beyond theory: applying empirical evidence to cyberspace ...cj82r526j/... · beyond theory:...
TRANSCRIPT
1
BEYOND THEORY: APPLYING EMPERICAL EVIDENCE TO CYBERSPACE THEORIES
A dissertation presented
By
Matthew S. Cohen
to The Department of Political Science
In partial fulfillment of the requirements for the degree of Doctor of Philosophy
In the field of
Political Science
Northeastern University Boston, Massachusetts
February 2018
2
BEYOND THEORY: APPLYING EMPERICAL EVIDENCE TO CYBERSPACE THEORIES
A dissertation presented
By
Matthew S. Cohen
ABSTRACT OF DISSERTATION
Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Political Science
in the College of Social Sciences and Humanities of Northeastern University
February 2018
3
ABSTRACT
Political science has made progress in the study of how actors behave in cyber-space, but it
is still an emerging field. Much of the academic work regarding cyber-space is focused on
theory building. There are many scholars who have produced outstanding theories, but the
field now needs to move further and begin to collect empirical evidence to determine which
theories are more useful than others. This dissertation attempts to do just that. It examines
existing theory, and proposes new theories, using evidence from Israel to improve the field’s
understanding of cyber-space. Israel is one of the most powerful states in cyber-space, but
it is woefully understudied. This is the first major book sized project that applies the Israel
case to cyber theories. This dissertation is therefore useful not only as a standalone project,
but as one that can be useful as a basis for others’ work in cyber-space. A central goal of this
project is to improve the ability of decision makers to craft good policy. Thus, policy
recommendations are offered on every topic with the goal of strengthening state’s use of
cyber-space both offensively and defensively.
The dissertation also addresses two other understudied areas, the behavior of non-state
actors in cyber-space, and the role of international law and norms. Using Israel as a case
study, this project examines both of those issues. It examines the types of dangers Israel
faces from non-state actors and Israel’s response, and evaluates what Israel has done well
and what it could do better in this regard. The role that norms and international law play in
decision making in cyber-space is also explored by examining what Israel’s actions and
decisions have been.
4
ACKNOWLEDGMENTS
I owe a great debt of gratitude to many people for their help along the way. Among them are
the members of my committee who helped guide me through this process. Denise Garcia for
taking me on as her first doctoral student. Her willingness to take a chance on me and her
faith in me and this project, and her friendship over these past nearly five years, were
invaluable. Max Abrahms’ assistance with my methods greatly strengthened this project. I
am grateful as well for his constant availability to offer his advice on all things academic. I
have known Chuck Freilich long before I set out to get my PhD, and he has been there to
support me at every step. He is the one who got me started researching cyber-space and
Israeli cyber-policy, and I have very much enjoyed working on so many projects together,
and I look forward to more to come. Thank you as well to Nazli Choucri who joined this
project in its later stages and was kind enough to offer her insights and advice.
I want to give a special thank you as well to my family. My mother and father have been
supporting me every step of the way my entire life. I cannot thank you enough for all you
have done for me. To my children, Brianna and Ben, thank you for playing with me when I
needed a break! You are the light and joy of my life. I could not have done this without the
unwavering support of my wife, Julie. Thank you for showing such faith in me. You are my
everything.
I am more grateful to all of you than I will ever be able to express. Thank you!
5
TABLE OF CONTENTS Abstract 2 Acknowledgments 4 Table of Contents 5 Chapters Chapter One – Introduction 6 Chapter Two – Israel, Culture, and Cyber-Space 51 Chapter Three – A Conceptual Model for Cyber-Space: 4Ds and an R 83 Chapter Four – Israel and Cyberspace: International Norms, Laws, and Soft-Power 137 Chapter Five – Countering Malicious Non-State Cyber Actors: The Israeli Experience 169 Chapter Six – Conclusion 222 References 238
6
Chapter 1 - Introduction
The cyber-realm presents states with both new and familiar challenges. While there
is a great deal of hype regarding the extent of the danger, there can be no doubt about the
potential peril the cyber-realm poses. Cyber-attacks can cause a wide range of damage, from
financial, to information security, to espionage, to military, to physical. In fact, cyber-attacks
have already caused physical damage (the Stuxnet worm, which will be discussed in detail
later in the dissertation, destroyed centrifuges that Iran was using to build its nuclear
weapons program). Despite its growing importance and the dangers it poses to national
security, the cyber-realm remains understudied in the field of political science.
Israel, a nation that relies heavily on cyber-technology, is particularly vulnerable to
cyber-attacks and has been a primary target thereof.1 Indeed, Israel faces a nearly constant
barrage of cyber-attacks, and many are highly complex threats that are difficult to defend
against.2 While Israel has been a target of heavy cyber-attacks for over a decade, the threat
has only grown in recent years as both state and non-state actors have increased their efforts
against Israel.
Cyber-attackers have gone after a wide range of targets in Israel encompassing
virtually every facet of life. Foreign nations, sophisticated hacker groups, and cyber-activists
have attacked Israeli hospitals, the Tel Aviv Stock Exchange, the Bank of Israel, private
1 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011; Clarke, Richard
A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do About It (Ecco:
HarperCollins Publishers, 2012), p. 155. 2 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the
support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States
Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7 (2012);
TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz, June 16, 2016.
http://www.haaretz.com/israel-news/business/1.725277.
7
companies, critical infrastructure, and government and national security websites.3 During
the 2009 operation against Hamas in Gaza, Israel was hit with four waves of progressively
stronger cyber-attacks from over half a million computers.4 Israel suspected the attacks were
paid for by Hamas or Hezbollah and conducted by an unknown organization in the former
USSR.5 Among the websites taken off-line were the Israel Security Agency (ISA, or “Shin
Bet”), and the Home Front Command, which instructs citizens how to protect themselves
from rockets and other threats.6
In 2011-2012 a group linked to China’s People’s Liberation Army hacked three Israeli
defense firms, apparently to steal blueprints of Israel’s anti-rocket and anti-missile systems,
the Iron Dome.7 Additionally, in 2013, malware that likely originated from within the
Chinese defense industry was discovered on the computers of some senior Israeli security
and defense industry officials.8 When again battling Hamas in 2012, Israel faced a
sophisticated cyber-operation aimed primarily at government websites (the president’s,
prime minister’s office and the foreign and defense ministries). A total of over 100 million
cyber-attacks were launched during the campaign. As in 2009, the website for the Bank of
Jerusalem was taken down, as well as El Al’s web site, while the IDF’s public site encountered
problems and the Kadima party’s was defaced.9 On the eve of Holocaust Remembrance Day
3 Silber, Jonathan. “Cyber vandalism – not warfare.” Ynetnews.com. January 26, 2012;
http://www.ynetnews.com/articles/0,7340,L-4181069,00.html 4 Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek, July 27, 2009, p. 11. 5 Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15., 2009.
http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 6 Herzallah, “Israel Fights Wire with Wire.” 7 Vincent, James. 2014. “Schematics from Israel’s Iron Dome Missile Shield ‘Hacked’ by Chinese, Says Report.”
The Independent, July 29. Accessed July 30, 2014. http://www.independent.co.uk/lifestyle/gadgets-and-tech/israels-
iron-dome-missile-shield-hacked-by-chinese-military-hackers-says-report-9635619.html 8 TOI Staff and AP. “Israel Reportedly Thwarts Cyber Attack from China.” Times of Israel, October 28, 2013.
http://www.timesofisrael.com/israel-reportedly-thwarts-cyber-attack-from-china/ 9 Hirshoga, Or and Nati Toker. 2012. “Cyber Battles against Israel.” The Marker (Hebrew), November 22, 2012.
http://www.themarker.com/technation/1.1871058; Khazan, Olga. “Anonymous Is Hacking Israeli Web Sites.”
8
in April 2013, hacker groups coordinated a series of cyber-attacks entitled #OpIsrael to make
financial, business, educational, non-profit and news sites inaccessible. During the 2014
campaign against Hamas the Home Front Command website was again temporarily taken off
line, as were some public IDF websites.10 The Syrian Electronic Army was able to hack the
IDF blog and Twitter account and post its own images.11 In 2015 Anonymous threatened
Israel with an “Electronic Holocaust” in which it would “erase” Israel from cyber-space,
though in the end the actual impact was limited, with the defacing of just a few dozen
websites, none of which belonged to the government websites.12
In 2011 Iran reportedly launched “Newscaster” against Israel, the US and other
Western nations, to gather intelligence by creating a series of false virtual identities with ties
to government officials and reporters. The attack, which compromised over 2000 computers,
was only uncovered in 2014.13 Iran additionally appears to have been able to penetrate
defenses in several government agencies and to have successfully accessed restricted
information.14 In 2013 Israel accused Iran, Hamas, and Hezbollah of a series of large scale
Washington Post, November 17, 2012.
http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/;
Zippori, Michal. “Hackers Attack Two IsrZivaeli Websites.” CNN, January 26, 2012.
http://www.cnn.com/2012/01/16/world/meast/israel-hacking-attack/ 10 Winer, Stuart. “Iranians Launched Cyber-Attack on Israel during Gaza Op.” The Times of Israel, August 17,
2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-during-gaza-op/ 11 Institute for National Security Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July
15, 2014.” Defense Update, July 15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-
2014.html; Ruble, Kayla. “Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com, July 7,
2014. https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak. 12 Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com, April 7, 2015.
http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176. 13 Perlroth, Nicole. “Cyberespionage Attacks Tied to Hackers in Iran.” The New York Times, May 29, 2014.
http://bits.blogs.nytimes.com/2014/05/29/cyberespionage-attacks-tied-tohackers-in-
iran/?_php¼true&_type¼blogs&_php¼true&_type¼blogs&_php¼true&_type¼blogs&partner¼rssnyt&emc¼rss&r
¼2. 14 Mandiant. “M-Trends 2014: Beyond the Breach.” FireEye. 2014. https://www.mandiant.com/resources/mandiant-
reports/, p. 8-9.
9
attacks against “vital national systems,” including water, power, and banking sites.15 During
the 2014 Gaza campaign, Iranian attacks exceeded all previous ones, both in scope and
breadth of the targets selected. The Iranian attacks mainly targeted civilian infrastructure,
including financial networks, but it also targeted government security systems, including,
reportedly, an attempt to seize control of Israeli drones.16 In 2016, Israel’s critical
infrastructure was facing as many as two million attacks a day. Some attacks were able to
obtain sensitive information, but Israel appears to have been able thus far to prevent any
disruption or damage.17 Additionally, in 2015 and 2016, Israel faced a well above average
number of threats as compared to the world average across all computers in the nation.18
In addition to Iran, Israel has faced attacks from around the world.19 The danger from
non-state actors and “cyber-activism” by individuals and groups is also growing.20 Such
operations are already capable of interfering with the government’s ability to communicate
instructions to the public in times of emergency, such as when the Home Front Command’s
public website was taken down by hackers during the operations in Gaza in 2009 and 2014.
Cyber-attacks pose additional dangers during security emergencies, and in fact, the
frequency of attacks against Israel has been shown to increase during such situations.21
Should cyber-attackers manage to disrupt communications and military systems for just a
15 Reuters. “Iran Ups Cyber Attacks on Israeli Computers: Netanyahu.” Reuters, June 9, 2013,
http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609. 16 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post, May 11, 2013,
http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716; Soffer, Ari. “Security
Services ‘Foiled Massive Cyber-Attack on Israel.’” Arutz Sheva, August 28, 2014.
http://www.israelnationalnews.com/News/News.aspx/184518#.UACmNm7Wg. 17 TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” 18 Microsoft “Microsoft Security Intelligence Report: Israel.” Microsoft Corporation. 2016, p. 3. 19 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National
Security Studies, Memorandum 117. May 2012, p. 36. 20 Ben-David, “Playing Defense.” 21 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 37.
10
short period, it could make a significant difference in Israel’s ability to respond to a physical
attack, as Israel is a geographically small country which relies mainly on a reservist army.
Israel has taken the threats posed in cyber-space very seriously, defining the cyber-
threat as one of the foremost threats it faces, and rapidly developing capabilities that have
placed it at the very forefront of the cyber-world. It has been recognized for years that Israel
is one of the most advanced nations in cyber-space.22 Indeed, Israeli policies on cyber-
defense are trend setting and have been cited as an example of what the rest of the world
should attempt to emulate.23 Israel appears to not only have been the victim of cyber-attacks,
but has reportedly also been a leader in using the cyber-realm for offense. The United States
government has been highly impressed with Israel’s work in cyber-space and attempted to
learn from its experience.24 Major technology companies have taken notice of Israel’s
accomplishments and have established offices in Israel, and Israel boasts a large number of
start-up companies.25 Israel has become a major economic power in cyber-space, exporting
more cyber-products and services than the rest of the world, excluding the US, combined.26
Far too much of the current work in political science regarding cyber-space lacks a
clear empirical basis. This can lead to an over-hyping or downplaying of the threat, and
results in faulty policy recommendations. An improved understanding of how states act in
22 Grauman, “Cyber-security;” Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber
Conflict in the International System. (Oxford: Oxford University Press. 2015), p. 26; Kapto, Aleksandr S.
“Cyberwarfare: Genesis and Doctrinal Outlines.” Herald of the Russian Academy of Sciences. Vol. 83, No. 4. 2013,
p. 364; Herzog, Stephen. “Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses.”
Journal of Strategic Security, Vol. 4, No. 2. 2011, p. 52; Benoliel, Daniel. “Towards a Cybersecurity Policy Model:
Israel National Cyber Bureau Case Study.” North Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p.
442. 23 Grauman, “Cyber-security.” 24 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington
Quarterly. Vol 40, No 2. 2017, p. 113. 25 Eisenstadt and Pollock, “Asset Test,” p. xiii, 32; Steinherz, Tal. “Israeli Innovation in Cyber-Technology.”
Presentation to the Herzliya Conference, Herzliya, Israel, June 9, 2014 26 Benoliel, “Towards a Cybersecurity Policy Model,” p. 442.
11
cyber-space can serve as the basis for building policies that will enhance both peace and
security in cyber-space for all actors. This dissertation aims to provide such an improved
understanding though a detailed case-study of Israel and its experiences and actions
regarding cyber-space.27 This dissertation will demonstrate that Israel is a nation that other
states can use as a model to improve their own offensive and defensive capabilities in cyber-
space. It will also show that Israel is a critical nation to study for scholars interested in
conducting research into cyber-space.
Israel is a perfect case to use to do this. More so than most countries, Israel faces
severe risks and benefits in cyber-space. From critical infrastructure protection, to its
military establishment, to its economy, and beyond, Israel faces enemies in cyber-space who
do not wish just to harass it, engage in espionage, or try to seek economic advantage, but
seek to cause as much harm to it as possible. This includes dangers from both states and
sophisticated non-state actors. Additionally, few countries have the capabilities to be able to
take as much advantage of cyber-space as Israel can in both the military and civilian realms.28
Despite this, Israel’s experience in cyber-space remains heavily understudied. Israel’s
success in both defending against attacks and using cyber-space to its advantage make it a
perfect case to study.
Definitions:
Before proceeding, it is important to define some terms that will be central to this
dissertation. There is still healthy debate regarding the meaning of terms related to the
27 Information for this dissertation has been pulled in part from two of the author’s previous works: Cohen, Freilich, Siboni 2015; and Cohen, Freilich, Siboni 2017. 28 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 81
12
cyber-realm, and many lack clear definitions. What is meant by “cyber-space” itself is not
fully agreed upon. The dissertation, as it is focused on Israel, will employ the Israeli
government’s current definition of cyber-space as “the physical and non-physical area
created or comprised from part or all of the following elements: mechanized computer
systems, computer and communications networks, software, computerized data, content
transferred by computer, traffic and control data, and the users of all of the above.”29 Cyber-
space consists in essence of physical components, the logical building blocks that support
the physical infrastructure and enable the delivery of services, the information content, and
those actors that make use of the arena.30
One of the key terms to define is “cyber-attack” itself. There is debate over whether
this term is even appropriate, as it is very broad. In its place, authors have used different
constructions, such as “cyber-conflict”31 or “cyber-warfare”,32 but cyber-attack can be an
appropriate term if it is clearly defined in such a way that it is both expansive and restrictive
enough. For the purposes of this dissertation, a cyber-attack both uses and targets
computers, networks, or other technologies for malevolent, destructive, or disruptive
purposes.33 A cyber-attack occurs when an actor uses the cyber-realm (excluding
propaganda) to gain an advantage over a target, or to defend or promote the actor’s interests.
Cyber-attacks have two main motivations: political and criminal. The focus of this
dissertation is on cyber-attacks against nation states and not on cyber-crime. Politically
29 Israel Government Decision no. 3611 of August 7, 2011, http://www.pmo.gov.il/secretary/
govdecisions/2011/pages/des3611.aspx. 30 Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012), p. 8. 31 Valeriano and Maness, Cyber War versus Cyber Realities. 32 Clarke and Knake, Cyber War, p. 6. 33 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. 23; Valeriano
and Maness, Cyber War versus Cyber Realities, p. 3, 32; Clarke and Knake, Cyber War, p. 6; Kenney, Michael.
“Cyber-Terrorism in a Post-Stuxnet World.” Orbis Vol. 59, No. 1. 2015, p. 113.
13
motivated cyber-attacks aim to provide a strategic, diplomatic, economic, or military
advantage over an adversary and include, among others, efforts to disable critical military,
governmental, or civilian networks; espionage; and efforts to infect systems with malware
for future use. Cyber-attacks often additionally aim to force the target to take an action it
does not want to or modify a state’s behavior.34
Cyber-attacks can be launched by nations, non-state actors, or individuals, and can
target military, governmental, or civilian systems. Cyber-attacks may or may not involve the
creation of physical damage. In cases where they do, the attack must cause the damage via
an attack on one of the systems mentioned above, unlike in a kinetic attack where the damage
done is direct.35 A cyber-attack, similarly to a physical attack, can run the gaunt from small
scale, such as DDoS attacks (defined below), to major ones, such as attacks on the Iranian
nuclear weapons program that will be discussed below.36 Cyber-attacks additionally can
originate from network traffic, through supply chains, espionage (such as inserting a flash
drive), or from human error.37
Cyber-offense overlaps with the concept of cyber-attack. Cyber-offense as a whole
refers to the tools (computer code) and strategies a nation, group, or individual employs to
design and launch cyber-attacks.38 Engaging in cyber-offense, as noted, requires the use of
34 Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p. 21-22; Valeriano and Maness, Cyber War
versus Cyber Realities, p. 3; Hathaway, Oona; Rebecca Crootof; Philip Levitz; and Haley Nix. “The Law of Cyber-
Attack.” California Law Review. Vol. 100. 2012; Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 35 Singer, P.W. and Allan Friedman, Cybersecurity and Cyberwar (New York: Oxford University Press, 2014), p.
69); Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 36 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 37 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.
51. 38 Valeriano and Maness, Cyber War versus Cyber Realities, p. 26, 33; Rid, Thomas and Peter McBurney. “Cyber-
Weapons.” RUSI Journal. Vol. 157, No. 1. 2012, p. 6; Lin, Herbert S. “Offensive Cyber Operations and the Use of
Force.” Journal of National Security Law and Policy. Vol 4, No. 63. 2010, p. 64.
14
specialized computer code, which will be referred to as a cyber-weapon.39 Cyber-defense
involves the tools and strategies that nations, groups, and individuals use to protect against
cyber-attacks. This includes such factors as whether a nation controls its internet service
providers, how well it can control incoming and outgoing traffic, and how well it can halt on-
going attacks.40
Cyber-espionage refers to the use of the cyber-realm (often via malware or hacking,
such as spear-phishing, all defined below) to steal, harass, gather information, prepare for
future attacks, or make known the attacker’s ability to penetrate networks.41 Cyber-
espionage can be conducted by nations, non-state actors, and individuals. Targets include
military systems (to gather intelligence on strategies, operations, and weapons design or to
disable systems); steal government secrets, including for use in negotiations; civil
infrastructure; and economic information.42
Cyber-terrorism can be thought of very similarly to a cyber-attack. It is the use of the
cyber-realm to attempt to cause harm in order to achieve an objective or change government
policies or behaviors.43 The goal, similarly to terrorism in the physical world, is the generate
fear or cause enough damage to intimidate state actors.44 The intent is to cause death and
destruction, or at least the fear that they might occur. Actors engaged in cyber-terrorism are
39 Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on
Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia, 2010,
p. 139. 40 Valeriano and Maness, Cyber War versus Cyber Realities, p. 26-27; Demchak, Chris C. Wars of Disruption and
Resilience. (University of Georgia Press. 2011). 41 Valeriano and Maness, Cyber War versus Cyber Realities, p. 35, 68; Singer and Friedman, Cybersecurity and
Cyberwar, p. 91-92) 42 Singer and Friedman, Cybersecurity and Cyberwar, p. 93; Valeriano and Maness, Cyber War versus Cyber
Realities, p. 26; Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013,
p. 20-21. 43 Theohary, Catherine, and John Rollins. “Cyberwarfare and Cyberterrorism: In Brief.” Congressional Research
Service 2015. 44 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 112.
15
inherently non-state actors. They cannot be part of an official government system, however,
they can be state sponsored. This is distinct from activists who employ cyber-attacks (as
called “hactivism”), whose aim is instead to change policies though inconveniencing and
harassing nations and populations rather than by the threat of violence.
Dual-use technology is also prevalent in cyber-space. These technologies are ones
that are useful for both civilian and military purposes. Private, military, and governmental
networks often rely on the same systems, networks, software, and hardware. This makes it
more difficult, though not fully impossible, to judge if a particular system or network exists
for military or civilian use.45
In addition to defining general terms, there are a few major types of cyber-attacks
whose meaning needs clarifying. Malware refers to any type of computer code that aims to
either cause damage to a target or to give the attacker access to the target’s systems. Such
programing can many forms, but they share a common goal of infiltrating a target’s
machines. Malware includes viruses (malware that can travel between computers when a
person opens an infected file), worms (malware that can travel between computers without
the need for any files to be opened), and Trojan Horses (malware that appears to be useful
but secretly downloads programs intended to make modifications to the system or allow
outside users to access it). Such malware can be used to create a “backdoor” to the network
that aims to bypass security settings to allow the attacker easy access to the system. One
type of malware that has gained attention recently is ransomware. This type of program
encrypts files on the target’s computer or network, making them unable to access their files
unless they pay a ransom to unencrypt them. Attacking a target’s databases generally
45 IISS. The Military Balance 2014 (International Institute for Strategic Studies 2014).
16
involves the use of a SQL injection. A SQL injection will allow an attacker access to any
information held in a target’s databases, including things like passwords or intellectual
property.
One of the most common forms of cyber-attack is a Denial of Service Attack (DoS).
The goal behind this type of cyber-attack is to render a network or machine inaccessible to
those trying to access it. DoS attacks are launched by individuals and aim to flood the
network with more requests to access it than it can process. This can result in a network
functioning very slowly or it can cause it to crash temporarily. This is a fairly straightforward
type of attack to carry out, with tools available on-line to launch them. Related is a
Distributed Denial of Service Attack (DDoS). A DDoS attack uses hundreds or thousands of
computers to attack a single computer or network. DDoS attacks are also inexpensive to
launch. Related to this type of attack are “botnets.” Performing DDoS attacks requires a large
number of machines, thus the attacker will link a large number of machines together to form
a “botnet” in which all the networked computers launch an attack simultaneously. To gain
access to an adequate number of computers, often hackers must hijack the machines of other
users without their consent by breaching their defenses. This means the owner of the
computer being used may not even be aware their computer is being used.46
Cyber-space is also replete with trickery. One form is spoofing. Spoofing is when an
attacker impersonates an IP address, address resolution protocol message, or domain name
system address in order to trick a user into entering data that can be used to gain access to
their system.
46 Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected
Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 69.
17
Phishing or spear-phishing is another form of trickery. Phishing attacks work one of
two ways. In one, an attacker sends out a general email to an organization in which the
attacker pretends to be a legitimate actor requesting login information. Often this involves
setting up a fake website where members enter their log in information. In the second
variety, the emails are sent out with a file attached, and when opened, the file downloads a
Trojan Horse.47 Spear-phishing targets not an entire organization, but specifically targets a
few people in order to gain the most relevant information.
One of the most dangerous types of attack is known as an Advanced Persistent Threat
(APT). Unlike the attacks discussed above, these attacks are complex and are designed to
hide themselves from detection for an extended period, allowing the attacker to maintain
access to the system in order to steal information or make changes to how a system operates.
Designing an APT generally will involve the use of novel exploits, so-called zero-day exploits
(also called zero-day vulnerabilities) because only the attacker is aware the vulnerability
exists, making it nearly impossible to defend against. Thus, such attacks can last for months
or even years before being discovered. APTs are designed to target specific systems, unlike
the other forms of attack that mainly target systems that have not been properly patched or
secured. They additionally require a fair amount of prior intelligence gathering on the
targeted system so that the attacker knows what vulnerabilities exist.48
An organization type that is growing in prevalence in cyber-capable nations is the
Computer Emergency Response Team (CERT). While the exact remit of CERTs varies
between nations, they share a common goal of helping states, private companies, and the
47 Tabansky, “Cybercrime: A National Security Issue?” p. 69. 48 Tabansky, “Cybercrime: A National Security Issue?” p. 69, 70
18
general public in preparing for, responding to, and recovering from security threats in cyber-
space. CERTs aim to prevent security breaches and reduce vulnerabilities by helping private
and governmental bodies identify and correct software, hardware, and human errors,
including providing alerts on possible threats. If attacks succeed, CERTs additionally can
help coordinate responses and assist with efforts to defeat the attacker and restore systems
to normal function. CERTs originated as nonprofit organizations sustained by member
organizations that wanted their assistance, but have grown to include both public-private
partnerships and CERTs run by governments themselves (sometimes referred to as a
National CERT or nCERT).49
One group that will be discussed on numerous occasions in this dissertation is
Anonymous, and it is important to discuss what this group is. The first point to note is that
Anonymous is not a monolithic organization and has no centralized leadership, instead it
functions more as a collective that emerges on an ad hoc basis. It has many factions and they
sometimes do not agree on tactics or targets, as will be illustrated in regards to attacks on
Israel later in the dissertation. Anonymous emerged in 2004 and initially began by harassing
individuals or organizations, sometimes the goal was political activism, sometimes it was
simply for their own amusement. People acting under the name Anonymous have attacked
a wide range of targets, and have moved from harassment to more sophisticated efforts
involving DDoS and similar attacks as well as efforts at espionage. While there is no explicit
ideology or leadership, those who participate tend to be bound together by an opposition to
49 Choucri, Cyberpolitics and International Relations, p. 160; DeNardis, Laura. The Global War for Internet
Governance. (Yale University Press, New Haven, CT. 2014.), p. 91; Morgus, Robert, Isabel Skierka, Mirko
Hohmann, and Tim Maurer. “National CSIRTs and Their Role in Computer Security Incident Response.” Global
Public Policy Institute and New America, 2015, p. 13.
19
censorship and support for free speech. The level of the group’s technical abilities varies by
the members who participate in a given campaign.50
Dangers in Cyber-Space:
There is some disagreement as to the severity of the threat the cyber-realm poses to
national security.51 Some authors have questioned whether cyber-attacks, launched by
either nations or non-state actors, really have the ability to cause serious damage to
nations.52 These authors note that the most sensitive networks, ones that if compromised
would pose severe dangers to national security, such as military networks, are not connected
to the internet making them extremely difficult to penetrate. Further, cyber-defenses are
highly robust, making it unlikely that attackers can gain access to the most important
systems (though others would counter that they can still be penetrated using other means.
Stuxnet, for example, may have been uploaded to Iranian facilities by means of a flash
drive).53
Such scholars argue that cyber-attacks alone will not be effective in accomplishing
tasks typically associated with traditional military force, as the damage done by cyber-
attacks is only temporary and can usually be repaired quickly, and thus such attacks cannot
induce states to make concessions or other changes to policy.54 Cyber-attacks, they maintain,
50 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 118, 119; Rid, Thomas. Cyber War Will Not Take Place
(London: C. Hurst and Co, 2013). 51 Kello, “The Meaning of the Cyber Revolution.” 52 Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security
Vol 38, No 2. 2013; Cohen, Daniel and Danielle Levin. “Operation Protective Edge: The Cyber Defense.” In The
Lessons of Operation Protective Edge, eds. Anat Kurz and Sholmo Brom (Institute for National Security Studies
2014); Libicki, Cyberdeterrence and Cyberwar; Weimann, Gabriel. “Cyberterrorism: The Sum of All Fears?”
Studies in Conflict and Terrorism Vol 28, 2005 53 Cherry, Steven. “Terror Goes Online.” IEEE Spectrum Vol 42, No 1. 2015; Kushner, David. “The Real Story of
Stuxnet.” IEEE Spectrum Vol 50, No 3. 2013; Weimann, “Cyberterrorism: The Sum of All Fears?” 54 Gartzke, “The Myth of Cyberwar.”
20
are also not very useful for purposes of warfare because they can only really disrupt military
systems for a few days and do not last long enough to impact the balance of power.55 Cyber-
attacks cannot directly lead to the conquest of land or the seizing of assets that are likely to
be useful in negotiations. It is also highly difficult to maintain continuity of an attack as the
target is generally able to repel an attack and rebuild systems quickly after the intrusion is
discovered. This makes it difficult to create real cumulative damage via cyber-attacks, and
thus, it is difficult to use them to build adequate pressure to induce governments to change
policies.56 Terrorist groups and other non-state actors are even more unlikely to be able to
cause severe damage, as they lack the intelligence gathering skills and scientific and
technological tools needed to develop advanced cyber-capabilities that can cause significant
damage.57
Bolstering this contention, the most severe types of attacks have not yet occurred.
This raises the question as to whether or not they are even possible. Cyber-attacks have
been used to cause physical damage (Stuxnet, which will be discussed later) and even to
target electrical grids (as appears to have occurred in Ukraine), but wide-spread attacks that
successfully bring down major civilian systems and disable military networks and weapons
systems have not occurred. As Rid notes, “to date all such scenarios have another major
shortfall: they remain fiction.”58
In contrast, many academics contend that cyber-attacks pose a real and growing
danger to nations, and that these threats are outpacing defenses and existing doctrines.59
55 Libicki, Cyberdeterrence and Cyberwar, p. 139-158; Rid, “Cyber War Will Not Take Place.” 56 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 41. 57 Gartzke, “The Myth of Cyberwar,” p. 43; Cohen and Levin, “Operation Protective Edge: The Cyber Defense.” 58 Rid, “Cyber War Will Not Take Place.” 59 Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly Vol. 5. 2011; Clarke and
Knake, Cyber War; Carr, Inside Cyber Warfare; Demchak, Wars of Disruption and Resilience; Kello, “The Meaning
21
There are a wide range of dangers cyber-attacks pose to national security, including in the
areas of economics, criminal activity, warfare, terrorism, hacktivism, and espionage.60
Espionage in the cyber-realm is already common, and has proven very difficult to defend
against.61 Cyber-attacks have already caused physical damage, and therefore have the
potential to cause fatalities.62 Many militaries have, in fact, already begun to build up cyber-
capabilities that can be used to support physical attacks.63 The increasing reliance modern
militaries have on cyber-space increases the range of vulnerabilities that militaries much
defend against, thus increasing the overall vulnerabilities to national security.64 One such
target is communications infrastructure, which if disabled could make it extremely difficult
for a nation to coordinate its defenses in the event of a physical attack.65
The increasing interdependency of networks also enhances the dangers as it means
that any successful attack has the potential to cause even greater damage by harming all
systems that are connected to the compromised network. In cyber-space, military,
governmental, and civilian technology is heavily intertwined. Thus, militaries and
governments are partially reliant on what occurs in the civilian sector. In fact, military
of the Cyber Revolution;” Pederson, Christian. “Much Ado about Cyber-space: Cyber-terrorism and the
Reformation of the Cyber-security.” Pepperdine Policy Review Vol 7, No 1. 2014; Zetter, Kim. Countdown to Zero
Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York: Crown. 2014). 60 Nye, “Nuclear Lessons for Cyber Security?” p. 236. 61 Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building
Stability through Strength,” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3,
December 2012 62 Kello, “The Meaning of the Cyber Revolution,” p. 23, 26; Bamford, James. “NSA Snooping was Only the
Beginning. Meet the Spy Chief Leading Us Into Cyberwar.” Wired.com. June 12, 2013.
https://www.wired.com/2013/06/general-keith-alexander-cyberwar/ 63 Cilluffo, Cardash and Salmoiraghi, “A Blueprint for Cyber Deterrence.” 64 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge
Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.)
p. 190; Libicki, Martin C. Conquest in Cyberspace: National Security and Information Warfare (Cambridge
University Press, 2007). 65 Kello, “The Meaning of the Cyber Revolution,” p. 25.
22
effectiveness in cyber-space is often heavily based on the success of civilian and private
sector research and development.66 Attackers can attempt to gain access to more secure
systems by first breaching easier targets.67 This is what occurred, for example in a high-
profile breach of Target’s systems when the attackers targeted a refrigeration maintenance
company that handles Target’s heating and cooling systems and use that breach to gain
access to Target’s systems. Chinese spies allegedly employed similar methods to hack in
Lockheed Martin in 2011.68
Building from these dangers, among the most vulnerable systems are
communications, banking, infrastructure (such as power grids and water supply systems),
and transportation systems,69 all of which impact the civilian sector as well as the
governmental. Cyber-attacks on such systems that are used by citizens in their day-to-day
life could be just as damaging and paralyzing as physical attacks.70 Such systems are often
poorly defended against attack, meaning a sophisticated attacker could wreak havoc on such
critical systems, including disabling 911 dispatch, shutting down energy pipelines and
refineries, or derailing trains.71 There are even reports, though not any clear confirmation,
66 IISS. The Military Balance 2014. 67 Elazari, Keren. “How to Survive Cyberwar.” Scientific American, April 2015, p. 67; Even and Siman-Tov,
“Cyber Warfare: Concepts and Strategic Trends,” p. 31. 68 Elazari, “How to Survive Cyberwar,” p. 67-68. 69 Carr, Inside Cyber Warfare, p. 3; Redins, Larisa. “Understanding Cyberterrorism.” RISK Management. 2012.
http://rmmagazine.com/2012/10/05/understanding-cyberterrorism/; Nye, “Nuclear Lessons for Cyber Security?” p.
212. 70 Redins, Larisa. “Understanding Cyberterrorism;” Nye, “Nuclear Lessons for Cyber Security?” p. 212. 71 Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on
Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response: Bridging the Gap
Between Cybersecurity and Emergency Management.” Committee on Homeland Security, House of
Representatives. Serial No. 113-39, October 30, 2013, p. 2, 12, 39; Office of the President. “Cyberspace Policy
Review.” Office of the American President, 2009.
https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf, 1-2; Clarke and Knake, Cyber
War, p. 31.
23
indicating commercial airliners could be hacked in-flight.72 An attack could modify, steal, or
erase financial data, causing severe harm to a nation’s economic competitiveness.73 Of
additional concern is that even if most attacks fail, just a few successes would likely be
enough to undermine confidence.74 Compounding the danger is that many critical
infrastructure systems lack adequate and fully up-to-date security protections.75
Cyber-attacks also pose economic dangers. Attacks need not cause physical
destruction to harm the economy, as attacks on banks and companies can causes a drain on
the economy.76 Cyber-espionage poses a real danger as it can impact revenue, income,
intellectual property rights, and corporate innovation.77 Vulnerabilities in cyber-space mean
that it is now possible to cause damage to another nation’s economy without having to use
military strength or force maneuvers.78
Terrorist groups pose an interesting additional challenge. Cyber-terrorism is not
widespread, but it remains a danger. Thus far, terrorists have mainly used the cyber-realm
to recruit followers, conduct intelligence gathering for physical attacks, fundraise, and
conduct information warfare. Such groups are constantly working to further expand their
cyber-capabilities, including with the help of nation states such as Iran. Given the ability of
72 Zetter, Kim. “Feds Say that Banned Researcher Commandeered a Plane.” Wired.com. May 15, 2015,
https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ 73 Carr, Inside Cyber Warfare, p. 20; Office of the President. “Cyberspace Policy Review,” p. 1-2; Clarke and
Knake, Cyber War, p. 70; Subcommittee on Emergency Preparedness, Response, and Communications and the
Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response,
p. 2, 12, 39). 74 Carr, Inside Cyber Warfare, p. 20. 75 McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In),” Journal of Strategic Studies, vol 36, no
1, 2013, p. 109, 115. 76 Kello, “The Meaning of the Cyber Revolution,” p. 23-24. 77 Kihara, Stacy A. “A Rising China: Shifting the Economic Balance of Power Through Cyberspace.” Naval
Postgraduate School, Thesis, 2014, p. 44. 78 Siboni, Gabi “Protecting Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National
Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 7.
24
attackers to target poorly defended networks and then proceed into more highly defended
ones, there is a real danger that terror groups might increasingly turn to cyber-space to
achieve their goals.79
As will be discussed in detail later in the dissertation, cyber-attacks are also difficult
to attribute. This makes it harder for states to be able to respond to attacks.80 This difficultly
is coupled with the often diffuse nature of cyber-attacks. Cyber-attacks can come from
anywhere in the world, and in the case of some attacks, such as DDoS, they are launched from
around the world simultaneously. This complicates efforts to defend and to respond.
Regarding the argument that the world has not yet seen widespread cyber-attacks,
that does not mean the threat should be in anyway downplayed. Very few nations have the
ability to launch crippling cyber-attacks, and those that do are not going to use them for their
own sake, there has to be a compelling reason to do so and clear benefit to doing so. It is a
question in part of political motives and circumstances. Russia, in fact, does appear to have
employed cyber-attacks as part of its foreign policy, and the US and Israel appear to have
done so in regards to Stuxnet and Iran’s nuclear program. What gains there are from
launching attacks is not yet clear, and there are risks to launching attacks, thus helping to
explain the lack of major attacks.81 The lack of attacks does not imply they are not possible
or that they are not coming. As Kello notes: “To the question: Where are all the catastrophic
cyberattacks? The easy and obvious response is: Where are all the nuclear attacks?”82
79 Clarke and Knake, Cyber War, p. 136; Schweitzer, Yoram, Gabi Siboni, and Einav Yogev. “Cyberspace and
Terrorist Organizations.” in “Cyberspace and National Security – Selected Articles.” Ed. Gabi Siboni. Institute for
National Security Studies. 2013; pp. 17-25. 80 Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American, June 2016 81 Even and Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends,” p. 40-41. 82 Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.
2014, p. 189.
25
There is no clear sense regarding the number of cyber-attacks that occur or the
severity. This is partly because many attacks go unreported, partly due to national security
concerns, and partly because it is possible that some attacks are never discovered. But there
is no question that there have been many damaging cyber-attacks.83 Overall, the extent of
the danger cyber-attacks pose is somewhat open to debate. It is clear, however, that the
danger is real and should not be taken lightly.
International Relations Theory:
International relations theory underlies much of the work that will be done in this
dissertation, thus it is important at this point to provide a brief discussion of the foremost
theories. There are three dominant branches of international relations theory that drive
understandings of how states interact: realism, liberalism, and constructivism. This section
will give a brief overview of these three theories and their main arguments.
Realism can be understood through the words of one of the greatest minds in human
history: “Poor man wanna be rich, rich man wanna be king, and a king ain’t satisfied till he
rules everything.”84 The words of Bruce Springsteen, history’s greatest musical genius, aside,
realist scholars argue that the international system is dominated by anarchy. Anarchy
implies that states exist is a self-help world where there is no authority that can stop states
from acting as they choose other than a more powerful state.85 Classical realists argue that
83 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 114. 84 Bruce Springsteen. “Badlands,” Darkness on the Edge of Town (Album), First Track, 1978 85 Morgenthau, Hans J. Politics among Nations: The Struggle for Power and Peace (New York: Alfred A. Knopf,
1948); Waltz, Kenneth N. Man, the State, and War (New York: Columbia University Press, 1954); Waltz, Kenneth
N. Theory of International Politics (McGraw-Hill, 1979); Mearsheimer, John J. The Tragedy of Great Power
Politics (New York: Norton, 2001); Walt, Stephen. “The Enduring Relevance of the Realist Tradition.” In Political
Science: State of the Discipline III, eds. Ira Katznelson and Helen Milner (New York: W.W. Norton and Co., 2002).
26
human nature is conflictual, and, coupled with anarchy, this means that if states want to
survive they must seek to increase their absolute power. In this conception, power is an end
in and of itself.86 Neo-realists argue instead that the international system, not human nature,
is conflictual in that anarchy and the polarity of the system leads to conflict. Neo-realists
argue that states seek to acquire relative power gains to protect their interests and that
therefore power is a means to an end.87
From these theories regarding the use of power arises the security dilemma. The
security dilemma posits that when country A improves its capabilities, country B will do so
as well, leading country A to improve its capabilities again, and so on. An arms race thus
ensues. Countries are also hesitant, due to the condition of anarchy and the need to defend
themselves, to share information with other nations regarding their capabilities or intents.88
In this system, states will act to enhance their power with little regard for norms or
international law.89 Trust is difficult to impossible for states to achieve as a single betrayal
of that trust could lead to the destruction of the state that was betrayed.90
Liberalism, as with realism, argues that anarchy dominates international relations.
Liberals, however, argue that anarchy can be reduced, that trust can be built, and that states
do in fact take action to reduce the threat anarchy poses to national security.91 Liberalism
argues that international institutions and international law are the tools to accomplish this
86 Morgenthau, Politics among Nations; Waltz Man, the State, and War; Mearsheimer, The Tragedy of Great Power
Politics 87 Waltz, Theory of International Politics; Mearsheimer, John J. “Back to the Future.” International Security. Vol
15, No 1. 1990. 88 (Morgenthau, Politics among Nations; Waltz, Man, the State, and War; Waltz, Theory of International Politics;
Mearsheimer, The Tragedy of Great Power Politics; Walt, “The Enduring Relevance of the Realist Tradition.” 89 Buzan, Barry. “The Timeless Wisdom of Realism.” In International Theory: Positivism and Beyond, edited by
Steve Smith, Ken Booth, and Marysia Zalewski, 47-65. (New York: Cambridge University Press 1996). 90 Mearsheimer, “Back to the Future.” 91 Keohane, Robert. After Hegemony: Cooperation and Discord in the World Political Economy (Princeton
University Press, 1984).
27
task. Institutions do so by providing states with a place that they can build trust through
repeated successful interactions, which allow states a secure space to share information
regarding their capabilities and intents, thus leading to less conflict. Institutions also
decrease transaction costs and offer compliance monitoring to help decrease the chances
that a nation will renege on its commitments to other states.92 Liberals note that
governments have invested a great deal of money into these institutions, demonstrating that
states do gain value from them.93 International law is a powerful tool as well, as states that
violate it can be subject to sanctions and punishment by a unified international community.
In contrast to realism and liberalism, constructivists do not agree that anarchy is the
inherently dominant feature of the international system. As Wendt (1992) famously argued,
“Anarchy is what states make of it.” Constructivism does not argue that anarchy cannot exist,
but argues instead that it is not the driving force behind international relations. Instead,
constructivists argue that state’s interests are defined not by power, but by their identities,
which are socially constructed. It is how states view themselves and others that determines
their actions on the international stage. National interests in this view are thus difficult to
objectively determine and are fluid in nature. Constructivism thus claims to provide the
basis for the other two theories as it claims to be able to explain where state interests
originate. In constructivism it is not hard power that drives international relations, it is the
power of an idea.94
92 Keohane After Hegemony; Buzan “The Timeless Wisdom of Realism;” Keohane, Robert and Joseph S. Nye.
Power and Interdependence: World Politics in Transition (Boston: Little, Brown and Company, 1977); Gilpin,
Robert. The Political Economy of International Relations. (Princeton University Press, 1987); Hopf, Ted. “The
Promise of Constructivism in International Relations Theory.” International Security. Vol 23, No 1. 1998. 93 Keohane, Robert O. and Lisa L. Martin. “The Promise of Institutionalist Theory.” International Security. Vol 20,
No 1. 1995; p. 40. 94 Wendt, Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International
Organization Vol. 36, No. 2. 1992; Wendt, Alexander. Social Theory of International Politics. (Cambridge
28
State behavior in this paradigm can be contained through the creation of norms of
behavior (which are judged to have been created when states modify their behaviors).
Norms are defined as “collective expectations for the proper behavior of actors with a given
identity.”95 Norms can arise from a wide range of sources including treaties, international
law, discussions between leaders, and non-state actors. States will generally construct their
interests and base their actions on what is considered legitimate by the international
community at the time. When states violate these norms, as does occur, the state is named-
and-shamed, leading to political and economic sanctions and isolation, until it ceases the
behavior.96 International institutions are critical to this process as well as they provide a
place where norms can be created and where states can be taught what these norms are and
how to comply with them.97 Further, transnational organizations, which consist of
likeminded advocates around the world, play a central role in the creation and enforcement
of norms.98 Constructivism notes that norms do not determine what the outcome of a given
situation will be, instead, they argue that norms shape the realm of what is possible for states
to do in the international sphere and what the response from other states will be.99 In
regards to norms and international law, there is not always a clear distinction between the
University Press, 1999); Finnemore, Martha. National Interests in International Society. (Cornell University Press,
1996); Keck, Margaret E. and Kathryn Sikkink. Activists beyond Borders: Advocacy Networks in International
Politics (Cornell University Press, 1998). 95 Katzenstein, Peter J. “Introduction: Alternative Perspectives on National Security,” in The Culture of National
Security: Norms and Identity In World Politics ed. Peter J. Katzenstein (Columbia University Press: 1996). 96 Wendt, “Anarchy is what States Make of it;” Wendt, Social Theory of International Politics;” Finnemore,
National Interests in International Society; Keck and Sikkink, Activists beyond Borders. 97 Finnemore, National Interests in International Society 98 Keck and Sikkink, Activists beyond Borders. 99 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945
(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 435; Choucri, Cyberpolitics
and International Relations, p. 25.
