On February 25, the floodgates opened.
Ben Caspit of Maariv finally got a variety of IDF intelligence personnel to open up about their Oct. 7 failures.
These presumably include Y, head of Unit 8200 (Israel’s NSA) or his supporters. Caspit significantly revealed that an internal Unit 8200 report has mostly cleared Y from special blame for missing the signs of Hamas’s invasion, instead placing the onus on a decade of problematic processes within Unit 8200 and IDF intelligence more broadly.
But what was most significant about Caspit’s article was that it has led to a much wider number of top former officials of Unit 8200 (colloquially known as Shmona Matayim) being ready to step forward, including several who spoke to the Magazine.
On the one hand, their views are fresh and enlightening, requiring a radical rethink of the performance of the IDF Military Intelligence Directorate and Unit 8200, as well as how the IDF Southern Command should perform its defense roles.
On the other hand, the views of these top intelligence sources are humbling, with some acknowledgments that the failures which led to the catastrophe of Oct. 7 may be incredibly difficult to fix, no matter how much time and energy are invested.
Just firing a few top people will certainly come nowhere near fixing the root problems.
Virtually all the former intelligence officials believed that top heads would roll in both the intelligence and political establishment as a prerequisite to progress, but that it would be nowhere near sufficient. A major IDF probe is slated to be published in June. This does not mean there is no hope; most sources have considerable hope for the future.
But their views are not as simple as saying “If only Unit 8200 or IDF intelligence analysis had properly understood the invasion threat presented by the sudden activation of dozens to hundreds of Israeli SIM cards in Hamas territory on the eve of the attack, Oct. 7 would have been avoided.”
Rather, the top intelligence sources say that the problems are much more fundamental to our cyclical faults as human beings, to our unique faults in the modern social media cyber age, and to changes which could take years or longer to make, such as changing what kinds of people join IDF intelligence, what training they have, and who does what within the clandestine world.
Due to the ultra-sensitivity of the issues, like with Caspit, these top intelligence sources spoke to the Magazine under condition of anonymity – at least everyone except former IDF Maj.-Gen. Yitzhak Ben-Israel.
Ben-Israel is viewed as one of the fathers of Israel’s defense establishment cyber revolution, as well as the body that eventually became the Israel National Cyber Directorate, umbrella to a plethora of cyber programs at Tel Aviv University.
He also once headed Israel’s space program and has been at the forefront of pushing forward quantum computing national initiatives.
With his resume and at this point in his career, Ben-Israel is one of the few willing to let loose without worrying about future career consequences.
Discussing both Caspit’s article and the criticism shared with the Magazine by former senior Unit 8200 officials, Ben-Israel said that the criticism of Unit 8200 was exaggerated. He explained that every sub-unit within the large IDF intelligence branch has a specific role.
“There is a separation between collection units and those which analyze and do research for us, performing assessments and giving estimates,” he said.
Critics “forgot that Unit 8200 is a collection agency.” Unit 8200 did its job, he explained, because it collected the key intelligence points about Hamas’s plans and passed them on to the relevant IDF intelligence analysts.
The question some former top intelligence officials have asked is: Should Unit 8200 have protested more loudly that the intelligence they were passing on about the Hamas threat be taken seriously?
Ben-Israel brushed this off with a metaphor, the bottom line of which noting that often when outsiders try to second-guess experts in a particular field, whatever the outsiders’ impact in replacing those they are criticizing can turn out to be worse.
Or that there can be unintended consequences when you try to have a collection unit, such as Unit 8200, take on analysis responsibilities. They may not carry out the analysis the way that role requires, he said.
Can current top IDF officials fix what was broken?
In a dramatic development, the consensus among a variety of former top Unit 8200 officials was that Y, IDF Intelligence Chief Maj.-Gen. Aharon Haliva, and IDF Chief Herzi Halevi cannot continue in the army to become those who fix the failures of Oct. 7, whether for Unit 8200 or more broadly.
There is a military ethos that when a colossal failure occurs – not just any failure, but a truly life-changing one – and you were among the commanders on whose watch the failure happened, personal responsibility mandates that you quit. The sources, who were willing to praise many things about the talents of Y, Haliva, and Halevi, agreed with this ethos. Regardless of their the capabilities to fix the issues, from a political perspective, for the country, everyone needs to “turn in their keys.”
The “cards need to be reshuffled” to have a different group running the country’s security issues, said the sources.
While this article focuses on Unit 8200 and the IDF, the sources were mostly unanimous that top officials in the Shin Bet and other bodies would also need to resign. Moreover, they emphatically told the Magazine that both Prime Minister Benjamin Netanyahu and Defense Minister Yoav Gallant would need to resign.
One source explained, “Here there were a series of large mistakes rooted in a conceptual framework. This reality starts from the political level, and only afterward extends downward to the command level.”
