Did COVID-19 lead to Israel’s new cyber weakness? - analysis

Top cyber officials in Israel and the US have repeatedly confirmed that the corona era has created a myriad of new vulnerabilities.

By YONAH JEREMY BOB

DECEMBER 21, 2020 19:06

Updated: DECEMBER 21, 2020 21:06

[Illustrative] A man holds a laptop computer as cyber code is projected on him. (photo credit: KACPER PEMPEL/REUTERS) — [Illustrative] A man holds a laptop computer as cyber code is projected on him.

(photo credit: KACPER PEMPEL/REUTERS)

Did the coronavirus topple Israel from its perch as the country that couldn’t be hacked?

Until December 2020, Israel had a unique record of avoiding being hacked beyond a certain level.

Sure, individuals and less-defended companies had been hacked like everywhere else in the world.

But until Shirbit, IAI and, according to Check Point, hundreds of other Israeli companies were hacked in December or recent months, probably by Iranian-sponsored groups, Israel had avoided the embarrassment of major well-defended companies and agencies being hacked as had happened in the US, England and most other countries.

Former president Barack Obama’s cyber chief Michael Daniel had explained to The Jerusalem Post in a prior interview that Israel was doing better at cyber defense than the US, despite America’s superior capabilities, simply because it was so much smaller.

The US, with more than 325 million people and 50 state governments on top of an enormous federal bureaucracy, simply had too much cyber surface area to defend against, compared with Israel’s nine million people and both a smaller and more centralized government.

So one simple explanation for why Israel’s cyber record is looking much weaker now is that the coronavirus era exponentially expanded the cyber surface area Israel must defend.

Not only that, but there was no time to plan, with the March national lockdown and transferring massive portions of the business and education sectors to Zoom nearly overnight.

Top cyber officials in Israel and the US have repeatedly confirmed that the coronavirus era has created a myriad of new vulnerabilities.

Increased hacking focused on seizing coronavirus research had already started in April, Israel National Cyber Directorate (INCD) chief Yigal Unna said at a conference at the time.

The INCD had been in overdrive to protect a wide range of the health industry’s exponentially expanded online exposure in the age of corona, he said.

He described a sudden shift in which the numerous new networked processes for tracking, contacting and managing sick and potentially sick people exploded in size and required an equally massive expansion in cyber defense.

Some of these processes reach an additional level of complexity when systems for industries that were producing classified weaponry for the IDF are converting portions of their efforts to working in the more exposed and open public health sector.

Next, Unna discussed the directorate’s involvement in publicizing guidelines for securing Zoom video conferences, an application whose use skyrocketed due to the need to cope with social-distancing measures but that limit physical interactions between people.

Despite the guidelines, Zoom has been hacked rampantly worldwide.

In August, retired IDF Intelligence official Daniel Rakov told another conference that Russia was using cyber and disinformation to try to bolster its standing regarding everything surrounding the issue of a coronavirus vaccine.

Russian President Vladimir Putin was interested in winning the race to make a vaccine and in using hacking and social-media campaigns to discredit competing vaccines, he said.

Rakov wondered why Russia would hack American, Canadian and British vaccine research (all three countries have accused Moscow) while acting as if it was ahead.

At the same conference, Israel CERT (Computer Emergency Response Team) cyber director Lavi Shtokheimer said countries need to know that hospitals will neither collapse under the weight of the physical or cyber pressures of the coronavirus outbreak.

Sanaz Yashar, FireEye Israel’s chief cyber analyst and a former IDF Unit 8200 veteran, said the most important change decision-makers needed to make was conceptual.

Ironically, FireEye was hacked by Russia in the last two weeks. But Yashar’s warnings of the role of coronavirus in making countries more vulnerable in cyberspace are still poignant.

Cyber now stretches into whole new universes and exposes countries to far more vulnerabilities in an age where social distancing has forced massive amounts of human interactions online, he said.

At an October conference, former CIA director David Petraeus said: When the coronavirus hit, “almost everyone moved to the cloud if they were not already there,” which has been a “new opportunity for nation-state hackers, criminals and extremists.”

He said he had “just fended off an Iranian phishing group attack this morning,” as if it was a frequent expected event.

Also, in a panel on cyber challenges in the aviation sector during the coronavirus crisis, officials from several countries said less traffic has not reduced the threat from hackers.

Many services that used to be done by people are being handled electronically, which has exploded the volume of an airport’s vulnerable digital surface.

Some of the aviation cyber experts said it had been challenging for them to work as efficiently when their cyber defense groups are working remotely from each other.

So there is no question that Israel’s cyber sphere has become far more vulnerable in the coronavirus era.

The question is whether Israel will be doing anything about it.

Traditionally, Jerusalem does not tip its hand when the IDF or Shin Bet (Israel Security Agency) undertake specific cyberattacks against an adversary, such as Iran.

So one could say it is no surprise that the IDF, the Shin Bet, the Defense Ministry and the Prime Minister’s Office all refused to comment about responding.

On the other hand, that was a game Israel could play when its most powerful companies and defense agencies were not being hacked apart in public.

Now that Iranian-sponsored groups are publicizing their defeat of major Israeli companies, how long will Israel not respond or respond quietly?

And if there is no public response, will Israel’s cyber deterrence fade as well?