29
two. Norms can arise from international law, or the existence of norms can lead to the
creation of international law. Thus, it can be hard to tell the two apart.
Current Understandings of Cyber-Space:
Many scholars argue that governments have had a great deal of difficulty gaining any
real centralized control over cyberspace and have been unable to establish a monopoly of
force, meaning that anarchy is an inherent characteristic of cyber-space.100 The very nature
of the internet helps to explain why. The internet was built around the idea of open access,
not security concerns. It is also easy for pretty much any actor to gain access to the internet,
and thus the cyber-realm, which complicates efforts to apply traditional counter-force
strategies or even keep track of all threats.101
Further limiting the ability of states to control cyber-space.102 Cyber-attacks can be
launched at a virtually unlimited number of targets anywhere in the world from any source
anywhere in the world. Further, attacks easily cross borders, and the actor that has been
attacked may not even be aware such an attack has taken place.103 Such threats mean that
defenders must protect a wide range of targets. While attacks are not limited by geography,
many physical threats, such as terrorism, poses the same dangers. Terrorists can be
recruited from around the globe and they can conduct cross-border operations.
100 Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The
MIT Press, 2010); Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked
Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013.; Nye, “Nuclear Lessons
for Cyber Security?” 101 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208. 102 Clarke and Knake, Cyber War, p. 31. 103 Kello, “The Meaning of the Cyber Revolution,” p. 22.
30
Some authors have countered this, arguing that anarchy is not an inherent condition
of the cyber-realm. Demchak and Dombrowski, for example, have argued that states are
heading towards what they term a “cybered Westphalian age.”104 The idea is that nations will
be able to use technology to create secure borders in cyber-space, similarly to the
Westphalian system of borders, which will enable nations to control the flow of information
in and out of (and sometimes within) their nations. The goal of such borders is, similarly to
the physical world, to control what occurs within the nation’s territory and protect the nation
from attack. The boarders will allow states to more easily determine where an attack
originates from, allowing for improved planning for responses to attacks from state and non-
state actors, and heightening the ability to retaliate for and deter attacks. As a part of such
efforts, states would need to develop methods of anticipating, discovering, and disrupting
attacks as far in advance as they can. Such knowledge additionally allows states to place
pressure on states conducting attacks or harboring attackers, including through the use of
norms or international norms.
There is some reason to believe states could construct such a global order. It is
possible, at least theoretically, for a nation to use technology to impose cyber-borders.105
Governments have sometimes been able to use national laws to control the behavior of
private companies in cyber-space, such as when France and Germany coerced Yahoo into
blocking hate speech in their nations despite the speech being legal in the US, where Yahoo
is based. Countries could attempt to impose other restrictions on internet service providers,
104 Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly.
2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf 105 Choucri, Cyberpolitics and International Relations, p. 39.
31
browsers, search engines, and any other entities in cyberspace.106 Further, there are
countries, such as China with its “great firewall,” that have been able to set up some measure
of control over the internet traffic and going in and out of the country.
While such a system might serve to reduce some forms of anarchy, the creation of
borders, just as in the physical world, would not be enough to create a clear mechanism to
control the anarchy that exists in cyber-space. It is far more difficult to create and protect
borders in the cyber-realm than it is in the physical world. The architecture of cyber-space,
from computers to websites and more, is not owned by nations, but rather by private
companies and non-state actors. Controlling their behavior will not be straightforward. This
is further complicated by the large number of actors who can cause damage in cyber-
space.107 Legal and political considerations further restrain the state’s ability to control
anarchy. Anyone with a computer can be a threat, even if the individual does not know he
or she is part of a cyber-attack. Attackers can hijack private machines, which limits the
options available to defenders. Counter-attacking on a private machine may violate laws or
create political problems regarding privacy. These concerns are evident on the international
scene as well, as other states may be displeased by attacks on their citizen’s computers.
In practice, China has had mixed success with its great firewall. It is still the victim of
cyber-attacks, and a great deal of information still enters and leaves the country without
China’s permission. Further, Israel’s experience in the cyber-realm thus far, as will be shown,
appears to contradict the idea that nations will look to create “Westphalian” borders or
106 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,
2010, p. 6. 107 DeNardis, The Global War for Internet Governance; Elazari, “How to Survive Cyberwar,” p. 67;
Mueller, Networks and States; Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in
International Relations.”
32
would benefit overall from doing so. Far from shutting itself off, Israel has instead aimed to
work closely with other nations and companies. Creating strictly controlled borders also
cuts nations off from what Zittrain calls the “generativity,” meaning “a system’s capacity to
produce unanticipated change through unfiltered contributions from broad and varied
audiences,” that cyber-space provides.108
Whether or not nations move towards a “cyber-Westphalia,” national level regulation
can play a major role in cyber-space. As Choucri notes, the existence of regulatory authority
is part of what enables the existence and operation of cyber-space by providing the legal
environment in which it has thrived. Further, regulations may be an imperfect tool, but they
are useful in impacting how actors behave.109 Along these lines, regulation can help improve
cyber-defenses. States can serve as a form of risk manager for society by helping (and where
appropriate requiring) private sector actors to build better defenses, recognize threats,
share information with each other and the government on attacks, and train their personnel
to better handle threats. Imposing such conditions on the private sector can be a challenge
in Western nations, but could still be a valuable tool.110
There is debate as well regarding how cyber-space has shaped offensive and
defensive state behavior. Some scholars have argued that cyber-space represents a major
transformation. The most famous, and written about, offensive incident is Stuxnet. Sanger
(2012) provides a detailed and comprehensive account of the entire joint US-Israeli “Olympic
Games” program that led to the creation of Stuxnet and Flame, and why they were deployed
108 Zittrain, Jonathan. The Future of the Internet -- And How to Stop It (Yale University Press & Penguin UK, 2008),
pp. 70. 109 Choucri, Cyberpolitics and International Relations, p. 130. 110 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent
Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security, Vol 1, No 1. 2017.
33
against Iran. There is little debate that Stuxnet proves that cyber-weapons have the capacity
to create physical damage, there is debate, however, over the severity of the damage and how
likely they are to be used.111 Such weapons are so highly complex that only states can really
create such physically damaging programing. Further, once such a weapon is used, it is
possible for the target to capture the code, modify it, and use it themselves. Thus, weapons
like Stuxnet could change foreign relations and how war is conducted.112
The use of cyber-weapons offers attackers the ability to strike targets that would be
difficult to impossible to hit using physical means, including targets that are too far away,
have strong physical defenses, or are placed among civilians.113 Scholars and policy makers
have argued that such attacks allow states to accomplish military goals that might otherwise
be extremely dangerous or difficult while also avoiding civilian casualties. Cyber-attacks
thus also reduce the risk of political blowback that would occur with the inevitably greater
collateral physical destruction of a kinetic strike.114
There is some evidence of such shifts already. Countries are rapidly developing new
cyber-weapons, suggesting they view them as a valuable tool.115 The 2013 US Defense
Science Board argued that the US should not be restrained to the cyber-realm in its response
111 Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future
Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and
General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College, May 23, 2013, p. 39;
Valeriano and Maness, Cyber War versus Cyber Realities. 112 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 113 United States Army Command and General Staff College, “The Evolution of Preemptive Strikes in Israeli
Operational Planning and Future Implications for Cyber Domain,” CreateSpace Independent Publishing Platform
(March 28, 2014), p. 4. 114 Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology on Changes in the Israeli Force
Structure.” Military and Strategy. Vol. 5, No 1. 2013; Baram, Gil. “The Effect of Cyberwar Technologies on Force
Buildup: The Israeli Case.” Military and Strategic Affairs. Vol. 5, No. 1. 2013; Even and Siman-Tov, “Cyber
Warfare: Concepts and Strategic Trends;” Farwell, James P. and Rafal Rohozinski, “Stuxnet and the Future of Cyber
War.” Survival. Vol. 53, No. 1. 2011; Kello, “The Meaning of the Cyber Revolution;” Kissinger, Henry. World
Order. (New York: Penguin Press, 2014), p. 344. 115 Singer and Friedman, Cybersecurity and Cyberwar, p. 149.
34
to cyber-attacks. Instead it argues that the US should maintain the right to retaliate in the
physical world.116 Israel has already begun to view the cyber-realm as an arena in which it
can achieve goals that would otherwise have to be achieved through conventional attacks or
warfare. Israel appears to have used preemptive cyber-weapons and is suspected to have
used the cyber-realm to enhance its ability to launch preemptive strikes in the physical
world.117
Not all scholars agree, however, that the cyber-realm really poses a radical shift in
terms of offense. They argue that cyber-attacks alone will not be adequately effective in
accomplishing tasks or goals that currently require military force to accomplish. The central
contention of such an argument is that the damage done is usually either temporary or small-
scale, and thus easy to repair. As a result, cyber-attacks cannot induce concessions, change
policies, or upset the balance of power.118
Offensive capabilities may be overstated. Current discussions of the level of offensive
ability in cyber-space may focus far too heavily on technology alone, and ignores other
factors. The high cost of the most advanced weapons and the inability of cyber-attacks to
capture enemy territory lead to a cost/benefit ratio that should decrease current thinking
about how powerful offense is in cyber-space. It is highly difficult to develop the skills,
competence, organizations, and doctrines capable of really taking advantage of offense in
cyber-space. An examination of the costs of launching Stuxnet and defending against it
illustrates that it was likely far more expensive to launch Stuxnet than it was to defend
116 Singer and Friedman, Cybersecurity and Cyberwar, p. 136, 144-145. 117 Clarke and Knake, Cyber War; Carr, Inside Cyber Warfare; Parmenter, “The Evolution of Preemptive Strikes in
Israeli Operational Planning and Future Implications for Cyber Domain.” 118 Gartzke, “The Myth of Cyberwar;” Libicki, Cyberdeterrence and Cyberwar, p. 139-158; Nye, Cyber Power.
35
against it. This focus on offensive dominance not only may not provide an accurate picture
of what is occurring in cyber-space, but may increase the risk of arms races, which could end
up leading to conventional war.119
There is also disagreement on the idea that offensive actions in cyber-space can truly
achieve the same objectives as military force. Rid, for instance, contends that “cyber-war” (a
war conducted entirely in cyber-space) cannot occur because war, as classically understood,
is violent (potential to be lethal), instrumental (it can be a means to an end), and political.
He argues that no attack to date meets these criteria, and these features cannot exist in cyber-
space. Instead, cyber-attacks are simply new methods for conducting subversion, espionage,
and sabotage. The argument is in essence that cyber-attacks cannot render an opponent
defenseless or force an opponent to change their policies. In this argument, even the most
destructive cyber-attack to date, Stuxnet, does not reach the level of cyber-war, largely
because it did not do nearly enough damage. Instead supporters of this line of argument
often contend that cyber-attacks can be used to support kinetic military actions, but are not
enough as a stand-alone method of attack.120
There is disagreement on these contentions as well, often focused, as is so often the
case regarding cyber-space and political science, around definitions. In this case, what is
meant by “cyber-war.” Authors who employ slightly different definitions of cyber-war have
used them tp argue that it is already occurring, even if it is not common. Instead of Rid’s
definition, these authors argue that cyber-war is instead a repeated attempt to use cyber-
119 Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.”
International Security. Vol 41, No 3. 2016/2017. 120 Rid, “Cyber War Will Not Take Place;” Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central
European Journal of International and Security Studies, Vol. 4, 2014, p. 58.
36
attacks to deny an adversary access to cyber-space. The argument here is that cyber-war
can be violent, but does not have to be. Under that definition, cyber-war is a much more
common occurrence.121 In either case, however, it is clear that nations are engaged in offense
in cyber-space, which illustrates that nations are using it to launch attacks in novel ways.
It is clear from the literature that states have been developing improved defensive
tools in cyber-space as well. Many nations have begun to formulate cyber-security
strategies, despite the challenges involved with working across agencies and the secretive
nature of the subject.122 The US, France, Russia, the UK, and Israel have all formulated such
documents.123 These plans share some common themes. They all have created early
warning and incident response mechanisms based on sharing information within trusted
networks. They additionally have all called for more frequent training exercises. Further,
all these strategies have created similar guidelines for ensuring that all cyber-personnel
receive minimum levels of specialized training.124 While their level of success has varied
from country to country, nations, including the US, Russia, China, and Israel, have focused on
building cyber-awareness, technical mechanisms, improved cyber-command and control,
121 Kenney, “Cyber-Terrorism in a Post-Stuxnet World;” McGraw, “Cyber War is Inevitable (Unless We Build
Security In);” Stone, John. “Cyber War Will Take Place!” Journal of Strategic Studies. Vol 36, No 1. 2013. 122 Cilluffo, Cardash and Salmoiraghi, “A Blueprint for Cyber Deterrence;” Benoliel, “Towards a Cybersecurity
Policy Model.” 123 European Union. “National Cyber Security Strategies in the World.” European Union Agency for Network and
Information Security. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-
ncsss/national-cyber-security-strategies-in-the-world; Department of Defense, “The DoD Cyber Strategy,” United
States of America, April 2015, http://www.defense.gov/home/features/2015/0415_cyber-
strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf 124 Benoliel, “Towards a Cybersecurity Policy Model,” p. 478
37
cyber-science and engineering, and cyber-tactics and strategies.125 NATO has also stated
that cyber-attacks may be viewed similarly to a military attack.126
One of the major challenges to defense is the ability to attribute attacks, as this limits
the ability to deter attackers. Numerous authors have argued that there are many difficulties
to attributing attacks and thus to deterring them.127 Deterrence requires that attacks have
an identifiable return address, but hiding actions in cyber-space is easier than in the physical
realm.128 Unlike in the physical realm, there is no need to move physical assets, making it
more difficult to determine who the attacker is. In fact, it can be difficult to even determine
that an attack has taken place.129 Without the ability to attribute attacks it is not possible to
deter them or to build adequate defenses, as deterrence rests on the ability to hold attackers’
assets at risk.
There is debate over how successful states have been in defending against, and
dealing with, cyber-attacks. Some others posit that cyber-defenses are robust and strong
enough to combat and defend against attacks capable of causing serious damage. Aiding
these efforts, once discovered, cyber-weapons can generally be easily neutralized, and the
125 Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing
Machinery, Vol. 47, No. 3, March 2004,
http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-
83b7-3eea2bd7423c.pdf 126 NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm 127 Clarke and Knake, Cyber War, p. 122-127; Even, Shmuel and David Siman-Tov, “Cyber Warfare: Concepts,
Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew) Memorandum 179, INSS, June
2011, p. 31-32; Libicki, Cyberdeterrence and Cyberwar; Rid, Cyber War Will Not Take Place; Singer and
Friedman, Cybersecurity and Cyberwar, p. 136. 128 Clarke and Knake, Cyber War, p. 122-127; Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and
Implications for Israel,” p. 31-32. 129 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” p. 31-32; Libicki,
Cyberdeterrence and Cyberwar.
38
code can then be used to create new cyber-weapons for a counter-attack, which lowers the
risk of facing an attack to begin with.130
Others argue instead, as noted, that the dangers the cyber-realm poses are outpacing
existing defenses and doctrines.131 It has been argued that traditional concepts of deterrence
are inadequate, and that nations should recognize that defense and deterrence cannot
necessarily be conducted in a symmetrical fashion. For example, when a nation with weak
financial institutions attacks one in which such institutions are strong, the victim should not
be constrained to counter-attacking financial institutions.132 Other authors have noted that
states have not developed adequate resilience (i.e. the ability to quickly recover from
attacks) as part of their defense plans. Existing systems are currently generally not able to
quickly bring systems back-up and running.133
The role and power of non-state actors in cyber-space is an area of debate. The
growing importance of the cyber-realm in international affairs has provided non-state actors
with a new method to harm states.134 State’s growing dependence on the cyber-realm
creates vulnerabilities for governments and provides non-state actors with a new way to
potentially either influence state behavior or cause damage.135 The cyber-realm offers non-
state actors an arena that is easy to gain entry to (unlike traditional military hard power),
and an arena in which smaller actors can therefore exercise more hard and soft power than
130 Gartzke, “The Myth of Cyberwar;” Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist
Organizations in Cyberspace.” Military and Strategic Affairs, Volume 5, No. 3, 2013, p. 60. 131 Kello, “The Meaning of the Cyber Revolution,” p. 8; Kissinger, World Order, p. 343-344; Siboni, Gabi and Sami
Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs, Vol. 4, No. 3. 2012. 132 Kissinger, World Order, p. 346-347. 133 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” p. 20. 134 Kello, “The Meaning of the Cyber Revolution,” p. 36; Nye, Cyber Power; Nye, “Nuclear Lessons for Cyber
Security?” Silber, “Cyber vandalism – not warfare.” 135 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208
39
they can in traditional political and military domains.136 The ease of access to the internet
also makes it difficult for states to apply counter-force strategies or disable non-state
attacker’s weapons.137
Countering this, while admitting that the power of non-state actors has increased and
there has been a diffusion of power, it can be argued that the diffusion is not enough to mean
that non-state actors have become competitors for governments in cyber-space, let replaced
governments as the most power actors in the world system.138 Non-state actors, including
sophisticated groups, are not likely to be able to cause severe damage. This is in major part
because such actors lack the capabilities of states, including intelligence gathering skills and
the scientific and technological tools needed to develop advanced capabilities.139
Complicating this picture, however, there is not always a clear dividing line between
non-state and state actors in the cyber-realm in two important senses. First, non-state actors
have often received state-sponsorship. This includes, among others, so-called “patriotic
hackers” supported by Russia, Chinese support for pro-China hackers, and Iran’s support of
terrorist organizations.140 Second, due to the interconnected nature of the internet,
governments have begun to feel the need to assist non-state actors in the private sector with
protecting their networks. For example, the US Department of Defense Cyber Strategy
argues that the US should defend a wide array military, diplomatic, and economic
networks.141 Nations can work with private organizations to create a more robust national
136 Nye, Cyber Power. 137 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208 138 Nye, Cyber Power. 139 Gartzke, “The Myth of Cyberwar,” p. 43; Cohen, Daniel and Danielle Levin. “Cyber Infiltration During
Operation Protective Edge.” Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-
infiltration-during-operation-protective-edge/#757dbe0d3fbc 140 Clarke and Knake, Cyber War, p. 136. 141 Department of Defense, “The DoD Cyber Strategy.”
40
defense.142 This is not simple, however, as it poses significant information sharing problems
for both governments and the non-state actors.143
Compounding all these dangers, nations have yet to come to any understandings or
agreements regarding what types of behavior are acceptable internationally.144 Preventing
cyber-conflict is an issue too big and important to be handled by any single nation.
International collaboration is going to be critical if the world wishes to avoid conflict in
cyber-space.145 Until very recently, cyber-threats were viewed only from a national
perspective. It is only in recent years that cyber-issues have begun to be viewed as
something that needed to be dealt with across borders.146
Liberals and constructivists argue that laws, norms, and institutions can control state
behavior, and there are many scholars who argue such a situation can also hold true in the
cyber-realm.147 These authors argue that norms, treaties, cooperation, restraint and
international laws are required for building a robust cyber-defense. While some attempts to
forge international understandings have been made, they have not produced any clear
norms or laws.148 This is a situation that would need to be addressed before the frequency
142 Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014.
http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later 143 Zrahia, Aviram. “A Multidisciplinary Analysis of Cyber Information Sharing,” Military and Strategic Affairs,
Vol. 6, No. 3, December 2014. 144 Deibert, Ronald J. and Rafal Rohozinsk. “Risking Security: Policies and Paradoxes of Cyberspace Security.”
International Political Sociology. Vol. 4, Issue 1. 2010; Valeriano and Maness, Cyber War versus Cyber Realities,
p. 191. 145 Choucri, Cyberpolitics and International Relations, p. 150-151; Clarke and Knake, Cyber War. 146 Benoliel, “Towards a Cybersecurity Policy Model.” 147 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations;”
Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats,
Opportunities, and Power in a Virtual World, ed. Derek S. Reveron (Georgetown University Press, 2012); Sofaer,
Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.” Proceedings of a
Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S. Policy. 2010.
http://www.nap.edu/catalog/12997.html, pp. 185, 200; Zittrain, The Future of the Internet. 148 Sofaer, Clark; and Diffie, “Cyber Security and International Agreements;” Valeriano and Maness, Cyber War
versus Cyber Realities, p. 191.
41
and severity of cyber-attacks increases, and it becomes too difficult to reign in state
behavior.149 It is arguably particularly important to create global institutions and
understandings in cyber-space due to states’ lack of monopoly on the use of force in the
cyber-realm.150 Even noted realist Henry Kissinger argues that mutual restraint between
adversaries will be needed in the cyber-realm.151 A major concern of these authors is that
attacks will eventually harm civilians or possibly even violate the laws of war.
An additional reason states could benefit from building norms, cooperation, and
international law regarding the cyber-realm is that they could be designed to protect the
“generativity” of cyber-space. If states individually build capabilities that restrict access to
cyber-space, it would decrease its generativity. Instead, well designed laws at the national
and international level, as well as positive norms regarding the use of cyber-space, can be
created. Doing so will keep cyber-space open and free while also increasing national cyber-
security.152
At the same time, scholars argue that there are important limitations to the ability of
norms, agreements, and laws to impact behavior in cyber-space. One such problem is that it
is not at all clear if existing international law applies to actions in cyber-space.153 Further,
there exists no global system of governance or international body that could oversee the
implementation of international law in cyber-space.154 Building such a body can be
extremely challenging. It can, as noted, also be difficult to tell if an attack has taken place, or
149 Clarke and Knake, Cyber War. 150 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations.” 151 Kissinger, World Order, p. 346. 152 Zittrain, The Future of the Internet. 153 Garcia, Denise. “Killer Robots: Why the US Should Lead the Ban.” Global Policy Vol 6, No 1. 2015; Valeriano
and Maness, Cyber War versus Cyber Realities, p. 198. 154 Valeriano and Maness, Cyber War versus Cyber Realities, p. 191.
42
assign attribution. This means that it may be possible for many actors to escape punishment
or shaming, decreasing the ability of norms to shape behavior. States are additionally likely
to be highly reluctant to craft binding agreements limiting their freedom to use cyber-space
to support their national interests. This is particularly true as the cyber-realm is still a new
realm of operation and states have not yet fully determined how they can use it.155 As a result
of these factors, it appears unlikely that a binding international treaty or set of laws will arise,
and that the power of norms to constrain behavior may be less in the cyber-world than in
the physical one.
No clear norms or agreements have yet emerged, but some scholars argue they are
beginning to. Countries have shown restraint in using cyber-weapons to accomplish their
goals against other states. In this view, restraint has arisen for a few reasons: cyber-weapons
are one-shot and can be reproduced by the enemy which limits effectiveness; there is a risk
of escalation by the party that was attacked; cyber-weapons cause collateral damage and
countries do not wish to harm civilians; and fear of censure and punishment by international
institutions for violating norms.156 While cyber conflicts will still occur, the conflicts will
largely be trivial, will not lead nations to change behaviors, and will mostly be tied to regional
rivalries.157 Further, states that have the ability to launch attacks often are the ones who
would most suffer from a counter attack, limiting their willingness to launch cyber-attacks
155 Zittrain, The Future of the Internet, p. 70; Sofaer, Clark; and Diffie, “Cyber Security and International
Agreements,” p. 180. 156 Valeriano and Maness, Cyber War versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness, Ryan C and
Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed Forces and Society. Vol 1,
No 23. 2015; Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 41, 42-43. 157 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 40.
43
to begin with. Collateral damage can also spill over into a third party state, which risks
escalating the conflict.158
On the other hand, it is difficult to judge if such a norm is emerging. This is in large
part because there has not been a war between states in which both had advanced cyber-
capabilities and both had meaningful targets in cyber-space to hit. Thus, it is difficult to
determine what, if any, norms have emerged yet.159
Non-state actors pose a particularly interesting challenge in regards to norms and
international law. As noted, if you have a computer, you can be a threat. This can be true
even if the owner of the machine does not intend to attack, as hackers can use private
machines without the owner’s knowledge. This limits the options available to the entity
facing cyber-attacks. Counter-attacking a private machine may violate national laws, and
international legal and political considerations may also restrain such actions.160 Dealing
with the threats non-state actors pose will require the creation of treaties, norms, and
international law, as well as improved cooperation between states.161
There is one more interesting danger posed in cyber-space that deserves mention:
becoming too closely entangled with another nation. Nations that grow powerful in cyber-
space can offer their services to other states. Nations that accept that help may experience
improvements in the speed and efficacy of their systems, but may then fail to develop their
own technology as well. As ties grow closer, the more powerful nation may gain the ability
to access all of the other nation’s systems and networks, which leads to what Libicki refers
158 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 42. 159 Drmola, “Looking for Insurgency in Cyberspace.” 160 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations.” 161 Sofaer, Clark; and Diffie, “Cyber Security and International Agreements.”
44
to as “friendly conquest.” In essence, a total dependence on another state that could be
turned against them.162 It additionally can stifle the growth of domestic cyber-capabilities.
Israel Gets Lost in Cyber-Space
Despite being recognized as a major power in cyber-space for over a decade, Israel
has received very little scholarly attention in regard to cyber-space. The scholarly focus on
Israel has, not surprisingly, though for sad reasons, been on other aspects of security.
Existing academic research regarding Israel in cyber-space has largely focused on limited
aspects of Israeli cyber policy.163 One area of focus has been on military and security policy.
Baram (2013), for example, has written about how an increasing reliance on cyber-tools by
the Israeli Defense Force (IDF) will impact Israeli force buildup and military strategy in the
physical world. In their book, Tabansky and Ben Israel (2015), focus largely on how cyber-
security policies and actions fit into Israel’s general security strategies. Their work has a
heavy focus on a descriptive examination of how Israel’s policies evolved as a result of
Israel’s specific strategic culture and context.164 Building on this and on his own previous
work, Baram (2017) argues that one of the reasons that Israel was able to develop into a
successful cyber-power is that Israeli strategic culture has always focused on technological
superiority as a means by which Israel can ensure its security against the much richer and
more populous Arab states surrounding it.165 This argument is supported by Siboni and
162 Libicki, Conquest in Cyberspace. 163 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 113. 164 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,
2015. 165 Baram, Gil. “Israeli Defense in the Age of Cyber War.” Middle East Quarterly, Winter, 2017.
45
Assaf (2016) who argue that Israel can continue to ensure their technological superiority by
relying on the informal and technology driven nature of Israeli culture.166
With the release of Israel’s new national cyber strategy, Siboni and Assaf (2016)
examine the document and argue that it reveals that Israel places a heavy focus on both
offensive and defensive strategies. A central goal of the strategy is to ensure the state’s
functional continuity by ensuring that government services and systems important to daily
life (such as banks and academia) are able to maintain functionality or quickly recover from
attack. The authors argue too, that the document shows that a central goal of Israeli strategy
is to ensure that Israel is able to decide when to launch attacks on its own terms against any
target of its choice.167
A number of articles have also identified regulatory and organizational factors that
have helped Israel to become strong in cyber-space. Israel’s National Cyber Bureau (NCB) is
generally accepted as critical to how Israel is able to maintain its advanced position.
Specifically, the NCB’s mandate to develop a comprehensive cyber strategy, to make cyber-
policies clear to relevant actors, to solicit advice from outside bodies, to advance research
and development programs between academia, the private sector, and government, to
further cyber-education programs, and to attempt to improve international cooperation
using the cyber-realm.168 Adamsky additionally notes that Israeli strategy is particularly
strong because it addresses preventing cyber-threats at the private and governmental level,
thus helping to protect all important networks. The author also highlights Israel’s ability to
166 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153, 2016, p. 12 167 Siboni and Assaf, “Guidelines for a National Cyber Strategy.” 168 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy;” Benoliel, “Towards a
Cybersecurity Policy Model.”
46
use its high level of cyber-capabilities to forge improved relations with other nations by
offering to work with them and build abilities together. Siboni (2013) and Siboni and Sivan-
Sevilla (2017) also praise Israel’s decision to focus some regulatory efforts on ensuring that
critical infrastructure is well protected, but note that these regulations are not particularly
comprehensive.169 Siboni and Sivan-Sevilla (2017) stress that in regards to regulating cyber-
defense for the private sector and critical infrastructure, Israel has taken a very hands off
approach in regards to requiring specific protections or policies. The authors argue this
remains a significant gap in Israel’s cyber-defenses.170
In discussions of Stuxnet, the focus of most academic works is either on the wider
impact Stuxnet may have on national security policies or on whether or not it was effective.
Numerous authors argue Stuxnet illustrates that cyber-attacks now afford states the chance
to successfully cause physical damage to a target for a lower cost than a physical strike would
entail in terms of both money and lives lost. At the same time, they stress that the attack also
illustrates that states now need to take into consideration the possibility that their weapons
can be turned back against them, and that possible escalation can occur from cyber-
attacks.171 On the other hand, Stuxnet can also demonstrate the limits of cyber-weapons.
The massive complexity of Stuxnet means only states that are already powerful will be able
to use them, which gives such states only a marginal increase in their hard power. Further,
the use of such weapons raises many social and technical uncertainties that make them
difficult to successfully deploy.172
169 Siboni, “Protecting Critical Assets and Infrastructures from Cyber Attacks;” Siboni and Sivan-Sevilla, “Israeli
Cyberspace Regulation.” 170 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.” 171 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War;” Even and Siman-Tov, “Cyber Warfare: Concepts
and Strategic Trends;” Valeriano and Maness, Cyber War versus Cyber Realities, p. 149. 172 Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013.
47
My own previous work, in Cohen, Freilich, and Siboni (2015), has addressed the
subject of Israel in cyber-space as well. The article, which was the first comprehensive case-
study on Israeli use of cyberspace, provides insights into the dangers and opportunities that
the cyber-realm poses to nation states. We argue Israel has excelled in developing polices
and strategies to address these dangers. In the article, we explore what Israel has done
offensively and defensively in cyber-space and argue that while the threats to Israel are
severe, they are not unique, thus nations that are looking to improve their defensive and
offensive use of cyberspace can learn much from what Israel has done. From that we then
offer policy recommendations. This dissertation will not only greatly expand upon what that
paper addresses, but will explore in detail additional topics. There has been little focus, for
example, on the role that Israel has played in the formation or norms in cyber-space or on
what the Israeli experience can teach regarding the role of non-state actors in cyber-space.
To achieve these goals, the dissertation will employ a systematic assessment of
available academic research in political science, law, UN documents, government documents,
and documents from non-governmental organizations. Some of the following chapters will
contain additional review of relevant literature as needed to address their specific topics.
Potential Problems and Limitations:
States and private entities might not actually disclose cyber-attacks that have
targeted them. This makes it more difficult to ensure that all relevant information is
incorporated. It sometimes takes years to uncover major cyber-incidents, and there are
some the world will likely never know. Just as there is espionage in the physical world the
public never learns of, there are doubtlessly cyber-attacks we never learn of. If it is not even
48
possible to uncover all major incidents, it will never be possible to uncover all minor ones.
As noted previously, nations themselves may never even be aware of attacks.
Research is additionally complicated because, as noted, definitions in the field of
political science cyber-security research are not agreed upon. This could complicate efforts
to ensure that authors are speaking of the same phenomenon and not something related
instead. Further, as with all political science research (and social science research more
broadly), due to the endlessly complex nature of human behavior, it is not possible to account
for every factor that impacts decisions.
Analyzing what is known about Israel’s cyber-security strategy poses challenges as
well. While a public document has been released, actual offensive and defensive operations
and how the strategy is implemented is shrouded in secrecy, as in every other cyber-capable
nation. The stakeholders in these policies are national security and intelligence agencies,
and they generally do not like to share information.173
Finally, as with any case-study, the generalizability of my findings will inherently be
limited by that methodological choice. A case study provides rich detail and offers insights
broader studies miss, but it can be hard to draw wider conclusions from them. Conducting
a case study on Israeli cyber-policy is highly valuable, however, as it is a critical country in
cyber-space that is badly understudied. It is not possible to compare its actions and policies
to other nations if no detailed study and analysis is conducted on it first.
173 Benoliel, “Towards a Cybersecurity Policy Model,” p. 437.
49
Chapters
This dissertation consists of 5 chapters beyond the current one. Each of the chapters
will contain relevant policy recommendations and insights to the subject matter in the
chapter. Chapter 2 will focus on examining in greater detail the nature of the threat to Israel
and exploring how Israel’s regulatory and cultural environment has allowed Israel to thrive.
Israeli culture has played a role in shaping Israel’s rise as a cyber-power, and it is important
to understand in what ways this has been the case. In addition, Israel’s government has
placed a heavy focus on ensuring Israel remains powerful in cyber-space. This chapter will
examine the ways in which Israel has achieved this through educational and research and
development programs and cooperation with the private sector and academia.
Building from this, Chapter 3 will propose a conceptual model for understanding state
behavior and test to see if Israel’s experience confirms that it provides an accurate picture
of what occurs in the real world. This model is originally from Cohen, Freilich, Siboni (2017).
The model is entitled Four Big Ds and an R. The Ds are Detection, Deterrence, Defense, and
Defeat of the enemy, while the R refers to resilience. This chapter will explain in depth the
challenge each of these aspects poses to states in cyber-space and examine how it is that
Israel has gone about attempting to meet those challenges.
Chapters 4 and 5 will look more in depth at two particular issues of interest that need
further study: the role of norms and international law in cyber-space; and the under-
examined role of non-state actors and their interactions with states in cyberspace. Chapter
4 will explore what role norms and international law have played in cyber-space. There is
debate currently, as noted above, regarding what if any role they do play at the moment.
Through an examination of Israel’s actions and experiences with other states and
50
international bodies, this chapter will help to address that debate. Chapter 5 will give a
detailed look at the threat posed by non-state actors in cyberspace. There is a healthy debate
regarding what the extent of that threat is. This chapter will aim in part to show that while
the threat is less serious than that posed by state actors, it is growing and should not be taken
lightly. From there, the chapter will explore how Israel has responded to the threat and draw
lessons from that experience.
Finally, Chapter 6 will offer conclusions and policy recommendations for how actors
can use the cyber-realm both offensively and defensively. While due to differences between
nations, not every policy will fit well with every nation, the chapter will aim to offer specific
and clear recommendations that can practically be adopted by a wide range of nations. It is
the hope that these recommendations will be useful in increasing security, peace, and
stability in the cyber-realm at both the national and international levels.
51
Chapter 2 – Israel, Culture, and Cyber-Space
Israel has quickly become of the most powerful players in cyber-space, developing
offensive and defensive capabilities that rival those of the most advanced states. How did
tiny Israel, a country of just over eight and a half million people, grow strong enough to
compete with nations roughly 15 (Russia) to 161 (China) times its size? There is no one
simple answer, and it is a central question to this dissertation. In the study of international
relations, constructivist theory argues that security threats are socially constructed in that
nations and peoples determine what threats are most important, and then how to respond
to those threats in a manner in keeping with that nation’s culture. Using that idea as a
starting point, this chapter will demonstrate that Israel has placed a high importance on
cyber-space, which has led Israel to take steps that have enabled it to gain far greater abilities
in cyber-space than its small size would predict. The importance that Israel places on
building capabilities in cyber-space is demonstrated through the work Israel has done to
create well run and organized cyber-bodies in its government, to draft and pass relevant
regulations, in its commitment to research and development, and its development of
education and training programs. Further, Israel’s culture, as would also be predicted by
constructivist theory, has played an important role in Israel’s strength in cyber-space. This
chapter will examine these issues, and at the end will offer recommendations Israel could
use to further enhance its abilities in cyber-space.
The Threat to Israel in Cyber-Space:
Before examining these issues, it is important to first discuss the scope and extent of
the threat to Israel in cyber-space to frame why it is that Israel is focused on this arena. Israel
52
faces a nearly constant barrage of cyber-attacks from both state and non-state actors.174
There are a wide array of targets to strike in Israel, from defense contractors, to banks, to
the Iron Dome and other military equipment, to the national security apparatus, to TV
stations, and more.175 The systems most often targeted are the healthcare, financial services,
and transportation sectors, as well as government agencies.176 While the capabilities and
intentions of the actors varies, the financial and security dangers posed to Israel have been
steadily increasing, as has the sophistication of the actors launching operations. More
complex attacks have aimed to either disable Israel’s critical infrastructure systems or
conduct espionage on those systems or Israel’s national security organizations.177 While
thus far no catastrophic incidents have occurred, that is not due to any lack of effort by the
attackers.
In just the period from the start of 2016 to the first half of 2017, attacks on Israel’s
critical infrastructure and other systems have been frequent. In January of 2016, for
example, the Israeli Electric Corporation (IEC) was forced to temporarily shut down a
portion of the electric grid after an employee mistakenly fell for a spear-phishing attempt
and ended up infecting numerous computers with malware. The exact details of how the
174 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the
support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States
Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7, 2012;
Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel, July 9, 2014.
http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/; Cohen, Matthew S., Charles D.
Freilich, and Gabi Siboni. “Israel and Cyberspace: Unique Threat and Response.” International Studies
Perspectives, Volume 17, 2016. 175 Weinstock, Dan and Elran, Meir. “Securing the Electrical System in Israel: Proposing a Grand Strategy.” Institute
for National Security Studies, Memorandum 165, June 2017, p. 32 176 IBM. “X-Force Threat Intelligence Index - 2016.” IBM.com, 2016.
177 TOI Staff. “Next 9/11 Will be Caused by Hackers, Not Suicide Bombers, Cyber Expert Warns.” Times of Israel.
April 15, 2015. http://www.timesofisrael.com/hackers-will-cause-next-911-cyber-expert-warns/; Ginsburg, Mitch.
“The Double-Edged Sword of Cyber Warfare.” The Times of Israel. June 24, 2015.
http://www.timesofisrael.com/the-double-edged-sword-of-cyber-warfare/
53
attack worked and the extent of any damage it caused to the IEC’s computers or networks
were not made public.178 The IEC is in general a popular target for malicious actors, with the
CEO, Eli Glickman, stating that not only is the IEC hit with on average roughly 1 million cyber-
incidents a day, but that many of these attacks are not simple DDoS efforts, but are more
complicated attempts to either gain intelligence for future operations or gain access to the
IEC’s infrastructure.179 In general, Israeli infrastructure systems, including the IEC, water,
and transportation, face as many as two million attacks a day, with the attacks varying widely
in severity.180
In January of 2017, Shin Bet (also known as the Israeli Security Agency, which is
similar in function to America’s Federal Bureau of Investigation) stated that it foiled what it
called a possible massive cyber-attack on Israeli television and radio broadcasters. The goal
of the attack was to take control of the signals and release broadcasts that aimed to cause
public panic.181 In June of 2017, Israel was again able to halt what it called a major planned
cyber-attack. This time the targets were several hospitals. Had the attacks succeeded, they
could have caused major disruption to patient care.182
178 Jerusalem Post Staff. “Israel’s Electrical Grid Attacked in Massive Cyber Attack.” Jerusalem Post, January 26,
2016. http://www.jpost.com/Israel-News/Israels-electrical-grid-attacked-in-massive-cyber-attack-442844 179 Shamah, David. “A Million Hacks a Day, but Israel’s Electric Grid Survives.” The Times of Israel. March 24,
2015. http://www.timesofisrael.com/a-million-hacks-a-day-but-israels-electric-grid-survives/; Siers, Rhea. “Israel’s
Cyber Capabilities.” The Cipher Brief, December 28, 2015. http://thecipherbrief.com/article/israel%E2%80%99s-
cyber-capabilities; Weinstock and Elran, “Securing the Electrical System in Israel,” p. 32. 180 TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz, June 16, 2016.
http://www.haaretz.com/israel-news/business/1.725277 181 Eichner, Itamar. “A Look at the Shin Bet’s Cyber Unit.” YNetNews, January 18, 2017.
http://www.ynetnews.com/articles/0,7340,L-4909435,00.html 182 Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com, June
29, 2017. http://tech.firstpost.com/author/tech2-news-staff
54
Iran:
There are a number of actors who pose dangers to Israel, one of the most dangerous
is Iran. Iran has come to view the cyber-realm as an effective platform for promoting its
interests. Cyber-space enables it to cause harm to adversaries that have military superiority
over Iran, while also providing Iran with enough plausible deniability to avoid sanctions or
counter-attacks for its actions.183 Starting in 2013, Iran has worked to greatly improve its
offensive capabilities. To this point, in 2013, Israel began to face an increase in cyber-attacks
originating from Iran or its proxies, the number and sophistication of which have continued
to increase.184 Iran’s and its proxies’ attacks on Israel have ranged from DDoS campaigns to
more sophisticated efforts mainly aimed at espionage against critical infrastructure, security
agencies, companies, and academics.185
To achieve these improvements, Iran greatly increased funding for its cyber-
programs and worked hard to develop not only better technology, but also to improve it
planning and strategy.186 Iran also increased cooperation with Russian cyber security
experts to rapidly strengthen its abilities.187 Iran now appears to be able to carry out
sophisticated operations that require prior intelligence gathering and that require fairly
extensive and complex infrastructure to engineer.188 Iran has become adept at socially
183 Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber Warfare, 2013-2014,” INSS Insight, no 536,
2014, p. 2. 184 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare.” 185 Rosen, Armin. “Israel Faced a Huge Wave Of Cyber Attacks During Its War With Hamas — And Iran Could Be
The Reason Why.” Business Insider, August 18, 2014, http://www.businessinsider.com/israel-faced-a-wave-of-
cyber-attacks-2014-8; Cohen, Sagi. “Iran Hackers Carrying Out Cyber Attacks Against Israeli Targets, Report
Claims.” YNetNews, June 15, 2015. http://www.ynetnews.com/articles/0,7340,L-4668686,00.html 186 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare.” 187 Sen, Ashish Kumar. “Iran’s Growing Cyber Capabilities in a Post-Stuxnet Era.” Atlantic Council. April 10, 2015.
http://www.atlanticcouncil.org/blogs/new-atlanticist/iran-s-growing-cyber-capabilities-in-a-post-stuxnet-era 188 Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” INSS Insight, No.
561, 2014.
55
engineering attacks as well, and is now able to select the most relevant targets and tailor its
efforts to them. Iran still lacks the ability to launch the most complicated attacks, but it is
able to make effective use of what it can do to steal information and cause disruptions. Iran
has also expanded its support for proxy groups that launch attacks on its behalf, such as the
Syrian Electronic Army (SEA) and Hamas and Hezbollah (discussed below). Doing so both
augments Iran’s own capabilities, and also gives it a way to launch attacks while maintaining
plausible deniability.
Hezbollah and Hamas:
These two groups have been able to improve their cyber-capabilities, mainly thanks
to assistance from Iran and occasionally some help from the SEA (which has mainly targeted
entities in relation to the Syrian civil war and has not focused much on Israel). Operation
Protective Edge in 2014 marked the first time Hezbollah and Hamas attempted to fully
incorporate cyber-attacks as part of their overall strategy to counter Israel. While they had
launched cyber-attacks on Israel previously both during and outside of conflicts, such attacks
were not part of their larger military strategies. In 2014, they mainly launched low-level
attacks, such as DDoS and defacements against Israeli targets in the governmental, security,
financial, and civilian sectors.189 Their largest success arguably came in taking the Home
Front Command website for a short period.190 The attacks, while not doing any real damage,
were significant, however, as they marked the first time the IDF had to fight a war and deal
189 Berman, Lazar. “Knesset Stymies Major Cyber Attack.” The Times of Israel. July 14, 2013.
http://www.timesofisrael.com/knesset-stymies-major-cyber-attack/ 190 Siboni, Gabi and Sami Kronenfeld. “The Iranian Cyber Offensive during Operation Protective Edge.” INSS
Insight, No. 598, Institute for National Security Studies, August 2014.
http://www.inss.org.il/index.aspx?id=4538&articleid=7583
56
with widespread organized cyber-attacks at the same time.191 Hezbollah also appears to
have taken part in an espionage campaign against foreign targets, including Israel, from
2012-2015, though how successful it was in targeting Israel specifically is not clear.192
Hamas appears to be somewhat less sophisticated in its abilities. In 2016, it was able to
briefly hijack the broadcast signal of an Israeli TV station to disseminate some anti-Israel
propaganda and images threatening attacks.193 Hamas’ efforts, however, have focused
mainly on low level DDoS and defacements.
Islamic Jihad:
In general, this is a group that poses limited risk to Israel in cyber-space. They did,
however, have one main success that was significant. It came thanks to Majad Awidah, who
was able to successfully hack into IDF drone communication signals and road cameras
between 2012 and 2014 before he was arrested. Islamic Jihad was able to use that
information to track where Israeli drones were flying and attempt to move militants away
from areas that appeared Israel was preparing to strike. The intelligence they gathered also
improved the terror group’s ability to target their missile launches at busy areas in Israel.194
The tools Awidah used to do this were fairly straightforward, underscoring that non-state
actors do have the potential to use cyber-space in a meaningful way against even advanced
191 Baram, Gil “Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter, 2017, p. 9-10 192 Check Point. “Volatile Cedar Threat Intelligence and Research.” Check Point. March 20, 2015.
https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf 193 Balousha, Hazem and William Booth. “Israel Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks
Israeli TV.” Washington Post, March 13, 2016. https://www.washingtonpost.com/world/israel-retaliates-for-gaza-
rocket-fire-with-air-strikes-hamas-hacks-israel-tv/2016/03/13/0214541e-f9ee-48e0-8402-
39fc4838b65c_story.html?utm_term=.fffab43baf9d 194 Cohen, Gili. “Islamic Jihad Hacker Accused of Accessing Israeli Drone Communications.” Haaretz. March 23,
2016. http://www.haaretz.com/israel-news/.premium-1.710589
57
states. Beyond this incident it does not appear that Islamic Jihad currently poses any major
dangers to Israel in cyber-space.