Ultimately, “by the end of the war, Israel will end up with around 2,000 dead, with already around 1,500 dead,” said one of the sources – something which demands resignations.
Problems with Southern Command, technology, defense concept
Although the conversations’ main focus was the failures in Unit 8200 and how to address them, given that technologies were also employed by the IDF Southern Command in a way that failed, sources pointed to similar problems of the Southern Command and Intelligence Command being “obsessed” with technology. As such, errors were made in how many troops were on duty and where the troops were placed.
For example, they said that the upcoming IDF probe must describe the process for understanding the ongoing Gaza border security status and for responding to changes in that status.
The probe must also uncover the distance of the first line of defense relative to reinforcement forces in the South. In grappling with this issue, the main question is how to make sure there are sufficient redundancies so that the failure of one defense line does not automatically lead to disaster as it did on Oct. 7.
Sources said that Israel “got lucky” that Hamas did not get as far as Dimona, Beersheba, and Ashdod because had they, “there was no secondary defense line to stop them.”
Another pressing issue they noted was where the IDF places its “listening stations” to monitor Hamas chatter, and what locations provide intelligence reports on these issues.
A further hybrid failure between technology and improper defense conceptual thinking, they said, was the undue faith the IDF Southern Command had placed in the new, highly advanced, billions of shekels’ worth border fence. Besides being larger and physically tougher above ground, the fence went below ground to prevent Hamas tunnels crossing into Israel, including the most cutting-edge below-ground sensors money could buy.
Sources said the IDF Southern Command were so enamored of the new fence, that they believed it could not be breached. But while it made expected forms of attack more challenging, it did very little to prevent the low-tech generic mass above-ground attack by Hamas.
Supported by Iran, Hamas did something unusual, sources said: Knowing it could not invade from the sky or from tunnels, Hamas just walked in through the front door in overwhelming numbers.
The Israeli Air Force, they insisted, must radically change the way it operates and be far more available to constant quick border issues; and local villages must be filled with many more on-call local army units. Villages had more forces in the distant past but were reduced due to budgetary considerations.
Broader intelligence problems
One of the most puzzling aspects of Oct. 7 is that it seemed in so many ways to follow similar failures from the Yom Kippur War. This was despite the fact that so much time and energy have been poured into learning and analyzing every little aspect of the 1973 foul-ups.
How did such a talented unit as 8200 get blindsided by similar failures from 50 years before? It goes far beyond technology, sources said, with “a generation of people who share their consciousness and identity on Twitter.” In fact, many of those talented Unit 8200 personnel “still don’t understand the change on Oct. 7.”
For example, “This generation accepts many data points and conclusions without achieving any depth or digging into the issues to see if they are grounded, or side points or deceptive points.”
When awesome cyber tools blind us
Sources noted that paradoxically, “Many cyber achievements blind us. Big data is in such a large volume that this generation of analysts gets lost in the data. In the world of cyber capabilities, it is easy to grab lots of data, but then it’s a challenge to find the right data.”
Regarding some valuable lessons of signals intelligence (SIGINT), some said, “In the old world, you had to work hard to obtain intelligence. Everyone talks about the importance of HUMINT [human spying], but from SIGINT” you obtain slivers of distinct intelligence data points which then need to be further researched and unpacked.
Moreover, “not all data is equal. We stopped evaluating less sexy sources of intelligence. We can shoot down rocket threats in the atmosphere, but for years Hamas sent simple balloons which burned down our fields across the entire South.”
Some warned that Unit 8200 “celebrated the surface-level achievements in place of the deeper intelligence.”
Engineers, academics – not just hackers
In a parallel criticism of the focus being too much on big data and cyber capabilities without sufficient weight on substance and context, some sources said, “The number of academics and engineers in IDF intelligence has decreased dramatically. Cyber blinded everyone into focusing on finding the quick and glorious weakness of the enemy. But you get truer depth in SIGINT and with more staff who have training in engineering and academia, disciplines which require significant preparation.”
In contrast, some sources said cyber staff can get a prize quickly for finding one weakness in the enemy’s digital firewall, even if they have not had much comprehensive intelligence education.
Noting that “intelligence is a very specialized area,” sources stressed: “You do not merely look at reality and understand it in a superficial sense. You need to understand the complexities, unique issues, intentions, and context in a very critical way. The integration of all of those things is an art.”
“Balancing risks is also an art,” sources added. “You make lots of mistakes all the time in the IDF and in business, and most of the time it’s okay, as long as you just learn from your mistakes. But you really need to make sure you do not make a major error.
“Israeli society used to revere people who contributed to the community. Now it celebrates money, no matter how you got it. This also encourages speed over depth, which harms the country.
“It will take years to repair the damage, and we needed to start yesterday.”
Cognitive dissonance
A related problem sources pointed to is cognitive dissonance – i.e., directing the facts according to your theory. When the fact of Hamas turning on huge volumes of Israeli SIM cards did not fit into the narrative that the Gaza group was deterred, it was simply downplayed.
