Officials love to talk about cyber defense and deterrence after Israel, the US and others have suffered a series of unprecedented mega hacks in 2020-2021, but many are wary of talking publicly about using cyber offensive capabilities.
This week, former IDF cyber chief-of-staff Brig. Gen. (res.) Yaron Rosen discussed in detail with The Jerusalem Post both cyber offense and defense, and addressed how Israel should balance its cyber and other relations with China during the ongoing competition between Washington and Beijing.
Rosen, who is currently president of cyber intelligence heavyweight Toka, said cyber offense is “physical by nature, it’s actually mathematical by nature. If things are wrong by a 1 or a 0, they just don’t hit. That 1 or 0 may be the entrance, the way to open the gate,” he said.
View previous Zoomcast: Why are ransomware attacks on the rise? >>View next episode: WIZO head: Shira Isakov is just one case >>
“It’s in the covert operational realm, so everything needs to be very slow, very carefully planned, you need to understand not only the technology you are confronting, you need to understand the people behind the technology that you are confronting,” said the former IDF cyber chief-of-staff.
But he also said it depends on the target one is trying to hit, from a defense apparatus to a private company, a port or a power plant.
“These are very different adversaries and you need to understand them," he said.
He said that the questions to ask are how do they work, how do they do their updates, for when are their updates planned and what exactly do they have installed.
The greatest danger is that if someone understands that he or she is being surveilled, "he will change" and that will "roll back all of that planning."
Rosen emphasized that it takes a the investment of a tremendous amount of time and resources to gather intelligence about all of the technological and human obstacles and vulnerabilities.
He said that intelligence collection involves understanding the cyber digital version of looking inside the gate, getting past the guard, going left and going right – “all of these opportunities need to line up.”
Describing another dilemma that cyber intelligence professionals have to cope with, he said, “Sometimes somebody says ‘ok the strategic stars have not aligned, we are going to do it next month.’ This could roll back the whole thing and the planner could say ‘there is no next month.’ It can be part of the calculus in such operations.”
Rosen said he has three starting principles for being cautious about using cyber offensive weapons to achieve deterrence against adversaries.
The three principles include that a nation cannot rely on building its deterrence only in cyberspace; attribution in cyberspace makes use of offense very tricky; and "when you have a house made of glass, be careful before you throw stones.”
But he said there are definite and unique advantages to going on the offensive in cyber space as opposed to using real-world kinetic military force.
“Nations need to build multiple capabilities in multiple domains," Rosen said. "Cyber space represents opportunities which are not in other domains.
"The way you can control the damage when you use offensive capabilities is quite interesting,” he said.
He explained how missiles or other munitions could be used to strike a power plant, causing a large explosion, fires and a big scene.
Alternatively, he said, “you can hit it through its IT [information technology] systems and the damage would be limited in time, maybe even hours or days or weeks, but there will be no smoke,” and it will not draw as much negative attention globally.
Practically speaking, he suggested that Israel and others need to, “have a strategic [cyber] targets list [to attack] capability only as the doomsday capability, so you have to be able to deter and use these capabilities,” but cyber offensive strikes against infrastructure “I would only use it if your adversary used it first, to restore deterrence.”
In most circumstances, he would advocate using cyber offensive capabilities in a more scaled down capacity, such as limiting “the use of offensive power to hitting economic targets which might be something you would use with other ways of using force."
For example, it could be used against a terror organization - to take their money or change the content on their website.
Moving to cyber defense, Rosen said, “There’s a lot of progress, a lot going on, on multiple fronts. Cybersecurity is increasingly a focus for governments, entities and the private sector. Collaboration is growing. You can see it in the US with the recent [President Joe] Biden executive order” on cyber security standards.
At the same time, he said that cyber is different from trying to keep up with new developments in warfare in the land, air and sea arenas.
“Cyberspace developed so fast," he said. "Nations are struggling... There is a great need to scale national cyber regulatory efforts… How do you build national level visibility to weaknesses? How does a regulator actually build this dashboard of the US,” to visualize the whole nation’s potential cyber holes.
He said governments and companies need huge amounts of time to build new systems and ways of doing things, new products and to change how they collaborate - but there is little time.
“Both the US and Israel are moving forward on all of these fronts,” but the unique difficulty is that in cyber “is like walking up on the opposite way of the escalator that is going down. If you are not doing anything, you are not in the same place, you are actually going down, so you have to run faster,” he warned.
Focusing on China and competition between Beijing and Washington, Rosen said that, “From a geostrategic standpoint, Israel has a very unique place,” and that it has projected global cyber capabilities and influence punching far above its small size as a country.
“That said, Israel needs to be very, very humble, so it’s very clear that the Chinese global strategy is spying for IP [intellectual property] theft, for military purposes." He said Israel also need to be "extremely careful” about allowing Beijing to invest in Israeli critical infrastructure.
“Critical infrastructure controls such as ports, the port of Haifa, energy sector investments by the Chinese, in any place the Chinese are investing, Israel needs to be very careful to maintain its economic independence, and through that, its strategic point in this global power struggle between the US and China," Rosen said.