Anonymous:
Only some of Anonymous’ factions have participated in attacks on Israel. In this work,
therefore, when Anonymous is referred to it is in reference only to the factions that have
launched attacks on Israel, unless otherwise noted. Regarding Israel, Anonymous first
became involved in organized actions against the state during Operation Pillar of Defense in
2012 when it claimed it was able to block access with DDoS attacks to roughly 650 Israeli
websites, and that it leaked credit card information for thousands of Israelis.195 In 2013,
Anonymous launched the first of what would become a yearly series of attacks on Israel,
scheduled, remarkably enough, intentionally to coincide with Holocaust Remembrance Day.
These operations are titled #OpIsrael. The stated goal was to create an “electronic
holocaust” that would wipe Israel from the internet. The attacks, which have occurred every
year since, including 2017, involve the use of generally unsophisticated tools and DDoS
attacks. While some poorly defended websites have been taken off-line for short periods,
and some personal data of a few Israeli officials appears to have been published, and some
credit card data has been stolen, #OpIsrael has been largely unsuccessful in causing any real
damage or disruption.196
195 Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and Strategic Affairs,
Vol. 5, No. 1. 2013, p. 113. 196 Apfel, Alexander J. “‘Anonymous’ Hackers Attacks on Israel More Hype than Harm.” YNetNews.com. April 7,
2016. http://www.ynetnews.com/articles/0,7340,L-4788745,00.html; Sones, Mordechai. “Annual Anonymous Cyber
Attack against Israel April 7.” Israel National News, March 26, 2017.
http://www.israelnationalnews.com/News/News.aspx/227281
58
Espionage by Allies:
China is not the only foreign nation that has utilized the cyber-realm to conduct
espionage against Israel. Two nations friendly to Israel have been found to have done so as
well: the United Kingdom and the United States. The incident in question occurred between
2008 and 2012. The two nations used the cyber-realm to spy on Israeli drone and missile
defense tests, and hacked into Israeli fighter planes and drones. The attackers were able to
listen in on communications and monitor the activity of the vehicles in an effort to determine
if Israel was planning to launch an attack on Iran and to monitor activity in Gaza during
Operation Cast Lead.197 While the intent may not have been hostile, the success the attackers
had underscores that even the most sensitive systems are never fully secure.198
Overall, there is growing concern in Israel that despite its current advantages in the
cyber-realm, other nations and actors will be able to catch up, and that even if other actors
cannot fully close the technological, strategic, doctrinal, and organizational gaps with Israel,
they will come close enough in terms of capabilities to better penetrate Israeli defenses and
cause disturbances or damage.199 Even when no single actor is capable of causing damage
on its own, Israel faces a barrage of attacks from a host of different groups. When many
groups attack at once, the cumulative nature can make it much more difficult to successfully
197 Horovitz, David. “US Espionage and Hamas Tunneling Highlight Malaise in Israel’s Defenses.” The Times of
Israel. January 31, 2016. http://www.timesofisrael.com/us-espionage-and-hamas-tunneling-highlight-a-malaise-in-
israels-defenses/; Currier, Cora and Henrik Moltke. “Spies in the Sky.” The Intercept. January 28, 2016.
https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/; Bob, Yonah
Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post, April 28, 2016.
http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-452589 198 Bob, “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” 199 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011, p. 57; Cohen,
Freilich, and Siboni, “Israel and Cyberspace.”
59
defend against attacks. These attacks increase during times of conflict, as in the operations
against Hamas, which further complicates efforts in cyber-space and on the ground.
However, despite the barrage of attacks, Israel has been able to maintain a high level of
success in defending against cyber-attacks. This is in major part due to the significance Israel
places on the cyber-sphere and the resources and energy it has invested in it.
Identity and Interests in International Relations:
All states seek to survive, and to that end, all states look to directly increase their own
power and influence internationally. All states share this common interest to promote and
defend their national interests above other concerns.200 However, countries do not all do so
in the same manner. Some states place more importance on some threats and some sources
of power than other states do. How the state identifies itself, how it views its environment,
and what aspects of its society it views as critical to its security all shape which issues states
identify as central to national security and how they respond to those threats.201 The beliefs
and values that leaders bring with them into office also shape how states identify and handle
national security issues. In essence, national identity and values help to determine state
behavior.
200 Mearsheimer, John J. “Back to the Future.” International Security. Vol 15, No 1. 1990; Mearsheimer, John J.
“The False Promise of International Institutions.” International Security. Vol. 19, No. 3. 1994/1995; Waltz, Kenneth
N. Man, the State, and War (New York: Columbia University Press, 1954). 201 Finnemore, Martha. National Interests in International Society. (Cornell University Press, 1996); Finnemore,
Martha and Kathryn Sikkink. “Taking Stock: The Constructivist Research Program in International Relations and
Comparative Politics.” Annual Review of Political Science. Vol 4. 2001; Keck, Margaret E. and Kathryn Sikkink.
Activists beyond Borders: Advocacy Networks in International Politics (Cornell University Press, 1998); Wendt,
Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International
Organization Vol. 36, No. 2. 1992; Wendt, Alexander. Social Theory of International Politics. (Cambridge
University Press, 1999).
60
Any issue can become a security issue (it can be securitized), depending on how a
state experiences the threat in the real world, as well as how it is discussed in public by the
nation’s leaders.202 Cyber-security appears to have become securitized around the world.
Whether one believes that the threat in cyber-space is real and growing, or is over-blown,
there is no question that in the minds of many policy makers and in the public cyber-space
is of importance to national security. To that end, the response to cyber threats appears to
be socially constructed as well.203 This can be seen by the fact that different states have
handled the threats and opportunities in cyber-space differently. Israel has not behaved in
cyber-space in the same way that China, which has focused on espionage, has, for example.
Further, not all states place cyber-security as a key issue to their national security. Estonia,
for instance, has developed into a cyber-power as a response to Russian threats, but its
neighbors, some of whom also face threats from Russia, have not.
Cyber-Space and its Importance to Israel:
From all the way back in 1997, Israel recognized that cyber-space held danger, as
evidenced by the establishment of “Tehila” (Government Infrastructure for the Internet Age),
one of the first governmental cyber-security agencies in the world, that aimed to ensure
secure connections for government offices and secure hosting for government websites.204
The cyber-realm has long occupied a significant place in Israeli security thinking. This is
seen in Israel today in statements by Prime Minister Benjamin Netanyahu and other
202 Buzan, Barry, Ole Wver, and Jaap De Wilde. Security: A New Framework for Analysis. (Lynne Rienner
Publishers, 1997). 203 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International
System. (Oxford: Oxford University Press. 2015), p. 51. 204 Ravid, Barak. “Netanyahu Formed a Team to Prepare for Israeli Attacks on Computer Networks,” Haaretz
(Hebrew), April 3, 2011. http://www.haaretz.co.il/captain/software/1.1170180
61
government officials. Former Premier and Defense Minister Ehud Barak, for instance, has
warned that “cyber warfare has taken asymmetric warfare to a new height, allowing a lone
hacker to cause major damage.”205 Former General Isaac Ben-Israel, who served as chief
advisor to Netanyahu on cyber issues, has stated that cyber-readiness is central to Israeli
thinking, both offensively and defensively.206
Netanyahu has frequently stated his belief that Israel must become a dominant force
in cyber-space,207 even calling cyber-attacks “one of the four main threats to Israel.”208 He
has additionally called for Israel to create a “Digital Iron Dome” that would protect Israel
from cyber-threats akin to how the Iron Dome protects against rocket attacks.209 In strategic
planning, he has repeatedly called for the creation of stronger cyber-capabilities and
training. He has stressed his desire for Israel to be one of the top-five cyber-powers in the
world, and has helped pass legislation that called for steps to be taken to make Israel a
worldwide center of development for cyber-technologies.210
The IDF additionally places a heavy focus on developing and improving its cyber-
capabilities. Cyber-space was recognized as a potential danger by the IDF back in the early
1990s. At the time the focus was on information security, meaning the protection of
205 Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post, June 6, 2012.
http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader 206 Shackle, Samira. “Cyber Warfare is Key Priority for Israel,” Middle East Monitor, November 2, 2012,
https://www.middleeastmonitor.com/blogs/politics/4546-cyber-warfare-is-key-priority-for-israel 207 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,
2015. 208 Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War; Netanyahu to Decide,” Haaretz,
September 14, 2014, http://www.haaretz.com/news/diplomacy-defense/1.615637 209 Keinon, Herb. “PM: Israel Needs ‘Digital Iron Dome’ to Stop Cyber Attacks.” The Jerusalem Post, June 9, 2013.
http://www.jpost.com/Defense/PM-Israel-needs-digital-iron-dome-to-stop-cyber-attacks-315934 210 Tabansky and Ben Israel, Cybersecurity in Israel.
62
computerized systems that stored sensitive information. The range of threats has greatly
expanded since then, but the focus on cyber-space remains high.211
The weapons systems the IDF uses, including submarines, missiles, aircraft, and
radars, have electronic components that are vulnerable to cyber-attacks.212 There is concern
within the IDF that enemies will use cyber-space to penetrate, disrupt, take control and even
use military communications networks against Israel during hostilities, thus making it
difficult for Israel to defend itself from attack.213 At the same time, the IDF has also focused
on improving its ability to use offensive abilities in cyber-space. The IDF has stated that it
views cyber-space as “a platform to improve operational effectiveness and defense” and as
another potential battleground, much like the ground, sea, or air.214 This is reflected in the
newest IDF Strategy document released in August 2015, which stresses in part that the IDF
recognizes that cyber-space represents new challenges and opportunities for Israel and that
the IDF should take steps to address this. It calls for Israel to develop better tools to defend
itself against new forms of attacks originating in cyber-space and for Israel to further develop
offensive cyber-weapons.215
The cyber-realm has also become critical to Israel’s economy. Israel exports roughly
$6.5 billion a year of products related to cyber-space, which accounts for roughly 8-10% of
211 Baram, “Israeli Defense in the Age of Cyber War,” p. 5 212 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post, May 11, 2013,
http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 213 Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012.
http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator; Katz, Yaakov. “Security and Defense:
Israel’s Cyber Ambiguity.” Jerusalem Post, May 31, 2012, http://www.jpost.com/Features/Front-Lines/Security-
and-Defense-Israels-Cyber-Ambiguity 214 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews, June 4, 2012,
http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 215 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces, August 2015.
http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf
63
the world market. This is up from 1-2% of the market just six years ago.216 High-tech
products and related services make up roughly 12.5% of Israel’s gross domestic product, and
about half of its industrial exports.217 In regards to global private investment into cyber-
security firms entering a country, Israel is second to the US in the world.218 This centrality
of cyber-space to Israel’s economy arises in part due to the fact that Israel’s government has
stressed that it wants its commercial cyber-sector to become a world economic
powerhouse.219
If in the end, “identities are the basis of interests” as Wendt stated,220 it is fair to say
that Israel has become a great cyber-power in part because it chose to view itself as one. Of
course, it takes more than simply identifying yourself in a given way to create an outcome,
but the creation of that identity and norm of behavior shapes what is possible.221 Israel has
built on this identity to become the cyber-power it sought to be. The rest of this chapter will
explore a few key ways it has done so.
216 MacBride, Elizabeth. “Meet The General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.”
Forbes, July 18, 2016. https://www.forbes.com/sites/elizabethmacbride/2016/07/18/five-lessons-on-cybersecurity-
from-an-israeli-general/#616d36a74fd1; Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal
Insurrection, June 23, 2016. http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/ 217 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews, July 5, 2016.
http://www.ynetnews.com/articles/0,7340,L-4824677,00.html 218 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington
Quarterly. Vol 40, No 2. 2017, p. 119; Nakashima, Ellen and William Booth. “How Israel is Turning Part of the
Negev Desert into a Cyber-City.” Washington Post, May 14, 2016.
https://www.washingtonpost.com/world/national-security/how-israel-is-turning-part-of-the-negev-desert-into-a-
cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 219 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 220 Wendt, Social Theory of International Politics, p. 398. 221 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945
(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 435.
64
Government Bodies:
This section will explore some key bodies that have emerged and what they were
created to do as the threat in cyber-space expanded. As noted, with the creation of Tehila,
Israel began addressing threats back in 1997. Since then, cyber-space has undergone a
tremendous transformation and ballooned in importance. The Israeli government’s cyber-
apparatus has evolved along with the changes.
In 2002, to this end, Israel created a new body, the National Information Security
Authority (NISA). NISA was charged with protecting critical infrastructure systems in both
the public and private sphere from cyber-espionage or cyber-attacks looking to cause
damage. Its remit included bodies such as banks, government offices, and water and
electrical systems.222 At the time it was becoming clear that cyber-crime was on the rise, and
that terrorists were looking for new ways to strike Israel. While NISA was a step forward, it
became clear over time that once again the challenge of defending against cyber-attacks
required new ideas. In 2011, Israel established the National Cybernetic Task Force (NCTF).
Its job was to review Israeli cyber policies and recommend improvements designed to
guarantee Israel’s cyber-security and global leadership in the field. In its conclusions, the
NCTF argued that Israel must not just improve on what it already did well, but invest the
time, energy, and money necessary to develop state of the art cyber-tools necessary to
respond to new threats. It also called for Israel to ensure that security measures and
government regulations did not infringe on Israel’s democratic and open society, or its
knowledge-based economy.
222 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Siboni, Gabi “Protecting
Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National Security – Selected Articles.”
Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 8
65
To this end, the Task Force identified a number of overarching goals for Israeli policy
makers: better inform the public regarding threats from cyber-space, develop better cyber-
training programs in schools and increase funding for them, improve governmental
regulations, and expand investments in cyber R&D. The panel further advocated forming a
national body responsible for determining cyber-space policies, expanding research grants,
building a strong industrial base to safeguard Israel’s cyber advantages, and increased
international cooperation.223 Another area of concern identified was the brain drain from
the government to the private sector.224 The main recommendation of the Task Force was
the creation of the National Cyber Bureau (NCB) to oversee Israeli cyber-policy and address
the concerns in the Task Forces’ report.225
Following that recommendation, Israel established the NCB later in 2011.226 The NCB
serves in an advisory capacity to the Prime Minister, working to oversee national policy
related to cyber-space and promoting implementation of regulations.227 Its mission is to
promote and regulate government cyber-activity, improve cyber-defense for the non-
defense related sectors of the government and, especially, expand the state’s ability to defend
and secure critical infrastructure networks against all threats. The NCB was charged with a
wide range of tasks: recommending policy changes to the government in regards to
cyberspace, including the creation of a national cyberspace security doctrine; promoting
223 Levi, Ram. “The Fifth Fighting Space.” Israel Defense, December 16, 2011,
http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706 224 United Press International. “Unit 8200 and Israel’s High-tech Whiz Kids.” June 4, 2012,
http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-tech-whiz-kids/UPI-
43661338833765/ 225 Cohen, Freilich, and Siboni, “Israel and Cyberspace.” 226 Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015.
https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ 227 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North
Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p. 444
66
Israel’s cyberspace industry; funding cyber R&D; promoting national cyber-educational
programs; improving coordination and cooperation between government agencies as well
as between the government and academics, industry, and private business; and holding
national and international exercises to improve Israel’s cyber-preparedness. In addition, the
NCB publishes warnings and reports as needed on emerging threats.228 The NCB has played
a major role in shaping Israel’s successful policies regarding cyber-space.229
Israel has continued to build additional governmental organizations related to cyber-
space as needs arise. In 2015, the National Cyber Security Authority (NCSA) was founded as
a subordinate body to the NCB. The NCSA has taken over direct responsibility for
coordinating efforts with the private sector to defend against attacks, working to ensure
improved early warning of threats and threat analysis, engaging in active defense operations
to deal with threats in real time, and assisting with crafting regulation.230 The NSCA
additionally functions as the government’s CERT.
Israel had planned to unveil a new unified Cyber Command for the IDF in 2017 that
would assume all responsibilities regarding military use of cyberspace and cyber-warfare
duties.231 It would have included all of the military’s intelligence and cyber offensive and
228 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National
Security Studies, Memorandum 117. May 2012; Ben-David, “Playing Defense,” p. 57; Efrati, Rami, and Lior Yafe.
“The Challenges and Opportunities of National Cyber Defense.” Israel Defense, August 11, 2012,
http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; National Cyber Bureau. “Mission of the
Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014.
http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Israel
Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on
Cyberspace 2013, October 16, 2013; Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology
on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1. 2013; Cohen, Freilich, and Siboni,
“Israel and Cyberspace;” Benoliel, “Towards a Cybersecurity Policy Model.” 229 For more, see Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 116 230 Baram, “Israeli Defense in the Age of Cyber War;” Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace
Regulation: A Conceptual Framework, Inherent Challenges, and Normative Recommendations.” Cyber,
Intelligence, and Security, Vol 1, No 1. 2017. 231 Baram, “Israeli Defense in the Age of Cyber War,” p. 7.
67
defensive capabilities, as well as capabilities that were previously housed in the Mossad and
Shin Bet.232 However, objections from some senior IDF officials and some concerns that “the
field of cyber warfare is changing too fast,” led Israel to scrap this proposal. Instead, the IDF
will expand the powers of its C4I Corps (command, control, computers, communications and
intelligence) to include both its current responsibilities regarding network operation, as well
as new responsibilities for defending all IDF networks against attack. This will turn C4I into
an operational command unit for all of the IDF’s cyber-defenses. C4I will then have the
authority to do whatever it feels necessary to defend the IDF, including launching
counterattacks and engaging in active defenses designed to deter attacks before they
occur.233 Part of this plan also calls for the IDF to streamline and cut costs, while also
providing for an overall increase in funding for cyber-activities.234
Regulation:
Becoming a cyber-power requires not just know-how and determination, it requires
the creation of well-designed governmental regulation. This is something Israel has done
well. Israeli regulation of cyber-space differs by actor. The security services are self-
regulated, and government sites are regulated by the NCB and the Telecommunications
Authority. The defense industry is partially self-governing but is guided as well by the
Director of Security of the Defense Establishment.
232 i24 News. “Israel Reorganizing Cyber Warfare Operations.” iI24news.com. June 16, 2015.
http://www.i24news.tv/en/news/israel/diplomacy-defense/75069-150616-israel-reorganizing-cyber-warfare-
operations 233 Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber
Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-
create-cyber-command-will-strengthen-military-cyber-defences/; IsraelDefense. “IDF Scraps Plans for a Unified
Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613 234 IsraelDefense. “IDF Scraps Plans for a Unified Cyber Command.”
68
Critical infrastructure represents a hybrid in which the state has supervision over
their defenses through the National Cyber Defense Authority and Shin Bet, but the
companies also have a significant degree of freedom to make decisions regarding security
that are driven by market forces as well. Critical infrastructure companies are required to
meet certain minimum standards for cyber-security and to share some information on
attacks against them with the government. If they do not do so, the state has the authority
to impose sanctions on them.235 Israel has recently implemented a new regulation on critical
infrastructure companies requiring that all personnel in cyber-security jobs meet minimum
levels of training and education, and that they engage in continuing education. This is a
regulation that has not been tried much elsewhere in the world, and it is unclear what impact
it will have. Generally, such employees will continue to self-teach as part of their jobs, and
this new regulation could decrease such behavior. If that occurs it will lead to decreased
innovation, as standardized ways of doing things will be imparted to these employees. On
the other hand, it is likely to at least temporarily raise the quality and training of the people
defending these networks.236
In the rest of the private sector, the government provides no oversight or direct
guidance, leaving businesses, industries, and individuals to their own devices to protect their
devices. There are no laws requiring companies take any steps to mitigate the dangers of
cyber-attacks, nor are there laws that require companies to report data breaches to
customers. The lack of regulation has both positive and negative outcomes. On the positive
side, it frees the market to innovate and develop technology in response to market demands.
235 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.” p. 91. 236 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation,” p. 94.
69
On the negative side, it means that standards are not uniform, leaving some targets
vulnerable. Further, there is no requirement that companies share information regarding
attacks or threats with each other or with the government, which makes it more difficult to
detect and stop threats as they occur.237 Generally companies are reluctant to report such
information because they fear doing so will have reputational costs.238
As a useful example of how Israel handles regulation in cyber-space, the Defense
Ministry recently worked with private cyber-security companies to come to an agreement
on the sale and export of security products. Israel had initially desired to restrict their
export, but private industry pushed back, arguing that if greater regulation and controls
were placed on their business they would be unable to compete with companies in states
that did not impose similar restrictions. The two sides worked together, and in the end, the
regulations were withdrawn. The state was willing to do this in major because it wants to
ensure that Israel remains at the forefront of cyber-technology, and it feared this regulation
would make that more difficult.239
Research and Development:
Israel’s ability to execute its plans and strategies in cyber-space depends upon having
the technical ability to do so. To that end, research and development is critical to creating
and maintaining that edge over other actors. Israel is well aware of this and has focused
heavily on funding and promoting research and development.
237 Tabansky, Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security
– Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013; Siboni and Sivan-Sevilla,
“Israeli Cyberspace Regulation.” 238 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 9-10. 239 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Siboni and Sivan-Sevilla,
“Israeli Cyberspace Regulation,” p. 94.
70
There are roughly 300 start-up companies in Israel dealing with the cyber-realm, and
multinational companies have set up roughly 20 research and development centers. These
numbers are equal to the total in the rest of the world combined, excluding the US.240
Companies that have set up centers in Israel include many of the world’s biggest, such as
Microsoft, Apple, IBM, EMC, Paypal, Oracle, General Electric, Deutsche Telekom, Lockheed
Martin, McAfee, Cisco and RSA.241 These companies come to Israel for a range of reasons,
but one of them is that Israel actively seeks them out. Israeli officials, including Netanyahu,
have directly reached out to companies to convince them to set up centers in Israel in an
attempt to further boost the country’s cyber-capabilities.242
The military has played an important role in Israel’s success building these start-up
companies. Israel’s military has programs set up to train its soldiers in cyber-security. This
is important in part because all Israeli citizens who are Jewish, Druze, or Circassia are
conscripted at age 18 for a period of 2 years for women and 2 years 8 months for men. Thus,
a large number of citizens receive this training. The most promising soldiers are assigned to
work in the elite Unit 8200. People who have served in this unit have an impressive track
record of setting up start-up companies when they finish their service, and the unit has been
credited with helping to foster a mindset among its members that is conducive to forming
start-ups.243 Graduates of the unit have even stated that Unit 8200 runs much like a start-up
company. It has research and development teams that can be utilized, funds can be
240 Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya,
Israel, June 9, 2014; Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High
Tech.” The Marker (Hebrew), September 14, 2014, http://www.themarker.com/technation/1.2432479; The
Economist. “Cyber-Boom or Cyber-Bubble.” The Economist. August 1, 2015. 241 Shkedi, Daniel. “The Cybersecurity Sector in Israel (Report).” Embassy of India, Israel. 2015; Uniyal, “US,
Israel Sign Cyber Defense Agreement.” 242 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118-119. 243 MacBride, “Meet The General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.”
71
requested for projects, and there is a loose atmosphere that encourages experimentation and
innovation.244
The presence of these start-ups and multinational companies helps Israel not just
economically, but for another reason as well. Israel has fostered close ties between the
military, academia, and the private sector.245 Israel uses these ties to bolster its offensive
and defensive abilities in cyber-space. This enables Israel to have direct access to cutting
edge technology, training, and opportunities for collaboration that it might not otherwise
have. Israel’s goal in this regard is to bring together the research knowhow and capabilities
of academia, the real-world knowledge of multi-national companies, the innovative spirit of
start-ups, and the hands-on experience of the military to build more successful offensive and
defensive cyber-tools for military and governmental use.246
The best example of this effort is the Advanced Technology Park (ATP). The ATP is
located on the campus of Ben-Gurion University in Beer Sheba. It was opened in September
of 2013 with the goal of providing a place where academics, multinational corporations,
start-ups, government officials, and the IDF could collaborate on projects, share data and
knowledge, and provide each other with extra personnel support and resources, and foster
new innovative ideas.247 Numerous companies have set up offices at the ATP, including
many of the ones mentioned above. The military has personnel from Unit 8200 on site as
well.248 The ATP initiative demonstrates the importance Israel places on the cyber-realm
244 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 245 Richet, Jean-Loup. Cybersecurity Policies and Strategies for Cyberwarfare Prevention. (Information Science
Reference, an imprint of IGI Global, 2015), p.293. 246 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 247 Levi, “The Fifth Fighting Space;” Hiner, Jason. “How Israel is Rewriting the Future of Cybersecurity and
Creating the Next Silicon Valley.” Tech Republic, 2013, http://www.techrepublic.com/article/how-israel-is-
rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/# 248 Richet, Cybersecurity Policies and Strategies for Cyberwarfare Prevention, p.293.
72
through its will to transform a remote desert region into a strategic high-tech hub where a
wide range of disparate actors can come together to create cutting edge products and
services.
One of the main jobs of the NCB is to help ensure that Israel continues to maintain its
qualitative advantage in cyber-space at the governmental and private levels. To do this, the
NCB has created a range of government funding opportunities for state entities including the
military, private companies dealing with cyber-space, and academia.249 The first of these
projects came about in 2012 when the NCB, in partnership with the Israeli Ministry of
Defense’s Research Authority and Development of Ammunition and Technological
Infrastructure, offered roughly $3.5 million to promote research and development
cooperation between the military and private sectors regarding dual use cyber-technology.
The NCB has also provided money to assist private entrepreneurs for projects the NCB
believes will improve Israel’s competitive abilities in world markets.250 In 2016, Israel even
offered to provide grants to private cyber-companies that would pay for up to 20 percent of
the company’s salary expenditures.251
Promoting academic research has also been a top priority of the NCB, and in 2012
alone, the NCB endowed roughly $10 million over 2 years to promote academic research
projects.252 The NCB has expended hundreds of millions of dollars “for the consolidation of
supportive academic research and in R&D grants to companies and universities.”253 In
249 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118 250 Benoliel, “Towards a Cybersecurity Policy Model,” p. 448-449. 251 Nakashima, Ellen and Ruth Eglash. “Israel hopes a cyber-city in the desert will coax highly trained, affluent,
young people away from Tel Aviv.” Washington Post, May 14, 2016.
https://www.washingtonpost.com/news/worldviews/wp/2016/05/14/israel-hopes-a-cyber-city-in-the-desert-will-
coax-highly-trained-affluent-young-people-away-from-tel-aviv/?utm_term=.4a10f44101d6 252 Benoliel, “Towards a Cybersecurity Policy Model,” p. 448. 253 Adamsky, Dmitry “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118.
73
addition, the NCB worked closely with two Israeli universities to establish two new research
centers. One is at Ben-Gurion University of the Negev and is focused on research related to
technology and applicative sciences. The second is Tel-Aviv University, which takes a
broader approach that includes political science and legal issues.254
The Office of the Chief Scientist (OCS) in the Ministry of Economy provides additional
support to private sector companies that conduct cyber-research and development, and
often does so in coordination with the NCB. Developing cyber-products, same as in most
other fields, is very risky for companies. Thus, the OCS looks to help ease the financial burden
of conducting research and development on projects that it believes will be successful in the
marketplace. The OCS does this by either directly providing financial resources or by
matching companies with third parties that are interested in funding the project. The direct
goal of this program is not to enhance governmental or military cyber-capabilities, but
instead to ensure that start-ups and companies continue to research and develop new
products and services in Israel, so that Israel’s private cyber-sector remains vibrant. The
idea too appears to be that that if Israeli companies are strong, then it boosts the economy
and it increases the odds that the government or military will be able to benefit from the
products in the long term.
Education and Training Programs:
Investing a nation’s resources and energy into building a field is a critical component
to its success in doing so, but it is a pointless waste if your population does not have the skills
to take advantage of the opportunities. Israel has worked to ensure that such a situation
254 Benoliel, “Towards a Cybersecurity Policy Model,” p. 449; Tabansky and Ben Israel, Cybersecurity in Israel.
74
does not arise in the nation. From grade schools, to colleges and universities, to the military,
Israel has invested resources aimed at educating and training students and soldiers to
acquire the skills needed to develop, and work with, cutting edge technology. The hope is
that better educational opportunities will further improve the development of Israel’s
human capital in cyber-space which will further enhance Israel’s qualitative advantages in
cyber-space.255
In grade schools, Israel has developed a number of programs and initiatives. Israel
has made a major push to increase enrollment numbers of students taking high school cyber-
classes.256 Israel is also a world leader in regards to the number of computer-science
teachers it employs.257 The NCB has developed advanced studies programs for students
across Israel who show promise that include additional technical training.258 In 2013, for
example, Israel created the “Magshimim Leumit” training program for high school students
with a focus on educating and developing professional skills among outstanding students
who live in Israel’s periphery (areas outside of major cities and population centers).
Entrance to the program is a highly competitive, as it accepts just 1 out of every 3 students
who apply. The goal of the program is to ensure that Israel identifies people who could
potentially serve in cyber and intelligence positions during their military service, but who
might have otherwise been missed.259
255 Benoliel, “Towards a Cybersecurity Policy Model,” p. 450. 256 Levi, “The Fifth Fighting Space;” Case Bryant, Christa. “Israel Accelerates Cybersecurity Know-How as Early as
10th Grade.” The Christian Science Monitor. June 9 2013. https://www.csmonitor.com/World/Middle-
East/2013/0609/Israel-accelerates-cybersecurity-know-how-as-early-as-10th-grade 257 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. 258 Benoliel, “Towards a Cybersecurity Policy Model,” p. 450. 259 Tabansky and Ben Israel, Cybersecurity in Israel; Prime Minister’s Office. “The “Magshimim Leumit”
Program.” Prime Minister’s Office.
http://www.pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Documents/Magshimim%20L
eumit%20program.pdf
75
In 2017, Israel announced that it would establish a national center for cyber-
education, with the goal of increasing the number, and quality, of students who could work
in military intelligence, defense agencies, the high-tech industry, and academia. The new
program will begin teaching basic computer and cyber-skills in first grade. The project
builds on another program that had begun offering children advanced computer and
robotics courses in fourth grade in roughly 40 schools around the country. The new initiative
is a joint venture between the Israeli defense establishment and academic institutions.260
The military has also been involved with improving educational outcomes related to
the cyber-realm in grade schools, particularly through its highly regarded technical schools.
The IDF has a growing need for well-trained cyber-personnel. To that end the IDF seeks out
promising students and gives them invitations to attend one of the IDF’s technical schools,
where upon graduation the students begin work for one of the IDF’s cyber units.261
Recruiters for the schools reportedly scan the internet looking for suitable candidates and
focus on their analytical capabilities, ability to process large amounts of data, attitude
towards teamwork, and how successful the candidates are at making good decisions
quickly.262 The army has also built cyber training programs for students with outstanding
talent starting in the 10th grade within some civilian high schools.263
260 Associated Press. “In Israel, Teaching Kids Cyber Skills is a National Mission.” YNetNews. February 4, 2017.
http://www.ynetnews.com/articles/0,7340,L-4917408,00.html 261 Case Bryant, “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade;” Silverstein, Richard. “IDF to
Double Unit 8200 Cyber War Manpower.” richardsilverstein.com, October 23, 2012,
http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/; Nakashima and
Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 262 Orpaz, Inbal. “The Secret to High-tech Success? This Elite Israeli Army Unit.” Haaretz. April 18, 2014.
https://www.haaretz.com/.premium-the-armys-employment-agency-1.5245249 263 Case Bryant, “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade.”
76
The private sector has seen the potential here as well and invested in training for
Israeli students. In 2015, a group of leading multinational corporations, all with research
and development centers in Israel, created a “Coding Olympics” with the goal of encouraging
Israeli students to study coding and learn more about jobs in the cyber-realm. This event
also has support from Israel’s Ministry of Education.264 The Coding Olympics appear to have
been a success as they have become a yearly event.265
The IDF also offers training to its soldiers. Israel graduated its first “cyber defenders”
in 2012 from a one year program in which the soldiers were trained to examine IDF
computers and networks in an effort to prevent and detect attacks.266 In 2013, the IDF
greatly expanded the number of soldiers it sends to cyber-warfare courses.267 Currently,
roughly 10,000 are trained in cyber-security every year. To encourage soldiers to get cyber-
training, in some programs the IDF even offers that taking the class will count as credit
towards receiving an increase in salary.268 The IDF has also developed complex simulators
on which to hone their skills. This includes a model city in which trainees remotely control
computer systems and use them to either simulate attacks on targets or defend targets from
simulated attacks.269
264 Elis, Niv. “Multinationals Invest in Teaching Israeli Kids to Code.” Jerusalem Post, October 28, 2015.
http://www.jpost.com/Business-and-Innovation/Health-and-Science/Multinationals-invest-in-teaching-Israeli-kids-
to-code-430250 265 Israel Advanced Technology Industries. “2016 National Coding Olympics is Underway!” Israel Advanced
Technology Industries. November 23, 2015. http://www.iati.co.il/news-item/1856/2016-national-coding-olympics-
underway 266 Cohen, Freilich, and Siboni, “Israel and Cyberspace;” Katz, “Security and Defense: Israel’s Cyber Ambiguity.” 267 Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013.
http://haaretz.ubik.net/news/politics/1.1902961 268 Orpaz, Inbal. “Israel's Army is Starting to Act Like a Startup Company.” Haaretz. May 19, 2015.
https://www.haaretz.com/israel-news/business/.premium-israels-army-is-starting-to-act-like-a-startup-company-
1.5364013 269 Zitun, Yoav. “Training Israel’s Cyber Warriors.” YNetNews, July 24, 2015.
http://www.ynetnews.com/articles/0,7340,L-4683636,00.html
77
Culture and Cyberspace in Israel:
Culturally, Israel has always placed a very high value on technology. This is true for
two reasons. One stems in large part from Israel’s geopolitical environment. The country is
surrounded by neighbors who are generally hostile, and those neighbors generally have
higher absolute wealth, geographically dwarf Israel, and have massive populations relative
to Israel’s. Due to this threatening situation, Israel was forced to find other ways to compete
and survive. It turned to technology.270 This point was stressed by the head of the NCB,
Eviatar Matania, who noted that Israel is so advanced in cyber-space due to a culture of high-
tech innovation fueled by the dangers Israel faces. Matania also stresses that Israeli culture
looks for how to turn disadvantages into advantages, which he argues explains why Israeli
companies have become so successful. They have turned the threat into an economic
engine.271 Israel has also created a culture in the military that values technical ability and
innovation. Many of the start-ups in Israel dealing with cyber-space, as previously noted,
were started by people who worked for Unit 8200 or other intelligence units in the
military.272
Israel has a few specific cultural features that have also made it well suited to become
a top cyber-power. The first is that collaboration is something that Israelis have a long
history of partaking in. Across Israeli society there is a willingness to collaborate instead of
trying to accomplish things alone. This is in marked contrast to, for example, the US, where
270 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City;” Adamsky, “The
Israeli Odyssey Toward its National Cyber Security Strategy,” p. 122-123; Uniyal, “US, Israel Sign Cyber Defense
Agreement.” 271 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 272 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 123
78
the culture is one of individual achievement. Additionally, while Israel often feels beset by
dangers, this feeling of anxiety has pushed Israelis to work quickly in order to address
them.273 This is a particularly valuable asset in a field such as cyber-security where there
pace of change is highly rapid. Further, Israel has a very informal and non-hierarchal
business atmosphere which is perfectly suited to the broader culture generally found in the
high-tech field.274
At the governmental level, Israeli culture attempts to find a balance between security
and privacy. In regards to critical infrastructure, thus far Israel has placed a far heavier
importance on protecting against attacks than it has on privacy. The government is heavily
involved in ensuring these companies are protected, which is in stark contrast to the US,
where these companies are largely left to their own devices to defend themselves because
the concern in America is more focused on privacy and limiting the role of government.275
The Israeli government’s intervention with these companies still only goes so far, however.
The government, for example, does not monitor the companies’ networks, instead relying on
sensors that alert the company to an attack. The company is then required to report such
breaches to the government. Regarding other private companies, as noted, Israel has largely
taken the stance that companies and the market are the forces that will determine what level
of security is necessary.276 This poses dangers, however. If these private companies are
penetrated, and they are connected to government networks, it is possible for attackers to
use their successful attack on these more poorly defended targets to gain access to the more
273 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 274 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 123 275 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 276 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Nakashima and Booth,
“How Israel is Turning Part of the Negev Desert into a Cyber-City.”
79
secured government networks. However, Israel in this case has placed greater importance
on privacy and the need to innovate than on the need to defend.
Taken all together, Israel’s culture plays an important role in explaining why it is that
Israel has been successful in cyber-space. The value placed on cooperation, competition, and
innovation are necessary components to succeed in cyber-space. Israel, overall, has a culture
that is well suited to success in cyber-space. This is part of why Israel is excelling far beyond
what an observer might expect based on Israel’s size and lack of natural resources. But, it is
an explanation that would be just what constructivists might expect to be true.
Recommendations:
Invest in Research and Development:
This is a central recommendation, as it is the backbone to everything else.
Regulations, policy, and culture are all largely meaningless if it is difficult to research and
develop new products and services. When governments help fund and support research and
development they also help develop the talent pool and communities of researchers needed
to address emerging threats and opportunities.277 Israel is a world leader in using
technology to defend cyber-space, and it should invest the resources needed to maintain this
edge. There is an additional benefit to the government in funding private research and
development, which is that Israel’s government and military already work closely with the
private sector. Therefore, the more advanced the private sector becomes, the more
advanced the government and military will become as well.
277 Benoliel, “Towards a Cybersecurity Policy Model,” p. 477.
80
Israel should, therefore, take steps to enhance support for research and development
within the government and in the private sector. Maintaining and even expanding the ATP
would be a step in the right direction. Israel should also not only continue to work with the
universities it does, but should also build or fund new computer science labs and research
centers in a greater number of universities. Israel should also offer greater monetary
incentives to private companies, where appropriate, to assist with promising goods or
services.278
For over a decade Israel had held the top spot among OECD nations in regards to
investment in research and development. In 2014, Israel lost that top spot to South Korea.
This was mainly due to a large drop in government funding.279 Israel must reverse that trend
to stay a top cyber-power.
Improve the Regulatory Environment:
Legislation, as discussed, is an important aspect in creating an environment in which
innovation can occur, and Israel has thus far built a solid regulatory environment. The
rapidly developing nature of cyber-space means that new and updated legislation and
regulations will be necessary, and new government agencies may need to be created to help
draft specific requirements and to ensure that policies are implemented.280 There are
particular areas that Israel should focus on in order to ensure that this situation continues:
striking a balance between protecting against attacks and protecting privacy, continuing to
278 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room, 2014. 279 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews, July 5, 2016.
http://www.ynetnews.com/articles/0,7340,L-4824677,00.html 280 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room, 2014.
81
improve training, promoting research and development, and further promoting cooperation
between the military, civilian government, private sector, and academia.
Protect Against Attacks Through Regulating Businesses:
Israel does not, as has been noted, have many requirements on private businesses in
regards to cyber-security. This is a potential gap in Israel’s defenses, and it leaves customers
of those businesses with fewer protections. While Israel should not overly regulate
businesses and stifle innovation, it would be worthwhile for the state to make two basic
demands of corporations. The first is that Israel should require that any large company must
develop a plan for how it would recover from a major cyber-attack that compromised
customer data or would harm the company’s ability to function. Second, it should be
obligatory that companies report breaches of their defenses to the government. As noted,
companies often do not wish to report such breaches as they fear reputation damage. Thus,
companies should only be required to report successful attacks that compromise data or
cause damage, and, the government must ensure that all such reports are kept confidential.
Currently the private sector largely self-regulates and does not share such information.
Requiring companies to do so will make it easier to determine what threats exist, how to
neutralize existing threats, and how to prevent future attacks.281 For this to work, however,
companies must face a penalty if they fail to do take either of these steps.
One way to ensure that companies do so is through business licensing. Establishing
a business requires obtaining a license from the state. As part of that license, business must
meet requirements related to public health, fire safety and security, the environment, and
281 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.”
82
more. Israel could add to that list that companies must include in their licensing application
a proposal to address cyber-security threats. Business licenses must also be periodically
renewed, which means that Israel could use a threat to withhold a license as a tool to compel
companies to report successful attacks on their networks.282
Leveraging Culture:
There are two main ways Israel can continue to benefit from its culture in cyber-
space. First, be sure the government does not get in the way. Israel’s generally flexible and
cooperative culture is one that has helped to lead to success in cyber-space. The government
must avoid passing legislation or creating regulations that will interfere with this.283
Second, Israel can appeal to particular cultural aspects to help convince people to
work for the government. Jobs for the government often pay less than jobs in the private
sector. Israel therefore needs to find other ways to convince people to work for the
government or military. There are two cultural attributes of particular importance in this
regard: Israelis often wish to be at the center of important projects and to feel personally and
professionally important, and Israelis generally show a strong willingness to serve their
nation.284 Attempting to leverage these aspects of Israeli culture is one way that might find
success.
282 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153, 2016; Siboni, “Protecting Critical Assets and Infrastructures from Cyber Attacks.” 283 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 80-81. 284 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 12.
83
Chapter 3 – A Conceptual Model for Cyber-Space: 4Ds and an R
As with all emerging threats, there is deep concern that the cyber-realm represents a
new set of capabilities that will prove extremely difficult to protect against and which will
prove particularly destructive.285 In military history there has always been a time lag
between the emergence of significantly new technological and operational capabilities, and
the development of effective responses. In the interim, the outlook has looked grim, even
irreparable, for those seeking to cope with the new capability. Many scholars and
practitioners, in fact, argue that the dangers posed to nations originating in the cyber-realm
are outpacing existing defenses and doctrines.286 This chapter will propose a conceptual
model, which draws on principles of military strategy, for developing a response. This model
is entitled “4Ds and an R.” The “Four D’s” are Detection, Deterrence, Defense and Defeat and
the “R” is the concept of Resilience. Each of the components of the model will be discussed
in detail to show how they are relevant to cyber-space. The chapter will also demonstrate
that the model is a useful guide by applying it to what Israel’s experience in cyber-space has
been. While the focus of the chapter is on cyber-attacks that impact national security and
not on cyber-crime, much of what is argued applies to it as well.
The idea of crafting such a model to build strategies around is not new, though
different nations and authors have conceived of each component slightly differently. The
United States, for example, uses a 4Ds model in its fight against terrorism that was created
285 Portions of this chapter’s wording are pulled from Cohen, Freilich, Siboni 2017 and Cohen, Freilich, Siboni
2016. The presentation and argument are modified. 286 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 8; Siboni,
Gabi and Sami Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs, Vol. 4, No. 3. 2012;
Kissinger, Henry. World Order. (New York: Penguin Press, 2014), p. 343-344; Choucri, Nazli. Cyberpolitics and
International Relations. (The MIT Press: Cambridge, MA: 2012), p. 149.
84
in the 2003 “National Strategy for Combating Terrorism.” That document proposed that the
four main goals in the war on terror were to defeat terrorist organizations, deny sponsorship
and support, diminish the underlying conditions that bread terror, and defend against
attacks. It also has a heavy emphasis on the US building its intelligence capabilities and
stressing cooperation with international partners. Despite the novel nature of cyber-space,
responding to the threats it poses is in many ways similar to responding to other asymmetric
threats such as the ones the US model is meant to address.
Israel has always based its security around the need for early warning of attacks,
deterring hostile actors, and decisively defeating enemies.287 Israel’s strategy has evolved to
include a focus on defense as well.288 While not referred to specifically as a 3D or 4D strategy,
Israel’s conceptual model corresponds well with the 4Ds proposed here. Israel has already
begun to develop and employ this strategic model in cyber-space, making it a perfect case
study for this chapter.289 Resilience, however, has not yet receive the same level of attention
from the US or Israel.
In academic literature, each of the four Ds as they apply to the cyber-realm has been
touched upon. Only one work, Cohen, Freilich, and Siboni 2017, has combined them into one
overall conceptual model. This chapter will build upon our previous article and offer a test
287 Tal, Israel. National Security: The Israeli Experience (Westport, CT: Praeger, 2000); Baram, Gil “Israeli Defense
in the Age of Cyber War.” Middle East Quarterly. Winter, 2017, p. 3. 288 Ben-Horin, Yoav and Barry Posin. Israel’s Strategic Doctrine (Rand Corporation: Santa Monica, CA 1981) 289 Baram, “Israeli Defense in the Age of Cyber War;” Ben-David, Alon. “Playing Defense.” Aviation Week and
Space Technology, Volume 173, 2011; Efrati, Rami, and Lior Yafe. “The Challenges and Opportunities of National
Cyber Defense.” Israel Defense, August 11, 2012,
http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; Even, Shmuel and David Siman-Tov. “Cyber
Warfare: Concepts and Strategic Trends.” Institute for National Security Studies, Memorandum 117. May 2012, p.
79.
85
of the model to demonstrate that applying it can help both academics and policy makers
better understand the threat and how to deal with it.
In regards to detection, Shmuel Even and David Siman-Tov argue that detection can
be problematic in the cyber-realm as unlike conventional attacks, cyber-attacks do not
require the movement of any physical assets, and cyber-attackers can disguise their attacks,
making it difficult to determine if an attack has even taken place.290 The Australian national
cyber security strategy attempts to address this by stressing improved detection through
continuous real time monitoring online.291 Singer and Freedman build on this when they
contended that nations will struggle to conduct threat-assessments in cyber-space as there
are too many points of entry for attackers and adversaries are rapidly developing new cyber-
weapons that can attack in many different ways.292 Applegate notes that perimeter defenses,
systems that are designed to prevent attacks from penetrating networks, can not only
defend, but can also help detect and alert to attacks. Applegate also contends that what he
refers to as “deceptive maneuvers” can help detect attacks. They are actions and systems
designed to trick attackers into targeting the wrong system, thus alerting defenders to their
presence.293 Singer and Freedman build on this as well, and argue that systems should be
built in such a way that if a part of the system fails, it will alert the user of the problem.294
290 Even, Shmuel and David Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute
for National Security Studies, (Hebrew) Memorandum 179, INSS, June 2011, p. 31-32. 291 Australian Government. “Cyber Security Strategy.” Commonwealth of Australia. 2009.
https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Documents/AG%20Cyber%20Security%20Strategy%2
0-%20for%20website.pdf 292 Singer, P.W. and Allan Friedman, Cybersecurity and Cyberwar (New York: Oxford University Press, 2014), p.