Sources said, “The problem is how and whether we are ready to question ideas that do not go along with us. You always need to bring in someone who doesn’t agree with you.”
Data or disaster?
Specifically addressing the handling of big data, there was a variety of views.
Ben-Israel said, “With big data, it is easier to find data to prevent threats” on a variety of complex fronts.
Some stated that usually, a larger mass of evidence from big data points to the right conclusions but warned that when it is incorrect, disaster may result.
In other words, there are so many attempted terror operations per day, sometimes dozens, you need large masses of intelligence collection to follow and thwart them. But even these big data-style defensive operations have their limits.
Additional sources asked: What do we do with big data? What do we do with artificial intelligence?
We should “use it but not obsess over it, and we should not ignore basic principles of intelligence.”
Further, some might argue that Unit 8200 only collects intelligence, and it is the analysis division that is responsible for understanding and applying that intelligence. Pushing back, they said: “Does IDF intelligence really want Unit 8200 to be limited to just being a collector?” The problem, they noted, is that the analysis division is then “cut off from the original intelligence material.”
Also, many analysts are only analyzing the intelligence reports filed by Unit 8200, but they “do not have as much insight into how the intelligence was collected and its veracity or how it might compare to other intelligence items.”
Again: “Do we really want to completely cut off the intelligence collectors, who are closer to what is going on ‘in the field’ – from the analysis?”
Others said IDF intelligence needs to “find better methods to break down, sort, and find useful items in big data.” Time needs to be better invested in seriously understanding the evidence disagreeing with the prevailing conceptual framework. “This means we need true questioners.”
Out-of-the-box questions
A central question no one knows the answer to is whether the IDF will fire many officials from intelligence (other than the intelligence chief), as their greatest fear is losing their trained personnel.
Thus, whereas in many areas of work in the world if someone fails, you just fire and replace them, highly trained IDF intelligence officials can take years to replace.
Lt.-Col. A, who downplayed many warnings of a Hamas invasion, is still on track for promotion. Only one IDF intelligence official, lower down, has resigned to date.
There is also a longstanding problem, even pre-war, that most top IDF intelligence officials are being swallowed up by the private sector, such that there are years of built-up fear of losing officials to the opportunity to get rich.
Another major question: Has over-sharing intelligence between the IDF, Shin Bet, and Mossad created a new conceptual framework and somewhat destroyed the “pluralism” from the Yom Kippur War?
In 1973, the Shin Bet and Mossad established much broader analysis divisions to avoid the scenario where the only serious analysis was being carried out by a single body, the IDF, which had missed Egypt’s surprise attack.
However, post-9/11 in the US, the trend somewhat reversed, encouraging all intelligence agencies to share more information automatically.
Sharing intelligence is crucial. Paradoxically, this sharing may have had the unintended consequence of reducing the readiness of different agencies to disagree with one another. This may have facilitated Oct. 7.
‘Ipcha Mistabra’/Devil’s advocate team
Within the IDF, there is a debate about whether having an internal devil’s advocate team (Ipcha Mistabra) works.
Once again, after the Yom Kippur War the defense establishment understood it needed such a team because of the seeming paradox that a group of really “good people can collectively build a very mediocre system,” since consensus is convenient.
Former National Security Council chief Yaakov Amidror has been credited with boosting the devil’s advocate red team in IDF intelligence.
A problem, sources said, is that recruits need to stay in the job for real.
“Usually, ombudsmen are afraid to be overly critical,” they warned, “tending to function in a somewhat mechanical fashion.” The role was initially designated for those in the position to be filling it as their last role. No one remained long in the role, and “even when someone stayed longer it was the last job for many people.” Eventually, the position was no longer only considered the last stop but also attracted high-quality personnel by opening up to younger generations.
Some said these issues could be taken care of and fixed, while others said the devil’s advocate team as a set structure did not work.
Still, sources said, as much as there is the need to rebuild Unit 8200, there is also the need to create a culture in which the 8200 collection unit is readied to loudly raise red flags.
It is a problem, they said, if there is no one to second-guess the analysis division.
Likewise, the IDF intelligence chief and other officials need to hear multiple voices and not simply be a rubber stamp for the analysis division. Another option, sources said, is for Unit 8200 to be authorized to challenge the IDF intelligence analysis division.
Of course, supporters of this idea acknowledge that there are problems with Unit 8200, having become too in love with and dependent upon technology. This should be a wake-up call that you can collect huge amounts of data, but if you don’t do real intelligence work and analysis, it won’t help you.
Heads must roll. And years-long restructuring of how Unit 8200 and IDF intelligence operate must leap ahead. But what does this all rest upon?
Not so much the structure as on respecting the enemy and being ready to constantly adapt to that enemy – and knowing that failure to do so could not be a mere error but a catastrophe.