In a nondescript office park in the desert town of Be’er Sheva, a “war room” filled with screens showing various maps, rolling information, and graphics inform around a dozen or so staffers, manning computers at the central heart of Israel’s civilian cyber defense system.
So important is their mission that the room where they track cyberattacks 24 hours a day, seven days a week, is itself a bomb shelter – meaning even if rockets are raining down, their work does not stop.
On some of the screens, maps of the world show what look like missiles originating in the United States and Europe heading toward Israel. They’re not actual bombs, but instead, indications that a cyberattack, either originating – or more likely – being spoofed to look like it’s coming from those locations, is targeting Israel’s civilian infrastructure.
While Israel’s military and intelligence services secure its government and military in the cyberworld, Israel’s National Cyber Directorate is responsible for coordinating the monitoring and defense of Israel’s civilian life.
The directorate is lead by Yigal Unna, a veteran of the Israeli Defense Forces’ elite 8200 cyber unit and of the Israeli Security Agency. He told CNN in an extensive interview that during the coronavirus pandemic in which many people worked from home, he and his team have seen a sharp increase in attempted cyberattacks.
“It’s not just a day-to-day basis, it’s an hourly or minute basis,” Unna said. “We witness attacks everywhere. The last year and a half and even before that it’s like the world went crazy.”
In October, a ransomware attack hit the Hillel Yaffe hospital in Hadera in Northern Israel, paralyzing its internal IT system. The attack caused staff at times to resort to using pen and paper for patient records, and caused the delay of non-urgent operations for at least two weeks.
“Most (attacks) comes from criminal elements and individuals trying to find if there’s a criminal prospect,” Unna said. “The vast majority comes from there because there’s good money [to be made] unfortunately.”
Other assaults on Israeli civilian life may originate from state-backed entities with a political motivation. In April 2020, a cyberattack on Israel’s water system could have led to incorrect levels of chemicals like chlorine being added to drinking water. Israeli officials publicly attributed to the attack to Iran.
Had it been successful, the attack could have caused widespread fatalities, Unna said, illustrating how cyberwarfare can be just as devastating as bombs and missiles.
“You just need a couple of smart kids with an understanding, [and they can] cause damage worse than Hiroshima … you can melt down nuclear power plants,” Unna said.
In late October a hack of an LGBTQ dating site in Israel led to personal details of thousands of users being posted online. That attack is largely being attributed by Israeli media to Iranian-linked criminal hacking group Black Shadow.
“We see a growing tendency unfortunately… to have a combination of this sort of attack not just for financial purposes but also to embarrass. It’s a simple evil or malicious tendency,” Unna said.
The New York Times recently reported that such Iranian-linked attacks on Israeli civilian life are part of a growing shadow cyber war between the two adversaries. The Times, citing unnamed US defense officials, said Israel, in retaliation, was behind a recent retaliatory cyberattack on Iran’s fuel distribution system, crippling gas stations in the country for days.
Unna though, was coy when asked about such actions. “Of course we know who is behind it and we remember … and we can get even with those who are behind any of these attacks,” he warned.
When asked exactly how Israel “gets even,” Unna responded “in our special measures and means.”
“Israel has all the tools and all the advantages not just in cyber but in all other aspects that we can use when it is needed,” he added.
Attackers can be anywhere in the world, often masking their true locations and trying to target multiple countries at once. That’s why international cooperation is key, Unna says.
Last month the US and Israel launched a joint task force to combat ransomware, and Unna said that while Israel was already working closely with dozens of countries, it’s inevitable there will be even greater international cooperation mirroring intergovernmental military defense alliances like NATO. Even countries like China and Russia will eventually sign on, Unna predicted.
“I think it’s inevitable,” Unna said. “Eventually all countries, all of these societies will witness the same problems and need to take part in the same solutions.”
Unna has said “rapid” is not a strong enough word to describe just how fast, crazy and hectic things are moving in cyberspace. And while he’s confident he and his colleagues have the upper hand, it’s getting harder to keep up.
“You need to run much faster just to stand where you stood yesterday and if you want to get a little advanced to progress, you have to run even faster,” he said.