cyber defense? Is it lot of IT? No, it is a combat position,” said Maj. G. “Ordinary defenses will not do.
Our enemies are updating their capabilities. Anti-virus systems have not proven themselves against unique threats.
“Our goal is to train the operators so that they do the right analysis in their head.
There are no automatic systems that can do the job for them. They rely on sensors, but they have to be familiar with the network, to recognize what is right, and what is not. This is a job carried out by humans.”
Lt. S. noted that “advanced systems have no value if human operators don’t know how to use them correctly.
Our course is designed for male and female cadets, who are carefully selected. Out of thousands of candidates, only a few dozen make the cut.”
The unit looks for the following qualities in the candidates: creative thinking, being able to work in a team, and fast learning. No prior knowledge of computers is needed.
“They begin learning Microsoft Windows, Office, hardware systems, infrastructure, networks, and communications. They then move on to Linux and web development,” said Lt. S.
Later, more advanced content is introduced. Cadets learn to scan websites and systems, looking for vulnerabilities.
“They must all know how to stand up to attacks,” said Maj. G. “Not a day goes by that we don’t update something.
We are constantly updating our knowledge and learning about what is happening in the world. There is always something new happening,” he added.
The Cyber Defense Unit shares its ever-growing knowledge with other security and intelligence agencies outside of the IDF, as well as the National Cyber Bureau [a part of the Prime Minister’s Office].
Any large-scale significant cyber attack on Israel requires inter-organizational cooperation for a successful defense, underscoring the need for continuation, Maj. G. added.