149. 293 Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 2012 4th International Conference on
Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. 294 Singer and Friedman, Cybersecurity and Cyberwar, p. 171.
86
Many different authors and countries have noted the struggle with creating
deterrence in cyber-space. Libicki argues that there are too many potential difficulties to
build a strong cyber-deterrence posture, including the ability to hold potential attackers’
assets consistently at risk, deciding on a consistent threshold for a response, preventing
escalation, and difficulties disarming attackers.295 Libicki as well as Rid, Rid and Buchanan,
and Singer and Freedman contend that determining attribution of cyber-attacks poses
difficulties to deterrence.296 Clarke and Knake build on this, noting the relative ease with
which attackers can disguise their actions.297 Valeriano and Maness argue that deterrence is
unrealistic in cyber-space in part because it is difficult to display resolve and credibility in
cyber-space. Deterrence requires that a nation’s capabilities be made known, but doing so
in cyber-space means others can copy your code. Along those lines, if a nation uses a weapon
to demonstrate its abilities, other nations are then capable of modifying that weapon and
turning it back on the first state. Further, cyber-weapons do not stay contained to their
targets, which makes states less likely to use them.298
In contrast to these arguments, other scholars believe that deterrence is possible. A
book by the Joint Advanced Warfighting School argues that deterrence rests on the ability to
develop systems that will make investigating attacks easier, thus making it simpler to assign
blame and take action.299 Kugler argues that cyber-deterrence strategies must be
295 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009). 296 Libicki, Cyberdeterrence and Cyberwar; Singer and Friedman, Cybersecurity and Cyberwar, p. 136; Rid,
Thomas. Cyber War Will Not Take Place (London: C. Hurst and Co, 2013); Rid, Thomas. & Buchanan, Benjamin.
“Attributing Cyber Attacks.” The Journal of Strategic Studies, Vol. 38, No. 1-2, 2015. 297 Clarke, Richard A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do
About It (Ecco: HarperCollins Publishers, 2012), p. 122-127. 298 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International
System. (Oxford: Oxford University Press. 2015), p. 47. 299 Joint Advanced Warfighting School, “Nothing New Under the Sun: Benefiting from the Great Lessons of History
to Develop a Coherent Cyberspace Deterrence Strategy,” CreateSpace Independent Publishing Platform (April 8,
2014), p. 51.
87
straightforward so that adversaries know what to expect.300 Nye contends further that
deterrence in cyber-space does not require that every attack be stopped. Cyber-threats
should instead be viewed more similarly to crime in that it is not possible to prevent every
act, but many can still be deterred.301 Cooper states that crafting better cyber-deterrence
policies will require moving past the idea that deterrence rests on punitive retaliation
alone.302 Numerous authors, in fact, noted that when deterring cyber-attacks, nations need
not be limited to cyber-space, and can include diplomatic, economic, cyber, military, and, at
the most extreme level, nuclear force.303 Kissinger further argues that deterrence cannot
necessarily be conducted in a symmetrical fashion. For example, when a nation with weak
financial institutions attacks one in which such institutions are strong, the victim should not
be constrained to counter-attacking financial institutions.304 Baram builds on this idea by
positing that demonstrating a state’s capabilities may in fact lead to deterrence. He argues
that Israel’s use of Stuxnet (to be discussed later in the chapter) may have deterred other
powerful potential adversaries from attacking.305 Further, Nye states that deterrence by
denial should also be considered a part of any deterrence strategy by making it pointless for
enemies to attack.306 If states can achieve deterrence, it has an additional benefit. It can
300 Richard L. Kugler, “Deterrence of Cyber Attacks,” in Cyberpower and National Security, ed. Franklin D.
Kramer. (National Defense University Press and Potomac Books, 2009) 301 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.
45. 302 Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats,
Opportunities, and Power in a Virtual World, ed. Derek S. Reveron (Georgetown University Press, 2012). 303 Singer and Friedman, Cybersecurity and Cyberwar, p. 136, 144-145; Libicki, Cyberdeterrence and Cyberwar;
Nye, “Deterrence and Dissuasion in Cyberspace,” p. 45; Kissinger, World Order. 304 Kissinger, World Order, p. 346-347. 305 Baram, “Israeli Defense in the Age of Cyber War.” 306 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 56.
88
greatly reduce the cost of cyber-defense. Defense and deterrence go hand in hand, and
deterring attacks before they occur means one does not have to defend against them.307
There is no general agreement on how to build successful cyber-defenses. Lynn
stresses that due to the universal reach of the internet, it is not enough to simply protect
government networks, but that the government must work with private organizations to
create a robust defense.308 Cohen and Rotbart posit that cyber-weapons have a unique
character that aids in defense. Once discovered, any cyber-weapon can be easily neutralized,
although the danger continues for the defender as it is still possible to manipulate the same
code to create new weapons.309 NATO has sought to boost its defenses by working with allies
to secure their national infrastructure, strengthening its own network through NATO
Incidence Response Capability, training and educating its employees, and working with
private industry.310 Syadjari argues that cyber-defense involves an enormous range of
activities for states, including: research and development on improved technology,
intelligence gathering on potential threats, building cyber-command and control
organizations, and developing cyber tactics and strategies.311 Singer and Friedman note that
China views defense in a more offensive manner. China sees infiltrating and disrupting
foreign systems as a form of defense, in that it can disable the ability of adversaries to
attack.312
307 Libicki, Cyberdeterrence and Cyberwar; Adams, James. “Virtual Defense.” Foreign Affairs May-June 2001. 308 Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014.
http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later 309 Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and Strategic Affairs,
Vol. 5, No. 1. 2013. 310 NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm 311 Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing
Machinery, Vol. 47, No. 3, March 2004,
http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-
83b7-3eea2bd7423c.pdf 312 Singer and Friedman, Cybersecurity and Cyberwar, p. 143.
89
There have been some attempts by nations to create Demchak and Dombrowski’s
cyber-Westphalia.313 The idea in this context is that once created, states will be better able
to control what enters their cyber-space, simplifying efforts to identify and defend against
attacks. Such systems are technically possible, as Cahanin notes, China has been attempting
to change the “cyber terrain” by creating its own secure operating system, thereby making it
more difficult for other nations to attack.314 Not all authors, however, agree this is occurring
in a widespread manner, with Choucri, for example, noting that even as barriers are erected
in cyber-space, other actors are pushing for them to be taken down.315
The topic of defeat in the cyber-realm is an area in which a great deal of research
remains to be conducted. There is not even a clear sense of what it means to defeat an enemy
in cyber-space or how to accomplish it. Kello, for example, argues that cyber-weapons are
ineffective as a coercive tool.316 For authors who contend that it is possible to achieve defeat
in cyber-space, many of the strategies they propose are technical in nature, such as Repik,
who states that nations can achieve cyber-defeat of an enemy using network reconfiguration
and decoy networks.317 Eom, Kim, Kim and Chung argue that nations should aim to create
cyber-space superiority, by gaining the operational advantage necessary to continue
conducting military operations without having their efforts interrupted. They argue that to
achieve this will require increased and improved training of cyber personnel, the gathering
313 Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly.
2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf 314 Cahanin, Steven E. “Principles of War for Cyberspace.” Air War College, Air University, 2011. 315 Choucri, Cyberpolitics and International Relations, p. 51. 316 Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.
2014, p. 189. 317 Repik, Keith A. “Defeating adversary network intelligence efforts with active cyber defense techniques.” 2008.
No. AFIT/ICW/ENG/08-11. Air Force Institute of Technology. Wright-Patterson Air Force Base, OH.
90
of intelligence, and cyber propaganda efforts.318 Despite this disagreement, it is nearly
universally agreed that nations can supplement military or diplomatic strategies using
cyber-attacks.319
Relatedly, it is unclear if offense or defense currently holds the advantage in cyber-
space. It appears that most policy makers and many, if not most, academics hold the view
that offense is stronger. They argue this is true for a number of reasons: vulnerability of
defenses; the speed of cyber-attacks; the absence of distance as an inhibiting factor;
attribution difficulties; and the availability of a massive number of targets. Further, the
attacker does not need to win every battle to cause problems for the defender, while the
defender cannot fail even once. These dangers are heightened due to the ease of launching
cyber-attacks.320 There are many, however, who disagree with these contentions. Launching
an effective attack in cyber-space against an even moderately well defended target requires
that the attack, and the vulnerabilities used to create it, be a surprise to the target. Otherwise
an attack can be blocked easily with a simple patch. Thus, if attackers do not have access to
a zero-day vulnerability, the defender may have already found the vulnerability and closed
it before the cyber-attack was launched. This means that attackers must have highly detailed
intelligence in order to successfully cause damage.321 Slayton additionally argues that
318 Eom, Jung-Ho, Nam-Uk Kim, Sung-Hwan Kim, and Tai-Myoung Chung. “Cyber Military Strategy for
Cyberspace Superiority in Cyber Warfare.” 2012 International Conference on Cyber Security, Cyber Warfare and
Digital Forensic (CyberSec). June 26-28, 2012. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6246114 319 Baram, “Israeli Defense in the Age of Cyber War 320 Huntley, Wade L. “Strategic Implications of Offense and Defense in Cyberwar.” 49th Hawaii International
Conference on System Sciences, 2016, p. 5590; Sheldon, John B., “Deciphering Cyberpower Strategic Purpose in
Peace and War,” Strategic Studies Quarterly, Summer 2011; Kello, “The Meaning of the Cyber Revolution;”
Krepinevich, Andrew, “Cyber Warfare: A ‘Nuclear Option’?” Center for Strategic and Budgetary Assessments.
2012. 321 Huntley, “Strategic Implications of Offense and Defense in Cyberwar,” p. 5590; Aucsmith, David, “War in
Cyberspace: A Theory of War in the Cyber Domain,” Cyberbelli.com, May-June 2012; Gray, Colin S., “Making
Strategic Sense Of Cyber Power: Why The Sky Is Not Falling,” Strategic Studies Institute and U.S. Army War
College Press, April 2013.
91
offense is far more expensive than defense though an analysis of the costs to launch and
defend against Stuxnet.322
Building a resilient network, i.e one that can quickly recover from attacks, must
include the ability to rapidly bring systems back-up and running. How to achieve this, as it
is in the case of recovery from natural disasters, is unclear.323 Demchak posits that the
increasing interdependency of networks means that any successful attack has the potential
to cause even greater damage by harming all systems that are part of the same network. She
thus argues that in cyber-space the key to building resilient systems is to minimize the
element of surprise by adopting technologies and policies designed to help defenders
anticipate the timing and nature of attacks, and thus to respond and recover rapidly.324
Singer and Friedman, along with Gray, argue for the creation of resilient systems and
organizations that can continue to function at a high enough level to fulfil their main function
after sustaining damage.325 Singer and Friedman note that different organizations will have
different needs, thus the way to build resiliency varies on a case by case basis. They do
propose, however, three elements that can help: build “intentional capacity to work under
degraded conditions;” build systems designed to quickly recover; and learn from failures in
order to deal with threats going forward.326
322 Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.”
International Security. Vol 41, No 3. 2016/2017, p. 75. 323 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 20. 324 Demchak, Chris C. “Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber
Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No. 3. 2012,
https://citizenlab.org/cybernorms2012/Demchak2012.pdf 325 Singer and Friedman, Cybersecurity and Cyberwar, p. 170-171; Gray, “Making Strategic Sense Of Cyber
Power.” 326 Singer and Friedman, Cybersecurity and Cyberwar, p. 170-171.
92
The 4D’s and R Conceptual Model:
Detection – or early warning of impending attacks, is as critical in the cyber-realm as
in the physical. It is far easier to defeat an attack before it occurs than after it has breached
the network. Prevention, of course, is only possible if one has sufficient early warning and it
is usually easier to defend against an attack, or at least to minimize the effects, the greater
the advance time. Much as cyber-technology poses new problems of detection, it also
provides new options for doing so. Some already exist, more are in development. A vast
number of cyber-attacks can be launched simultaneously from numerous sources, but the
technology can be used to detect and counter a similarly large number.
Few states, let alone non-state actors and individuals, have the capabilities required
to successfully conduct a major cyber-attack against a sophisticated state-defender. The true
detection challenge thus lies not in the vast number of potential attackers around the globe,
but in a more limited number of highly sophisticated ones. In this case, the detection
problem becomes more similar in magnitude to other asymmetric threats and more
manageable.
Complicating the picture is that states face dangers not just regarding governmental
systems, but all critical infrastructure and many major organizations and companies. Any
private sector company with ties to government networks now poses vulnerabilities as
attackers can attempt to gain access to the more poorly defended systems and use them as a
backdoor to attack more secure ones.327 Thus nations need to detect possible threats on
327 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room, 2014, p. 7.
93
such companies. Advanced nations have already begun to develop protocols to do so and
have increased information sharing with the private sector.
A particular difficulty involved in detecting attacks from non-state and individual
actors, is that they can be located in friendly nations, which constrains the ability to spy on
them without straining relations with the host-state. Technology can assist with this, since
detection can be done from afar without violating a state’s sovereignty. Conversely, the need
for heightened international cooperation and information sharing is clear and can be
conducted through long existing channels of intelligence and law-enforcement cooperation.
Improved cyber-intelligence is key. Efforts to detect cyber-attacks should be based
both on specially tailored means of gathering cyber-intelligence, including examining
network behavior and meta-data of attackers, analyzing malware and forensics, and by
devoting a greater portion of already existing human and electronic intelligence resources
to the cyber-realm. The tools needed to detect attacks, and the likely success achieved, may
vary with the kind of attacker. One option, appropriate primarily for non-state and individual
attackers, is to impersonate members of the cyber-networks they use to gain intelligence, i.e.
to pose as fellow activists.328 Another option, appropriate for all potential attackers, is to
develop improved capabilities to monitor anomalies in cyber-traffic that might indicate
impending attacks.329
A number of factors work to the defender’s advantage. Attackers often conduct
“cyber-reconnaissance missions” before attacks begin, to assess the weak points in the
328 Microsoft. “Impersonation,” Microsoft Tech Net, http://technet.microsoft.com/en-us/library/cc961980.aspx 329 Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare (pp. 179-190)
(Cambridge, UK: O’Reilly 2012), p. 188.
94
defender’s systems.330 The larger a planned or ongoing cyber-attack, the easier it is to
intercept communications between attackers and conduct a defense. For many nations, the
detection problem is further simplified by the small number of communications cables
carrying Internet traffic, meaning it is easier to monitor traffic in and out of the nation. None
of this resolves the problem of cyber-attacks by other means, such as dangers from inside an
organization or the uploading of malware from thumb drives, but these can be dealt with
through standard security precautions.
Detection and Israel – Israel appears to have put an emphasis on early warning and
preemptive action to thwart cyber-attacks. This is fully in keeping with Israeli security
strategies more generally. Early warning has always been a cornerstone of Israeli policy, as
Israel has faced constant existential threats since its founding.331 Yuval Diskin, the former
head of the ISA, has even stated that Israeli cyber-defense policy has strived to “develop the
means of identifying potential attackers and preventing them from operating.”332 As part of
these efforts, Israel has used its advanced cyber-abilities to develop technology that has
assisted in gathering information and data regarding potential attackers’ intentions and
capabilities. With this information, Israel can focus on preparing to prevent attacks by those
actors.333 Additionally, Israel has developed systems that identify which Internet Service
Providers (ISP) and countries are most likely to be used to host attacks. Israeli cyber-
330 Moran, “A Cyber Early Warning Model,” p. 181. 331 Baram, “Israeli Defense in the Age of Cyber War,” p. 3-4. 332 Ben-David, “Playing Defense.” 333 Baram, “Israeli Defense in the Age of Cyber War,” p. 8; Baram, Gil. “Influence of the Development of
Cybernetic Warfare Technology on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1.
2013, p. 23.
95
defenders are given wide latitude in blocking certain ISPs from these nations when they
detect an attack, even before it is clear the ISPs are the source.334
Private companies in Israel have also been developing new technology. One of the
most significant steps came in 2014 when an Israeli defense contractor, Israel Aerospace
Industries, opened a new R&D center in Singapore with the goal of developing new
technologies and new techniques that provide early warning of cyber-attacks. The center
aims to examine how to improve technologies that can identify cyber-attacks as they begin
in real time, monitor them, and then redirect the attacks to websites set up to absorb them.
The new technology will also look to improve detection of anomalies that might indicate
impending attacks.335
Organizationally, Israel has created units in the ISA and IDF that employ hackers who
attempt to breach defenses in both the public and private realm (critical infrastructure such
as banks, hospitals, water, so on) in order to expose potential vulnerabilities and fix them
before they can be attacked by malicious actors.336 This is useful in regard to early warning
because it provides valuable insight into how to identify enemy hackers and detect the
signatures of an attack as it gets underway.337 The government’s CERT will also provide
information on potential attacks, which could provide critical early warning. The IDF also
gathers intelligence on parties that might have the desire to launch attacks.338
334 Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post, February 5, 2013,
http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders 335 Lappin, Yaakov. “IAI Opens Cyber R&D Center in Singapore.” Jerusalem Post. February 13, 2014.
http://www.jpost.com/Defense/IAI-opens-cyber-R-and-D-center-in-Singapore-341294 336 Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews, December 12, 2012,
http://www.ynetnews.com/articles/0,7340,L-4322499,00.html; Dvorin, Tova. “Secret Shin Bet Unit at the Front
Lines of Israel’s Cyber-War.” Arutz Sheva, April 25, 2014,
http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU 337 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Lappin, “IAI Opens Cyber R&D Center in
Singapore.” 338 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.”
96
Deterrence – refers to the ability to harm assets or values of importance to an
adversary as a means of dissuading it from taking unwanted action.339 Deterrence can be
achieved through denial, meaning convincing the adversary that one has the capability to
prevent it from achieving its objectives, or through the threat of retaliation (punishment). In
either strategy, the goal is to convince the attacker it is not even worth it to try to achieve its
goals. For deterrence to be effective, the adversary must have capabilities, resources, assets
or other values to which it attaches significant importance. Further, a successful deterrent
policy requires that the actor send a clear and consistent message regarding what will
happen if particular boundaries are crossed.340 This can be difficult to create in cyber-space
as signaling intent and making clear the threat is credible can be a challenge. In regards to
signaling, cyber-attacks tend to be secretive, so it is difficult for a target to know that it has
been hit with an attack.341 Further, once a target is aware of the attack it is generally fairly
easy to stop it, which means the attacker cannot make clear it is behind the attack while it is
underway. For this reason, it is difficult to enhance credibility by disclosing capabilities.
Once a cyber-weapon is public it can be quickly defeated, unlike physical weapons.342 If
states could provide a sign of their capabilities without disclosing specifics that could,
however, greatly enhance cyber-deterrence.343 How to do that is not clear, however. Further
complicating the credible nature of a cyber-deterrent, for these reasons, it is not clear if
assets can be consistently held under threat.344
339 Ben-Horin and Posin, Israel’s Strategic Doctrine, pp. vii; Gartzke, Erik, and Jon Lindsay. “Cross-Domain
Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting, July 2014,
https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf; p. 12-13. 340 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 12-13. 341 Libicki, Cyberdeterrence and Cyberwar, p. 52; Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58. 342 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58. 343 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 54. 344 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58.
97
Attribution is central to deterrence based on punishment, as to deter an adversary
this way requires that it have an identifiable “return address” to retaliate against. The cyber-
attack on Sony in 2014 illustrates this point, as no known group has taken responsibility, it
limits the options available to Sony or America to respond. This situation arises in part from
the nature of the internet and the outdated communications protocols that underlie it which
make it easier for actors to hide their identities.345 The more sophisticated the actor, the
harder attribution becomes. Often attribution of attacks can be determined by finding
mistakes or signals the attackers mistakenly left behind, but more competent and advanced
actors make fewer mistakes. Further, even the best teams can struggle to assign attribution
for an attack in a short period of time, so if a quick response is needed it will have to be
undertaken without proper attribution. The challenge of attribution is also growing as
cryptography is becoming stronger and as attackers learn from the mistakes that they, and
others, have made in the past.346
Despite these challenges, attribution is possible. To do so effectively, states need to
develop skills, tools, and an effective organizational culture. This involves high quality
training and experienced team members and leaders. How certain a state needs to be
regarding the actor behind a cyber-attack also matters as determining attribution takes time
and resources. Thus, if consequences of the attack were not severe, states might choose not
to invest a great deal in the way of resources into determining who was behind it.347 The
international context surrounding an incident can also simplify attribution. Understanding
345 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent
Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security, Vol 1, No 1. 2017, p. 84. 346 Rid and Buchanan, “Attributing Cyber Attacks,” p. 29-30. 347 Rid and Buchanan, “Attributing Cyber Attacks,” p. 27-28.
98
the broader geopolitical circumstances can help limit the number of culprits as cyber-attacks
do not tend to target countries at random. Thus, the number of suspects is already narrowed
by examining the context.348
In cases were attribution is possible, the type of perpetrator (state-actor, terrorist
group, other non-state group, or individual) plays an important role in determining the
nature of the deterrent policy. Deterrence of cyber-attacks by state actors is not
substantively different from deterrence in other conflicts and the retaliatory considerations
are essentially the same. The state under attack can retaliate with the entire spectrum of
capabilities at its disposal, cyber, diplomatic, kinetic, economic, or some combination
thereof. Deterrence becomes more problematic when attribution is not possible, especially
given the unseen or ambiguous nature of some cyber-attacks. This is not unique to the cyber-
realm. States have encountered this problem in the physical world, primarily in regard to
terrorism, and developed forensic tools to help them assign attribution.
Deterring non-state actors is far more difficult as in most cases it is not clear which
particular actor is behind an attack.349 The good news regarding non-state actors and
individuals is that they are less likely to have the resources required to launch crippling
cyber-attacks against advanced countries, and that publicity is often one of their primary
motivations, thereby facilitating attribution. Additionally, developing better forensic tools
will help to determine who launched an attack, thus easing attribution concerns.
Deterring cyber-attacks by terrorist groups, assuming attribution, should also be
essentially similar to deterring them from physical ones, again running the gamut of
348 Valeriano and Maness, Cyber War Versus Cyber Realities. 349 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 187; Blank, Laurie R. “International Law and
Cyber Threats from Non-State Actors.” International Law Studies. Vol 89. 2013, p. 419.
99
potential cyber and non-cyber forms of retaliation. Most terrorist organizations are not
nihilistic and have values they wish to protect, though their values and tolerance for
punishment may be different than that of most states. Cyber-attacks can be cheap, but
building sophisticated capabilities required to penetrate the defenses of countries with
advanced cyber-capabilities, is not. This raises the possibility that in addition to physical
assets and other values, a terrorist organization may be vulnerable to cyber-retaliation.350
Regardless of the type of asset, the ability to retaliate would only be complicated by the same
considerations that apply to a physical attack, including distance and vulnerability.
The real problem in deterring terrorists, in the cyber-realm as in the physical world,
may be that the damage they cause, painful as it is, is usually limited, while terrorists’
tolerance for pain often exceeds the responding state’s willingness to mete out punishment,
or risk further harm to itself. This is especially true of Western democracies; it is not that
they are incapable of suppressing terrorism and insurgencies, but that the overall effort
required, including the level of damage and cost in lives, has typically not been perceived to
be commensurate with the threat to their interests. Should a terrorist organization conduct
a drastic cyber-attack, or there be convincing information of an impending one, the
willingness of the targeted country to adopt severe deterrent measures will undoubtedly
grow.
The nature of the host country the cyber-attack originated in is again of great
importance, i.e. whether it has a friendly, effective government willing to cooperate. In
countries such as these, independent retaliation would not be possible, unless the target was
willing to breach the host government’s sovereignty. Instead, deterrence would be achieved
350 Libicki, Cyberdeterrence and Cyberwar.
100
by working with the host-government’s intelligence and law enforcement agencies to
prevent the attacker from acting or by affecting their expectations of paying a price for their
actions. In some cases, the likelihood of severe legal action might be a sufficient retaliatory
deterrent. Today, this expectation is quite limited, thereby emboldening organizations and
individuals to conduct cyber-attacks. When attacks do not originate in countries with
cooperative and effective governments, the ability to deter through legal means is of course
far more limited. The deterrent question then is whether the terrorist organization has cyber
capabilities or other values that are worth attacking, and the feasibility of doing so. The
considerations involved are similar to those in retaliating against a physical act.
A further complication is that cyber-attacks may be routed through ISPs (Internet
Service Providers) in other nations. It is possible for a government to work with or pressure
the ISPs, or these host governments, to halt such attacks as they are occurring.351 If nations
do not receive adequate cooperation, it may be possible instead to retaliate by publicly
shaming the ISP and nation, or the group or individual that attacked. This has the additional
benefit that it will draw the attention of security services around the world to that particular
group or individual in an effort to ensure they cannot launch further attacks.
Deterrence and Israel – Israel has a long history of attempting to deter attacks in the
physical realm. Israel has come to accept that deterrence will fail from time to time against
all manner of threats, but that temporary failure should not lead the country into abandoning
an otherwise successful policy.352 Instead, Israel views deterrence as a cumulative effort.
351 Clarke and Knake, Cyber War, p. 16. 352 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 14.
101
Each successful attempt at deterrence enhances the next, and each failure must be countered
by a success.353 This type of understanding of deterrence is well suited to the cyber-world
where attacks are easy to launch.
One of the pillars Israel bases its cyber-policy policies on is to enhance deterrence.354
In cyber-space, Israel appears to base its deterrence on both its defensive (denial) and
offensive (punishment) capabilities. Israel emphasizes its defensive capabilities in the hope
that it will succeed in showing potential attackers, both state and non-state, that their
chances of success are limited and that it is not worth their time.355 At the same time, as will
be detailed later in the chapter, Israel has developed an impressive record of using the cyber-
realm for offensive purposes as well. These offensive capabilities aim in part to accomplish
specific goals, and also appear to be aimed at showing potential attackers what Israel is able
to do if it chooses to respond to an attack.356 Here again, research and development of new
technology, coupled with training programs, is critical to enhancing these abilities vis-à-vis
Israel’s opponents.
It is not clear, however, if Israel has really been successful in deterring cyber-attacks.
The sheer number of attacks that continue today would suggest otherwise. However, the
situation is not necessarily that straightforward. Take the case of Stuxnet. Whether or not
Stuxnet was successful in harming Iran’s nuclear program (more on this below), it is possible
that Israel’s ability to deploy a worm that could cause physical damage deterred other
353 Baram, “Israeli Defense in the Age of Cyber War,” p. 3. 354 Baram, “Influence of the Development of Cybernetic Warfare,” p.22. 355 Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber Warfare.” Jerusalem Post, March 22, 2013,
http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-307367 356 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic
Affairs. Vol. 5, No. 1. 2013.
102
potential actors from launching cyber-attacks.357 Overall, it is not yet clear how successful
Israel’s efforts at deterrence have been.
Defense – addresses the prevention of attacks on military, governmental and critical
infrastructure networks, as well as on private networks, businesses, and individuals. There
are numerous challenges to conducting defenses in cyber-space, including the wide range of
targets that need defending, and that most attacks can afford to fail if just one major one
succeeds, where defenders have to be successful nearly every time. Additionally, hardware
and software contain a nearly endless supply of vulnerabilities that can be exploited. In
many cases, all attackers need to do is modify cyber-weapons that were successful in
previous attacks. In cases where that does not work, there is a flourishing dark-web market
of exploits and zero-day vulnerabilities that attackers, be they states or non-state actors, can
purchase.358
Defending the cyber-realm will demand the continuing improvement of existing
technologies and the creation of new ones. Among the areas requiring improvement are
perimeter defenses, which can be accomplished by creating systems that defend end-points
against penetration, such as anti-virus software and firewalls, anomaly detection to discover
abnormal users or communications, and malware payload blocking technology to neutralize
malware that has already penetrated the system in order to prevent it from activating at a
later date.
357 Baram, “Israeli Defense in the Age of Cyber War,” p. 7-8. 358 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84.
103
Cyber-defense cannot be conducted on-line only, but requires a multi-layered effort
involving intelligence gathering, efforts to interrupt attacks, securing networks, and effective
cooperation with foreign governments to handle legal issues that arise. Cooperation with
foreign nations can be a valuable tool for boosting defenses. Agreements can be reached to
share information on attacks so countries can defend themselves from similar threats.
Sharing some advances in technology can also be a useful way to improve defenses if both
countries can offer something new to each other. Countries can also establish joint network
monitoring and intelligence cooperation regarding threats so better responses can be
developed.359
The source of an attack impacts how best to defend against it, as different actors are
capable of different types of attack. As already noted, it is generally more difficult to defend
against attacks from states as they have the greatest capabilities and ability to hide their
actions, whereas the technological capabilities of non-state actors and individuals, such as
denial of service attacks, are typically less sophisticated and can be handled through simpler
technological solutions. One goal is to identify and deflect threatening traffic to websites set
up to absorb the additional traffic. Active cyber-defenses are critical to defending networks.
Designing such systems includes identifying which Internet Service Providers (ISP) and
countries are most likely to be used to host attacks on the nation’s networks. To be most
effective, defenders should be given wide latitude in choosing when to block ISPs.360
359 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 33. 360 Sklerov, Matthew J. “Responding to International Cyber Attacks as Acts of War.” In Inside Cyber Warfare,
edited by Jeffery Carr, p. 45–76. (Cambridge: O’Reilly, 2012), p. 195; Even and Siman-Tov, “Cyber Warfare:
Concepts, Trends and Implications for Israel,” (Hebrew), p. 19.
104
Defenders must also take into account the supply chain used to design and
manufacture their equipment. Hardware, firmware, and software for everything from
computers, to smartphones, to missiles, are currently created and built around the world,
which makes it difficult to ensure that a product is secure. The companies and nations in
which such equipment is designed and made may include hidden code that will allow the
device to be hacked later on. Governments could work in conjunction with foreign
companies and nations to develop an accreditation system that would focus on ensuring the
design and manufacturing processes are transparent and that the products are secure.361
It is no longer enough to simply defend government networks as the private and
civilian sectors also play a major role in national security. Militaries often rely on private
industry and defense contractors to design, research, and build products and services the
military needs. Thus, governments need to protect these companies from espionage.362 At
the most basic level, states must define what they consider critical infrastructure and have a
plan to defend it. In many nations, critical infrastructure is privately owned, which
complicates efforts to create defense plans. States must develop plans on how to assist the
private sector.363
The private sector comprises the majority of cyber-space and is the focus of most of
the attacks. Generally, it is also more poorly defended than government systems. This is of
great importance to national security for two main reasons. First, many private companies
361 Inserra, David and Steven P. Bucci, “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security,
Prosperity, and Freedom in Cyberspace,” Backgrounder #2880, The Heritage Foundation, March 6, 2014,
http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-
prosperity-and-freedom-in-cyberspace 362 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge
Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge.
2016.), p. 193. 363 Kello, “The Meaning of the Cyber Revolution,” p. 29.
105
provide services to the government that involve the exchange of sensitive information. Thus,
the security of that information now relies in major part on the company’s security. Second,
private companies often provide technical services to the government as well. This means
that attacks on these often less secure private companies can be used, as noted, as a backdoor
to gain accesses to sensitive systems. Small companies and start-up firms that lack resources
to create adequate defenses are particularly vulnerable.364 This is a problem in nations with
a lot of these companies, such as Israel. Overall, the importance of the private sector in cyber-
space complicates defensive strategies as states do not control all relevant organizations.365
Israel and Defense – Israel has found great success with its cyber-defenses and has
consistently been recognized as one of the most advanced nations in this regard. Israel’s
success is all the more impressive when one considers the massive range, and unrelenting
nature, of the threats Israel faces in cyber-space. This success has come about for a number
of reasons. One is the importance Israel has attached to the sector as discussed in the
previous chapter. Further, Israel’s cooperation with the private sector and academia, as is
demonstrated by the ATP, has greatly boosted Israel’s technical defensive abilities. Israel
has been focused on the cyber-realm since the 1990s, which has also given it a huge
advantage over its adversaries.366
Beyond technical ability, Israel has taken other steps to boost its defenses. Israel has
placed a high strategic importance on defense in cyber-space. This is reflected in the 2015
IDF strategy which lists cyber-space as an arena of conflict on par with land, sea, and air. The
364 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 95. 365 Kello, “The Meaning of the Cyber Revolution,” p. 29. 366 Baram, “Influence of the Development of Cybernetic Warfare,” p. 22.
106
document stressed that the IDF must work to constantly improve its technical abilities,
manpower, and training. The IDF additionally notes that it must be willing to change its
organizational structure to address new threats if necessary.367 Israel also attaches high
priority to defense in cyber-space, and it has developed strategies involving not only purely
defensive actions, but counter-attacks as well.368
Israel has also established numerous agencies to meet the threats posed in cyber-
space. The National Cyber Bureau (NCB), established in 2011, was created in part to help
enhance the security of private and non-defense governmental systems.369 Israel set up a
National Cyber Event Readiness Team in Beer Sheva in 2014 to test Israel’s ability to manage
cyber-attacks as an integrated part of enhancing cyber preparedness. The Ministry of
Defense has a cyber-defense body to help protect the Israeli defense industry and Mossad
has reportedly built defensive cyber-capabilities to address a wide range of threats.370 For
years the Telecom Branch of the Ministry of the Treasury was responsible for ensuring the
cyber-security of Israel’s various civil ministries and government computers. In 2015 Israel
moved these responsibilities to the Government’s Telecom Authority, which is within the
367 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces, August 2015.
http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf, p. 29. 368 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington
Quarterly. Vol 40, No 2. 2017, p. 117. 369 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel; Ben-David, “Playing
Defense;” Efrati and Yafe, “The Challenges and Opportunities of National Cyber Defense;” National Cyber Bureau.
“Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014.
http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Israel
Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on
Cyberspace 2013, October 16, 2013; Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “Israel and
Cyberspace: Unique Threat and Response.” International Studies Perspectives, Volume 17, 2016; Benoliel, Daniel.
“Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North Carolina Journal of Law
and Technology, Vol. 16, No. 3. 2015; Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War:
Netanyahu to Decide.” Haaretz. September 14, 2014. http://www.haaretz.com/news/diplomacy-defense/1.615637;
Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz,
September 21, 2014. http://www.haaretz.com/news/national/1.616990 370 Katz, Yaakov. “Security and Defense: Israel’s Cyber Ambiguity.” Jerusalem Post, May 31, 2012,
http://www.jpost.com/Features/Front-Lines/Security-and-Defense-Israels-Cyber-Ambiguity; Bob, “Rule of Law.”
107
Prime Minister’s Office. Additionally that year Israel founded the National Cyber Security
Authority (NCSA) within the NCB. The NCA is responsible for coordinating efforts with the
private sector to defend against attacks and engaging in active defense operations to deal
with threats in real time.371 In 2017, the IDF will turn its C4I Corps into an operational
command unit for all the IDF’s cyber-defenses. It will now have the authority to do whatever
it feels necessary to defend the IDF, including launching counterattacks and engaging in
active defenses designed to deter attacks before they occur.372 These agencies have given
Israel flexibility in their ability to respond to cyber-attacks, while also providing a guiding
framework that has been valuable in ensuring that threats do not slip through the cracks.
There are two CERTs that currently operate in Israel. One is a privately owned and
operated organization, and the other is a part of the NCSA. Both CERTs state that they exist
to protect civilian cyber-space. The private CERT claims to offer investigation and real-time
response assistance to those who request it, as well as provide information to the public
about existing, and potential future, threats. The government run CERT provides the same
services, but has an additional focus on critical infrastructure and efforts to improve
resilience.
Israel has created guidelines to determine which infrastructure facilities should be
considered “critical” and thus protected. These include the likely number of people injured
in a successful attack; the severity of the economic damage; and the impact on Israeli morale.
Under these criteria, roughly 80 bodies are counted as “critical infrastructure,” including
371 Baram, “Israeli Defense in the Age of Cyber War,” p. 7; Siboni and Sivan-Sevilla “Israeli Cyberspace
Regulation.” 372 Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber
Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-
create-cyber-command-will-strengthen-military-cyber-defences/; IsraelDefense. “IDF Scraps Plans for a Unified
Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613
108
some hospitals, heavy industrial plants, and energy, communications, and transportation
companies.373 There will always be a subjective aspect to such classifications, but Israel has
taken steps to ensure that the criteria help guide the process.374 The ISA contains a unit
responsible for defending against cyber-attacks on critical cyber-infrastructure as they occur
and for running simulations of attacks so that Israel is prepared.375 The NCB, as noted, also
plays a central role. Further, the Bank of Israel has assumed responsibility for ensuring the
cyber-defense of the banking sector, and has required that banks develop plans for how to
prevent cyber-attacks and deal with the aftermath.376 Despite some restrictions and
requirements on critical infrastructure, Israel’s private sector remains largely unregulated
in regards to cyber-security.377
To increase the odds that Israel’s defenses will hold against attacks, Israel has run a
number of training exercises and drills to test if the systems and personnel in place are up to
the challenge. The objective is to reduce the paralyzing effect of a surprise cyber-attack
against Israel. The first cyber drill occurred in 2012.378 In 2015, Israel integrated cyber-
exercises with more general military training exercises involving other units in the army,
373 Ben-David, “Playing Defense;” Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders;” Tabansky,
Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security – Selected
Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p.62. 374 Tabansky, “Critical Infrastructure Protection against Cyber Threats,” p. 69. 375 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Dvorin, “Secret Shin Bet Unit at the Front
Lines of Israel’s Cyber-War.” 376 Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva, February 17, 2012,
http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU; Aizescu, Sivan. “Israeli Banks Seek
to Set up Joint Cybersecurity Center.” Haaretz, May 26, 2014, http://www.haaretz.com/business/.premium-
1.592767; Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business
Directive—361—Israeli Government, 2015.
http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegu
lations/361_et.pdf; Avissar, Irit. “BoI Tells Banks to Appoint Cyber Officers.” Globes, July 21, 2014.
http://www.globes.co.il/en/article-boi-tells-banks-to-appoint-cyber-officers-1000957071 377 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 94-95. 378 Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” YNetNews. January 25, 2012.
https://www.ynetnews.com/articles/0,7340,L-4180485,00.html
109
navy, and air force. Home Front Command also took part in this drill. The main objectives of
the drill were to verify the mobilization speed of Israel's cyber-defense system, its ability to
act in a coordinated manner, its ability to respond under pressure, and to see how cyber-
attacks can play an integrated role in defending Israel.379 The IDF, in 2016, held its first drill
for its information security teams.380 The C4I Corps has also developed its own “Sim City.”
This is a model city complete with “residential areas, commercial buildings, a railroad
system, a runway, a military base, a missile defense system, a stock market, an electricity
grid, and a radio station.”381 The IDF uses to model city to train soldiers and recruits on how
to defend against various types of attacks.382
Israel has also worked to enhance its international cooperation regarding joint
network monitoring and intelligence cooperation. In June 2016, for example, the US and
Israel reached an agreement that will lead to the automatic sharing of information on threats
between the two countries. This is highly valuable as threats are constantly evolving in
cyber-space. The agreement will also lead to the creation of new joint infrastructure,
encourage partnerships in the private sector, and provide funds for research and
development of new technologies.383
379 Lappin, Yaakov. “IDF Launches Massive Three-Day Drill, Calls Up Thousands of Reservists, Jerusalem Post. July
27, 2015. http://www.jpost.com/Israel-News/IDF-calls-up-thousands-of-reservists-in-massive-three-day-drill-
410282 380 Bob, Yonah Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post, April
28, 2016. http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-
452589 381 Israel Defense Forces. “This Model City Trains IDF Coders to Stop Devastating Hacks.” Israel Defense Forces.
January 2, 2017. https://www.idfblog.com/2017/01/02/model-city-trains-coders-stop-hacks/ 382 Israel Defense Forces, “This Model City Trains IDF Coders to Stop Devastating Hacks.” 383 Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal Insurrection, June 23, 2016.
http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/; The Tower Staff. “U.S., Israel Sign
Cybersecurity Intelligence-Sharing Agreement.” The Tower. June 22, 2016. http://www.thetower.org/3545oc-u-s-
israel-sign-cybersecurity-intelligence-sharing-agreement/; Bob, Yonah Jeremy. “US Deputy of Homeland Security:
US-Israel to Sign Automated Cyber Information Sharing Agreement.” Jerusalem Post. June 20, 2016.
110
Defeat – The concept of defeat in the cyber-realm is, as noted, still ill-defined, but
should not be viewed as the complete prevention of all attacks by an opponent. Much as in
the physical world, where decisive defeats in both conventional wars and asymmetric
conflicts have been rare in recent decades, decisive defeat in the cyber-realm should be
thought of as the attainment of superiority over the enemy, or “cyber-space superiority.”384
Nations cannot hope to prevent every attack from every individual and non-state actor
around the world. Instead, they should focus on major attacks capable of widespread
disruption or damage, aim to lower the overall number of attacks to a tolerable level, and
make the likelihood of success so low that the attackers have, in effect, been defeated.385 To
achieve cyber-space superiority a nation must be able to show opponents that it can prevent
attacks before they occur, that attacks that are not prevented will be futile because they will
not be able to cause significant damage, and that successful attacks will be met with some
form of retaliation. This may take the form of a physical strike, cyber-counterattack,
diplomatic or economic costs, or in the case of non-state organizations and individuals,
arrest, fair trial, and detention. Just as in the physical world, the ability to maneuver forces
is critical in that states must be able to “capture, disrupt, deny, degrade, destroy or
manipulate computing and information resources in order to achieve a position of advantage
in respect to competitors.”386
http://www.jpost.com/Israel-News/Politics-And-Diplomacy/US-Deputy-of-Homeland-Security-US-Israel-to-sign-
automated-cyber-information-sharing-agreement-457261 384 For more see: Cartwright, James E. “Joint Terminology for Cyberspace Operations.” Department of Defense,
Washington, DC. November 2010. http://www.nsci-va.org/CyberReferenceLib/2010-11-
Joint%20Terminology%20for%20Cyberspace%20Operations.pdf 385 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 62. 386 Applegate, “The Principle of Maneuver in Cyber Operations,” p. 3.
111
Due to the highly diffuse nature of the threat and the low cost of launching cyber-
attacks, however, it is not practical, or a good use of resources, to attempt to defeat every
individual who decides to attack. Defense is a more appropriate response to such threats,
particularly as individuals are not likely to be able to cause severe damage. Nevertheless,
there are still steps states can take to mitigate the threat, for example, isolating hackers from
the broader community they rely on, disrupting their internet connections, or planting
defamatory information on the websites they use.387 This strategy may also be effective
against many non-state actor groups, whose members rely on similar communities for
support.
International cooperation is of great importance and states should seek to deepen
and expand the number of nations they cooperate with on cyber-security. Intelligence
sharing, bilateral and multi-lateral agreements, and improved cooperation with law
enforcement agencies in other countries, can be of great value.388 Improved intelligence,
information sharing and cyber-forensics are also required to achieve the legal standard of
proof necessary in court and can improve states’ ability to determine attribution, even if after
the fact. These actions will further improve the ability of states to achieve cyber-space
superiority by imposing legal and criminal penalties for attacks.
Achieving cyber-space superiority against states, terrorist organizations, and major
non-state actor groups, in contrast to individuals, is something that states can more
realistically aspire to. Destroying the opponent’s cyber-capabilities may be effective in
387 Applegate, “The Principle of Maneuver in Cyber Operations.” 388 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber
Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013, http://www.bic-
trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34.
112
combatting threats from state actors and major non-state actors. Large scale cyber-attacks
take extensive planning and require expensive equipment,389 thus if a state can destroy an
adversary’s capabilities, it may be able to halt the attack and convince the attacker that trying
again is not worthwhile. States can seek to isolate attacking nations and adopt
confrontational tools, such as economic or diplomatic sanctions. The considerations here
are similar to physical asymmetric threats.
There are dangers, however, to employing cyber-attacks to achieve superiority. One
is that it is extremely difficult to do sufficient damage to an enemy in cyber-space that they
cannot retaliate. Thus, nations that launch cyber-attacks on countries with roughly equal
capabilities can expect retaliation, even if only symbolic.390 Further, the victim of an attack
can modify the code and either point it back at the attacker or learn from it and advance their
own capabilities more generally.391
States must be prepared to treat cyber-attacks in the same way as physical attacks
and use similar methods and strategies. It may be necessary to respond to cyber-attacks not
just with cyber-tools, but kinetic capabilities as well. Launching kinetic attacks is most
straightforward against attacking states, but is far more complicated against non-state actors
and individuals, and would require either gaining the permission of the host-state or risk a
military escalation, as in the case of any asymmetric threat. Additionally, there is likely to be
significant public backlash against the use of kinetic strikes in response to cyber-attacks by
non-state actors.
389 Silber, Jonathan. “Cyber vandalism – not warfare.” Ynetnews.com. January 26, 2012;
http://www.ynetnews.com/articles/0,7340,L-4181069,00.html 390 McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In),” Journal of Strategic Studies, Vol 36,
No 1, 2013, p. 117 391 Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly Vol. 5. 2011; Valeriano and
Maness, Cyber War Versus Cyber Realities, p. 62.
