Israel’s cyber advantage over Iran mixed with other abilities - interview with ex-cyber chief

Former IDF Unit 8200 Cyber Operations chief col. (res.) Amir Becker discusses what edge cyber gives Israel - and other powers - in today's climate.

Iranian flag and cyber code [Illustrative] (photo credit: PIXABAY)
Iranian flag and cyber code [Illustrative]
(photo credit: PIXABAY)

Israel has significant cyber advantages over Iran, especially when integrated with its other capabilities, former IDF Unit 8200 Cyber Operations chief col. (res.) Amir Becker told The Jerusalem Post in his first interview since retiring in 2021.

Becker, who is now Sygnia’s Vice President of Cyber Incident Response, also said that, in combating Israel’s adversaries in the cyber arena, that cooperation between Unit 8200 and the cyber units of the Mossad, Shin Bet and Israel National Cyber Directorate were excellent.

He said that although joint efforts could always be improved, the different cyber talents of the various agencies and their versatility and resilience made the entire Israeli cyber ecosystem stronger and more secure.

Strength in cybersecurity is a worldwide concern 

Next, Becker, who also served as the first IDF cyber liaison in the US Embassy in Washington, explained why Russia’s cyber attacks on Ukraine were less extensive than expected in the drawn-out war.

Former IDF Unit 8200 Cyber Chief Amir Becker. (credit: GUY LAHAV)Former IDF Unit 8200 Cyber Chief Amir Becker. (credit: GUY LAHAV)

He said, “cyber does not replace other things. It can supplement, and if coordinated properly” multiply the power and effectiveness of using force.

“In the first days of the war, Russia carried out large cyber operations,” he said. “The communications and command control of Ukraine were knocked out. But the Ukrainians had spent 10 years learning to live and deal with” such a cyber strike, so they had “made backup plans.

“The [Ukrainian] government using cyber threat intelligence became more resilient and able to use other backup systems for hours or days at a time,” he added.

“We can learn from this to improve Israeli resilience,” said the former Unit 8200 cyber chief.

What does this mean for the Russia-Ukraine war?

He said that the major cyber operations that Russia prepared likely played out over a short period and there was probably no long-term cyberwarfare plan in place.

“But when the war did not go as Russia planned,” along with Ukraine’s unexpected successful resistance, Moscow was caught unprepared in the cyber arena as well, he explained.

“The Russians tried many attempts [at disinformation to intimidate Ukraine], but also Ukraine countered with constant appearances from the Ukrainian president,” he said in regards to the disinformation battle. “This countering disinformation during war – we had never seen this level of [both online disinformation and counter campaigns’] strength in wars between two countries [before this war].”

Becker also discussed a 2020 article he jointly published with Unit 8200’s other top officials.

His message was that the role of cyber is becoming more and more important, but it does not replace other areas. Rather, it should be integrated into other areas, like how air power has been used in conjunction with land forces in recent decades.

Referring to the escalation in using cyber weapons against the West, such as Russia’s interference with the 2016 US election, he said, “the harm against the US was very unique in that it was against the institution of democracy. There was a feeling that the democratic system itself was in danger.

"The harm against the US was very unique in that it was against the institution of democracy. There was a feeling that the democratic system itself was in danger."

Former IDF Unit 8200 Cyber Operations chief col. (res.) Amir Becker

“Whenever the US makes a big cyber policy decision, it goes way beyond America, which is the leading power in the West. Other nations look at the US,” and what the US decides can have a dramatic impact on them.

“Even within the US, cyber is taken much more seriously now,” he added. “Ten years ago, cyber was not listed as a threat by the US’s National Intelligence Estimate. Five years ago, cyber was being mentioned and now it is flagged as the No. 1 threat.”

“There is a general phenomenon of the blurring of cyber operations undertaken by nations versus by independent cyber entities, which might then be attributed to nations,” he warned.

Is this a warning sign?

According to Becker, the impact of cyber “will get larger in the future,” because it can overcome obstacles such as time, geography and distance. It creates both challenges and opportunities. Cyber as an issue is not special to Israel; it is a global issue, which is becoming a prevalent aspect of geopolitical conflicts across the planet.

Returning to how Israel handles cyber issues internally, he stated, “cyber is at the very foundation of corporations and of society. It is very sensitive and has many sides. The attack surface is much bigger.”

“What should you defend?” said Becker. “Not every organization is equally critical. If everything is critical, nothing is. We need to be careful deciding what to defend and strike a balance between [the] government and the private sector. Government cannot solve all of the private sector’s problems.”

Moreover, he explained that the private sector “must understand that they can be hit. They need to work on their recovery time. Cyber is part of the world. If intervention is proportional, it can be a helpful source of support in a crisis.”

Becker was asked about what former INCD chief Yigal Unna has said about CyberServe and Hillel Yaffe Medical Center being hacked, which occurred, in part, because they were slow when responding to warnings. While not knowing the specifics, Becker said that the time when institutions could delay responding to warnings is over.

“There is no [vacation] in the evenings or on the weekend [for cyber defense],” he said. “You need to be 24/7 standing on the [cyber] border. Attackers look for both weak technology and time periods, like the weekend,” when employees might let their guard down.

He was also asked if he agreed that the uptick in cyber attacks meant that attacks on infrastructure and critical data would need to be treated differently than attacks on less critical data. “There is a difference between attacks which are disturbing versus those which are substantial,” he replied. “No one likes to be disturbed… but if a site is disturbed for a few hours,” this is not as serious as hacks of critical infrastructure and those which impact major supply chains.

He said that Sygnia was a top firm for cyber disaster response, with clients in dozens of countries, around 180 employees and significant offices in Tel Aviv, Singapore, England, the US and Mexico City.

Becker said that many of the clients who get help from Sygnia turn to them for long-term strategic planning, assistance in building their cyber teams and better integration of cyber security into their business model.