Following the July 3 announcement of a mega cyber ransomware attack on the US IT management company Kaseya, currently attributed to the Russian cyber gang REvil, what is the state of cybersecurity in Israel and the US?
The reason this is a mega cyber event is because Kaseya provides IT management tools to 40,000 customers worldwide, many of whom are service providers to hundreds of businesses.
In that sense, it could turn out to be the largest ransomware attack of all time.
Although the cyberattack’s strategic gravity of harm likely would be less than the SolarWinds mega hack announced in late 2020, the volume of businesses the latest hack would impact could be larger, the Israel National Cyber Directorate (INCD) has told The Jerusalem Post.
Essentially, the only thing in common between the two mega hacks was that a major digital-services supplier was targeted to spread out the effects more widely than an attack on a specific business or industry, INCD said.
Beyond that, the attacks were very different.
SolarWinds was an audacious cyberattack by the Russian government to spy on and obtain sensitive top US national-security secrets and methods of operation.
The current hack was not directed at any strategic footholds of American power and is not about spying.
Rather, it is directed at the private sector to extort businesses for money – the definition of a ransomware cyberattack.
SolarWinds was a far more sophisticated and patient hack, whereas the tactics used here were less fancy but were still formidable and directed enough to expand across the globe, INCD said.
That being said, there has not been a major impact on Israel to date, although the Jewish state has suffered its own separate major attacks, such as the hack of the Shirbit insurance company.
A more basic question raised by this attack is why do pretty much all surveys still rate the US as the world’s greatest cyber power when it keeps getting mega-hacked?
This attack comes just over half a year after SolarWinds and only one to two months after JBS, one of the largest meat producers in the US, paid an $11 million ransom to REvil after a cyberattack and after Colonial Pipeline, one of the US’s largest gas providers, was forced to shut down gas delivery to the East Coast until it paid the hackers $4.4m.
With such an abysmal record at stopping major cyberattacks, one might think the US should rate much lower.
Another question is why has Israel not been hit as hard by either the SolarWinds or Kaseya attack, and what does this mean for how Jerusalem compares to its cyber challengers?
A recent report by the International Institute for Strategic Studies (INSS) put the US alone as a Tier One cyber power, saying it was the only country that is a leader in all of the relevant categories of cyber strength, including defensive resilience, protection of infrastructure, offensive capabilities and long-term strategic planning.
In fact, the report specifically addresses the impact of the SolarWinds hack on its rankings, saying its “assessment is unchanged by the discovery at the end of 2020 of the Russian cyber-espionage operation that had hacked into software provided by the US company SolarWinds and infected the company’s many clients, including nine US government departments and about 100 private companies.”
“Although this will have heightened dissatisfaction with the country’s cyberdefenses, it should also be noted that the operation was detected, and is being disrupted, by the US private sector,” the report said.
Another interesting comment in the report is that “it is likely that US cyber-enabled influence operations are far less prolific than those conducted by the Russians and Chinese, given the number of the latter that have been detected and publicly revealed. But that should not lead us to judge that the US has substantially less capability or weaker intent.”
“We might instead conclude that the US use of its capability is more sophisticated, with less chance of detection, and that it is more controlled and responsible… It remains an open question whether the Russians and Chinese have gained an advantage owing to their growing peacetime… aggressive use of offensive cyber for influence and information operations,” the report said.
In terms of addressing Israel, the report puts the Jewish state in the same second tier along with China, Russia, France, UK, Australia and Canada.
In the report’s third tier are India, Japan, Indonesia, Iran, North Korea, Malaysia and Vietnam.
“Owing to the audacity, controversy and success of their operations, Israel’s intelligence services have acquired a formidable reputation,” the report said. “That said, and despite the regional superiority of its cyber-intelligence capabilities, Israel lacks the global intelligence reach of some other states.”
“It compensates for this through a particularly close relationship with the US cyber-intelligence community, and also through collaboration with the UK’s agencies and… France, Singapore and the United Arab Emirates,” it said.
“The annual survey of 500 leading cybersecurity companies published in Cybercrime Magazine demonstrates the global competitiveness of Israel’s cyber industry… with no fewer than 42 companies in the list, Israel was second only to the US (354 companies),” the report said. “The UK, ranked third, had only half as many companies as Israel in the list, while China had only six.”
“Many people working in Israel’s cybersecurity start-ups – including the founders of Palo Alto Networks, NSO and Checkpoint – had served previously in Unit 8200 as combat or technology personnel,” it added.
“The close collaboration between Israel’s military and private sectors provides a unique technological advantage for both, with new cyber technologies tried and tested on real battlegrounds, ensuring their effectiveness and scalability before they are released on the global market,” the report said.
It appears that the US makes up for how hackable it has been with its first-rate offensive capabilities and that so much of the world’s digital existence still emanates from America, no matter how much impressive catch-up Beijing has played.
Interestingly, the US also has almost double the number of satellites than the entire rest of the world combined and close to five times as many as China, which is in second place.
Israel has vulnerabilities that Iran and others can exploit, but its offensive, defensive and future potential creative cyber capabilities still far outstretch the Islamic Republic’s.
What this means is that Washington and Jerusalem will likely continue to face mega hacks, but the overall cyber playing field, for now, still favors both when pitted against their relevant adversaries.