113
Achieving cyber-space superiority also means that a nation is able to deploy cyber-
attacks as part of other military operations in order to gain an edge on the battlefield or as a
standalone weapon to achieve an objective. Countries that can achieve cyber-space
superiority are able to deliver cyber-attacks at the time and place of their choosing in order
to compliment another action when it takes place. Such actions can include everything from
radar jamming up to cyber-attacks with physical effects. Launching such efforts takes
enormous coordination by multiple branches. The goal is to overwhelm the enemy in as
many domains as possible, but also to provide support for battlefield operations where
possible by disabling enemy weapons or warning systems.392
Israel and Cyber-Superiority – Israel has taken steps to obtain cyber-space
superiority in multiple ways, and had made clear it is capable and willing to use cyber-
weapons. In 2012, the IDF stated that, if necessary, it would be ready and able to use cyber-
weapons,393 although the nature of these weapons and the conditions under which Israel
would use them remain unknown. As in other spheres, Israel neither confirms nor denies
cyber-attacks, at least partly because they are difficult to trace, thereby allowing it to avoid
taking responsibility for them and lessening the chances of reprisal.394 It does appear from
392 Russell, “The Implications of Cyberspace for Navel Strategy and Security,” p. 191-192. 393 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews, June 4, 2012,
http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 394 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. 19; Egozi,
Arie. “The Secret Cyber War.” Military Technology. Vol. 35. 2011, p. 6; Even, Shmuel and David Siman-Tov,
“Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew)
Memorandum 179, INSS, June 2011, p. 19; Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p.
252; Fulghum, David. “Bombing Iran.” Aviation Week and Space Technology, Vol. 174. 2012, p. 29; Katz,
“Security and Defense;” Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning
and Future Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army
Command and General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College, May
23, 2013, p. 3.
114
the actions Israel has taken that it has aimed to lower the overall number of attacks to an
acceptable level, but it is unclear exactly how Israel would define defeat of an attacker in the
cyber-realm.
Israel has built powerful offensive capabilities in cyber-space.395 This is in keeping
with Israel’s general military doctrine that it must maintain offensive superiority in every
war-fighting arena vis-à-vis its rivals.396 In its 2015 strategy document, the IDF stresses this
point as well. Including noting that the IDF aims to ensure Israel’s security through land, sea,
air, and cyber-space. The IDF aims to do this through the creation of cyber-weapons that can
be used as standalone weapons and as part of a broader campaign in support of other
warfighting efforts.397 Israel views this as a valuable edge over its opponents, particularly
given that very few countries have been able to develop advanced cyber-capabilities yet.398
There are several government agencies in Israel that are engaged in building and
deploying cyber-weapons. The IDF currently has two primary bodies dealing with the cyber-
realm, Intelligence Unit 8200 and the General Staff’s C4I Branch. Unit 8200 was entrusted
with the IDF’s offensive cyber capabilities in 2009 and reportedly created a “cyber-staff” in
2011 to develop and deploy offensive cyber-weapons.399 Unit 8200 was reportedly involved
in the development and use of the Stuxnet worm, and is reportedly working to develop the
ability to sabotage critical infrastructures if necessary of potential enemies, particularly
395 Dagoni, Ran. “Amos Yadlin: Cyber-Defense Includes Cyber Attack.” Globes-Israel Business Arena, April 29,
2015. http://www.globes.co.il/en/article-amos-yadlin-cyber-defenses-must-include-attack-1001031900 396 Kremer, Jan-Frederik and Benedikt Müller. Cyber Space and International Relations: Theory, Prospects and
Challenges (Springer; 2014). 397 Office of the Chief of Staff, IDF, “The IDF Strategy,” p. 13, 17-18. 398 Kremer and Müller, Cyber Space and International Relations. 399 Ben-David, “Playing Defense;” Katz, “Security and Defense.”
115
Iran.400 Unit 8200 and the US, reportedly, were also behind the Flame malware used against
Iran, which took screenshots, recorded audio conversations, viewed network traffic,
intercepted keyboard strokes and likely stole information from infected computers, while
allowing all of this to be viewed remotely.401 Mossad is also said to have developed offensive
capabilities and to have worked with Unit 8200 to help create Stuxnet and Flame.402 Funding
and personnel for cyber programs within the military have also been increasing.403
Additionally, Lebanon has claimed that Israel hacked into its cellular telephone
infrastructure to spy on it.404
The ISA has also developed both offensive and defensive capabilities in order to
defend Israel from attack. The SIGINT and Cyber Branches are the units responsible for
cyber-actions within ISA, and it has a different set of responsibilities than those of the IDF.
In both the physical and cyber-realms, the IDF focuses on external enemies and military
threats, while the ISA focuses on internal security. The ISA has focused a great deal of effort
on improving the ability to extract intelligence from computer networks, social media, and
telephone conversations.405
Israel has also used cyber-space on multiple occasions in support of efforts to defeat
enemies in other realms. Israel has continued to develop such capabilities. Improving
Israel’s ability to quickly develop and build malware that can be used to sabotage critical
400 Katz, “Security and Defense;” Silverstein, Richard. “IDF to Double Unit 8200 Cyber War Manpower.”
richardsilverstein.com, October 23, 2012. http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-
cyber-war-manpower/ 401 Zetter, Kim. “‘Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” WIRED. May 28, 2012.
http://www.wired.com/2012/05/flame/ 402 Katz, “Security and Defense.” 403 Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012.
http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator 404 Egozi, “The Secret Cyber War,” p. 6. 405 Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014.
http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look
116
infrastructures of potential enemies has been a top priority.406 Israel is additionally a world
leader in using cyber-attacks to support its soldiers on the battlefield.407
In Israel’s 2014 conflict with Hamas, named Operation Protective Edge, Israel, for the
first time on a wide scale, used cyber-space to enhance its warfighting abilities. C4I created
mobile digital networks that soldiers could employ wherever they were on the battlefield.
The military could now connect soldiers to each other quickly, transfer data, share videos,
and help pinpoint the positions of friendly and hostile soldiers. Further, the different
branches of the military were able to share that same information with each other to speed
coordination.408
There are two other major occasions that Israel used cyber-space as a means to defeat
an enemy. The first is Operation Orchard. This was the code name for the successful 2007
air strike that destroyed a Syrian nuclear reactor suspected of being used as part of a nuclear
weapons program.409 In this incident, the Israeli Air Force was apparently able to fly into
Syrian air space and bomb the reactor without alerting Syrian air defenses.410 To accomplish
this, Israel appears to have taken control of Syrian radar systems and tricked them into
thinking that nothing was happening even while the attack was underway, and without
alerting guards to the system’s capture.411 Israel chose not to blind the Syrian defenses, or
shut them down, which would have alerted Syria to trouble, but instead temporarily
406 Silverstein, “IDF to Double Unit 8200 Cyber War Manpower.” 407 Baram, “Influence of the Development of Cybernetic Warfare,” p. 23. 408 Lappin, Yaakov. “Security and Defense: Network IDF.” Jerusalem Post, September 18, 2015.
http://www.jpost.com/Israel-News/Security-and-Defense-Network-IDF-416497; Zitun, Yoav. “The IDF Prepares for
Cyber-Battles.” YNetNews, September 2, 2015. http://www.ynetnews.com/articles/0,7340,L-4696003,00.html 409 Carr, Inside Cyber Warfare, p. 51; Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational
Planning and Future Implications for Cyber Domain,” p. 35-38. 410 Fulghum, “Bombing Iran.” 411 Egozi, “The Secret Cyber War,” p. 6.
117
reprogramed them to make the system appear to be functioning normally.412 To launch such
an attack, Israel would have had to maneuver its cyber-weapons into the Syrian systems,
meaning they knew how to gain access prior to the attack. It also required that Israel be able
to practice the attack beforehand to make sure that it would work.413
The most famous cyber-attack is Stuxnet.414 Stuxnet was reportedly launched by
Israel and the US to attack Iran’s nuclear program as part of a broader campaign of cyber-
attacks and espionage against Iran entitled “Olympic Games.”415 The worm targeted the
supervisory control and data acquisition systems of Iran’s uranium enrichment centrifuges;
once a computer was infected, Stuxnet did not need any further commands and could alter
information to hide its presence and cause damage until it was discovered.416 It is considered
by most people to be the first malware to inflict physical damage, destroying roughly 1000
of Iran’s centrifuges.417 The use of Stuxnet aimed to achieve a broader national security goal
of preventing Iran from acquiring a nuclear weapon.418 Such a goal in the past could only
really be achieved via the use of force or diplomacy, but the cyber-realm opened up a new
possibility and Israel and the US used it.
412 Egozi, “The Secret Cyber War;” Clarke and Knake, Cyber War, p. 4-6; McGraw, “Cyber War is Inevitable
(Unless We Build Security In),” p. 112 413 Applegate, “The Principle of Maneuver in Cyber Operations,” p. 7. 414 For a detailed technical discussion of how Stuxnet worked, see: Barzashka, Ivanka. “Are Cyber-Weapons
Effective?” The RUSI Journal. Vol. 158, No. 2. 2013. 415 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow (2015) Cyber
Denial, Deception and Counter Deception. Advances in Information Security, Vol. 63 (Springer: New York), p. 54-
55; Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York:
Crown. 2014). 416 Fulghum, “Bombing Iran;” Farwell, James P. and Rafal Rohozinski, “Stuxnet and the Future of Cyber War.”
Survival. Vol. 53, No. 1. 2011, p. 25; Joint Advanced Warfighting School, “Nothing New Under the Sun,” p. 14;
Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber
Domain,” p. 45-49; Zetter, Countdown to Zero Day; Sanger, David E. Confront and Conceal: Obama’s Secret Wars
and Surprising Use of American Power. (Broadway Books, 2012). 417 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 53-54; Sanger, Confront and Conceal. 418 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 60.
118
This raises an important question: Did Stuxnet achieve the broader goal of slowing
Iran’s nuclear program? The answer is actually unclear. There are many who argue that
Stuxnet not only failed to slow Iran’s program, but had other negative effects as well. Some
argue that that Stuxnet had no medium or long term impact on Iran’s program as Iran simply
swapped out older damaged centrifuges for newer ones. It does appear that Iran was quickly
able to restore the rate at which it was enriching uranium to the levels it had been prior to
the deployment of Stuxnet.419 Many estimates put the delay to Iran’s program at only about
three months.420 Thus, there are many who argue Stuxnet failed at its primary goal.
Compounding that failure, it is clear that Iran was able to improve its own offensive
and defensive cyber-capabilities by studying Stuxnet. Iran did not have to put in any effort
to develop the complex worm, but it was able to quickly learn from its coding for essentially
free.421 In fact, ever since Stuxnet, Iran has been far more aggressive in cyber-space and has
invested heavily in developing its own cyber-capability. Stuxnet also spread beyond its
initial target. From Iran’s nuclear program, Stuxnet spread to hundreds of thousands of
other machines around the world.422 In fact, it is estimated that roughly 40% of all
computers infected by Stuxnet were outside of Iran.423 In this case, Stuxnet was harmless
and did not cause collateral damage, but the danger it could have done so is real.
419 Barzashka, “Are Cyber-Weapons Effective?” p. 48; Valeriano and Maness, Cyber War Versus Cyber Realities, p.
156; Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013, p. 369. 420 Slayton, “What is the Cyber Offense-Defense Balance?” p. 104. 421 Cohen and Rotbart, “The Proliferation of Weapons in Cyberspace;” Lindsay, Jon R and Lucas Kello
“Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2. 2014, p. 183; Bronk, Christopher
and Eneken Tikk-Ringas. “The Cyber Attack on Saudi Aramco.” Survival. Vol. 55, No. 2. 2013, p. 84; Brunner,
Jordan. “Iran Has Built an Army of Cyber-Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-
has-built-an-army-of-cyber-proxies/ 422 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 54-55. 423 O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and
WMDS.” Washington University Global Studies Law Review, Vol 13, No 515. 2014, p. 519.
119
Stuxnet was also massively difficult and expensive to plan and create. Enormous
intelligence gathering efforts would have been required to learn exactly what systems Iran
had installed and how they had configured them to make sure Stuxnet would operate as
intended. It is unclear how this information was obtained by Israel and the US. The coding
used in Stuxnet was also highly targeted as it impacted only Iran’s configuration of its
machinery (which is why it did not cause collateral damage), meaning that it was necessary
to create a replica of Iran’s set up to test it first. The coding was also massively complex as
Stuxnet was able to communicate between infected machines, including those without an
internet connection, it was able to be updated, and could modify industrial control systems
without alerting operators. All of this requires enormous time, money, human resources,
and expertise. Stuxnet also used four zero-day exploits (which, as noted, are difficult to
obtain), two stolen digital certificates, and software granting hidden privileged access to
systems running Windows, among other things.424 As a result of all these factors, Stuxnet
was extremely expensive, possibly as much as $300 million to design and deploy.425
It is additionally possible that Stuxnet harmed diplomatic efforts to address Iran’s
nuclear program. This is in part because it decreased the urgency to reach a deal. If nations
believed the cyber-attack had slowed Iran’s progress, then there was no need to push
forward for a deal quickly. Further, a deal on Iran’s nuclear program would require trust on
both sides, and Stuxnet may have made building such trust all the more difficult.426
Despite these arguments, there is good reason to believe that Stuxnet did achieve its
goal and was a useful tool in preventing Iran from acquiring a nuclear weapon. Even the
424 Rid, Cyber War Will Not Take Place;” Slayton, “What is the Cyber Offense-Defense Balance?” 425 Slayton, “What is the Cyber Offense-Defense Balance?” p. 98. 426 Barzashka, “Are Cyber-Weapons Effective?”
120
most conservative estimates of Stuxnet’s impact admit that it did succeed at delaying Iran’s
nuclear program, even if just for a few months, which was its goal. Stuxnet did not
completely derail the nuclear program, which would have obviated the need for other
measures such as military action.427 It did, however, buy time. Further, Stuxnet was
intentionally designed not to cause centrifuges to explode as the goal was to slowly erode
Iran’s program and cause delays. A more drastic cyber-attack was possible, but it would have
been discovered quickly.428 The goal of Stuxnet was to avoid detection so it could operate
over time.
Stuxnet had other advantages as well. Unlike a physical strike, which can only target
known facilities, a worm can be unknowingly transferred to secret facilities whose existence
Israel and the US suspected, but did not have firm information about.429 Thus it enabled the
Israeli military to discover secret infrastructures in Iran which conventional intelligence
would have struggled to find.430 Additionally, a physical strike on Iran would have been
extremely difficult for Israel to carry out, due to geography and Iran's likely response, so
Stuxnet provided a unique opportunity to accomplish an important military goal with
minimal risk.431
The cost of the worm appears to have been largely irrelevant to both sides in the
conflict. The US and Israel, the latter of which views Iran’s nuclear program as an existential
threat for good reason, placed far more value on halting the nuclear program than on the cost
427 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War,” p. 11; Sanger, Confront and Conceal. 428 Barzashka, “Are Cyber-Weapons Effective?” p. 54. 429 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War,” p. 25. 430 Cohen, Freilich, and Siboni, “Israel and Cyberspace.” 431 Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for
Cyber Domain,” p. 39-40, 42-43; Joint Advanced Warfighting School, “Nothing New Under the Sun,” p. 14-15;
Sanger, Confront and Conceal; Cohen, Freilich, and Siboni, “Israel and Cyberspace.”
121
of the cyber-attack. Iran as well was willing to continue the program despite the costs that
Stuxnet imposed.432
In regards to diplomacy, Stuxnet may have not only not harmed, but actually helped
negotiations. At the time, there was a growing sense that it would be difficult to prevent Iran
from obtaining a weapon or of finding a deal it would be willing to accept. The impression
that Stuxnet had caused significant damage, whether true or not, may have reinvigorated
talks. The P5+1 could now believe there were ways to slow or stop Iran’s program and Iran
felt more vulnerable and thus perhaps more ready to make a deal.433
Overall, while it is unclear exactly how much damage Stuxnet did, it does appear to
have been a useful weapon. It provided improved intelligence, did not cause any significant
collateral damage as an air-strike would have, gave Israel enough confidence it had damaged
Iran’s nuclear program that it could hold off launching airstrikes, destroyed centrifuges, and
possibly helped lead to a diplomatic solution. In addition, Stuxnet could have done far more
damage than it did, illustrating that cyber-attacks can have value both as a tool in and of
themselves, and as part of a broader effort.
Resilience – there is no way to prevent every dangerous cyber-attack from
penetrating defenses, eventually one will succeed and cause damage. The question thus
becomes not just how to prevent cyber-attacks, but how to manage a system once defenses
fail, and to recover as fully and as rapidly as possible, i.e. to build “resilient” systems.
Different systems will require different levels of resilience. Some networks will only need to
432 Slayton, “What is the Cyber Offense-Defense Balance?” p. 75. 433 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 155; Gartzke and Lindsay, “Cross-Domain
Deterrence,” p. 4.
122
be able to quickly return to their most minimal level of functioning, while others must be
designed to return to the original level as soon as possible. Many of the same challenges that
apply to the four Ds apply here as well. The ease of launching large volumes of attacks makes
it more likely that one will penetrate defenses. The fact that users often do not fix
weaknesses in hardware and software even when patches are available, coupled with the
mistakes users make, further increase these odds. Lack of information sharing continues to
plague resilience as well as it is far easier to recover if others have already done it and can
advise.434
The primary goal of any strategy aiming to build resilience must to ensure that the
state can maintain functional continuity.435 Due to the inherent limit on resources, it is
critical to prioritize the systems that need to be made resilient. For example, military
systems and the power grid are likely to be far more important to a nation than other
networks. When designing networks, features aimed at improving resilience can be built-in
to speed and support the recovery process. Metrics can be developed that will help
determine which systems are most critical and thus where to guide technological resource
investment.436 There are situations where physical overrides should be built in as well.
States should not ignore the private sector, as it is the backbone of the economy. Damage to
major companies could threaten the larger economy and therefore the nation’s broader
resilience.437 Thus states need to work with private companies to determine minimum
standards for cyber-security.
434 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84-85. 435 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153, 2016, p. 10. 436 Singer and Friedman, Cybersecurity and Cyberwar, p. 172. 437 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 95.
123
The process of building resilient systems in cyber-space includes drafting various
high probability “reasonable” scenarios, as well as low probability “extreme” ones. Once
these scenarios are developed, it is possible to build plans and tools to make a system more
resilient. This needs to take place before failures occur and, as in any capabilities build-up
procedure, includes: technological measures, human resource development, training
exercises and drills, and assimilation measures.438 Reality is likely to present unexpected
cyber-defense failures, with results that are sometimes extreme, and a resilient system could
be the difference between relatively rapid recovery and severe consequences. Resilience is
also important because such systems make attacks far less consequential, thus reducing the
overall threat as well as the payoff for the attackers. This, in turn, decreases the likelihood
that an attack will take place to begin with. In other words, resilience improves deterrence
by denial.
Building resilient systems is critical for another reason. As noted above, when states
launch cyber-attacks they run a high risk that they will be hit with an attack in response.
Therefore, the attacking states needs to be sure that if it cannot prevent or defend against
the retaliatory attack that it is resilient enough to bounce back quickly.439
Israel and Resilience – Israel has not released detailed information regarding any plan
for how it would recover from damaging cyber-attacks, and it is not clear how Israel intends
to do so. A 2017 cyber-strategy document does offer some hints. Israel stresses that it views
438 Singer and Friedman, Cybersecurity and Cyberwar, p. 172; Demchak, Chris C. Wars of Disruption and
Resilience. (University of Georgia Press. 2011); Demchak, Chris C. “Resilience and Cyberspace: Recognizing the
Challenges of a Global Socio-Cyber Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No.
3. 2012. https://citizenlab.org/cybernorms2012/Demchak2012.pdf 439 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 10.
124
resilience the capacity to regain normal functioning as quickly as possible following an
attack, and to this end, the state takes on a role in both the governmental and private levels.
Israel stresses that it will offer to assist companies hit with attacks and work to ensure that
the threat does not reoccur either at the same company or elsewhere. The main vehicle for
achieving this is Israel’s national CERT which will provide that advice and assistance.440 The
2015 IDF Strategy also notes that the IDF views resilience as important, stressing that the
IDF will work to ensure that it has the ability to operate while under cyber-attack.441 How it
will achieve this is not made clear.
To help ensure that it is ready to withstand and recover from attacks, Israel conducts
drills to simulate different types of cyber-attacks. In 2012 one such drill, called “Lights Out,”
tested the readiness of Israel’s critical infrastructure defenses, as well as contingency plans
during a cyber-attack.442 In 2015, Israel decided to use its yearly home front defense drill
"Turning Point" to simulate cyber-attacks that brought down the electrical and telephone
grids in order to improve its response during, and in the aftermath, of an attack.443 Israel,
however, has yet to develop robust resilience capabilities and methodologies on the national
level that also integrate the civilian business sector.444
Concluding Observations:
Cyber-attacks present new challenges, but they can be addressed by applying the
Four D’s and R model. The model may not provide a complete response, much as it does not
440 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 116. 441 Office of the Chief of Staff, IDF, “The IDF Strategy,” p. 30. 442 Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” 443 Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015
http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ 444 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 86.
125
regarding other asymmetric and conventional threats, and modifications will certainly be
required to adapt them to the challenges posed by cyber-threats. In those areas in which
they prove deficient, however, new capabilities will be developed over time. Israel’s
experience demonstrates this to be true, as the following final example illustrates. Generally,
when states address national security threats the focus is on the attacker. Thus states will
often determine which organization is responsible for dealing with the danger based on
whether the attack is an act of war, a criminal action, international, domestic, or conducted
by a non-state group or individual. This, however, does not work well in cyber-space where
the identity of the attacker is not always clear and the nature of threats is constantly evolving.
Israel recognized this challenge, and Israel’s 2017 National Cyber Security Strategy
document took steps to address it. The most important shift is that Israel’s strategy for
dealing with major threats is not dependent on knowing the actor behind it. Instead, the
focus is on types of threats and the actors it might target. Israel stressed that it views
protecting the targets of attacks and helping them recover as more important than focusing
right away on the identity of the attacker. Thus, Israel has set up governmental organizations
and strategies that exist to protect critical systems and entities from attacks no matter where
they originate from.445
Recommendations:
Despite Israel’s successes in cyber-space, there are always ways that nations can
improve. This final section will offer some recommendations that Israel, or other nations,
could adopt.
445 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 121.
126
Enhance Information Sharing with the Private Sector – This recommendation is
useful across all the 4Ds and R. As discussed above, the private sector faces the majority of
threats in cyber-space, but they do not tend to share information with the government or
with each other. This hampers the government’s overall efforts to implement effective
cyber-defenses. Policies can be crafted that require companies to disclose data breaches,
intellectual property theft, DDoS attacks, and loss or degradation of services. Sharing
information regarding the most effective detection methods, cyber-weapons, remediation
techniques, and forensic practices would help to make sure the same threats do not keep
causing problems.446 Protections must be built in to ensure that all information that is
shared is kept confidential to address industry concerns. Additionally, closer ties between
the private sector and government will beneficial to both sides. Governments have strong
intelligence, regulatory, and organization capabilities, while the private sector has
technological assets and manpower, and controls many systems governments rely on. New
regulations and legislation will be required to build the mechanisms needed to create
cooperation and facilitate partnerships and information sharing.447 Overall, Israel should
increase its cooperation with the private sector, and work with them to create the needed
legislation and requirements as both sides share common cyber-risks and interests.
Intelligence Gathering – As these recommendations suggest, intelligence gathering is
critical to addressing the threat from all actors and across all 4Ds and R. Some of this can be
446 Office of the President. “Cyberspace Policy Review” Office of the American President. 2011.
https://www.state.gov/documents/organization/255732.pdf 447 Office of the President. “Cyberspace Policy Review” Office of the American President. 2011.
https://www.state.gov/documents/organization/255732.pdf
127
done on-line, reading chat rooms or impersonating members or supporters of the non-state
actor, intercepting communications, and other tactics.448 Intelligence conducted in the
physical world is just as critical as not everything important is said on-line. Israel must rely
not only on cyber-intelligence gathering, but on traditional intelligence tools as well.449
Relatedly, Israel can try to convince some hackers to serve as informants, or can try to
penetrate non-state actors groups by planting agents within them. Israel is currently moving
many intelligence resources into the cyber world, but Israel must utilize regular intelligence
means in the physical world as well.450 Israel should look to increase the number, and type,
of sources that it relies on to gather intelligence. This will enable Israel to be more certain
that the intelligence is accurate.451
Enhancing Detection – Israel must continue to develop new technology to assist with
detection. The tools needed to detect attacks, and the likely success achieved, may vary with
the kind of attacker. One option, appropriate primarily for non-state and individual
attackers, is to impersonate members of the cyber-networks they use to gain intelligence, i.e.
to pose as fellow activists.452 Another option, appropriate for all potential attackers, is to
develop improved capabilities to monitor anomalies in their cyber-traffic that might indicate
448 Microsoft, “Impersonation.” 449 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz, July 2, 2014.
http://www.haaretz.com/opinion/.premium-1.602413# 450 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 44-71; Siboni, “Cyber-tools are No Substitute for Human
Intelligence.” 451 Rid and Buchanan, “Attributing Cyber Attacks,” p. 8-9. 452 Microsoft, “Impersonation.”
128
impending attacks.453 Continuous real time monitoring of threats online can also boost
detection abilities.454
Enhancing Deterrence – To achieve Deterrence, Israel must be able to make clear to
their adversaries what their retaliatory capabilities are and what penalties they are likely to
pay. Doing so in the cyber-realm is similar to other asymmetric conflicts. Deterrence
postures and intentions can be made through public statements or back channel
communications.455
When an attack is underway, Israel can work with ISPs to halt attacks by blocking
traffic from IPs being used in the attack.456 If the ISPs are not willing to help, Israel can turn
to the nation hosting the ISP and request that they place pressure on the ISP to assist. If
Israel cannot convince either to intervene, it can threaten to make public that refusal and
name and shame the ISP and the host nation, with the goal being that the threat will lead the
ISP or nation to comply. This has the additional benefit that it will draw the attention of
security services around the world to that particular group or individual in an effort to
ensure they cannot launch further attacks. It is useful before an attack occurs to create lists
of the ISPs and nations most likely to be used in an attack, just as Israel has done.457 A further
453 Moran, “A Cyber Early Warning Model,” p. 188. 454 Australian Government, “Cyber Security Strategy.” 455 Department of Defense, “The DoD Cyber Strategy.” United States of America, April 2015.
http://www.defense.gov/home/features/2015/0415_cyber-
strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf 456 Clarke and Knake, Cyber War, p. 16. 457 Sklerov, “Responding to International Cyber Attacks as Acts of War,” p. 195; Even and Siman-Tov, “Cyber
Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 19.
129
complication is that cyber-attacks may be routed through ISPs in third-party nations,458
further highlighting the importance of expanding the number of friendly nations.
Deterrence can also be expanded beyond the cyber-realm. Simply because an attack
takes place in cyber-space does not mean that Israel must restrict their threats of retaliation
(or acts of retaliation if needed) to cyber-space. Some opponents may not have cyber-assets
worth striking, or may be more vulnerable in a different realm. This raises dangers of
escalation, but in some cases might be the only way to deter an enemy from launching cyber-
attacks.459
Enhancing Attribution – To achieve deterrence, as noted above, Israel must be able to
assign attribution for an attack. To this end, Israel must boost its ability to assign attribution
by deploying, and continuously improving, technological and intelligence tools, including
gathering information on the types of coding used by different types of attackers and their
goals. This is an area in which private entities and the government should consider ways to
work together. Private cyber-security companies, such as McAfee, Symantec and others, have
been able to identify malware and offer insights into its possible origins.460 Having this extra
analysis and information can assist Israel in ensuring correct attribution for an attack.
Not every cyber-attack requires perfect attribution, or even investigation. Many
attacks cause little to no damage or disruption. Given that states have limited resources and
cyber-attacks are common, Israel needs to determine criteria regarding when a cyber-attack
458 Nye, “Deterrence and Dissuasion in Cyberspace.” 459 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 3, 13. 460 Rid and Buchanan, “Attributing Cyber Attacks,” p. 25.
130
is worth further investigation.461 Criteria can include, among others, the country of origin of
the attack, the target of the attack, the level of damage, the suspected goal of the attack
(which is also often difficult to determine), or the type of attack used (e.g. DDoS vs. malware).
Enhancing Defense – Technology is central in creating effective defenses. A well
designed defensive system will disperse information, and possibly even key components of
the network or system itself, so that attackers must hit multiple sites and targets to gain
access to the information they are seeking.462 Encryption is also key, as strong encryption
can be highly difficult to break.463 Defenses must go beyond firewalls and similar efforts and
have a heavy focus on patrolling for anomalies insides one’s own cyber-systems.464 Ideally,
Israel should work to develop technology that will allow deep packet inspection before they
even reach the network.465 All technical solutions can fail, thus a strategy that has multiple
chances and tools to catch intruders or prevent them from accessing information makes
defenses much stronger.466 This recommendation can be fairly inexpensive to implement, in
that a great deal of excellent software already exists and is not prohibitively expensive.
However, developing such software can be very expensive (obviously as is having an “air-
gapped” separate network without internet access). Thus, Israel must determine if existing
programs are adequate for its needs. In a nation like Israel with so many private cyber-
461 Rid and Buchanan, “Attributing Cyber Attacks,” p. 7. 462 For more on the technical aspects of this, please see: Fahrenkrug, David T. “Countering the Offensive Advantage
in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds. C.
Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012. 463 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace,” p. 197, 202. 464 Nye, “Deterrence and Dissuasion in Cyberspace.” 465 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace.” 466 Radichel, “Case Study,” p. 7.
131
companies, the cost of developing new methods and software can be reduced through
cooperation between the companies and government.467
Defensive technology needs to be developed that covers a wide range of scenarios as
it must also be appropriate to varied situations. In the initial stages of an attack, before any
real damage has been done or systems penetrated, efforts to disrupt or redirect the attack
may be adequate. If the system has been penetrated, or damage done, defenses should seek
to contain the attack, as well as aim to prevent the attacker from knowing that the intrusion
has been discovered and successfully stopped. If successful, this would allow Israel to protect
the system from further damage, learn how the attacker operates for future reference, and
possibly feed it with misinformation.468 An ongoing dialogue between government agencies
and private sector companies involved in the development and use of such technologies is
important to ensure that the threats are addressed as successfully as possible. Such
collaboration can also be strengthened by working with friendly foreign governments and
private companies in other nations.469
Protecting networks in the governmental and private sector will require new
legislation, regulations, and technology. The private sector, however, often resists any
efforts to regulate their activities.470 As noted, private sector companies with ties to
government networks pose vulnerabilities as attacks on more poorly defended systems can
serve as backdoors to more secure ones.471 Israel can encourage companies to improve their
security through technical or monetary assistance, or through legislation and regulation
467 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 78-79. 468 Applegate, “The Principle of Maneuver in Cyber Operations;” Siboni and Assaf, “Guidelines for a National
Cyber Strategy,” p. 79. 469 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 79. 470 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 88. 471 Radichel, “Case Study,” p. 7.
132
requiring that they do so. New government agencies may need to be created to help draft
specific requirements and to ensure protections are implemented. In addition, once again
legislation and regulation can be used to boost information sharing between the private
sector and the government as this will boost defenses.472
One important aspect Israel and other states must consider is the idea of counter-
attacking or preemptively attacking. If Israel can eliminate a cyber-weapon it knows is going
to be used before it is deployed, it greatly boosts Israel’s defensive posture. Counter-attacks
can possibly cause attackers to halt their initial attacks as well. Israel should be very careful
about launching such cyber-attacks, however. Counter-attacks and preemptive attacks run
not only the same risks as any other cyber-attack, but additional ones as well. Cyber-
attackers sometimes intentionally route their attacks through nations, companies, and
servers that have nothing to do with the incident in an effort to create confusion and an
international incident.473 Similarly, attackers can hijack the computers of innocent people to
help launch their cyber-attacks, therefore simply because a computer is taking part in an
attack does not mean the owner is aware of that.474 Thus attacking that machine could
damage the computer of an innocent person and would certainly be a violation of
international law and norms against damaging civilian infrastructure. This risk is
particularly acute for Israel, which opponents often attempt to portray as a violator of
472 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84. 473 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 377; Healey, Jason. “When ‘Not My Problem’ Isn’t
Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United
States Issue Brief, 2012, p. 3; Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.”
Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph
Nye and Monica Toft, March 20, 2012, p. 102. 474 Applegate, “The Principle of Maneuver in Cyber Operations.”
133
international law.475 Thus Israel might be wise to avoid actions that could help support such
a narrative.
Achieving Decisive Defeat – Not every attack has to be Stuxnet. If attacks were
needed on another cyber-power, Israel would need to deploy sophisticated tools. Against
targets that are not highly advanced, even DDoS or defacements can have an impact. Thus,
when deciding what cyber-weapon to use in a situation, Israel must think carefully about
how advanced the target is, what the goal of the operation is, how dependent the targeted
nation or group is on cyber-space, and what tool will be least likely to lead to retaliation or
escalation. In some cases, Israel can even decide to have a proxy launch the attack to avoid
attribution. This is something to weigh carefully as proxies cannot always be controlled after
they are given the cyber-weapon. It can, however, be an effective strategy to avoid
escalation.476
Israel must also accord cyber-attacks the same importance it attaches to physical
attacks and use similar methods and strategies, for example, responding not just with cyber-
tools, but kinetic capabilities as well. Launching kinetic attacks is most straightforward
against attacking states, but is far more complicated against non-state actors, and would
require either gaining the permission of the host-state or risk a military escalation, as in the
case of any asymmetric threat. Additionally, there is likely to be significant public backlash
475 Cohen, Matthew S. and Charles D. Freilich. “The Delegitimization of Israel: Diplomatic Warfare, Sanctions and
Lawfare.” Israel Journal of Foreign Affairs. Volume IX, Number 1. 2015; Cohen, Matthew S. and Charles D.
Freilich. “War by Other Means: Modeling the Delegitimization Campaign against Israel.” Israel Affairs. Volume 24,
Issue 1. January 2018. 476 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 72-73.
134
against the use of kinetic strikes in response to cyber-attacks by non-state actors, certainly
individuals, but organizations as well.477
The prospects of defeating an enemy in the cyber-realm can be increased if Israel
focuses on destroying opponents’ cyber-capabilities, whether those of state actors or major
non-state actors. Large scale cyber-attacks take extensive planning and require expensive
equipment,478 thus if Israel can destroy an adversary’s capabilities, it may be able to halt the
attack and convince the attacker that trying again is not worthwhile. Israel can also seek to
isolate attacking nations and adopt confrontational tools, such as economic or diplomatic
sanctions. The considerations here are similar to physical asymmetric threats.479
Enhancing Resilience – Building a plan to enhance resilience should focus on two
main aspects: how to mitigate the impact of the attack and bring the system back to full
functionality; and ensuring that critical systems can maintain their ability to function during
an attack. This is true for governmental systems as well as critical infrastructure.
Israel could additionally craft legislation that requires that features aimed at
improving resilience be built into private and government systems to speed and support the
recovery process. Israel can require the largest private companies to develop and submit a
plan as part of their businesses licensing requirements for how they will work resilience into
their cyber-systems. To help build resilience for the most critical government networks,
Israel can design cyber-architecture that offers multiple pathways for controlling the system.
477 Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “‘Four Big ‘Ds’ and a Little ‘r’: A New Model for
Cyber Defense.” Cyber, Intelligence, and Security, Volume 1, Number 1, 2017. 478 Silber, “Cyber vandalism – not warfare.” 479 Cohen, Freilich, and Siboni, “‘Four Big ‘Ds’ and a Little ‘r.’”
135
Thus, if one pathway fails, a back-up is available. This would allow Israel to continue to use
the system, even if not at full strength, and thus provide it with the ability to either continue
to control the conflict environment, or at least prevent a worsening of the situation.480
Part of the process of building resilient systems in cyber-space is drafting various high
probability but low cost scenarios, as well as low probability but high cost ones. Once these
scenarios are developed, it is possible to build plans and tools to make a system more
resilient. This must take place before failures occur and should include technological
measures, human resource development, training exercises and drills, and implementation
measures.481 A part of this planning should focus on the most extreme cases where physical
damage is caused by a cyber-attack. In such a case a plan must also be developed to deal
with the fallout from that physical damage as well.
To enhance resilience in the cyber-realm, Israel should strive to achieve a diversity of
equipment. Hardware and software should not all be supplied from one source or company,
but instead, critical systems should be based on a variety of sources. The diversity of
equipment will allow Israel to more quickly isolate problems, switch to a different company’s
equipment, and resume operations. This may increase supply-chain risks, but it will also
allow Israel to address them if an intentional vulnerability is found built into a company’s
equipment. There are additionally some cases where physical overrides should be built in as
well in order to ensure that there is another way to regain control of critical systems.
Railways, for example, can be built with the ability to stop a hijacked train using physical
controls that do not depend on cyber-systems.
480 Department of Defense, “The DoD Cyber Strategy.” 481 Singer and Friedman, Cybersecurity and Cyberwar, pp. 172; Cohen, Freilich, and Siboni, “‘Four Big ‘Ds’ and a
Little ‘r.’”
136
International Cooperation is Critical – Within the limitations of operational security,
Israel should seek to deepen and expand the number of states it cooperates with on
cybersecurity issues. This is a topic that has come up repeatedly across the 4Ds and R and
deserves to be stressed as a central recommendation. Having agreements to share
intelligence information on possible cyber-attacks with other states makes it easier to
prevent and respond to them. Israel should also run joint cyber-training drills with foreign
partners similar to the drills run to handle physical threats. Such cooperation is particularly
important for Israel to develop as it is under constant attack and thus could benefit from any
additional assistance it can garner. The more nations that Israel can work with, the greater
the chance that one of them will be able to provide intelligence information that can prevent
an attack or help respond to one once it is underway.482
Of particular value to Israel is to enhance cooperation with the US. The US and Israel
already have close ties regarding cyber-space at both the governmental and private level.483
Many US companies (such as IBM, Microsoft and Intel) have large operations in Israel, and
there are close cyber-ties between the two nations in the banking, utilities, and critical
infrastructure sectors.484 The US and Israel are also suspected to have worked together to
develop Stuxnet. Israel and the US have worked together to create bi-national foundations
482 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber
Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013, http://www.bic-
trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34; Cohen, Freilich, and Siboni, “Israel
and Cyberspace.” 483 Nakashima, Ellen and William Booth. “How Israel is Turning Part of the Negev Desert into a Cyber-City.”
Washington Post, May 14, 2016. https://www.washingtonpost.com/world/national-security/how-israel-is-turning-
part-of-the-negev-desert-into-a-cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-
4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 484 Eisenstadt, Michael and David Pollock. “Asset Test: How the United States Benefits from Its Alliance with Israel.”
Washington Institute for Near East Policy, Strategic Reports 7, 2012, p.36.
137
aimed at supporting R&D in both nations.485 Both nations stand to gain greatly from
enhanced cooperation as working together they can develop more sophisticated technology
and strategies for dealing with the threats cyber-space poses.
The creation of global norms and international agreements can be useful in bolstering
cyber-defenses as well. In order to build useful global norms and international agreements,
states must identify the types of activity to be addressed, state responsibilities under the
agreement, and the punishments for violating them. States should also establish
international bodies to oversee compliance.486
485 Dagoni, Ran. “US Congress Approves Israel Cyber Cooperation.” Globes, November 30, 2016.
http://www.globes.co.il/en/article-us-congress-approves-israel-cyber-cooperation-1001163968 486 Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”
Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.
Policy. 2010. http://www.nap.edu/catalog/12997.html, p.180, 191.
138
Chapter 4 – Israel and Cyberspace: International Norms, Laws, and Soft-Power
There is a growing recognition that the creation of norms and international law is an
additional possible method to enhance cyber-security at the national and international
levels. This effort stems from a more general trend outside of cyber-space. Countries in the
physical world have increasingly been turning to these two tools to decrease anarchy and
insecurity. Calls for such restraints on state behavior are increasingly being heard in cyber-
space as well, and they are only likely to get louder. There are, as this chapter will show,
possible emerging norms, but no clear norms regarding behavior in cyber-space yet exist. It
is also unclear what existing international law applies or how it would be interpreted given
the differences between cyber-space and the physical world. This ambiguity and uncertainly
gives states greater room to create mischief and behave in ways they might not in the
physical world.487
This chapter will explore the efforts to create and interpret norms and international
law in cyber-space, and examine what role Israel has played. The central goal of this chapter
is to examine the what norms and international law exist in cyber-space and what questions
remain unanswered, and how Israel’s experience can inform and help clarify and answer
those debates and issues. Relatedly, the chapter will look at how Israel has used its advanced
cyber-abilities consistent with possible emerging norms calling for cyber-powers to help
487 Finnemore, Martha and Duncan B. Hollis. “Constructing Norms for Global Cybersecurity.” The American
Journal of International Law. Vol 110, No 3. 2016, p. 426; Choucri, Nazli. Cyberpolitics and International
Relations. (The MIT Press: Cambridge, MA: 2012), p. 171; Applegate, Scott D. “The Principle of Maneuver in
Cyber Operations.” 2012 4th International Conference on Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski
(Eds.) NATO CCD COE Publications, Tallinn, 2012, p. 4.
139
build capabilities in other nations and how Israel has used its compliance with that norm to
build its soft power.
Norms in Cyberspace:
There are many scholars who argue that norms are beginning to emerge in cyber-
space. The major cyber-powers, including the US, Russia, China, and Israel, as well as major
international corporations like Microsoft, have all expressed an interest in the creation of
norms and have taken part in trying to create them. These attempts to build norms have
occurred at the national, bilateral, and multilateral levels. Norms may be taking on an
increased importance to nations as a tool to increase cyber-security as they are an
inexpensive means to enhance security. Thus far, initial attempts to build norms have
generally been on a voluntary and nonbinding basis, instead of via the creation of legally
binding treaties.488
Countries’ decisions regarding whether to launch cyber-attacks appear to have a
socially constructed aspect to them. Cyber-attacks are generally only used in situations
where a rivalry exists between two states, and the decision is impacted by the system of
norms in place and the level of fear of retaliatory punishment from the international
community if an attack is launched.489 Regulatory norms (ones that prohibit or permit
particular behaviors) have already begun to emerge in cyber-space, as can be seen in
international agreements regarding the prohibition of cyber-crime.490 Those who believe
488 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity.” 489 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International
System. (Oxford: Oxford University Press. 2015), p. 51. 490 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 440.
140
norms are emerging admit, however, that no clear or universal norms yet exist regarding the
use of cyber-attacks. Instead, norms are beginning to emerge and will continue to do so.491
There is reason to believe norms are already emerging and will continue to do so. One
prominent example is an ultimately unsuccessful deal between the US and China. The US
and China initially reached an agreement in principle in 2015 to restrict the use of cyber-
espionage against each other’s private companies. As China engages heavily in such actions,
this was hailed as a major step. However, the deal quickly fell apart as China did not curb
the intrusions. As an effort to enforce the norms, the US responded by issuing arrest
warrants for Chinese hackers engaged in the attacks. This was a largely symbolic effort, as
China would have to arrest the attackers and they will not do so.492 Despite the failure of the
agreement, this is still important, as it made clear what the US expects in regards to behavior
in cyber-space and indicated that failure to follow that norm of behavior can lead to
punishments.
One norm that may be emerging is one where states show restraint in launching
cyber-attacks that could cause significant damage of any kind, including physical or
economic harm.493 This norm may have begun to arise for a range of reasons. There is a fear
that cyber-weapons can only be used once, so nations do not want to waste them. Further,
once the weapon is used, the target will have access to the code used to create the weapon
and can turn it back on the attacking state with some minor modifications.494 Another factor
491 Valeriano and Maness, Cyber War Versus Cyber Realities 492 Maness, Ryan C and Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed
Forces and Society. Vol 1, No 23. 2015, p. 15. 493 Valeriano and Maness, Cyber War Versus Cyber Realities; Maness and Valeriano, “The Impact of Cyber
Conflict.” 494 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The
Impact of Cyber Conflict;” Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.”
Institute for National Security Studies, Memorandum 117. May 2012.
141
restraining cyber-attacks is the fear that their use will lead to an escalation in hostilities.495
Along these lines, countries that can launch powerful and destructive cyber-attacks are also
the ones most reliant on cyber-space, thus they fear that if they launch cyber-attacks they
could end up suffering a greater loss than their target. In the physical world there are norms
against causing collateral damage, and it appears this norm might be carrying over into the
cyber-realm as well. Nations may be holding back from launching attacks over the fear of
causing collateral damage to citizens, a fear that is particularly acute as cyber-attacks that
accidentally expand beyond their targets can easily travel to nations that were uninvolved in
the dispute and end up expanding the conflict.496 Additionally, countries might be holding
back from launching attacks due to fears that they will be named and shamed, and then
sanctioned or isolated by the international community.497 While many of the reasons listed
here may not appear to be related to the creation of a norm, the restraining influence they
have on nations’ behavior could lead to an expectation that these weapons will not be
deployed, thus creating a norm.
Role of Institutions in Cyberspace – Institutions can enhance security. Membership
in regional or international organization encourages states to hold to common norms, rules,
and principles which can reframe national interests. Generally, institutions will arise after a
norm has already been agreed upon by the member states.498 Norms will then shift and
495 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The
Impact of Cyber Conflict.” 496 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 497 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The
Impact of Cyber Conflict.” 498 Choucri, Nazli, Stuart Madnick, Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current
Responses and New Challenges (Revised).” Information Technology for Development, 2013, p. 3.
142
evolve over time as regular interactions between actors help to shape expectations of
behavior.499 In cyber-space, the process may actually end up being reversed, with either new
or existing institutions developing the norms that will take hold. This may occur in large part
because cyber-space was built by the private sector and is still largely managed and owned
by private companies. While the US government played a major role in the creation of cyber-
space, the infrastructure and foundation of cyber-space is still privately owned. State
sovereignty in cyber-space is additionally a new concept, and the role of the state in cyber-
space is still unclear. For these reasons, there is good reason to suspect that institutions,
including private ones, and not states, will play the dominant role in creating any norms in
cyber-space.500 There is evidence this is already occurring at the private and supra-national
levels.
At the private level, groups ranging from tech giants to standards setting
organizations have been pushing for the creation of norms. Much of this effort began in
groups working at setting technical standards and enhancing cooperation between
government and industry. From there the goals have expanded, and now include efforts to
enhance the security and resilience of cyber-space and stressing efforts to enhance
collaboration between actors in cyber-space. This includes work by groups like the
International Organization for Standardization and the Information Security Forum, whose
members draw from academia and industry, as well as international political non-
governmental organizations such as Human Rights Watch.501
499 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 445. 500 Choucri, Madnick, and Ferwerda, “Institutional Foundations for Cyber Security: Current Responses and New
Challenges (Revised).” 501 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North
Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p. 435-436, 440.
143
Existing supra-national organizations have also become involved in shaping norms.
The G-20 has endorsed a prohibition on cyber-espionage for commercial purposes. The
Organization for Security and Cooperation in Europe and the Shanghai Cooperation
Organization have both issued declarations regarding responsible behavior in cyberspace,
as have NATO, the European Union, ASEAN, and the African Union.502 There has not,
however, been agreement among these actors regarding what the appropriate norms should
be.
The United Nations (UN) has also been involved in efforts to create norms. The main
achievement of the UN in this regard has come from a group of nations named the UN Group
of Governmental Experts (UNGGE). The effort began in 2010 when the UN Information and
Communications Technology Task Force recommended that the UN push nations to create a
treaty regarding not only responsible use of cyber-weapons, but what would constitute
responsible behavior more broadly.503 That push has not yet led to a treaty, but it did lead
to the creation of the UNGGE in 2013 when the UN, for the first time, convened experts from
15 member states, including Israel, to discuss state responsibility and the applicability of
international law to cyber-space.504 The UNGGE has since issued yearly statements on
appropriate behavior in cyber-space based on the recommendations. The norms the UNGGE
sought to create include that countries should not allow their territory to be used to launch
cyber-attacks, enhanced information sharing between governments on existing threats,
protection for human rights including privacy and freedom of expression, states should take
502 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 439, 442; Benoliel, “Towards a
Cybersecurity Policy Model,” p. 441, 480. 503 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 504 Benoliel, “Towards a Cybersecurity Policy Model,” p. 441.
144
steps to protect their own infrastructure from attack, and prohibitions on cyber-attacks
against emergency response teams or critical infrastructure. Further, the UNGGE has called
for increased transparency regarding capabilities as well as confidence-building measures
between states, including regular dialogue through the UN and bilateral or multilateral
forums. The UNGGE also stressed that cooperation and confidence building will only succeed
if nations with more advanced capabilities assist with capacity-building in nations that have
not yet achieved the same level of technological advancement. This includes assisting with
securing critical infrastructure, developing technical skills and abilities, and advising on
strategies and legislation.505 While these pronouncements are important steps forward in
the creation of norms, the UNGGE’s decision has not become customary international law
and it is nonbinding.506
Treaties – While these efforts to begin to craft norms of behavior are important,
legally binding treaties with enforcement mechanisms are far more powerful tools, and are
sorely lacking in cyber-space.507 The international community is still at a very early stage in
this regard, and not much has been accomplished. The most successful treaty thus far
remains one signed in 2001. This was the Convention on Cybercrime, which was drafted by
the Council of Europe in conjunction with observer states. While this treaty has been
successful in enhancing cooperation between law enforcement agencies in states that have
signed or ratified it (including Israel, which has ratified it), it still has just 56 signatories. Not
505 Group of Governmental Experts. “Report of the Group of Governmental Experts on Developments in the Field of
Information and Telecommunications in the Context of International Security.” United Nations Group of
Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of
International Security, A/70/174, July 22, 2015. 506 Benoliel, “Towards a Cybersecurity Policy Model,” p. 441. 507 Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American, June 2016.
145
included on that list are both China and Russia which worried the treaty would infringe on
their sovereignty and ability to control information in their nations.508 While the treaty
creates regional norms, the lack of China’s or Russia’s ascension limits the treaty’s power as
a universal norm.
There have been proposals for treaties by most of the major cyber-powers.509 Russia
and the EU have pushed for a wide-ranging treaty that would create norms regarding the
types of weapons that could be developed and deployed in cyber-space as well as how
countries should interact. Thus far, the US has rejected such attempts, in part fearing they
would be unenforceable and would be abused by Russia.510 The US has pushed for treaties
that accept that the laws of armed conflict (LOAC) be adopted by all states when planning
and launching cyber-operations. This includes banning attacks on civilians and on critical
infrastructure during peacetime.511 Russia and China have been reluctant to accept these
proposals however.
The Limits of the Power of Norms in Cyberspace – Despite some hopeful signs, there
is reason to doubt that norms are emerging in cyber-space, or that it will even be possible to
craft norms that can be enforced.512 One major issue is that there are profound differences
between the cyber-powers, and these differences will make it nearly impossible to find
508 Choucri, Cyberpolitics and International Relations, p. 168; Finnemore and Hollis, “Constructing Norms for
Global Cybersecurity,” p. 437-438. 509 Hurwitz, Roger. “The Play of States: Norms and Security in Cyberspace.” American Foreign Policy Interests.
Vol 36. 2014. 510 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 106. 511 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.
61. 512 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 437-438; Even and Siman-Tov,
“Cyber Warfare: Concepts and Strategic Trends.”
146
agreement.513 Russia, China, and the US, the three most powerful nations in the world
system, have fundamentally different goals and desires regarding cyber-space. Where the
US and other Western states are interested in protecting freedom of speech, privacy, and
individual liberty on-line, Russia and China are primarily concerned with using information
campaigns on their own populations (and on citizens in other nations as Russia’s actions
regarding the 2016 US Presidential election illustrate) to control what they see and
believe.514 China is highly worried that calls for freedom of expression in cyber-space are
simply being used to undermine its regime.515 This is not an area on which compromise is
likely to be achieved due to the fundamentally contradictory nature of the goals.
Russia has also at times pushed for cyber-weapon arms control treaties that it claims
would limit the development of such weapons and create international supervisory systems
to ensure compliance. Western states have not inherently opposed the goal, but have
greeted the Russian push for such a treaty with great suspicion. Part of the reason is that
Western states fear Russia is simply attempting to create a treaty that will limit political
speech and action in cyber-space. Additionally, the US has expressed skepticism that any
new international agency would be needed, instead preferring to rely on cooperation and
existing international law. Doubts on the efficacy of enforcement have also been key to US
objections. This stems mainly from the difficulties in attributing attacks. The US therefore
fears that Russia would simply blame its attacks on the US on non-state actors in order to
513 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,
2010, p. 18; Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”
Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.
Policy. 2010. http://www.nap.edu/catalog/12997.html, p. 194. 514 Hurwitz, “The Play of States.” 515 Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected
Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 73.
147
continue its offensive actions while pretending to be in compliance with the treaty. The US
is also concerned that Russia is simply attempting to close the gap with the US’s superior
capabilities by restraining US capabilities but not impacting Russia’s.516
For the US, the main concern has been the theft of intellectual property. This danger
mainly arises from China, which is notorious for such cyber-espionage. China has been
accused of using widespread cyber-espionage against US companies in order to steal
intellectual property to advance China’s economy. The US views such actions as a threat to
America’s economic strength and strategic advantage as a center of innovation.517 The US
and China briefly came to an agreement to halt such actions, as mentioned above, but the
deal quickly unraveled. This is in major part because the interests of the two sides are
diametrically opposed. Further, it would be very difficult to create an enforceable treaty in
this regard that would also contain penalties severe enough that it would deter China from
engaging in an activity that has been highly valuable to its economy and thus, in China’s eyes,
to its national security.518
Further decreasing the chances of success, relations between the US and China as well
as the US and Russia have been deteriorating in cyber-space and overall.519 This is evidenced
by the US indictment of the Chinese hackers as well as Russia’s efforts to use cyber-space to
undermine the integrity of the US electoral system. As relations between these countries
have soured, so have the chances of finding agreement on a treaty regarding interactions and
behaviors in cyber-space. If the dominant countries cannot agree, treaties can still be struck
516 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 437-438; Even and Siman-Tov,
“Cyber Warfare: Concepts and Strategic Trends.” 517 Tabansky, “Cybercrime,” p. 73; Hurwitz, “The Play of States,” p. 329. 518 Hurwitz, “The Play of States,” p. 329. 519 Maness and Valeriano, “The Impact of Cyber Conflict,” p. 15.
148
by other nations, but it will be difficult for any norms those treaties might create to take effect
if powerful nations will not abide by them.
In addition to these differences complicating efforts at a treaty, cyber-capabilities
have become a central component of nations’ national security strategies and cyber-space
has become a critical support mechanism for modern warfighting as Israel’s experience in
Operation Cast Lead demonstrates.520 Cyber-weapons have already been shown to be useful
at achieving a range of effects, from disabling enemy radar systems, to jamming
communication systems, to supporting troops in the field, to, in the case of Stuxnet, causing
physical damage. New advances and capabilities continue to be developed as well.521 Due
to the fact that countries are still discovering what these weapons can do, and the central
role they already play, it is highly unlikely that treaties could be reached that would restrict
the use of cyber-weapons as part of war, limit the use of cyber-espionage against other states,
or place any control on how a country thinks it could use cyber-space to enhance its national
security.522
Barring a new way to discover and monitor cyber-weapons, verification challenges
would make the enforcement of any treaties difficult.523 It would be fairly simple to destroy
evidence of cyber-weapons as inspectors arrived; a flash drive could do the trick.524 Further,
just as in the physical realm, it would be very hard to tell if a particular weapon was created
to launch attacks or to be used only as part of a counter-attack.525 In addition, the difference
520 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 192-193. 521 Brown, Cameron S. and David Friedman “A Cyber Warfare Convention? Lessons from the Conventions on
Chemical and Biological Weapons.” In Arms Control and National Security - New Horizons, eds. Emily B. Landau
and Anat Kurz, Memorandum No. 135, Tel Aviv - Institute for National Security Studies, 2014, p. 56. 522 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 191. 523 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 192-193. 524 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 61. 525 Jervis, Robert. “Cooperation Under the Security Dilemma.” World Politics. Vol 30, No 2 1978, p. 202.
149
between computer code that creates a cyber-weapon and that which is used for other
purposes can theoretically come down to a single line of coding. Dual-use technology is an
issue here as it might be difficult to tell if software had written for military purposes or
another purpose.526 Therefore, even under the best of circumstances, it will be very difficult
to tell what the purpose of any particular program is.
Along these lines, private companies play a major role in cyber-space and in the
development of at least some of the technology that is used to create cyber-weapons. Any
treaty would therefore need to include some sort of inspections on them, which would be
fought against strongly by these companies. This is in large part over fears of industrial
espionage.527 Further, complicating the picture, many of the people involved in planning and
developing cyber-attacks are not part of militaries. This makes it that much harder to
determine who should be targeted by any treaty and expands the ways that states can avoid
detection if they choose to violate the norms.528
Attribution is another major challenge as was discussed in the previous chapter.
Norms cannot work to constrain behavior if attribution cannot be determined as a state
cannot be held accountable for its actions.529 Cyber-attacks may not be uncovered for years,
if they are uncovered at all. Cyber-weapons are not always as easily identifiable and
attributable as weapons in the kinetic realm. Thus, the types of weapons control treaties
that are successful in the physical world may not be relevant to cyber-space.530
526 Brown and Friedman, “A Cyber Warfare Convention?” p. 56. 527 Brown and Friedman, “A Cyber Warfare Convention?” p. 57. 528 Crosston, Matthew. “Duqu’s Dilemma: The Ambiguity Assertion and the Futility of Sanitized Cyberwar.”
Military and Strategic Affairs. Vol. 5, No. 1, 2013, p. 120-121. 529 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 60. 530 Brown and Friedman, “A Cyber Warfare Convention?” p. 57.
150
Conclusion – Overall, at this stage the creation of large multi-lateral treaties is highly
unlikely.531 This does not mean, however, that it is a lost cause. There are still areas of
agreement, and there does appear to be a shared desire to reduce the dangers cyber-spaces
poses to national security. While treaties and norm creation are likely not going to be
possible in areas states view as key to their visions of national security, there are still issues
that can be discussed, and perhaps more importantly, areas where cooperation can begin to
occur.532 Even if this cooperation starts out small and on a limit range of issues, it is possible
to use successes in those arenas to build trust and over time expand into more difficult issues.
Even norms that receive insincere conformity from actors can slowly begin to shape the
realm of what is possible and push all state actors towards genuine compliance.533 Currently,
cyber-attacks by states have been increasing, yet, the severity of those attacks have not. The
longer the world goes without large-scale and devastating cyber-attacks, the more likely it
becomes that a norm emerges against the use of such attacks and states will set up rules to
ensure those norms become enforceable through treaties.534 In the end, norms and
pronouncements against attacks are useful, but they are not nearly as useful as formal
treaties and commitments.535 The road appears to be long, but working toward that goal is
worth the effort.
International Law:
International law plays an important role in constraining state behavior, as Garcia
531 Nye, “Cyber Power,” p. 18. 532 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 180. 533 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 443. 534 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 63. 535 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 205.
151
(2014) states, “there is little progress in international relations without progress in
international law.”536 It is arguable that international law is the tool best suited for
regulating weapons in the physical realm. When laws have not existed, arms races have
inevitably followed. Using force to attempt to control weapons development has generally
failed and has often been counterproductive.537 Thus, it is possible that international law
will be the tool that is most effective in controlling behavior in cyber-space as well.
A critical question in that regard is whether existing laws apply to cyber-space, and
whether they really fit considering the differences between the physical and cyber-realms.
There is strong disagreement on this question.538 The US has embraced the idea that existing
international law applies as is, stating so unequivocally in its International Strategy for
Cyberspace. By contrast, neither China nor Russia appear to support the conclusion that it
applies as is.539
Arguably the most important and well known attempt to apply international law to
cyber-space is the Tallinn Manual, which was published in 2013. It is the culmination of a
three-year effort (on which work continues as of 2017) by twenty international experts,
known as the International Group of Experts (IGE), on international law. The Tallinn Manual
was developed under the auspices of NATO’s Cooperative Cyber Defnse Centre of Excellence,
but is non-binding, including on NATO and its members. The goal of the project was to help
build customary international law that would become binding over time on all nations.
536 Garcia, Denise. Disarmament Diplomacy and Human Security: Regimes, Norms and Moral Progress in
International Relations. (New York: Routledge, 2011), p. 1. 537 O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and
WMDS.” Washington University Global Studies Law Review, Vol 13, No 515. 2014, p. 517. 538 Eichensher, Kristen E. “Cyberwar & International Law Step Zero.” Texas International Law Journal. Vol 50, No
2. 2015; Nye, “Deterrence and Dissuasion in Cyberspace,” p. 47. 539 Eichensher, “Cyberwar & International Law Step Zero,” p. 364.
152
Therefore, each of the rules the Tallinn Manual lays out are adopted by consensus (with any
differences in opinion regarding application included as commentary). The overall
conclusion of the IGE was that existing laws do apply to cyber-space, albeit sometimes with
modifications to adjust for differences in cyber-space.540
Much of the question regarding the applicability of international law revolves around
the UN Charter and Articles 2(4) and 51. Article 2(4) states: “All Members [of the United
Nations] shall refrain in their international relations from the threat or use of force against
the territorial integrity or political independence of any State, or in any other manner
inconsistent with the Purposes of the United Nations.” Article 51 reads as follows: “Nothing
in the present Charter shall impair the inherent right of individual or collective self-defence
if an armed attack occurs against a Member of the United Nations, until the Security Council
has taken measures necessary to maintain international peace and security.” These
principles underpin much of international law. The central issues for this chapter are that it
is not clear in cyber-space what a “use of force” or “armed attack” are, or what it means to
engage in “self-defense.”
The distinction between an “armed attack” and a “use of force” is important. An
armed attack triggers the right to self-defense, where as being targeted by a use of force does
not, but the use of force can still be met with sanctions and retaliatory measures short of self-
defense. There is general agreement that determining if an armed attack has occurred in
540 Tallinn Manual on the International Law Applicable to Cyber Warfare. Edited by Michael N. Schmitt.
(Cambridge, New York: Cambridge University Press, 2013).
153
cyber-space necessitates basing that decision on the effect of that attack. In essence, what
was the level of damage caused, and what was targeted.541
While there is general agreement that an armed attack in cyber-space triggers the
right to self-defense, there are competing schools of thought regarding when the threshold
is crossed and an act becomes an “armed attack.” One group holds that an armed attack in
cyber-space requires that there be physical damage or death as a result of the attack. This is
the position of the Tallinn Manual.542 Others, including the US government, contend this
definition does not go far enough. They argue that in addition to attacks that cause
destruction or death, it is important to look at the broader context and examine what the
target of the attack was and what the goal of the attack was. An attack targeting critical
infrastructure that does not lead to physical destruction could still be an armed attack under
this argument depending on the damage done and the context surrounding it.543 The
argument of the US government is, therefore, that there is no inherent threshold for what
qualifies as an armed attack.544
There are also calls to modify the existing definition of armed attack due to the new
types of dangers cyber-space poses. The argument is that cyber-attacks can destabilize
economies, which is a threat to national security. Thus, attacks that, for instance, destroy
financial data should be considered as armed attacks if they are severe enough.545 The
541 Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors.” International Law Studies. Vol
89. 2013; p. 415; Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and Tallinn Manual
Juxtaposed.” Harvard International Law Journal, Vol 54. 2012, p. 21-22; Tallinn Manual on the International Law
Applicable to Cyber Warfare; Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of
National Security Law and Policy. Vol 4, No. 63. 2010. 542 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 415; Schmitt, “International Law in
Cyberspace,” p. 21-22; Tallinn Manual on the International Law Applicable to Cyber Warfare. 543 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 415; Schmitt, “International Law in
Cyberspace,” p. 21-22. 544 Schmitt, “International Law in Cyberspace,” p. 21-22. 545 Eichensher, “Cyberwar & International Law Step Zero,” p. 373.
154
Tallinn Manual authors diverged on this point and were unable to find a consensus view.546
Thus, overall it remains unclear exactly what constitutes an armed attack in cyber-space.
The definition of “use of force” has overlap with “armed attack,” but is more expansive
given that being a victim of a use of force does not necessarily allow a country to engage in
self-defense (though when the use of force results in destruction or death there is agreement
that prohibitions on use of force and armed attacks are broken and self-defense is triggered).
There is again nearly unanimous agreement that cyber-attacks resulting in destruction or
death are a use of force. From there the question again becomes less clear. Here again, the
generally accepted conclusion is that determining if a use of force has occurred is effects
based.547 The problem lies again in attacks that do not cause death or destruction. There is
agreement that such attacks can qualify, but where that threshold lies is unclear. The IGE
recommends that attacks be examined based on the following central criteria: severity (how
much damage is caused), “immediacy (the speed with which consequences manifest),
directness (the causal relation between a cyber operation and its consequences),
invasiveness (the degree to which a cyber operation intrudes into targeted systems),
measurability of the effects, military character of the cyber operation, extent of State
involvement, and presumptive legality (acts not expressly prohibited by international
law).”548 The IGE goes further as well, arguing that the target can be of importance (military
or critical infrastructure), the attacker’s identity and track record, and the broader
546 Tallinn Manual on the International Law Applicable to Cyber Warfare, p. 56. 547 Schmitt, “International Law in Cyberspace,” p. 19; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 11, supra note 5, R. 11 cmt. 8. 548 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 11 cmt. 9.
155
geopolitical context of the attack.549 In general, all actors agree that the threshold for use of
force is lower than that of an armed attack.
There is generally consensus that a series of low-level attacks occurring all at once or
spread over time that combine to create damaging effects can qualify as either an armed
attack or a use of force. This is a very important issue to states like Israel that face nearly
constant barrages of such low-level attacks. The IGE and many others generally agree that if
the attacks originate from the same actor (or group of actors working together) and there is
accumulation of effects severe enough to meet the definition of use of force or armed attack,
then the targeted state would be justified in responding as allowed under international law
for either use of force or armed attack.550 It remains debated, however, if cyber-espionage
can quality as a use of force, even if it is conducted over a long period of time and against
sensitive targets.551
In regards to state support for non-state actors, the consensus appears to be that
states can be held responsible for non-state actors’ behavior, but only under certain
situations. A nation targeted by a non-state group would not be able to claim it was a victim
of a use of force or armed attack by another state if the state from which the group operates
is only providing sanctuary but no further support. If, however, a state offers cyber-weapons
to a group to use against another state, the state that provided the cyber-weapon has, if the
effects rise to the level required, engaged in a use of force or an armed attack.552
549 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 11 cmt. 10. 550 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 417; Schmitt, “International Law in
Cyberspace,” p. 22-23; Tallinn Manual on the International Law Applicable to Cyber Warfare, supra note R. 13
cmt. 8. 551 Lin, “Offensive Cyber Operations and the Use of Force,” p. 78. 552 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 11 cmts. 4,5.
156
The protection of civilians raises additional questions regarding how to apply
international law in cyber-space. In international law, the law of armed conflict (LAOC)
governs how states are allowed to behave during armed conflict. It consists of a wide range
of laws from a variety of sources, including the Geneva Conventions, customary law, and
treaties. A main goal of LOAC is to decrease the suffering of persons not participating in the
conflict, in other words, civilians.553 Targeting of civilians is strictly forbidden, as is failing
to take steps to limit collateral damage.554 Attackers must take steps to ensure that they hit
targets that provide military advantage while causing as little damage to civilian
infrastructure as possible.555 These protections arise mainly from the Geneva Conventions
and the Rome Statute.556
Cyber-weapons pose some interesting issues in this regard. It is possible that states
have been showing restraint in deploying cyber-weapons due to fears they will cause
collateral damage.557 Cyber-weapons can escape from their original target and do damage
elsewhere. Therefore, there is an inherent danger to the use of such weapons. On the other
hand, cyber-weapons can be programmed to be far more discrete than other types of
weapons. They can be coded in ways that will only allow them to activate and cause damage
either in specific networks or computers, or under certain conditions. This could actually
decrease the likelihood of causing collateral damage to civilians.558 This uncertainty as to
the level of collateral damage cyber-weapons cause complicates efforts to apply
553 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 420. 554 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 77. 555 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 434-435. 556 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 426-427. 557 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 62. 558 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge
Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge.
2016.), p. 197-198.
157
international law to cyber-space as it is not clear what the impact of cyber-weapons are on
civilian systems.
The issue of so-called “dual-use” technology further complicates the issue. Dual-use
technology is anything that has both civilian and military uses, such as GPS systems.559 While
this can be a problem in the physical realm, it is a major concern regarding the ability to
apply LOAC to cyber-space. Military and civilian networks heavily overlap, and in no country
are the two systems fully separate. This can manifest in many ways, for example, cyber-
weapons that target military equipment might also end up damaging the same systems used
in commercially available equipment, and attacks on communications networks which are
used by the military are also networks likely to be used by civilians. This means that in many,
if not most, cases, attacks on “military” targets will also be attacks on “civilian” ones. There
is thus an argument that LOAC cannot be successfully applied to cyber-space. If you cannot
delineate or clearly separate military and civilian networks, it then becomes impossible to
say when civilians are being targeted and an action should be illegal. This further
complicates questions as to what qualifies as an act of war or a war crime.560
There appears to be a consensus, however, that LOAC can still be applied even if these
lines are not always clear. LOAC does not completely prohibit an attack if there will be
incidental damage to civilians anyway. In the physical realm, harm to civilians can occur as
long as the damage is not excessive in relation to the military advantage the attack gains.
This standard can apply to cyber-space.561 The IGE argued that in cases where it is not
possible to determine what parts of a network are used for civilian purposes vs. military
559 Brown and Friedman, “A Cyber Warfare Convention?” p. 55. 560 Crosston, “Duqu’s Dilemma.” 561 Crosston, “Duqu’s Dilemma.”
158
purposes, the entire network can be considered as a military objective for a cyber-attack.562
More complicated is the question of social media networks. Social media sites such as
Facebook and Twitter have been used in some recent conflicts to convey military
information. In such cases, the IGE came to the opinion that those facets of the social media
sites would be legitimate targets, but the network as a whole would not.563
Israel, Norms, International Law and Cyber-Space:
Israel has had a complex relationship with the building of norms in cyber-space. As
part of the UNGGE, Israel played a central role in one of the only major attempts to build
universal cyber-norms, and has been supportive of its recommendations. Israel’s actions
have generally also been consistent with the UNGGE recommendations. Israel has protected
its critical infrastructure and defended free speech and expression in cyber-space. Israel has
also engaged in confidence building measures, including working closely with the US and a
small number of other nations. Further, as will be discussed in the following section, Israel
is playing a role in helping other states to boost their cyber-defenses. How Israel views the
norm against attacking critical infrastructure in enemy states is less clear. As noted in the
previous chapter, Israel is reported to be developing cyber-weapons that can target potential
adversaries’ critical infrastructure. Eviatar Matania, the head of the NCB, has questioned if
such a norm can even exist since there is no universally accepted definition of what critical
infrastructure is.564 However, no evidence suggests Israel has actually targeted critical
562 Schmitt, “International Law in Cyberspace,” p. 30; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 39 cmt. 3; Eichensher, “Cyberwar & International Law Step Zero,” p. 375. 563 Schmitt, “International Law in Cyberspace,” p. 30; Tallinn Manual on the International Law Applicable to Cyber
Warfare, supra note 5, R. 39 cmt. 4. 564 Uchill, Joe. “Israel Cyber Head: US-Backed Cyber Norms Too Broad.” The Hill, September 13, 2016.
http://thehill.com/policy/cybersecurity/295651-israel-cyber-head-us-supported-cyber-norms-too-broad
159
infrastructure. While it is possible that Israel has not done so because it has had no need to
and does not want to waste the weapon, it is also possible to argue that a norm against such
attacks is beginning to take hold. The longer the world goes without such an attack, the more
a norm is likely to develop against doing so.
Despite Israel’s participation in the UNGGE, Netanyahu has expressed doubts that a
universal code of norms in cyber-space can be created and applied, and Matania has stated
that he believes that the universal norms the US proposed in 2016 were too broad to be
implemented. This may stem in part from the disproportionately harsh treatment Israel has
received at the UN, but the doubt appears to stem more from worries that consensus will be
hard to build and that countries will not abide by the norms, thus handcuffing states that do.
This fear too, is based in Israel’s previous experiences with international norms and laws.
Four nations that have engaged in armed conflict with Israel in the Middle East have violated
the Non-Proliferation Treaty, and three have violated bans on chemical and biological
weapons. At the same time, both men have expressed support for the creation of regional
norms by like-minded nations that can then impose coordinated sanctions on nations that
violate them.565 Thus, despite Israel’s doubts regarding the creation of universal norms,
Israel still believes that norms are an important tool in promoting cyber-security.
Israel may also be hesitant to create new norms and laws limiting the use of cyber-
space as it has an advantage over its adversaries in this realm. It is unlikely that Israel, or
other cyber-powers, would want to create limits to their capabilities, particularly given the
565 Uchill, “Israel Cyber Head: US-Backed Cyber Norms Too Broad;” Segal, Adam. “The Middle East’s Quietly
Rising Cyber Super Power.” Defense One, January 27, 2016.
http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-
power/125472/#.Vq1gjEdsNqE.mailto
160
novel nature of cyber-space and cyber-weapons. This does not mean there is not hope that
agreements and understandings can be reached. Israel, for example, would likely be more
open to laws and norms regarding protection of critical infrastructure or cyber-crime.
Israel’s actions and experience in cyber-space provide insight regarding the interplay
of cyber-weapons and international law. Stuxnet is a primary example. There is general
consensus that under international law, the use of Stuxnet was illegal.566 The is regarding
whether it was a use of force or an armed attack. In this regard, despite the physical
destruction it caused, expert opinion is generally that Stuxnet was an illegal use of force, but
that it was not an armed attack as the level of destruction was not great enough.567 This
means that under international law Iran would not be entitled to act in offensive self-defense.
That Stuxnet caused physical destruction, but is generally not viewed as an armed attack,
raises some doubts regarding the ease of applying existing international law to cyber-space.
In regards to protection for civilians, Stuxnet is also instructive. While Stuxnet did
escape its intended target, it did not cause collateral damage. The designers of the cyber-
weapon may have failed to account for all the ways that it could escape and infect outside
machines, but they were able to code Stuxnet in such a way that its escape did not really
matter. Stuxnet could only cause damage inside Iran’s nuclear weapons enrichment
facilities.568 This would seem to show that international law and normative requirements
played an important role in how Stuxnet was designed and developed.
566 O’Connell, “21st Century Arms Control Challenges,” p. 519; Tallinn Manual on the International Law Applicable
to Cyber Warfare. 567 O’Connell, “21st Century Arms Control Challenges,” p. 525; Tallinn Manual on the International Law Applicable
to Cyber Warfare. 568 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow (2015) Cyber
Denial, Deception and Counter Deception. Advances in Information Security, Vol. 63 (Springer: New York), p. 63.
161
The constant barrage of cyber-attacks Israel faces provides an interesting case to
consider regarding issues related to self-defense. Israel has faced numerous rounds of
coordinated cyber-attacks. It is not clear if Israel can invoke self-defense against them,
however. Most of the attacks have been low level incidents, which could be grounds to
invoke self-defense if they caused damage. Israel likely cannot, however, invoke self-defense
as the attacks have not caused significant damage. Complicating matters, most of these
attacks are launched by non-state actors, many of which have ties to Iran. Should any of
these efforts cause significant damage, Israel, under international law, might have the right
to invoke self-defense against either Iran, if it supplied the weapons,569 or against the non-
state actors themselves. This second contention is more controversial and it is not clear if
states can invoke self-defense against non-state actors. Article 51, however, does not specify
that armed attacks must be launched by state actors, so a good case can be made that it is
legal to invoke self-defense against them.570 There are a number of states that do in fact
claim this right in cyber-space. Israel is one of them.571 Thus, Israel appears to be trying to
help push international law and norms toward a position that would allow nations to invoke
self-defense against non-state groups. Considering Israel’s history of being targeted in
cyber-space and the physical world by non-state actors, this is not surprising.
569 Blank, “International Law and Cyber Threats from Non-State Actors;” Schmitt, “International Law in
Cyberspace,” p. 20. 570 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 413. 571 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 414.
162
Capacity Building and Soft Power:
One of the norms that the UNGEE report hoped to create was for countries with
advanced capabilities to work with nations that are less advanced and help them boost their
cyber-security. Israel has taken steps that appear to both support the creation of this norm,
and benefit Israel directly. Whatever its intentions, Israel’s actions in this regard could be
an important step in ensuring this norm becomes more commonly accepted. One way in
which norms can emerge is when powerful countries offer incentives to other nations.572 In
cyber-space, for example, non-state actors or governments can offer technical assistance to
other actors in exchange for setting up CERTs or modifying behaviors.573 Cyber-space is
particularly well suited for this approach to setting norms as no country can address the
dangers on their own.574 International collaboration is critical to building strong cyber-
defenses, so offers of assistance by strong states are powerful incentive. Israel, to this point,
has been a pioneer in cyber-diplomacy.
Netanyahu has expressed a desire to not only use cooperation in cyber-space to boost
Israel’s national security, but additionally to view it as a public good that can improve
security around the world. This cooperation has involved inter-government interactions,
including with neighboring Arab states. Israel has also allowed private sector cyber-security
firms to work with and provide tools to foreign governments as a way to boost
cooperation.575 In June of 2016, for example, the World Bank organized a workshop in Tel
572 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 449. 573 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 452. 574 Clarke, Richard A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do
About It (Ecco: HarperCollins Publishers, 2012); Choucri, Cyberpolitics and International Relations, p. 150-151,
156. 575 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington
Quarterly. Vol 40, No 2. 2017, p. 124.
163
Aviv between eight developing nations and Israel’s Ministry of Economy and the NCB so the
developing nations could learn how to boost their cyber-security abilities from Israel. Israel
stressed that it saw this meeting as a chance to boost capacity in the developing states and
thus improve cyber-security for all the nations involved.576 Additionally, in 2016, a private
Israeli security company, Vital Intelligence Group, announced that it was setting up
academies in India that would provide cyber-defense training to India’s government and
private citizens.577 In 2017, Israel and India agreed to discuss how to institutionalize their
cyber-security cooperation.578
For Israel, this has the benefit of not only fulfilling the goal of building capacity in
other nations, but boosting Israel’s soft power as well. Israel appears to be attempting to use
the incentive of cyber-assistance through a possible developing norm of capacity building to
boost relations with the nations it offers assistance to. This has become one of the main tools
Israel uses to try to improve its international standing. Israel provides assistance and in
exchange requests that the nations it helps take a more friendly approach in international
forums, such as the UN. The long-term hope is that Israel can even use cyber to help
normalize relations with its Arab neighbors, some of which have received assistance from
Israel in this realm.579
576 World Bank. “Israel Shares Cybersecurity Expertise with World Bank Client Countries.” The World Bank. June
22, 2016. http://www.worldbank.org/en/news/feature/2016/06/22/israel-shares-cybersecurity-expertise-with-world-
bank-client-countries 577 INSS. “Global Cyber Bi-Weekly Report - Sep 1, 2016.” Institute for National Security Studies. September 2,
2016. https://www.dcoi-conference.org/single-post/2016/09/02/Global-Cyber-Bi-Weekly-Report---Sep-1-2016 578 Gupta, Shishir. “India, Israel to Enlarge Web of Ties, Institutionalise (sic) Cyber Security Dialogue.” Hindustan
Times. May 21, 2017. http://www.hindustantimes.com/india-news/india-israel-set-to-enlarge-web-of-ties/story-
zE5EZAxjGDTvRXmHMXwWEO.html 579 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 124.
164
In that regard, Israel has also found there are dangers to offering assistance to other
nations. In 2016, the United Arab Emirates attempted to hack into a human rights worker’s
phone using a cyber-weapon that had been developed by a private cyber-security company
in Israel.580 As a major cyber-power, Israel is helping to determine what norms will be. This
is an area in which Israel should be careful. Such actions undermine stated commitments to
ensuring freedom of expression in cyber-space and commitment to democracy more
broadly. Further, Israel should be wary of helping to create a norm that would allow such
behaviors. Using cyber-space to improve relations is a valuable tool, but Israel should be
careful to strike a balance between enhancing its own standing and setting responsible
norms.
Concluding Observations:
Norms do not appear overnight. This is particularly true regarding new weapons
systems.581 Developing those norms will take time and careful thought. Simply applying
what is used in the physical world to cyber-space may not prove effective. While applying
existing international law and norms to cyber-space as a stop gap measure to try to help
prevent harm might be a valuable idea, this is not a long-term solution.582 Scholars and
practitioners should pay careful attention to what is really happening in cyber-space before
attempting to apply old norms to it or build new ones. Norms are only effective if they are
based in their context.
580 Druckman, Yaron, Saul Sa’arhaas, and AP. “Apple boosts iPhone security after Mideast spyware discovery.”
YNetNews. August 26, 2016. http://www.ynetnews.com/articles/0,7340,L-4846422,00.html 581 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945
(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 442. 582 Eichensher, “Cyberwar & International Law Step Zero,” p. 378.
165
As is always the case when discussing norms and international law, underlying all of
this is the question of enforcement. There is no supra-national body with the power to
enforce international law or police norm violations. Realists would argue that for this
reason, international law has a very limited ability to overcome the anarchy inherent to the
world system. Countering this, Israel’s example shows that efforts are beginning to take
shape to create norms and apply international law to how countries determine how and
when to use cyber-weapons, and that they do appear to have at least some impact on state
behavior. Further, attempts to create such norms and international law will never have
perfect compliance, just as is true in the physical realm. That does not mean these attempts
do not have value. Countries sign onto these types of agreements, such as prohibitions
against genocide, because they bring benefits that outweigh the costs associated with
compliance.583
Recommendations:
Find Compromise – Creating norms or finding agreement on remaining questions
regarding international law will be a major challenge. Therefore, the most productive path
moving forward is to attempt to identify where agreement might be possible.584 The area
that seems most ripe for an agreement is regarding protecting against attacks on critical
infrastructure, despite disagreements on what qualifies as critical.585 Israel should also push
583 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 205. 584 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 180. 585 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” pp.193, 206; Valeriano and Maness,
Cyber War Versus Cyber Realities, p. 192; Clarke and Knake, Cyber War, p. 270; Nye, “Deterrence and Dissuasion
in Cyberspace,” p. 61; Honegger, Barbara. “Former Counterterrorism Czar Richard Clarke Calls for New National
Cyber Defense Policy to Prevent a Cyber 9/11,” Naval Post-Graduate School. August 30, 2010.
https://web.nps.edu/About/News/Former-Counterterrorism-Czar-Richard-Clarke-Calls-for-New-National-Cyber-
Defense-Policy-to-Prevent-a-Cyber-9/11-.html
166
to ensure there is agreement that protections for civilians in the physical world are broadly
accepted as applying to cyber-space as well.586 Israel has already shown its support for such
protections through it actions, so this would simply be a public push in support of what Israel
already does in practice. It may also be possible to reach an agreement in which states
commit not to be the first to use cyber-weapons in a conflict.587 This will be harder to
achieve, but even if states to do fully adhere to it, it could be a valuable deterrent to an
expansion in the use of cyber-attacks. As discussed, it is probable that in cyber-space existing
organizations or new bodies will take leading roles and formulate new norms, thus, Israel
should focus on helping to shape the administrative structure and function of existing or new
bodies to shape what norms emerge. Any agreements that do emerge will require that states
determine what responsibilities they will have under the agreement, what types of activities
are covered, and what the punishments are for failing to meet them. To be effective, even if
norms arise out of an existing body, it may also be necessary to establish a new international
body focused solely on these issues to ensure requirements are being met.588
Any agreement that is reached will also have to be flexible due to the novel nature of
states’ ability to exploit cyber-space. For example, the Convention on Cybercrime allowed
states to exempt themselves from prosecuting particular crimes and further permitted that
they could withhold cooperation if they viewed enforcement of a particular statute to be
inconsistent with their domestic policies or national security concerns.589 While clearly this
weakens any treaty or agreement, it might be a necessary step to get countries to agree, and
586 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” pp.193, 206. 587 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.
61. 588 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements.” 589 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p.185.
167
agreements can later be modified and strengthened later on. Thus, Israel should be willing
to be flexible.
Global Problems Need Global Solutions – While Israel can, and should, strike bilateral
deals regarding cyber-security, and despite its expressed reservations, Israel should work
towards helping to create a basic set of global norms, laws, and institutions that can help
contain the anarchy of cyber-space.590 As with climate change, cyber-security requires
countries to work together to address challenges. Individual efforts are a good starting point,
but will not enough. Currently, in much of the world cyber-security is viewed as a national
interest, not a global or international one.591 Israel has begun to view it differently as its
work with developing countries and nations such as India or the US shows. Israel can begin
to encourage other nations it cooperates with to view cyber-threats in this new way as well.
Israel, and any interested state, should attempt to play an active role in the creation
of new laws and norms, as the more involved a role a state adopts in relevant international
forums the greater its ability to protect its interests and to shape the future system.592 Israel
should not reject the usefulness of universal international norms or law. Even if, for instance,
some UN bodies have treated Israel unfairly, the UN has done much good, and it would be a
mistake for Israel not to participate in UN backed efforts. To this point, Israel played a major
role in the 2013 UNGGE report, and it can do so again. If universal norms backed by a
powerful body like the UN do exist that ban states or non-state actors attacking critical
590 Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in
International Relations.” International Studies Review. Vol. 15, No. 1. 2013. 591 Benoliel, “Towards a Cybersecurity Policy Model,” p. 440. 592 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153, 2016.
168
infrastructure, as often occurs to Israel, then Israel can name and shame those involved. This
will only produce results, however, if Israel stays involved in crafting such norms and assists
with maintaining and working to enforce such norms.
169
Chapter 5 – Countering Malicious Non-State Cyber Actors: The Israeli Experience
Technologically advanced nations have grown increasingly dependent on the cyber-
realm across the private sector, government, and military. This dependence creates an
expanded range of novel ways that hostile actors can launch attacks that can inflict harm and
threaten national security.593 State actors with massive resources pose an obvious threat in
cyber-space, but less studied is the growing danger that non-state actors pose. In cyber-
space, as is increasingly true in the physical realm as well, states are not the only actors of
importance. Non-state actors play a major role in cyber-space from creating standards and
norms, to developing and maintaining the backbone of the cyber-realm, to launching cyber-
attacks.594 States do not enjoy anything resembling a monopoly on violence in cyber-
space.595 Non-state actors have the ability to conduct espionage, hack weapons systems,
instigate diplomatic crises, and even, theoretically, to cause physical damage in cyber-
space.596
Nations have struggled to establish centralized control or a monopoly on the use of
force in the cyber-realm which has opened the door for non-state actors to become an
important security concern.597 The open nature of the internet exacerbates this challenge.
The internet was not designed with security in mind. It was initially intended to be used by
593 Nye, Joseph S. The Future of Power (New York: Public Affairs, 2011), p. 207-208; Nye, Joseph S. Cyber Power.
Harvard Kennedy School, Belfer Center for Science and International Affairs, 2010, p. 4. 594 Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012), p. 31, 155;
Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.
2014, p. 189; Nye, “Cyber Power,” p. 1. 595 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International
System. (Oxford: Oxford University Press. 2015), p. 30; Nye, “Cyber Power,” p. 23. 596 Kello, “Correspondence,” p. 188. 597 Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The
MIT Press, 2010); Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked
Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013.
170
people who trusted one another, meaning there was little need to work in security measures.
This design survives today, and has made it easier for many players, from states to non-state
actors, to launch attacks.
Non-state actors have a diverse range of targets. While some target national security,
governmental, or military networks, many others target the civilian sector and critical
infrastructure. On the economic level, the damage done by non-state actors through attacks
on banks, stolen intellectual property, identity theft, and similar attacks in cyber-space is
significant. Estimate vary widely, with former Interpol President Khoo Boon Hui stating that
US banks alone lose roughly $900 million a year. Other estimates of the damage to the world
economy range from roughly $12.5 billion to over $1 trillion a year.598 Whatever the true
number, there is no doubt it is a significant sum.
Israel faces a nearly constant barrage of cyber-attacks from both state and non-state
actors.599 Attacks against Israel range widely in regards to the type of target selected, the
type of harm intended, and in regards to the actor’s ability to cause such harm. The Israel
Electric Company, for instance, faces as many as 20 thousand attacks an hour. Most of these
attacks are simply nuisances, but some are more sophisticated efforts to penetrate the
system.600 The more complex attacks have aimed to disable Israel’s electric system or are
espionage efforts to gain insights into how Israel defends the electric system’s network in
598 Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building
Stability through Strength,” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3,
December 2012, p. 5; Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and
Strategic Affairs, Vol. 5, No. 1. 2013, p. 111; Nye, “Cyber Power,” p. 12. 599 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the
support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States
Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7, 2012;
Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel, July 9, 2014.
http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/ 600 Siers, Rhea. “Israel’s Cyber Capabilities.” The Cipher Brief, December 28, 2015.
http://thecipherbrief.com/article/israel%E2%80%99s-cyber-capabilities
171
order to launch more successful attacks in the future. In June of 2017, non-state actors
attacked hospitals in Israel, though the goal of the attackers remains unclear.601 Attacks on
Israel by non-state actors have become increasingly complex and have been increasing in
frequency and intensity.602 While the conflicts with Hamas that began in 2009 have generally
produced the periods of greatest cyber-attacks against Israel, attacks come all year round.
Non-state actors have, nearly ceaselessly, targeted virtually every network imaginable in
Israel, from private companies, to military networks, to critical infrastructure, to
government websites, to security service systems, to banks, and more. Israel’s economy has
faced nearly constant attacks as well.603
This chapter will examine, using Israel as a case study, the growing danger that non-
state actors pose to state interests in cyber-space,604 will explore how Israel has responded
to that threat, and will offer policy recommendations regarding both what other nations can
learn from Israel’s experience, and how Israel can continue to improve its response. Israel
views cyber-attacks as a serious threat to national security, and Israel’s experience and
actions can serve as a valuable reference point for other nations. Despite the growing
capabilities of non-state actors, Israel has been able to deal with them successfully and
minimize the damage they can cause.605
601 Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com, June
29, 2017. http://tech.firstpost.com/author/tech2-news-staff 602 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011. 603 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153, 2016, p. 9-10. 604 For examples, one can examine Estonia in 2007, Georgia in 2008, the Red October organization, or Anonymous,
among others. 605 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 168.
172
Capabilities:
There are many types of cyber-attacks. At the low end of capabilities, some attacks
are fairly straightforward to execute, such as simple malware or denial of service (DoS) or
distributed denial of service (DDoS) that can be a nuisance to a system but cannot really
cause any long-term harm. There is a fairly low entry cost to launching this type of attack, as
all you need is a computer and some basic knowledge. It is even possible for an attack to be
coming from a computer without the owner’s knowledge of consent, as attackers are capable
of hijacking private computers, sometimes even millions of computers, and using them as
part of a broader attack (known as a botnet or zombie army).606 This means that defenders
must protect against such attacks originating from a nearly endless number of sources. At
the high end of capabilities are highly sophisticated weapons that penetrate well defended
systems and that can autonomously influence a system. These attacks are exceedingly
difficult to execute for any actor. In between is a wide range of attacks, some of which can
be used to cause damage to a system or information in it (such as the suspected Iranian
attack on Saudi Aramco that damaged computer hard drives), others of which can commit
acts akin to espionage (such as the Red October attack that stole information, likely for
economic gain, from various government networks).607 This situation is akin to what exists
in the physical world. A safe with a single cheap lock can be entered with a bit of skill, but a
safe with multiple well designed locks placed underwater would be much more difficult.
Similarly, cyber-payloads can be more or less advanced, with some able to view information,
606 Nye, “Cyber Power,” p. 12. 607 Rid, Thomas and Peter McBurney. “Cyber-Weapons.” RUSI Journal. Vol. 157, No. 1. 2012, p. 8; Russell, Alison
Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge Handbook of Naval
Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.), p. 198.
173
some capable of altering or destroying information, and still others capable of causing
physical damage.608
Non-state actors have little trouble attacking less well defended targets. This includes
systems that are easy to access, are not properly updated, and are generally lacking
defenses.609 Non-state actors will often hit such systems with attacks that can disable or
slow the system, deface websites, or conduct espionage or theft.610 Anonymous, a group of
loosely associated hackers behind numerous well known cyber-incidents, for example, uses
such attacks frequently against governmental and private organizations around the world,
including against Israel. While these attacks cannot damage a system, they should not be
underestimated. Systems and websites that do not work can complicate communications in
an emergency, and the theft of government data could obviously be problematic. Further,
while most cyber-attacks fail, the sheer number of attacks appears to have led to enough
successes that actors still consider it worthwhile to continue attacking.611
Hitting the best defended, and usually most valuable, targets is difficult for a number
of reasons.612 The complexity of the best defended systems is very high, which makes it
difficult to create a payload that can bypass and defeat all the defenses in place.613 This
means that attackers must carefully test and design their payloads, which takes time and can
sometimes demand significant investment in research and development. Due to the
complexity of the defenses, attackers need to acquire intelligence on the system in question
608 Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of National Security Law and
Policy. Vol 4, No. 63. 2010, p. 64. 609 Lin, “Offensive Cyber Operations,” p. 66. 610 Rid and McBurney, “Cyber-Weapons,” p. 8. 611 Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013, p. 396. 612 Lin, “Offensive Cyber Operations,” p. 66. 613 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 397.
174
to make sure that their attack will work as intended.614 Often a payload built specifically for
the purpose in mind is required as well, so teams must have the specialized skill to write the
type of code needed for that particular type of attack.615 Due to the greater investment of
time and resources such an effort requires, these attacks are more difficult to successfully
execute.616 Of benefit to the attacker, however, is that much of the same equipment needed
to breach easier targets overlaps with what is needed to attack harder targets.
Conducting an attack requires there be a vulnerability that the attacker can exploit,
and then a payload that can be delivered to create the desired effect. Finding vulnerabilities
can be challenging, but many are already known and shared on-line between non-state
actors (this strategy works in large part because not all computer owners patch their
systems to fix these issues), thus if the attacker has enough skill, they can exploit the
vulnerability.617 More dangerous, and not surprisingly also more difficult to find, are so
called zero-day vulnerabilities, which are previously unknown vulnerabilities against which
there is no defense yet available.618
There are a few sets of tools that non-state actors generally use to achieve their goals,
all of which can be deployed at various levels of sophistication depending on the technical
ability and resources available to the group. Non-state actors generally rely on viruses and
614 Rid and McBurney, “Cyber-Weapons,” p. 6, 11; Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 378-
379; Barzashka, Ivanka. “Are Cyber-Weapons Effective?” The RUSI Journal. Vol. 158, No. 2. 2013, p. 51. 615 Herr, Trey. “PrEP: A Framework for Malware & Cyber Weapons,” Cyber Security Policy and Research Institute.
George Washington University. March 12, 2014, p. 8. 616 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 396. 617 Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist Organizations in Cyberspace.” Military
and Strategic Affairs, Volume 5, No. 3, 2013, p. 17-18; Finnemore, Martha and Duncan B. Hollis. “Constructing
Norms for Global Cybersecurity.” The American Journal of International Law. Vol 110, No 3. 2016. 618 Lin, “Offensive Cyber Operations,” p. 65; Finnemore and Hollis, “Constructing Norms for Global
Cybersecurity.”
175
worms, SQL injections, web defacements, and DDoS/DoS attacks against targets.619
Phishing/spear phishing efforts also continue to be popular and meet with surprisingly high
levels of success in acquiring relevant information as well.620 People also often email their
passwords to others over unencrypted networks, allowing the password to be captured and
used to access systems.621
Cyber-capabilities are becoming more prevalent and easily accessible, and non-state
actors have been improving their abilities to launch attacks as a result.622 The decentralized
nature of the internet makes it easy for black markets selling technology and expertise for
malicious purposes to flourish.623 Hackers, whether individually or as part of small groups,
have been selling cyber-goods and services to various non-state actor and terrorist
organizations. These abilities are sometimes sophisticated enough to allow the non-state
actor to gain access to well protected computer systems to conduct espionage. In fact, there
is evidence that such services have been used in efforts to breech some government
networks, military contractors, communications providers, and industrial companies
(though as of yet there is no evidence they have been able to penetrate the most highly secure
governmental networks).624 Recently, for example, hackers disclosed that they had
619 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 371; Siboni, Cohen, and Rotbart, “The Threat of
Terrorist Organizations in Cyberspace,” p. 8, 17-18; Bussolati, Nicolo. “The Rise of Non-State Actors in
Cyberwarfare.” Cyberwar: Law and Ethics for Virtual Conflicts, ed. Jens David Ohlin, Kevin Govern, and Claire
Finkelstein. (Oxford University Press: New York. 2015). 620 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room, 2014, p. 1; Herr, “PrEP,” p. 5; Valeriano and Maness, Cyber War Versus Cyber Realities, p.
183. 621 Lin, “Offensive Cyber Operations,” p. 68. 622 Herr, “PrEP,” p. 7; Siboni, Gabi. “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.”
Georgetown Journal of International Affairs, http://journal.georgetown.edu/the-impact-of-cyberspace-on-
asymmetric-conflict-in-the-middle-east/; Bussolati, “The Rise of Non-State Actors in Cyberwarfare.” 623 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 7, 10, 11; Rid and
McBurney, “Cyber-Weapons,” p. 12; Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 375. 624 Bussolati, “The Rise of Non-State Actors in Cyberwarfare;” Ablon, Lillian, Martin C. Libicki, and Andrea A.
Golay. “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar.” RAND Corporation, 2014,
176
successfully stolen tools used by America’s National Security Agency and were willing to sell
them, albeit at an exorbitant price. While the Agency had stopped using these tools by 2003,
if transferred to malicious actors, they would still provide most non-state actors with a
massive boost in their capabilities.
Many times such tools or assistance, while not always cheap, are not prohibitively
expensive to obtain. This has allowed non-state actors to enhance their abilities through
purchases big and small. Goods and services that can be purchased include tools to give
initial access to a network, enable payload delivery, automated systems that search for
vulnerabilities, and a wide range of payloads.625 Small scale DDoS operations can be bought
cheap. More worryingly, sophisticated attacks that can make use of uncommon
vulnerabilities, and even zero-day vulnerabilities, can be purchased.626 Previously, hackers
would generally sell newfound zero-day vulnerabilities back to the original software
vendors, but as the price has risen, sometimes reportedly to roughly $250,000 for new
vulnerabilities, they have increasingly been selling to governments and non-state actors.627
The markets are growing more sophisticated as are the products for sale.628 The willingness
of many individuals and groups to sell their technology or their assistance to others amplifies
the power of non-state actors by forming these alliances of convenience that can serve as a
http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf, p. ix; Siboni,
Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 10, 11; Bussolati, “The Rise of Non-
State Actors in Cyberwarfare;” Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and
National Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 68-69. 625 Tabansky, “Cybercrime: A National Security Issue?” p. 68-69; Ablon, Libicki, and Golay, “Markets for
Cybercrime Tools and Stolen Data,” p. 10. 626 Bejtlich, Richard. “Review of Martin Libicki’s Cyberdeterrence and Cyberwar.” TaoSecurity. November 25,
2009. http://taosecurity.blogspot.com/2009/11/review-of-martin-libickis.html 627 Herr, “PrEP,” p. 7. 628 Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” p. ix, 39; Lindsay, “Stuxnet and the
Limits of Cyber Warfare,” p. 375, 376; Russell, “The Implications of Cyberspace for Navel Strategy and Security,”
p. 198.
177
form of force multiplier.629 Often such coordination is done via social media sites such as
Internet Relay Chats, Twitter, Facebook, and Telegram. Through these sites they offer each
other guidance and assistance, as well as transfer cyber-weapons.630
The markets additionally provide a venue in which intelligence can be gathered.
Stolen records (from governments or private entities), information, and data are available
for purchase that can be used as intelligence to enhance the chance of success of future
attacks.631 The forums also give non-state actors a chance to discuss and test their payload
designs to see if they will be effective. These tools and services have the potential to allow
non-state actors to threaten state interests in new ways.632 Although truly sophisticated
cyber-attacks require technological capabilities that are often beyond those of an individual,
it is possible that a well-funded non-state organization would be able to build such
capabilities with the help of these forums and markets.633
Attackers have also been able to learn from previously successful attacks. While
patches can be built to neutralize attacks, that does not mean the initial cyber-weapon loses
all value. Attackers can modify existing code to get around fixes or build a new cyber-
weapon. There is a great deal that can be learned by studying pervious attacks. Parts of old
cyber-weapons may even be able to be reused, simplifying the process as well as assisting
629 Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 5, 8. 630 Smith, Daniel. “OpIsrael.” Radware Blog. April 25, 2017. https://blog.radware.com/security/2017/04/opisrael-
2017/ 631 Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” p. x; Lindsay, “Stuxnet and the
Limits of Cyber Warfare,” p. 370. 632 Rattray, Gregory J. and Jason Healey. “Non -State Actors and Cyber Conflict.” America’s Cyber Future: Security
and Prosperity in the Information Age, ed. Kristin M. Lord, Mike McConnell, Peter Schwartz, Richard
Fontaine, Travis Sharp, and Will Rogers. Center for a New American Security. June 2011. 633 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 36; Silber,
Jonathan. “Cyber Vandalism – Not Warfare.” Ynetnews.com. January 26, 2012.
http://www.ynetnews.com/articles/0,7340,L-4181069,00.html
178
people just learning how to build cyber-weapons. Flame and Stuxnet, for instance, appear to
have aided non-state actors in improving their capabilities.634
State Support for Non-State Actors:
There is an additional danger non-state actors present to states. States have
increasingly been working directly or indirectly with non-state actors. These non-state
actors are groups or individuals, such as so called “patriotic hackers,” that launch attacks on
behalf of their home country, and it is not always clear what role the state plays in these
efforts.635 This can include working directly in coordination with these groups during
attacks, offering training or cyber-weapons to them, or turning a blind eye to their activity.
The capabilities of these groups will thus depend in part on how powerful the state is that
supports them, as well as what the state is willing to provide. This complicates efforts to
determine how strong many of these groups really are. It is possible that some of these
groups have already acquired, or will acquire, fairly advanced technology.636 Employing a
strategy that relies on patriotic hackers allows states to obtain plausible deniability for their
actions against an opposing state, and complicates efforts to attribute where an attack on
state infrastructure arose from.637 State may view the use of such attacks as a way to reduce
634 Cohen and Rotbart, “The Proliferation of Weapons in Cyberspace,” p. 106, 117; O’Connell, Mary Ellen. “21st
Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and WMDS.” Washington University
Global Studies Law Review, Vol 13, No 515. 2014, p. 520. 635 Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 2012 4th International Conference on
Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. 636 Bussolati, “The Rise of Non-State Actors in Cyberwarfare.” 637 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Schweitzer, Yoram, Gabi
Siboni, and Einav Yogev. “Cyberspace and Terrorist Organizations.” in “Cyberspace and National Security –
Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 20; Valeriano and Maness,
Cyber War Versus Cyber Realities, p. 68; Nye, “Cyber Power,” p. 12.
179
the risk of escalation, and it is also a tool that weaker states can use in an attempt to equalize
capabilities with a rival.638
Israel has seen firsthand the impact such state support for non-state actors has. Many
of the non-state actors attacking Israel have received support, funding, and training from
Iran, and have taken actions both in concert with Iran and on their own.639 One of Iran’s best
known proxies is the Syrian Electronic Army (SEA), which, while a non-state actor, has heavy
ties to Iran.640 The SEA has been an active participant in cyber-attacks against Israel since
its founding, and is suspected of playing a major role in many of the more sophisticated
attacks against Israeli infrastructure during the 2014 conflict in Gaza.641 Iran has
additionally provided support for attacks against Israel to the nominally non-state actor
Iranian Cyber Army642 as well as Qods Freedom and Ashiyane Digital Security Team among
others.643
Iran has also assisted Hamas (prior to the deterioration in relations between the two
sides over the war in Syria) and Hezbollah in launching attacks on Israel, the impact of which
638 Valeriano and Maness, Cyber War Versus Cyber Realities. 639 Valeriano, Brandon and Ryan Maness. “Persistent Enemies and Cyberwar.” In Cyberspace and National
Security. Ed. Derek S. Reveron. (Georgetown University Press: Washington D.C. 2012), p. 150; Clarke, Richard A.
and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do About It (Ecco:
HarperCollins Publishers, 2012), p. 136; Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber
Warfare, 2013-2014,” INSS Insight. No 536. 2014, p. 2; Brunner, Jordan. “Iran Has Built an Army of Cyber-
Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-has-built-an-army-of-cyber-proxies/;
Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 9; Times of Israel Staff. “NSA chief
‘makes secret Israel trip to talk Iran, Hezbollah cyber-warfare.’” Times of Israel. March 28, 2016.
http://www.timesofisrael.com/nsa-chief-makes-secret-israel-trip-to-talk-iran-hezbollah-cyber-warfare/ 640 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare,” p. 2; Brunner, “Iran Has Built an Army of
Cyber-Proxies;” Cohen, Daniel and Danielle Levin. “Cyber Infiltration During Operation Protective Edge.”
Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-infiltration-during-
operation-protective-edge/#757dbe0d3fbc 641 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 642 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.” 643 Rosen, Armin. “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas — And Iran Could Be
The Reason Why.” Business Insider. August 18, 2014. http://www.businessinsider.com/israel-faced-a-wave-of-
cyber-attacks-2014-8
180
will be discussed further below. This has included direct assistance to Hamas’ and
Hezbollah’s cyber operations and support for groups linked to the organizations, such as Izz
al-Din Al Qassam Cyber Fighters.644 These organizations have launched attacks on various
critical infrastructure systems, including water, power, and banking sites. Further
complicating the picture, Israel suspects that Hamas and Hezbollah paid another unknown
non-state actor in the former USSR to launch attacks against Israel during the 2009
conflict.645
Iranian supported non-state actors are suspected of being behind some of the more
successful attacks against Israel. Such groups are believed to have been behind attacks that
took the Shin Bet’s (or Israel Security Agency, ISA) website off-line646 as well as attacks that
defaced the IDF’s blog and Twitter feed.647 Most troublingly for Israel, such attackers have
been able to take the Home Front Command, which instructs citizens how to protect
themselves from rockets and other threats, off-line more than once.648 Attacks by Iranian
proxies have increased since the signing of the Iran nuclear deal and have grown in
sophistication.649 Iran appears to have been able to use these groups to cause harm to Israel
while escaping retribution. The use of proxies has provided Iran plausible deniability. This
is a clear illustration of why states use these groups.
644 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas.” 645 Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15., 2009.
http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 646 Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek. July 27, 2009. 647 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security
Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July 15, 2014.” Defense Update. July
15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-2014.html 648 Herzallah, “Israel Fights Wire with Wire;” Winer, Stuart. “Iranians Launched Cyber-Attack on Israel during
Gaza Op.” The Times of Israel. August 17, 2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-
during-gaza-op/ 649 Johnson, Marc C. “The Rising Iranian Cyber Threat.” The Buckley Club. March 23, 2017.
https://thebuckleyclub.com/the-rising-iranian-cyber-threat-15028b76e0f9
181
The Growing Danger of Non-State Actors and Attacks on Israel:
The improving capabilities of non-state actors has led to an enhancement of their
ability to launch successful cyber-attacks. When coupled with Israel’s, and many other
states’, increasing dependence on cyber-space to meet a broad range of needs and goals, the
consequences of a successful cyber-attack could be devastating.650 In recent years, these
factors have led non-state actors to become more expansive in their goals, and in the systems
they target.
Espionage, Sabotage, and Compromised Data – One way in which non-state actors
have employed cyber-attacks has been to attempt to steal, alter, or delete data. Cyber-
espionage does not cause physical damage, but can be highly problematic depending on what
hackers gain access to. Stolen information can pose a threat should cyber-attackers sell
sensitive information to an adversary of the state, gain information on weapons systems, or
use the information and intelligence on a system’s cyber-architecture to plan future and
more sophisticated attacks.651 Cyber-attacks can also aim not just to steal information, but
destroy or alter data in the targeted system, including wiping hard disks.652 Such attacks are
akin to sabotage. This can have different impacts depending on the system targeted and the
data or program destroyed or altered. Altering data or programming can have an impact in
the physical world as well, for example, if the attack targets power generation facilities or
650 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 651 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 370. 652 Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on
Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia, 2010,
p. 135.
182
weapons systems it could cause them to stop functioning. If financial data were altered or
stolen and released, such an attack could have an economic impact. Once compromised, the
user can no longer trust the integrity of the system or the information they are seeing, no
matter what the target.653
Accessing or stealing information on well defended systems can be highly
challenging,654 but it can be done. In 2012, for instance, a hacker group in Saudi Arabia
managed to penetrate secure financial networks and steal the credit card information of
numerous Israeli citizens, which it then published on-line.655 Israel, as noted, has also faced
attacks from Hamas and Hezbollah on critical infrastructure, including water, power,
hospitals, and banking sites.656 Some of these attacks appear to be efforts to damage the
system directly, while others seem to be aiming to gather intelligence to improve future
attacks.
In 2012, Israel faced attacks during the conflict with Gaza on numerous financial
institutions, such as the Tel Aviv Stock Exchange and Bank of Jerusalem. These attacks did
not succeed in gaining access to sensitive economic information due to successful security
procedures, but had they been successful they had the potential to deal a major economic
blow to Israel and undermine confidence in Israeli financial institutions generally.657 Israel’s
police force was also targeted by a group named “Molerats” in 2012 seeking to gain
653 Lin, “Offensive Cyber Operations,” p. 69-70. 654 Rid and McBurney, “Cyber-Weapons,” p. 9. 655 Tabansky, “Cybercrime: A National Security Issue?” 656 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas;” Reuters. “Iran Ups Cyber
Attacks on Israeli Computers: Netanyahu.” Reuters. June 9, 2013. http://www.reuters.com/article/2013/06/09/us-
israel-iran-cyber-idUSBRE95808H20130609 657 Clarke and Knake, Cyber War, p. 70; Subcommittee on Emergency Preparedness, Response, and
Communications and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
“Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management.” Committee on
Homeland Security, House of Representatives. Serial No. 113-39. October 30, 2013, p. 2, 12, 39; Carr, Jeffrey.
Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p. 20.
183
intelligence. In response, Israel was forced to temporarily shut down internet access to the
police and banned the use of USB drives.658 A long-running espionage attack by Hezbollah
was discovered in 2014 that met with more success than previous efforts. The attack was
able to gather data from government, military, and economic networks, and overlapped with
Operation Protective Edge. While this attack was uncovered and destroyed by Israeli
security specialists, it lasted for 3 years.659 Between 2016 and January 2017, Hamas targeted
cell phones of IDF soldiers to attempt to gain intelligence on Israeli capabilities and troop
locations along the Gaza border, using a cyber-weapon far more advanced than they had
previously deployed. They gained access by posing as attractive young women in order to
convince soldiers to download a video chat app that was, in reality, a cyber-espionage tool
that would give Hamas access to virtually every facet of the phone without the soldier’s
knowledge. The application was also able to be updated remotely without the soldier’s
approval or knowledge. The IDF has not commented on how much information Hamas may
have gained.660 Further, in April of 2017, over 120 organizations, including companies,
government ministries, and individuals in academia and research fields in Israel were
targeted by coordinated cyber-attacks aiming at collecting information.661
658 Villeneuve, Nart, Thoufique Haq, and Ned Moran. “Operation Molerats: Middle East Cyber Attacks Using
Poison Ivy.” FireEye. August 23, 2013. https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-
middle-east-cyber-attacks-using-poison-ivy.html 659 Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015.
https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ 660 Zitun, Yoav. “From Gaza With Love: Hamas Hacks IDF Soldiers’ Cell Phones.” NYetNews. January 11, 2017.
http://www.ynetnews.com/articles/0,7340,L-4906289,00.html 661 Spacewatch. “Iranian-Linked ‘OilRig’ Hacker Group Accused of Cyber Espionage Operation Against Israel.”
Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/iranian-linked-oilrig-hacker-group-
accused-cyber-espionage-operation-israel/; Ahronheim, Anna. “Cyber Attack Aimed at Over 120 Israeli Targets
Thwarted.” Jerusalem Post. April 26, 2017. http://www.jpost.com/Israel-News/Israel-thwarts-cyber-attacks-aimed-
at-over-120-targets-489010
184
Access and Impersonation – Cyber-attacks are also capable of targeting individual
websites or networks, with the goal being to make a resource unavailable to those
attempting to use it. These are generally conducted using DoS/DDoS attacks, with the goal
being to overload a network with requests for information so that it handle all the requests,
and thus becomes unavailable. This type of attack is often simply a nuisance, but they have
the potential to be highly problematic.662 Not being able to access an official government
website describing the correct way to throw out your trash is annoying but not likely to be
particularly dangerous. More problematic, but still not necessarily disastrous to national
security, is being unable to access bank accounts (as occurred due to cyber-attacks on
Estonia in 2007) for a few days. What is dangerous is if communication networks cannot be
accessed, particularly military ones.663 This is particularly dangerous if such attacks are
coupled with a traditional military invasion, as occurred in 2008 when Russia invaded
Georgia.664
Non-state actors have frequently launched attacks aimed at blocking access against
Israel, and continue to do so. In the most high profile example of such efforts, every year
since 2013 a faction of Anonymous comes together to launch cyber-attacks on Israel under
the name #OpIsrael. These attacks were first launched on the eve of Holocaust Memorial
Day in 2013, and the attackers have threatened to “erase” Israel from cyber-space as part of
662 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 49. 663 Lorents and Ottis, “Knowledge Based Framework for Cyber Weapons and Conflict,” p. 135; Lin, “Offensive
Cyber Operations,” p. 69-70. 664 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 371.
185
an “electronic Holocaust.”665 #OpIsrael has occurred once a year through to 2017.666 The
targets of the attacks have not only been websites operated by the Israeli government and
Israeli political parties, but also private websites belonging to financial and business
organizations, educational institutions, non-profits, and news sites. These attacks mainly
involve website defacements and DDoS attacks.667 Anonymous is not alone in this effort.
There are many pro-Palestinian groups and individuals who have been involved. The
majority of such attacks have originated from around the world, not just from nations in the
Middle East, complicating defensive efforts and attempts to pinpoint attribution.668
In each of the Gaza conflicts in 2009, 2012, and 2014, Israel has faced particularly
intense waves of these types of cyber-attacks. Attackers have been able to deface or block
access to dozens of Israeli government websites as well as take down numerous private
websites, including Israeli Gmail and Hotmail accounts. Such attacks have also targeted
hospitals in Israel, the Tel Aviv Stock Exchange, Bank of Israel, and government websites,
blocking both the ability of individuals to access these websites, as well as the ability of these
organizations to talk with each other online.669 Traffic to and from Israeli internet providers
was frequently redirected, and at times many Israelis could not access foreign IP
addresses.670 In the 2012 attacks, roughly 2,500 websites were defaced, 87 pages were
665 Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com. April 7, 2015.
http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176; Siboni,
Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 6, 7. 666 Sones, Mordechai. “Annual Anonymous Cyber Attack against Israel April 7.” Israel National News. March 26,
2017. http://www.israelnationalnews.com/News/News.aspx/227281 667 Siers, “Israel’s Cyber Capabilities.” 668 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas.” 669 Silber, “Cyber Vandalism – Not Warfare;” Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-
171. 670 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge;” Siboni, Gabi and Sami Kronenfeld.
“The Iranian Cyber Offensive during Operation Protective Edge.” INSS Insight. No. 598. Institute for National
Security Studies. August 2014. http://www.inss.org.il/index.aspx?id=4538&articleid=7583
186
deleted, and a major Israeli internet service provider’s services were heavily slowed.
Attackers additionally posted thousands of passwords to various Israeli websites.671 In
2014, a similar number were attacked, but the sites that were hacked were more difficult to
hit than those that had been attacked in previous rounds of hostility, showing improvements
in the capabilities of the non-state actors involved.672
Most troublingly for Israel is that these attacks came during a physical conflict,
meaning attention had to be divided to address dangers in multiple arenas of conflict. Some
of the targets were additionally ones that could have led to safety issues for Israeli citizens.
Non-state actors were, as noted above, able to take the Home Front Command page off-
line.673 Hackers have also succeeded in defacing ISA’s public website on more than one
occasion.674 Similarly, in 2014, attackers succeeded in taking the Tel Aviv Police
Department’s website down for a few days, making it more difficult for the police to
communicate with the public during the conflict.675 Cyber-attacks that undermine the ability
of the state to protect its citizens may end up costing lives as citizens do not get information
they need on when to take cover from attacks, and such failures could be highly damaging to
the public’s morale. Cyber-attacks pose heightened dangers during security emergencies,
671 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-171; Rosen, “Israel Faced a Huge Wave of
Cyber Attacks During Its War with Hamas.” 672 Russon, Mary-Ann. “#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business
Websites.” International Business Times. July 18, 2014. http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-
down-1000-israeli-government-business-websites-1457269 673 Herzallah, “Israel Fights Wire with Wire;” Winer, “Iranians Launched Cyber-Attack on Israel during Gaza Op.” 674 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security
Studies, and the Cyber Security Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Ruble, Kayla.
“Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com. July 7, 2014.
https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak; Herzallah, “Israel
Fights Wire with Wire.” 675 Siboni and Kronenfeld, “The Iranian Cyber Offensive during Operation Protective Edge.”
187
and in fact, the frequency of attacks against Israel has been shown to increase during such
situations.676
Relatedly, states are vulnerable to attacks that penetrate networks and then use those
networks to impersonate the true owner. This can manifest in a number of ways. Should an
attacker gain such access, they could use the medium, including systems such as Twitter or
Facebook, to send out incorrect information to others in an agency, across the government,
or to the general public. Israel experienced such an incident in 2014. The aforementioned
success in gaining temporarily control of the IDF blog and Twitter feeds.677 The attackers
used the accounts to send out a message saying that the Dimona nuclear reactor had been
struck by rocket fire and there was danger of a radioactive leak.678 While the IDF was able
to restore their control over the system fairly quickly, in the interim many citizens feared
what might occur as a result of the inaccurate claim. The goal of these actions is two-fold.
One is to strike fear. The second is to draw attention to the attackers and their cause.679 An
additional danger impersonation poses is that attackers could try to trick other uses into
providing their login information, thus expanding the cyber-attackers’ information and
access to the system.680
Physical Impacts – States should also be concerned about the potential of non-state
actors to develop the ability to launch cyber-attacks capable of causing physical damage.
676 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National
Security Studies. Memorandum 117. May 2012. 677 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security
Studies, and the Cyber Security Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Ruble, Kayla.
“Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak;” Herzallah, “Israel Fights Wire with Wire.” 678 Siboni and Kronenfeld, “The Iranian Cyber Offensive during Operation Protective Edge.” 679 Kenney, Michael. “Cyber-Terrorism in a Post-Stuxnet World.” Orbis. Vol. 59, No. 1. 2015, p. 117-118. 680 Lin, “Offensive Cyber Operations,” p. 69-70.
188
While non-state actors have not yet succeeded in launching this most dangerous type of
attack, that is no reason for complacency. A cyber-attack could lead to physical damage in
one of two ways. First is an attack along the lines of Stuxnet, that is capable of creating
physical destruction on its own and can even find its way to clandestine facilities and
unknown targets.681 These attacks are highly difficult to execute. While these attacks have
not been successfully attempted by non-state actors, it is not actually entirely clear how
difficult it is to launch attacks against industrial control systems, making this a possibility
states must pay attention to, even if it seems unlikely given current non-state actor
capabilities. Further, it is not possible to block all incoming attacks on such critical systems
as control and communications systems must be able to accept incoming connections, and
therefore it is possible to trick and attack them.682 The second way damage could be created
is through an attack that gains control of computers that control critical infrastructure. An
unsophisticated attack on, for example, an electrical company’s computer network, if they
are linked to the system controlling the grid, may produce indirect effects on the grid and
provide the attacker with the ability to take control of the grid.683 Israel faces a nearly
constant barrage of such attacks, as the numbers regarding the electrical company
illustrate.684 The closest non-state actors have come to successfully executing such an attack
against Israel came in 2013, when cyber-attackers gained access to the network controlling
the Carmel Tunnel under Haifa and shut it down for 8 hours.685
681 Barzashka, “Are Cyber-Weapons Effective?” p. 54. 682 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 374-375. 683 Lin, “Offensive Cyber Operations,” p. 68. 684 Reuters, “Iran Ups Cyber Attacks on Israeli Computers.” 685 InfoSecurity. “Cyber-Terrorism Shut Down Israel’s Carmel Tunnel.” Infosecurity-Magazine.com. October 28,
2013. https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/
189
Interconnections in Cyber-Space – A central danger in cyber-space is that it is not
clearly divided between governmental, military, and civilian networks. Governmental and
military networks rely heavily on civilian infrastructure, including for things like logistics
and electricity. Further, a successful attack on one network might provide the attacker with
access to additional networks connected to the compromised one, providing, in essence, a
backdoor into better protected networks. This gives the attacker the potential to rapidly
spread the damage from an attack. Civilian networks are generally not defended as well as
governmental, intelligence, and military networks. Thus, the interdependent nature of the
networks means that an attack on an advanced state’s non-governmental systems can create
dangers for critical national security infrastructure.686
Attribution – An additional benefit that the cyber-realm offers non-state actors is that
it can be difficult to attribute an attack to an actor. Even large attacks such as DDoS can be
difficult to attribute to a particular actor.687 The sheer number of potential non-state
organizations and individual attackers dispersed around the globe, presents a challenge to
the monitoring and attribution capabilities needed for purposes of deterrence. Further,
attackers can take steps to hide their identity by having the attack routed through numerous
servers in different nations, making it difficult to determine if the investigator has found the
686 Bejtlich, “Review of Martin Libicki’s Cyberdeterrence and Cyberwar;” Lynn, William J. III. “Defending a New
Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs. Vol. 89, No. 5. 2010; Gartzke, Erik, and Jon Lindsay.
“Cross-Domain Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting. July
2014. https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf; Baram, Gil.
“Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter 2017, p. 2; Radichel, “Case Study,” p. 2. 687 Applegate, “The Principle of Maneuver in Cyber Operations;” Even and Siman-Tov, “Cyber Warfare,” p. 32-33;
Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. xiv-xv; Clarke
and Knake, Cyber War, p. 45, 51; Silber, “Cyber Vandalism – Not Warfare;” DeNardis, Laura. The Global War for
Internet Governance. (Yale University Press, New Haven, CT. 2014), p. 100.
190
final point of origin.688 To be effective, any deterrence policies a state wishes to create must
provide attackers with a clear and predictable sense of what actions will lead to particular
responses.689 The lack of ability to assign attribution makes creating deterrence or engaging
in retribution much harder as both require that one know who to target.690 Non-state actors
use this anonymity to their advantage to avoid punishment for their actions.
Attribution problems are not impossible to solve, however.691 Countries have
continuously improved their technological and intelligence forensic tools and have thus been
able to improve their ability to determine who was behind an attack. A state-actor’s
sophisticated cyber-capabilities, coupled with intelligence work and cooperation between
states can be used to make an organization’s or individual’s attempts to hide its identity more
difficult.692 Sometimes attribution efforts are assisted by the attackers. For instance, so
called “hacktivists” (organizations that are attacking in support of a cause) often make clear
that they as individuals or their organization is behind a particular attack. Publicity for
themselves and their cause is one of their goals. Even with this information, however,
attribution can still be problematic as individuals launching attacks do not publish their real
names or identifying information, and organizations do not disclose how to find them. Thus,
even after a group takes responsibility it may not be possible to engage in deterrent actions
as the state may be unable to identify who was directly responsible.
688 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.
51. 689 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 13. 690 Rid, Thomas and Benjamin Buchanan. “Attributing Cyber Attacks.” The Journal of Strategic Studies. Vol. 38,
No. 1-2. 2015. 691 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 400. 692 Rid and Buchanan, “Attributing Cyber Attacks,” p. 7.
191
Israel has faced issues attributing attacks. Sometimes the attacks are minor and not
worth investigating, but that is not always the case. In each of the Gaza conflicts since 2009,
Israel has faced heavy waves of attacks originating somewhere in the former USSR. The
attacks are suspected to have been launched by unknown non-state actors (paid for
independently by Hamas and Hezbollah), but it is not clear. Israel has not even been able to
pin-point the physical origin of the attacks with high levels of certainty.693 This complicates
any efforts to take counter-measures against the attackers.
Cyber-Terrorism – Cyber-terrorism is the use of a cyber-attack to try to achieve
psychological coercion in support of a political goal, this must include at least the fear that
physical destruction will result from the cyber-attack.694 Thus far, no such attacks have
occurred. Instead, terror groups, including ISIS and al-Qaeda, have mainly used cyber-space
for propaganda purposes, fundraising, and to gather intelligence to support attacks in the
physical realm.695 It is not fully clear why it is terror groups have not been able to use cyber-
space for terror acts. One thought is that it is complicated to develop the technology and find
the intelligence needed to launch attacks that can instill fear that physical damage will occur.
Thus, unless terror groups have state sponsorship, they will not be able to launch such
attacks.696 Further, terror groups are limited by state intelligence capabilities that can gather
693 Pfeffer, “Israel Suffered Major Cyber Attack During Gaza Offensive.” 694 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 122; Valeriano and Maness, Cyber War Versus Cyber
Realities, p. 70. 695 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 19-20. 696 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 70; Schweitzer, Siboni, and Yogev, “Cyberspace
and Terrorist Organizations,” p. 21; Even and Siman-Tov, “Cyber Warfare,” p. 43-44; The Torrenzano Group.
“General Michael V. Hayden on Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24,
2016. www.torrenzano.com, all quotes from Hayden unless noted.
192
information on their activities, making planning such operations more challenging.697 Terror
groups also appear to prefer violence in the physical world that creates powerful images.
The use of methods such as bombs, vehicular attacks, and gunfire still appear to be their
preference.698 It is also possible these attacks are not occurring because while cyber-attacks
are less costly than building an army, suicide bombers and improvised explosives are still
less expensive.699 This is not a situation that countries should necessarily assume will
continue. Terror groups continue to launch low level attacks on critical infrastructure
around the world, many of these attacks are likely searching for vulnerabilities. This is a
clear indication that nations should take this threat seriously even if it has not occurred
yet.700
Military Realm – Cyber-attacks by non-state actors pose a number of dangers to the
military. Attacks on Israel’s communications systems and the government’s ability to
address its citizens poses an important risk. Israel relies on a reservist army and is
geographically very small. Thus, a successful cyber-attack that disrupts communications or
military systems for even a short period of time could prove to make a significant difference
in Israeli efforts to defend the nation from an attack in the physical realm.
Coordinated large-scale cyber-attacks by non-state actors could also serve as a force
multiplier should Israel face an invasion. During each of the three conflicts with Hamas,
cyber-attacks on Israel spiked, and it seems safe to assume that in any future conflicts with
697 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 21. 698 Even and Siman-Tov, “Cyber Warfare,” p. 43-44. 699 Even and Siman-Tov, “Cyber Warfare,” p. 43-44; Nye, “Cyber Power,” p. 12. 700 Choucri, Nazli, Stuart Madnick, and Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current
Responses and New Challenges (Revised).” Information Technology for Development. 2013, p. 22; The Torrenzano
Group, all quotes from Hayden unless noted.
193
Hamas or other actors, cyber-attacks on Israel would spike as well. The IDF noted that the
cyber-attacks in 2014 were far more advanced than in the past, and represented a new threat
they had not had to deal with in the past.701 While no single attack caused a great deal of
damage, they divide Israel’s defensive and offensive attention, and may cause enough
distraction from another danger that an attacker can cause meaningful harm in either the
physical or cyber-realms.
An additional danger is that virtually all weapons systems rely on cyber-space for
their operation, from fighter planes, to missiles, to the Iron Dome, to Home Front Command.
Should an attacker gain access to any of these systems, even briefly, it could be disastrous.702
IDF drones already fell victim to a cyber-attacker from Islamic Jihad between 2012 and 2014.
In this case, a single individual, Maagad Ben Juwad Oydeh, was able to figure out how to gain
access to the cameras in some models of IDF drones. He was also able to pin-point the
location of other IDF drones. Using the same techniques he also gained access and conducted
espionage on Israel’s transportation infrastructure, government ministries, and the
Palestinian Authority. Access to the drone’s system did not include the ability to fire any
rockets, but it did allow him to use the cameras, which may have been used to help target
Islamic Jihad rocket fire towards areas where large numbers of people were gathered. It
could also have allowed them to figure out where Israeli troops were massing during combat.
He did all of this without any access to advanced tools.703
701 Baram, “Israeli Defense in the Age of Cyber War,” p. 9. 702 Zitun, Yoav. “The IDF Prepares for Cyber-Battles.” YNetNews. September 2, 2015.
http://www.ynetnews.com/articles/0,7340,L-4696003,00.html 703 Bob, Yonah Jeremy. “Islamic Jihad Cyber Terrorist Indicted for Hacking IDF Drones Over Gaza.” Jerusalem
Post. March 23, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Islamic-Jihad-cyber-terrorist-indicted-for-
hacking-IDF-drones-over-Gaza-448936; Ben-Yishai, Ron. “IDF’s Cyber Defense Easily Breached.” YNetNews.
March 23, 2016. http://www.ynetnews.com/articles/0,7340,L-4782445,00.html
194
Morale – Non-state actors, even if they cannot launch spectacular cyber-attacks, pose
the danger of “death by a thousand cuts,” the launching of constant low-level attacks against
financial and governmental networks in order to cause paralysis.704 The goal is to slowly
weaken the opponent’s economic system and public morale, and thus force it to make
concessions it does not wish to make.705 Israel, which is highly dependent on cyber-space, is
a prime candidate for this style of cyber-attack campaign.706 There is no question attacks by
non-state actors can harm banks and cause economic damage.707 Successful attacks on
critical infrastructure or civilian targets can instill fear in citizens and slowly damage the
nation and its ability to compete on the world stage.
Israel has faced, for instance, numerous attacks on its financial sector. In addition to
the examples already noted is the so-called “ATMZombie.” This was sophisticated malware
designed to steal money from Israeli banks. While many of the techniques used could be
easily found on-line, the malware had a number of innovative characteristics, the malware
was programed to attack a range of systems and designed to avoid detection. The malware
also required strong intelligence-gathering abilities or the assistance of an insider as it was
able to target not only clients of Israeli banks in general, but it was able to determine if a
victim was a client of specific banks, allowing specific malware to be sent to each recipient.
The exact extent of the damage is not clear. The malware was caught early on, but if it had
704 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 69; Gartzke Erik and Jon Lindsay, “Cross-Domain
Deterrence,” p. 10. 705 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 9; Bejtlich, “Review of Martin Libicki’s Cyberdeterrence
and Cyberwar;” Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central European Journal of
International and Security Studies. Vol. 4. 2014, p. 62-63. 706 Tabansky, “Cybercrime: A National Security Issue?” 707 Lorents and Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict,” p. 130.
195
not been, the amounts stolen could have quickly risen.708 While this appears to be a case of
cyber-crime, such an attack could be used as part of a cyber-operation designed to damage
the financial sector.
Cyber-attacks in Israel have also targeted Israeli TV in an effort to cause panic. In
March 2016, Hamas purportedly hacked into Israeli TV station Channel 2, and began to
disseminate anti-Israel propaganda and threatening images. The attackers included
messages in Hebrew telling people to “stay in your homes.”709 In November of that year, two
Israeli TV news programs were hacked as well.710 While these incidents were short lived
and caused no damage, the goal was to intimidate Israel’s citizenry. When the government
fails to protect its citizens from these types of cyber-attacks, it may begin to erode the faith
the population has in the government’s ability to protect its citizens.711
The increasing importance of the cyber-realm for national security has greatly
increased the ability of non-state actors to harm states in ways beyond what was previously
possible. A terrorist organization might be capable of destroying an individual branch of a
bank with a bomb in the physical world, but doing so would not cripple the bank’s broader
708 For more information and technical details, please see: GReAT and Ido Naor. “ATMZombie: Banking Trojan in
Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016.
https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/ 709 Jerusalem Post Staff and Yaakov Lappin. “Suspected Palestinian Hackers Interrupt TV Broadcast with Ominous
Message.” Jerusalem Post. March 11, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Suspected-Palestinian-
hackers-interrupt-TV-broadcast-with-ominous-message-447646; Balousha, Hazem and William Booth. “Israel
Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks Israeli TV.” Washington Post. March 13, 2016.
https://www.washingtonpost.com/world/israel-retaliates-for-gaza-rocket-fire-with-air-strikes-hamas-hacks-israel-
tv/2016/03/13/0214541e-f9ee-48e0-8402-39fc4838b65c_story.html?utm_term=.fffab43baf9d 710 Benari, Elad. “Hackers Take Over Israeli Television.” Arutz Sheva 7. November 30, 2016.
http://www.israelnationalnews.com/News/News.aspx/221025; AFP. “Israeli TV Hacked with ‘Divine Retribution’
Message.” The Times of Israel. November 30, 2016. http://www.timesofisrael.com/israeli-tv-hacked-with-divine-
retribution-message/ 711 Tabansky, “Cybercrime: A National Security Issue?”
196
ability to continue to trade or provide services to customers. A cyber-attack could take the
bank entirely off-line, or cripple the entire financial network, which would be a far more
devastating outcome. Currently, most non-state actors lack the ability to launch such
widespread damaging attacks, but the tools they are already using can disrupt daily life, deny
the ability to use needed services, and gain access to sensitive data and information.712 As
hackers improve their abilities it becomes increasingly likely that they will be able to launch
a successful attack on power grids, water systems, refineries, pipelines, emergency response
systems, or transportation networks.713 If successful, such an attack could be as devastating
to day-to-day life as a physical strike.714 All of these dangers are heightened by the increasing
use of vulnerable information and communications technology.715
Israel is facing increasingly dangerous non-state actors. The Syrian Electronic Army
has launched many sophisticated attacks on Israeli infrastructure, particularly during the
conflict in Gaza in 2014.716 The attacks on Israel during the 2014 conflict were the most
advanced Israel has faced, were massive in the number of targets attacked, and selected far
more difficult targets than in the past. Systems ranging from financial, to private businesses,
to websites of political parties, to private citizens, to governmental and military networks
were targeted. Private information of some Israeli government employees was posted on-
line. While most of these attacks were DDoS and website defacements,717 some of the
websites that were taken off-line or defaced were fairly well defended, which required more
712 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 8, 17-18. 713 Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on
Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response,” p. 2, 12, 39;
Clarke and Knake, Cyber War, p. 31. 714 Nye, The Future of Power, p. 212. 715 Herr, “PrEP,” p. 8. 716 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 717 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.”
197
sophisticated techniques from the non-state actors. Many of the successful attacks in all of
these incidents exploited known vulnerabilities, meaning that systems did not receive
adequate or timely software updates, or that password or login information was
compromised. If the attackers were able to obtain passwords, it opens the possibility that
the passwords could be used to penetrate more sensitive systems as well. The groups
involved were well known, including Hamas, Hezbollah, and Anonymous. What was
particularly striking about the attacks in 2014 was that they appeared to have taken months,
or even years, to prepare, and that the attackers were waiting for the right moment to
strike.718 This is a highly worrying trend for Israel.
Non-state actors are not likely to decrease their efforts to attack nations in cyber-
space. When there is conflict between a stronger a weaker power, the weaker power will
seek an advantage in any arena it can. Non-state actors cannot match the military power of
capable state actors, and thus many have turned to cyber-space as an alternative realm to
damage states. In Israel’s case, groups like Hamas cannot hope to defeat Israel militarily. As
a result, they have attempted to use cyber-space to help level the playing field.719 Despite
this, overall, non-state actor attacks against Israel have not succeeded in creating any
devastating incidents; but the potential is growing, and there still have been important
successes.720
718 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 167. 719 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170. 720 Moore, “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.”
198
Israel’s Response Thus Far:
Israeli defenses have generally held against cyber-attacks, including the over 44
million attacks they faced in 2014’s conflict with Hamas alone. The danger of such attacks,
however, should not be dismissed.721 Israel’s success stems from the resources and energy
it has put into defeating these threats, not due to the lack of danger these actors pose. Israel
has attached great importance to the cyber-realm. Prime Minister Benjamin Netanyahu has
stated that cyberattacks are “one of the four main threats to Israel.”722 The importance Israel
places on cyber-space is also made clear in the 2015 IDF Strategy manual, which identifies
the cyber-realm as one of the dimensions Israel must be prepared to fight in.723 Israel has
created organizations, strategies, and new technologies in order to address threats in cyber-
space. Non-state actors have been specifically identified as a danger Israel must focus on,
with former Prime Minister and Defense Minister Ehud Barak stating, for example, that
“cyber warfare has taken asymmetric warfare to a new height, allowing a lone hacker to
cause major damage.”724
Governmental/Organizational Level – Israel has established specialized agencies to
handle the dangers and opportunities cyber-space creates. One is the National Cyber Bureau
(NCB), which is responsible for regulating cyber-space, as well as helping to promote and
facilitate coordination between the government and private groups (such as universities and
721 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-171. 722 Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz.
September 21, 2014. http://www.haaretz.com/news/national/1.616990 723 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces. August 2015.
http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf 724 Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post. June 6, 2012.
http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader
199
businesses) with the goal of more effectively pooling resources and information.725 The NCB
publishes warnings and reports as needed on emerging threats, including threats from non-
state actors.726 A second agency is the National Cyber-Security Authority (NCSA), which is a
subordinate body to the NCB. This is an operational authority with the duty to enhance
cyber-defense for the non-military sectors of the government,727 and expand “the state’s
capabilities to secure critical infrastructure systems against cyber-terrorism, carried out
both by foreign nations and by terrorist groups.”728 Within the NCSA, Israel has created a
Computer Emergency Response Team (CERT), in line with CERTs in other nations,729 that
offers assistance to government agencies and Israeli companies regarding preventing,
defending against, and recovering from cyber-attacks. As part of this work the CERT will
create guidelines and recommendations for how private citizens and companies, as well as
government agencies, can improve their cyber-defenses.730 The IDF has its own cyber-
defense units as well, mainly housed in the C4I Corps. The Shin Bet (ISA) focuses on the
protection of critical infrastructure and enhancing information security by working to help
private internet providers bolster their security. Israel’s Telecom Authority, located in the
725 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic
Affairs. Vol. 5, No. 1. 2013, p. 30-32; Israel Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber
Security.” Address to the Seoul Conference on Cyberspace 2013. October 16, 2013 726 National Cyber Bureau. “Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime
Minister. 2014.
http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Even and
Siman-Tov, “Cyber Warfare;” Ben-David, “Playing Defense;” Efrati, Rami and Lior Yafe. “The Challenges and
Opportunities of National Cyber Defense.” Israel Defense. August 11, 2012.
http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; Israel Ministry of Foreign Affairs, “Deputy
FM Elkin;” Baram, “The Effect of Cyberwar Technologies on Force Buildup,” p. 30-32; Cohen, Freilich, and
Siboni, “Israel and Cyberspace;” Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber
Bureau Case Study.” North Carolina Journal of Law and Technology. Vol. 16, No. 3. 2015. 727 Ben-David, “Playing Defense;” Efrati and Yafe, “The Challenges and Opportunities of National Cyber Defense.” 728 Even and Siman-Tov, “Cyber Warfare,” p. 79. 729 Morgus, Robert, Isabel Skierka, Mirko Hohmann, and Tim Maurer. “National CSIRTs and Their Role in
Computer Security Incident Response.” Global Public Policy Institute and New America. 2015. 730 Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post. February 5, 2013.
http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders
200
Prime Minister’s office, oversees efforts to protect Israel’s civil ministries and government
networks and machines.731 Financial and banking networks are the responsibility of the
Bank of Israel, which requires banks to develop plans for preventing successful cyber-attacks
and for how to deal with attacks that do succeed.732 Israel has also empowered the Ministry
of Defense to help protect the defense industry from attacks. Part of the remit for all of these
organizations is to guard against cyber-attacks from non-state actors.733
The goal in creating these agencies has been described with a medical metaphor. It is
to immunize organizations and individuals though the development of improved practices
and standards that all critical systems should be expected to implement. The idea is that
Israel wants to help governmental and non-governmental organizations improve their
defenses against intrusions, with the goal being that in virtually every case the non-
governmental organizations will be able to deal with the threats themselves. This will in
turn reduce the dangers to the state from attacks on poorly defended interconnected
networks. This is a potentially inexpensive way Israel is trying to boost its cyber-security.
Israel has made clear as well that if an attack on a private sector actor is particularly massive,
731 Prime Minister's Office. "Moving the ICT from the Finance Ministry to the Prime Minister's Office." Prime
Minister's Office (Hebrew). 2014. http://www.pmo.gov.il/Secretary/GovDecisions/2014/Pages/dec2099.aspx 732 Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva. February 17, 2012.
http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU; Aizescu, Sivan. “Israeli Banks Seek
to Set up Joint Cybersecurity Center.” Haaretz. May 26, 2014. http://www.haaretz.com/business/.premium-
1.592767; Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business
Directive—361—Israeli Government. 2015.
http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegu
lations/361_et.pdf 733 Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews. December 12, 2012.
http://www.ynetnews.com/articles/0,7340,L-4322499,00.html; Dvorin, Tova. “Secret Shin Bet Unit at the Front
Lines of Israel’s Cyber-War.” Arutz Sheva. April 25, 2014.
http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU; Katz, Yaakov. “Security and
Defense: Israel’s Cyber Ambiguity.” Jerusalem Post. May 31, 2012. http://www.jpost.com/Features/Front-
Lines/Security-and-Defense-Israels-Cyber-Ambiguity; Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber
Warfare.” Jerusalem Post. March 22, 2013. http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-
307367
201
widespread, or difficult to defend against, the government will step in to help address the
situation.734
The goal of these programs is ideally to ensure that every computer in Israel is
properly defended, but this is, of course, not really possible. Thus, a focus in Israel has been
on defending critical infrastructure. Such facilities receive additional protection and
attention from the government to help them boost cyber-defenses and respond to incidents.
The criteria Israel uses to select critical infrastructure organizations includes the likely
number of people injured in a successful attack; the severity of the economic damage caused;
and the impact on Israeli morale. It includes some hospitals, heavy industrial plants, energy
companies, communications networks, banking systems, and transportation companies.735
These types of targets, as noted above, are ones that are frequently hit by non-state actors.
These agencies have also been working together to run drills and simulations of
massive attacks by state and non-state actors in order to improve their ability to defend
against them. For example, in 2015, Israel’s annual home front defense drill, Turning Point,
was used in part to simulate a cyber-attack that crippled electrical and telephone grids.736
This is a useful exercise in order to help determine where defenses are weakest and what
areas Israel needs to improve in. It has additionally been reported that the ISA has created
a unit that attempts to launch exploratory attacks on critical networks in both the public and
private sectors in Israel to uncover and address potential vulnerabilities.737
734 Segal, Adam. “The Middle East’s Quietly Rising Cyber Super Power.” Defense One. January 27, 2016.
http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-
power/125472/#.Vq1gjEdsNqE.mailto 735 Ben-David, “Playing Defense;” Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.” 736 Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015.
http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ 737 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Dvorin, “Secret Shin Bet Unit at the Front
Lines of Israel’s Cyber-War.”
202
Defensive Level – The IDF has taken notice of the danger that non-state actors pose
to Israel. While he was Commander of the Mamram (the IDF’s Center of Computer and
Information Systems), Col. H. commented on the danger, noting that the growing abilities of
non-state actors has led the IDF to be concerned about the dangers from both state
sponsored non-state actors as well as those acting without a state sponsor.738 Israel is
concerned that enemies will be able to use cyber-attacks to harm Israel’s ability to defend
itself against simultaneous physical attacks. Almost every major IDF weapon, including
submarines, missiles, aircraft, and radar systems, contains components that could be
attacked in cyber-space.739 The IDF is working to boost defenses to ensure that attackers
cannot take control or disable the weapons. More than that, however, the IDF has expressed
serious concern that cyber-attacks could be used to take control of military communications
networks, particularly during times of hostilities.740 In response, the IDF has stressed
“thwarting and disrupting enemy projects which may aim to target the Israeli military and
government,” as well as developing tools and strategies to defend communication and
weapons systems.741 In response to the hack of Israeli drones, for example, the IDF has
greatly strengthened its encryption methods regarding communications to reduce this type
of risk.742
Yuval Diskin, the former head of the ISA, has stated that Israel must work to defend
not only networks, but also individual computers and all communications entering the
738 Zitun, “The IDF Prepares for Cyber-Battles.” 739 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post. May 11, 2013.
http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 740 Katz, “Security and Defense;” Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5,
2012. http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator 741 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews. June 4, 2012.
http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 742 Ben-Yishai, “IDF’s Cyber Defense Easily Breached.”
203
country due to the interconnected nature of cyber-space. Outside of the IDF, the NCB and
NCSA have helped deal with numerous threats to the private sector, including the
aforementioned attacks on Israeli hospitals in 2017.743 Building defenses for all systems
requires developing ways to identify potential attackers in order to prevent them from
acting, and is a critical component of Israeli’s defensive efforts.744 The value of this type of
intelligence can be seen regarding #OpIsrael. Anonymous creates a list of targets prior to
launching the attacks, having that information would make it easy for Israel to boost
defenses at the targets. Israel has additionally stated that if an attack causes damage, it has
the right to employ self-defense, including in response to attacks by non-state actors.745
Israel has invested a great deal of money and resources into creating and improving
its technology across a wide range of abilities. Central to this effort are perimeter defenses
and active defenses. In regards to perimeter defenses, Israel has built a range of tools,
including firewalls, intrusion detection systems, the rerouting of attacks to dummy sites,
virtual private network (VPN) servers, and application proxies.746 Such tools are particularly
valuable against the types of less sophisticated attacks that non-state actors tend to launch.
These strategies fit with the general Israeli Defense Force cyber-strategy of “thwarting and
disrupting enemy projects which may aim to target the Israeli military and government.”747
Israel has also been working with private companies that to protect communications to
boost their defenses.748 Active defenses can be highly useful tools for nations looking to
743 Tech2, “Israel Thwarts Major Cyberattack on Hospitals.” 744 Ben-David, “Playing Defense.” 745 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare;’” Blank, Laurie R. “International Law and Cyber
Threats from Non-State Actors.” International Law Studies. Vol 89. 2013. 746 Applegate, “The Principle of Maneuver in Cyber Operations.” 747 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare.’” 748 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.”
204
prevent cyber-attacks.749 To this end, Israel has identified the Internet Service Providers
(ISP) that are the ones more likely to be used to host an attack, and cyber-defenders in Israel
have been given wide latitude to block traffic from those ISPs. They are given the freedom
to do so even before it is clear there is an attack taking place or before it is clear the ISP in
question is the source of the attack.750 Active defenses can be boosted by gathering
intelligence to use to tailor particular tools to particular threats.751
Offensive Level – Israel has not stuck solely to defense, however. The IDF has stated
that it is prepared to use cyber-weapons whenever it feels they are needed.752 It is not clear,
however, what the nature of those weapons are, and it is also unclear what conditions would
lead to Israel launching them. Israel has pointedly neither confirmed nor denied previous
accusations that it launched cyber-attacks, likely because it lessens the chances of a reprisal
(particularly true given, as previously mentioned, that it is difficult to attribute cyber-
attacks).753 Unit 8200 is the agency that oversees much of Israel’s offensive cyber-weapons
development, though ISA has also developed weapons.754 It is known as well that the ISA
749 Even and Siman-Tov, “Cyber Warfare,” p. 19; Sklerov, Matthew J. “Responding to International Cyber Attacks
as Acts of War.” In Inside Cyber Warfare, edited by Jeffery Carr, p. 45–76. (Cambridge: O’Reilly, 2012), p. 195. 750 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.” 751 Lynn, “Defending a New Domain.” 752 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare;’” Blank, “International Law and Cyber Threats from
Non-State Actors.” 753 Libicki, Cyberdeterrence and Cyberwar, p. 19; Egozi, Arie. “The Secret Cyber War.” Military Technology. Vol.
35. 2011, p. 6; Even and Siman-Tov, “Cyber Warfare,” p. 19; Carr, Inside Cyber Warfare, p. 252; Fulghum, David.
“Bombing Iran.” Aviation Week and Space Technology. Vol. 174. 2012, p. 29; Katz, “Security and Defense;”
Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications
for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and General Staff
College, Fort Leavenworth, KS: US Army Command and General Staff College, May 23, 2013, p. 3. 754 Ben-David, “Playing Defense;” Katz, “Security and Defense.”
205
has attempted to improve its ability to extract intelligence information from state and non-
state actor computer networks and social media sites.755
Israel appears to be trying to build deterrence by signaling to non-state attackers that
their chances of success are very limited, and whether or not they succeed, they may face
retribution.756 Israel, as in other asymmetrical domains, expects that deterrence will fail
periodically, so Israel expects the need to deal repeated punishments over time.757 Proxies
appear to play a major role in these efforts, as it is unclear what, if any, counter-attacks have
been launched directly by the state. Patriotic hackers backing Israel appear to be the ones
that have been responsible for most attacks on non-state actors targeting Israel.758 During
the 2012 conflict with Hamas, a group of students in Israel created a botnet under the name
“Help Israel Win” to launch counter-attacks on anti-Israel groups launching cyber-attacks.
The botnet was entirely voluntary and people had to download a tool to join.759 The waves
of cyber-attacks targeting Israel during the 2014 Gaza campaign, also appear to have
provoked a counter-offensive.760 Several websites that were used to organize anti-Israel
attacks were defaced, and many networks used to launch attacks on Israel were taken off-
line. Pro-Israel hackers also appear to have managed to obtain and post personal
information of hacker’s attacking Israel.761 Further, Israeli hackers appear to have leaked
information from the Palestinian Population Registry, including information on roughly 700
755 Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014.
http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look 756 Bob, “Rule of Law: Obama, Israel and Cyber Warfare.” 757 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 14. 758 Valeriano and Maness, “Persistent Enemies and Cyberwar,” p. 146. 759 Rid, Thomas. Cyber War Will Not Take Place (London: C. Hurst and Co, 2013) 760 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 168. 761 Ghermezian, Shiryn. “Israeli Hackers Strike Back at Anonymous OpIsrael, Expose Participants with Their Own
Webcams (PHOTOS).” Algemeiner. April 10, 2014. http://www.algemeiner.com/2014/04/10/israeli-hackers-strike-
back-at-anonymous-opisrael-expose-participants-with-their-own-webcams-photos/#
206
Palestinian Authority employees.762 Israel and pro-Israel hackers have also been accused by
the Boycott, Divest, Sanction (BDS) campaign of launching attacks against websites
supporting BDS, knocking six of them temporarily off-line in 2016.763 There is no actual
evidence, however, to suggest that the Israeli government was behind any of these attacks
or was aware of them beforehand.
Counter-attacks have also occurred in relation to #OpIsrael. One of the more
successful of the patriotic hacker groups, the Israeli Elite Force, arose in 2013 as a response
to #OpIsrael. Israel Elite Force has launched numerous counter-attacks on Anonymous
members participating in #OpIsrael, including allegedly posting screenshots of the
Anonymous hackers themselves.764 Many other groups and individuals have joined this
effort as well. In 2017, for instance, pro-Israel hackers overran chats set up to help
coordinate attacks leading many rooms to be abandoned.765 Further, each year #OpIsrael
campaigns offer free DDoS tools to all participants. In 2017, an unknown group, possible
either the Israeli government or patriotic hackers, set up their own DDoS distribution
system. It was designed to look like one set up by the Anonymous faction, but instead the
file the users downloaded was malware that would allow the group to spy on the potential
attacker’s computer.766
762 Abu Amer, Adnan. “Hamas’ Cyber Battalions Take on Israel.” Al-Monitor. July 29, 2015. http://www.al-
monitor.com/pulse/originals/2015/07/palestine-israel-internet-cyber-war-hacking.html#ixzz4Fd6XrhvZ 763 Eichner, Itamar. “BDS: Israel Responsible for Cyber Attacks.” YNetNews. June 5, 2016.
http://www.ynetnews.com/articles/0,7340,L-4812027,00.html; BDS. “Attacks on BDS Websites Smack of Israel’s
Despair at its Growing Isolation.” BDS Movement. June 2, 2016. https://bdsmovement.net/news/attacks-bds-
websites-smack-israel%E2%80%99s-despair-its-growing-isolation 764 Shamah, David. “Israeli Group Posts Photos of Not-So-Anonymous Hackers.” The Times of Israel. April 13,
2014. http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/#ixzz2z9SQBC80 765 Smith, “OpIsrael.” 766 Digital Shadows. “OpIsrael Hacktivists Targeted by Unknown Threat Actor.” Digital Shadows. March 30, 2017.
https://www.digitalshadows.com/blog-and-research/opisrael-hacktivists-targeted-by-unknown-threat-actor/;
AnonWatcher. “Beware: Israeli Malware Trojan Trap Set to Bait #OpIsrael Anonymous Campaigners.”
207
Whatever the level of direct state involvement might be, Israel appears to be
supportive of such counter-attacks. The Israeli government and private companies, for
instance, have begun working together to host a hackathon/competition under the name
Cyber (K)night. The goal is to bring pro-Israel hackers and organizations together to have
them compete to see which team can best prevent and mitigate a simulated catastrophic and
wide-ranging cyber-attack, as well as develop ways to counter-attack.767 The 2017 event
was held on the same day that factions of Anonymous launched their yearly #OpIsrael
attacks.
Research and Development – Israel has a booming private sector for companies
dealing with cyber-security.768 There are as many start-up companies and research and
development centers run by multilateral corporations in Israel as there are in the entire rest
of the world excluding the US.769 There is good cooperation between the private and military
sectors, the most prominent example of which is the Advanced Technology Park (ATP) at
Ben-Gurion University in Beer Sheba. The ATP provides a large complex of three buildings
where government officials, academics, companies, and the IDF work together on cyber-
projects, including sharing data and assisting one another with resources, ideas, and
personnel.770 Further the largest US technology companies have offices in Israel. This
Anonhq.com. April 6, 2017. http://anonhq.com/beware-israeli-malware-trojan-trap-set-to-bait-opisrael-anonymous-
campaigners/ 767 “CyberKnight,” 2016. http://cyberknight.co.il/; “CyberKnight.” “Israel: Knights of the Cyber Table.” i-HLS.
June 20, 2014. http://i-hls.com/2014/06/israel-knights-cyber-table/ 768 See chapter 2 for more detailed discussion 769 Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya,
Israel. June 9, 2014; Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High
Tech.” The Marker (Hebrew). September 14, 2014. http://www.themarker.com/technation/1.2432479 770 Even and Siman-Tov, “Cyber Warfare,” p. 22; Institute for National Security Studies, and the Cyber Security
Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Levi, Ram. “The Fifth Fighting Space.” Israel
Defense. December 16, 2011. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706; Hiner, Jason.
208
includes Microsoft, Apple, Cisco, IBM, and Google.771 In Israel there are additionally roughly
300 start-up companies dealing with cyber-space as well as around 20 research and
development centers set up by multinational corporations. These numbers are roughly
equal to the total number of companies in this field worldwide, excluding the US.772 Israel
has also invested heavily in promoting research and development through the NCB, which
has provided money and grants to companies working in cyber-space. This is in addition to
research and development work done directly by the government and IDF. Cooperation
between the private sector, the military, and universities has been a major factor in Israel’s
ability to develop the sophisticated offensive and defensive capabilities that are used to
target non-state actors.
Training and Human Resources – Israel has also invested heavily in improving
training on many levels.773 The IDF has created a year-long training program that teaches
soldiers how to prevent and detect attacks.774 It has also worked with the defense industry
to develop “cyber-simulators” that are being used to train military personnel how to defend
critical assets and networks.775 Further, in 2012, Israel started a program that aims to
identify students who demonstrate exceptional computer skills between the ages of 16 and
18 and offer them the chance to attend one of the IDF’s technical high schools, with the
“How Israel is Rewriting the Future of Cybersecurity and Creating the Next Silicon Valley.” Tech Republic. 2013.
http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-
silicon-valley/# 771 Eisenstadt and Pollack, “Asset Test,” p. xiii, 32. 772 Steinherz, “Israeli Innovation in Cyber-Technology;” Ziv, “Theft, Business Espionage, and War.” 773 See chapter 2 for more detailed discussion 774 Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013.
http://haaretz.ubik.net/news/politics/1.1902961; Katz, “Security and Defense.” 775 Israel Ministry of Foreign Affairs, “Deputy FM Elkin;” Katz, “Elbit Unveils New Cyber War Simulator.”
209
students then serving in an IDF cyber-unit upon graduation.776 Israel has also aimed to
increase the number of students enrolled in high school computer science classes, and
colleges and universities have created or expanded such programs as well.777 Along these
lines, Israel has roughly 1,000 computer science teachers in its primary schools, which
makes it a world leader in that regard.778 These programs have helped develop the talented
personnel Israel currently employs defending against cyber-attacks. Israel has additionally
been working with colleges and universities to offer training to government employees on
enhancing their “cyber-hygiene” (such as keeping passwords secret, keeping computers up
to date, and not posting private information on-line).779 This type of training is highly
valuable since these mistakes are often how non-state actors gain access to systems.
It is unclear whether Israel’s efforts are working. This year’s #OpIsrael might suggest
some level of success. The event had far fewer participants that usual, meaning that the DDoS
attacks lacked adequate numbers to cause any remotely significant outages. The cyber-
weapons Anonymous offered were also frequently outdated with attack vectors requiring
vulnerabilities that had been patched as early as 2012.780 These factors suggest many of the
more technologically advanced members of Anonymous who had participated in the
planning or execution of this event in the past did not do so this year. While it is not known
776 Jerusalem Post. “Netanyahu: We’re Building a Digital Iron Dome.” Jerusalem Post. January 1, 2013.
http://www.jpost.com/Diplomacy-and-Politics/Netanyahu-Were-buildinga-digital-Iron-Dome; Silverstein, Richard.
“IDF to Double Unit 8200 Cyber War Manpower.” Richardsilverstein.com. October 23, 2012.
http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/ 777 Levi, Ram. “The Fifth Fighting Space;” United Press International. “Unit 8200 and Israel’s High-tech Whiz
Kids.” June 4, 2012. http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-
tech-whiz-kids/UPI-43661338833765/ 778 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. 779 United Press International, “Unit 8200 and Israel’s High-tech Whiz Kids.” 780 Smith, “OpIsrael.”
210
why, it does suggest that Israeli efforts on defense and offense convinced many attackers
from previous years not to participate.
On the other hand, Israeli defensive and offensive actions have generally been fairly
limited. Members of groups like Anonymous might be able to be deterred, but it is highly
doubtful that groups as invested as Hamas or Hezbollah in attacking Israel will abandon their
efforts; they have not done so in the physical realm, it is not clear why they would in cyber-
space where the costs to them have been lower. Overall, Israel has not been able to create
any particularly noticeable deterrence against non-state actors. This is evident from the
sheer number of attacks Israel faces on a daily basis. Overall, however, there is no question
that Israel has been able to prevent catastrophic attacks despite a barrage of efforts to cause
them, which is an indication of success in and of itself.
Policy Recommendations:
This section provides recommendations regarding how to improve defenses against
non-state actors. It will begin by offering suggestions based on the Israeli experience that
other nations could benefit from. Recommendations will then be presented for how Israel
can further improve its ability to handle non-state actors, these suggestions will also be
useful for other nations. Importantly, in cyber-space many strategies that apply to non-state
actors will be effective against attacks by states, and vice-versa. This fact further enhances
the value of these recommendations.
Lessons from Israel – Part of the reason Israel has been successful in defending
against cyber-attacks by non-state actors is the way in which Israel has structured its
211
agencies. Each agency has specific networks it is responsible to defend. This allows each of
the agencies to tailor their responses to the types of threats they will face, which can create
more precise solutions as well as foster focused innovation. The creation of the NCB has also
been valuable for Israel, as it has enhanced ties between private entities and the government,
which has improved Israel’s ability to create innovative tools and strategies. Other nations
looking to emulate such a system will of course need to vary the types of agencies and their
responsibilities to fit their national needs. States should at least consider creating agencies
similar to Israel’s in which a specific agency will be responsible for governmental systems,
another for military, one for critical infrastructure, and one that assists the private sector.
Creating new agencies always has difficulties and turf wars associated with it, and Israel
experienced these, but in the end, this is a fairly inexpensive step that nations can take to
help defend against cyber-attacks from any source. Israel’s decision to specifically instruct
agencies with cyber-capabilities to address non-state actors in addition to state actors
appears to have been valuable. This emphasis allows Israel to develop strategies and tools
that are focused on, and tailored to, dealing with these specific types of threats.
In the battle against non-state actors, technology is your enemy, but it is also your
friend. Many of the attacks non-state actors launch, such as DDoS, are fairly unsophisticated
and Israel has worked to address them with improved technological means. Improving the
ability to monitor networks for anomalies is valuable as it makes it easier to determine if an
attack is just getting underway and makes it easier to identify one before it starts.781 Known
exfiltration websites can also be blocked, making it more difficult for attackers looking to
781 Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare (pp. 179-190)
(Cambridge, UK: O’Reilly 2012), p. 188.
212
steal data to succeed in doing so.782 Similarly, monitoring outbound traffic from the network
for unexpected occurrences or anomalies can provide warning of a problem.783 Improved
end-point protections, such as anti-virus software, firewalls, and malware payload blocking
technology are all valuable tools to help prevent successful attacks of the types non-state
actors primarily use. The most critical systems can also be kept off the internet and instead
use their own separate network.784 While this is far from impenetrable or ideal, it can
decrease dangers. Technology can also be useful in defending against attacks by allowing
the defender to disperse information, and even the system itself, across multiple computers
and systems so that attackers must hit multiple sites and targets to gain access.785
Encryption is also key, as strong encryption can be highly difficult to break.786 These
technological systems and tools are particularly valuable against non-state actor attacks as
they are well suited to address the types of attacks non-state actors launch.
To stay ahead of the improving capabilities of non-state actors, states must invest in
research and development. Threats are constantly evolving, requiring new technology, new
patches, and new ways of evaluating the dangers. Countries must be willing to invest the
time, energy, and money into staying one-step ahead of non-state actors. When states invest
in research and development they can maintain an advantage over non-state actors. States
have greater resources, so their capabilities will end up being superior virtually every time.
782 Radichel, “Case Study,” p. 16. 783 Radichel, “Case Study,” p. 23. 784 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 13. 785 For more on the technical aspects of this issue, please see: Fahrenkrug, David T. “Countering the Offensive
Advantage in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds.
C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012, p. 201; Applegate,
“The Principle of Maneuver in Cyber Operations.” 786 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace,” p. 197, 202.
213
The black market technology will not be able to keep up with these new advances.787 To this
end, Israel’s decision to heavily invest resources, both financial and human, into training and
research regarding cyber-space has been a critical. It is how Israel has developed the
personnel that have been able to create the strategies and technologies to successfully to
deal with non-state actor attacks.
Where Israel Can Further Improve – Israel has taken a range of steps, as shown above,
to address non-state actor threats, but there is more that Israel can do to improve. The
private sector remains a significant weakness in Israel’s cyber-defenses.788 Israel has stated
that it believes it is the responsibility of both the government and the private sector to secure
private networks against attacks and cyber-crime, but Israel has not yet done enough to
ensure they boost their defenses.789 Israel can take steps to establish guidelines, rules, and
regulations for what private sector actors must do to defend their networks.790 The NCB
appears to be well suited to take on such efforts and discuss with the private sector exactly
what would be reasonable and how the state can help in these efforts.791
In 2012, Israel established a 60 person task-force within the police to investigate and
stop cyber-crime.792 This effort should be expanded. First, the remit should grow and
include investigations into all cyber-attacks and the threats posed by all non-state actors.
787 Tabansky, “Cybercrime: A National Security Issue?” p. 71. 788 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 26. 789 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,
2015, p. 7, 36. 790 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 26. 791 Prime Minister’s Media Adviser. “Cabinet Approves Establishment of National Cyber Authority.” Israel Ministry
of Foreign Affairs. February 15, 2015. http://mfa.gov.il/MFA/PressRoom/2015/Pages/Cabinet-approves-
establishment-of-National-Cyber-Authority-15-Feb-2015.aspx 792 Shemer, Nadav. “Israel Police to Tackle Cyber Crime with New Unit,” The Jerusalem Post. November 13, 2012.
214
Second, more national security agencies should become involved. Third, the task-force
should also attempt to build cooperation with foreign nations on this issue.793
A simple step that can help to reduce vulnerabilities to non-state actor attacks is to
improve “cyber-hygiene.” Security vulnerabilities often arise from mistakes individuals
make.794 Many cyber-attacks on Israel, including some of the ones mentioned above, are
believed to have started due to human error.795 In the 2014 conflict in Gaza, for example,
hackers often gained access to networks through computer programs that were not updated,
by cracking weak passwords, or when employees clicked the wrong link or responding to a
forged email. There are steps that governments can take to address these issues. Israel can
make it mandatory for all government personnel with access to computer systems to attend
university courses regarding cyber-security mentioned above. Ensuring employees at
critical infrastructure facilities receive proper training on how not to fall victim to such
scams is also well worthwhile. Private organizations that work with the government and are
connected to its networks and services could also be required to develop better account
management policies and to ensure that their employees receive training equivalent to what
Israeli government employees are offered. Israel could also come to an agreement with such
companies to require all software and hardware be subject automatic updates when they are
released.796 Taking these steps should be fairly inexpensive. Human error will always exist.
793 Tabansky, “Cybercrime: A National Security Issue?” 794 Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124##, p. 6, 8. 795 Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014.
http://www.haaretz.com/news/world/.premium-1.633845 796 Mueller, Schmidt; and Kuerbis, “Internet Security and Networked Governance in International Relations;” Lynn,
“Defending a New Domain;” GReAT and Naor, “ATMZombie.”
215
Decreasing the odds such mistakes occur, however, will be a valuable step in reducing the
risk of cyber-attacks, particularly from non-state actors who rely on such vulnerabilities.
Israel should seek to deepen its cooperation with nations it already works with and
look to expand the number of nations with which it cooperates on cyber-security issues. The
more nations that Israel works with, the greater the chance that one of them will be able to
provide intelligence information that can prevent an attack or respond to one once it is
underway.797 Specifically in regards to non-state actors, strong cooperation with intelligence
and law enforcement agencies in other nations can make it easier for Israel to discover who
was behind an attack and make them pay a price.798 Tighter cooperation should also make
it easier to threaten non-state actors’ interests by creating a heightened expectation of
retribution, such as being forced to pay damages, being shut-down, or even being jailed.
Today, this expectation is quite limited, thereby emboldening organizations and individuals
to conduct cyber-attacks. The higher the level of cooperation, the more successful such
efforts will be.799 Improving working relationships with private cyber-security firms can
help with attribution and defenses as well.800
An additional possibility that Israel should consider in order to deal with non-state
actors is to attempt to isolate them from the resources and broader community of hackers
they rely on in order to improve their knowledge base and coordinate actions. These market
places and discussion groups, as described above, have become critical to the ability of non-
state actors to launch attacks. To do this, Israel could attempt to disrupt internet connections
797 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber
Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-
trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34 798 Lynn, “Defending a New Domain.” 799 Lin, “Offensive Cyber Operations,” p. 78. 800 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 68.
216
and service to individuals or groups planning or launching attacks. Israel can also share
information on dark web message boards regarding the hacker that the broader community
might not approve of.801 An additional possibility is to target and take down a non-state
actor’s websites, or go after their finances.802 The idea is to expose these groups in the hope
that it will lead others to shun them. It has the added benefit that once these individuals and
groups are made public, they will be known to law enforcement around the world, which
may further restrict their freedom of action. Such an action could also boost deterrence as it
heightens the potential that attackers will face retribution for their actions.
Intelligence gathering is also critical to addressing the threat from non-state actors.
This can be done many ways, including on-line by reading chat rooms, posing as a member
of the non-state actor group, intercepting communications, and many other tactics.803
Intelligence conducted in the physical world, however, is just as necessary, as not everything
important is said on-line. Israel must rely not only, as it appears to increasingly be doing, on
cyber-intelligence gathering, but on traditional intelligence tools as well.804 Relatedly, Israel
can try to convince some hackers to serve as informants to spy on these groups, or they can
try to penetrate the groups by planting agents within them.
Counter-Attacks and Non-State Actors – One important aspect Israel and other states
must consider carefully is the idea of directly counter-attacking or preemptively attacking
non-state actors in cyberspace. States should be very careful in launching such operations,
801 Applegate, “The Principle of Maneuver in Cyber Operations.” 802 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.” 803 Microsoft. “Impersonation.” Microsoft Tech Net. http://technet.microsoft.com/en-us/library/cc961980.aspx 804 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014.
http://www.haaretz.com/opinion/.premium-1.602413#
217
however, as there are substantial drawbacks. One issue is that, as with Stuxnet, once
uncovered, non-state actors can use the code used against them to improve their own
abilities. Further, once code is launched it may spread beyond the computer or network
initially targeted, creating unnecessary and unintended collateral damage. If a mistake in
attribution is made and the counter-attack hits the wrong target, it could create additional
problems.805 In fact, attacks are often intentionally routed through nations, companies,
servers, and computers that are not directly involved. This is done to hide attribution and
also sometimes in an effort to create confusion and an international incident.806 Similarly,
as noted, simply because a computer is taking part in an attack does not mean the owner is
aware of that.807 Thus, attacking that computer could destroy the equipment of an innocent
person and would certainly be a violation of international law and norms. It is also not a
settled question regarding when states are permitted to use counter-attacks or engage in
self-defense under international law against non-state actors.808 Counter-attacks may
therefore end up being a violation in and of themselves. This risk is particularly acute for
Israel, as opponents often attempt to portray it as a violator of international law.809 Thus,
Israel might be wise to avoid actions that could help support such a narrative.
805 Applegate, “The Principle of Maneuver in Cyber Operations.” 806 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 377; Healey, Jason. “When ‘Not My Problem’ Isn’t
Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United
States Issue Brief. 2012, p. 3; Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.”
Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph
Nye and Monica Toft. March 20, 2012, p. 102. 807 Applegate, “The Principle of Maneuver in Cyber Operations.” 808 Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors;” Schmitt, Michael N.
“International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed.” Harvard International Law
Journal. Vol 54. 2012. 809 Cohen, Matthew S. and Charles D. Freilich. “War by Other Means: Modeling the Delegitimization Campaign
against Israel.” Israel Affairs. Vol. 24, No. 1. 2018.
218
Additionally, as discussed, launching most of the types of cyber-attacks non-state
actors employ is fairly cheap, thus destroying their equipment or temporarily blocking
access to websites is not very likely to cause any long-term disruption to such efforts. This
calculation can change, however, if more powerful and expensive equipment can be targeted.
If a more capable non-state actor, such as Hezbollah or the Syrian Electronic Army, is
preparing or launching a sophisticated attack, a counter-attack or preemptive strike could
be valuable. Israel already appears to be at least offering tacit support for launching some
counter-attacks, as seen through the Cyber(K)night program.
The Danger of Non-State Actor Propaganda – Arguably, the biggest danger non-state
actors pose to states in the cyber-realm is their use of cyber-space and cyber-attacks as a
propaganda tool. Terror groups in Israel and around the world have used the cyber-realm
mainly as a recruitment tool, often quite effectively.810 The main difference between past
forms of non-state actor propaganda and such efforts in cyber-space is simply that it is easier
to reach a larger number of people now than in the past. Cyberspace is a highly cost effective
realm in which to launch propaganda. This does not, however, much change how states
should respond to it. States must continue to counter such propaganda and work with the
sites hosting such material to remove it whenever possible.
There appears to be growing recognition of this danger, with major social media
companies promising to take action. The US also appears to take this threat seriously, as it
810 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 19-20; Nye, “Cyber Power,” p. 12;
Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 5.
219
has been killing ISIS social media experts.811 Israel is attempting to work with major social
media companies, such as Facebook and Twitter, and is considering legislation making it
easier for the Israeli government to remove material that Israel considers incitement or hate
speech from such sites. In general, Israel, and other nations, should attempt to improve their
cooperation with private companies to deal with incitement and propaganda. Israel’s
outreach to Facebook and Twitter has generally been met positively by the companies and
such efforts should continue.812
This is one arena where cyber-attacks on non-state actors might have an impact.
Israel could deface non-state actor websites with messages and images that aim to portray
the group as weak or ineffective. This might serve as a useful counter-propaganda method.
In the end, propaganda is an old tool, cyber-space is simply a shiny new toy with which to
engage in the same old behavior.
Conclusion:
In cyber-space, the state is still king. Non-state actors, however, are capable of
causing damage, even if not at the level the state can. As Nye states: “A teenage hacker and a
large government can both do considerable damage over the internet, but that does not make
them equally powerful in the cyber domain. Power diffusion is not the same as power
equalization.”813 Non-state actors have some advantages in cyber-space, a key one being
811 Goldman, Adam and Eric Schmitt. “One by One, ISIS Social Media Experts are Killed as Result of F.B.I.
Program.” New York Times. November 24, 2016. http://www.nytimes.com/2016/11/24/world/middleeast/isis-
recruiters-social-media.html?_r=2 812 Legal Portal for Internet, Cyber and Information Technologies. “Israeli Minister of Justice Calls for Cyber
Defense Legislation and Liability on Internet Platform Providers.” Law.Co.Il. June 24, 2016.
http://www.law.co.il/en/m/#/news/9308/ 813 Nye, “Cyber Power,” p. 11.
220
that, so far, very few have faced retribution for their actions.814 Non-state actors have
already shown an ability to knock important websites off line and gain at least a basic level
of access to some government systems and to critical infrastructure networks, and non-state
actors’ abilities are rapidly improving. Attackers are also able to quickly vary their vectors
and signatures faster than defenders can close them.815 Non-state actors can find support
from many sources now, ranging from nations to people with no technical ability who simply
volunteer their machines as part of an attack.816 An attack only needs to succeed or get lucky
one time to cause damage. Even if an attacker cannot penetrate the most sensitive systems
directly, taking down a softer target can create a cascade effect leading to more severe
damage elsewhere. For all these reasons, and more, it seems likely that it is only a matter of
time before non-state actors figure out how to exploit vulnerabilities to launch larger and
potentially more crippling attacks.
Such an outcome can still be prevented, however, if states maintain their edge in
technological ability. Even nations as advanced as Israel can still do more in this regard.
While Israel currently maintains significant superiority over most other cyber-actors, both
state and non-state, there is concern that these other actors will be able to catch up enough
(even if not all the way) to be able to do real damage.817 The more nations can invest in
research and development, the more secure they are likely to be.
This chapter has aimed to offer insights into the threat non-state actors pose in the
cyber-realm and their interactions with Israel. It also offered recommendations as to how
814 Nye, “Cyber Power,” p. 13. 815 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 376. 816 Rid, Cyber War Will Not Take Place. 817 Ben-David, “Playing Defense.”
221
to improve national cyber-defenses against attacks by non-state actors. Israel’s example
provides some clear guidelines regarding steps nations can take to bolster their defenses
against non-state actor cyber-attacks. Non-state actors are growing more sophisticated, and
the threat they pose is growing along with their capabilities. Nations would be wise to pay
careful attention to the dangers of non-state actors in cyber-space and take steps to ensure
no major successful attacks occur and that they do not suffer a “death by a thousand cuts.”
222
6 – Conclusion
Israel faces a barrage of cyber-threats and the dangers continue to grow, as do the
threats facing the world at large. As Israel’s experience has demonstrated, it is possible to
build successful defenses in cyber-space against a range of actors, even if those defenses are
not always perfect. Israel has responded to the new challenges posed in cyber-space by
developing myriad ways to not only defend, but to use it as a platform for promoting its
interests. Its policies and technology have made it a world leader in the field both offensively
and defensively. Israel has been largely successful in mitigating the negative impacts of
cyberattacks to date, but the potential for damage in the future is still great. Israel’s
experience additionally helps to highlight what other nations can do to enhance their ability
to use cyber-space to promote and defend their interests.
This dissertation aimed to provide a clearer understanding of how states behave in
cyber-space though a detailed case-study examination of Israel in cyber-space.
Understanding how countries actually act, and are acted upon, in the real world is critical to
anyone looking to create or enhance security, peace, cooperation, or even offensive abilities
in the cyber-realm. This is a gap this work looks to fill by examining a highly powerful
country in cyber-space that remains largely unstudied. It is the hope of the author that filling
in these missing portions of the picture of behavior in cyber-space will help lead to a more
secure and peaceful world. To that end, this final chapter aims to highlight some of the main
findings that illustrate some of the main issues and how Israel has made effective use of
cyber-space.
223
Research and Development:
Research and development is the backbone of everything else in cyber-space, as
noted throughout the previous chapters. Israel’s investment of financial and human
resources into training programs and research, and its close cooperation with the private
sector in these endeavors is a central reason for Israel’s strength in cyber-space. Israel has
invested heavily in attempts to not only train students in primary schools, but to identify the
most promising and offer incentives for them to join appropriate military units during their
compulsory service and to work for the government thereafter. Citizens in the military also
receive training in an effort to improve the abilities of cyber units. Israel has also engaged
academia to help with trainings and to produce novel cyber tools for private and
governmental use. The government has also been involved helping start-up companies and
funding research. Israel’s efforts in this regard could be emulated where possible by other
nations looking to bolster their cyber capabilities. Israel must continue, and if possible
increase, funding for such programs in order to maintain its edge in cyber-space. The drop
to second place among OECD nations in spending on research and development is a worrying
sign for Israel’s continued strength.
Intelligence Gathering:
Advanced technology and abilities are inherently necessary to be able to create strong
cyber-defenses or engage in offense in cyber-space effectively. Alone, however, they will not
be enough. Intelligence gathering is critical to these efforts. Knowing what adversaries are
planning allows states to build defenses tailored to those threats and makes it possible to
either halt attacks before they occur or hold those responsible accountable after the attack.
224
On offense, cyber-attacks are most effective when they are built to specifically target a
particular network, configuration of hardware or software, or system.818 Stuxnet was able
to cause damage in Iran because of the massive intelligence work that went into determining
exactly how Iran’s systems worked. Intelligence must be gathered in cyber-space, but should
also be collected in the physical world using traditional means. There is much to learn about
cyber-attacks outside of the cyber-realm.819
Range of Actors:
As Israel’s experience has demonstrated, it is possible to successfully defend against
attacks that originate from a wide range of actors. Not all actors are equally dangerous,
however. An important starting point in building cyber-defenses is identifying which
attackers require the greatest attention. This will vary from nation to nation. Some states
will need to worry more about cyber-criminals, others about espionage, others about “death
by a thousand cuts,” still others about crippling attacks aimed at causing physical damage,
others about all of the above and more. Non-state actors are improving their capabilities,
particularly in the wake of the lead of the NSA tools. In the case of the most advanced states,
however, attacks by actors with low capabilities, both state and non-state, pose mainly an
annoyance. For states with advanced capabilities, their focus should instead be on actors
that can launch more sophisticated attacks as existing defenses and tools will generally
already be adequate to handle less advanced attacks.
818 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016. 819 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014.
http://www.haaretz.com/opinion/.premium-1.602413#; Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.”
International Security. Vol. 41, No. 3. 2016/2017, p. 51.
225
Cyber-Offense:
The Israeli experience also shows the world how cyber-weapons can be used as
valuable offensive tools. Israel’s use of cyber-weapons to capture Syrian air defenses is an
example of how nations can use cyber-space to support physical strikes and protect the lives
of soldiers and even civilians. Stuxnet shows that cyber-attacks can be used to create
physical damage and to accomplish military goals that might otherwise be extremely difficult
and dangerous to achieve, and to do it without causing the civilian casualties that would
occur with a kinetic strike. In addition, cyber-attacks can be executed using proxies or
allowing patriotic hackers to operate.820 This allows states to muddy attribution, which can
enable them to escape retribution or attempt to avoid escalation. On the other hand, these
non-state groups are also dangerous to states as they can take actions in support of the state
that states actually oppose. Further, states can and have used them against each other.
Critical Infrastructure:
Protection of critical infrastructure has been a top priority for Israel stretching back
to 2002. Defining what qualifies as critical infrastructure is the first key step, and each
country will do it somewhat differently based on what it values and what its needs are. Most
states will likely end up using similar criteria to what Israel has created, and will include
power, water, hospitals, and some industrial facilities. Establishing agencies to oversee the
protection of critical infrastructure has been valuable for Israel. Israel currently has two
agencies that partially focus on critical infrastructure as part of their duties, Shin Bet and the
820 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 12.
226
NCB. Determining what role the government plays in helping to defend critical
infrastructure will also vary by country. In many nations, critical infrastructure is privately
owned, and in those cases, governments will have different levels of willingness to interfere
with private businesses. Whatever that balance might be, it is clear that protection of critical
infrastructure is a central concern in cyber-space.
Resilience:
Part of why defining critical infrastructure and protecting it is so important is that it
is central to building resilience. Cyber-attacks will eventually succeed in causing damage,
disrupting communications, stealing money or information, blocking access to sites and
services, or causing other problems. Much of that already occurs on a regular basis, one
attack has even already caused physical damage. It is critical that states develop plans for
how to rapidly recover from successful attacks. This is not always difficult, in dealing with
DDoS campaigns, even massive ones, or other access denial actions, resilience can be built
by simply ensuring the state can provide bandwidth to targeted actors, governmental or
private, to handle the additional traffic or by rerouting the attacks to temporary sites
designed to absorb them.821 This will allow the site to quickly come back on-line. More
advanced attacks make building resilience more difficult but it still can be done. These
efforts can include building the ability to operate a system once it is taken off-line, creating
redundant back-up systems, building physical overrides where appropriate, and using
hardware and software created by a range of companies so if one type is attacked another
821 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 11.
227
option is available. Resilience plans should also include ways to deal with any physical
damage that is done by cyber-attacks.
Coordination with Private Sector:
The importance of the private sector in regards to cyber-defense should not be
underestimated. For one, the private sector offers many services that governments can
benefit from. Private security firms create many advanced technologies that governments
can purchase and modify for their needs. In addition, private companies have a strong record
of investigating cyber-attacks, including uncovering attacks as they occur, dissecting cyber-
weapons, and helping to determine attribution. Thus, there is much for governments to gain
from improved cooperation.822 A second reason, as noted in previous chapters, is the
interconnected nature of cyber-space. Much of the hardware and software the government
and military uses is developed in the private sector. Therefore the private sector and
government are vulnerable to many of the same threats. The government and military
generally defend their systems at a higher level than found in the private level, mitigating
some of these dangers for states, but not completely. At the same time, the cyber-systems of
private companies that provide services to the government or military are often directly
linked to the government’s or military’s systems as well. These private networks are often
lack the defensive systems and capabilities the government and military have, making them
easier to attack. As has happened, cyber-attacks on weaker systems can be used to gain
822 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 10.
228
backdoor access to well defended systems.823 State have struggled to figure out how best to
intervene or work with the private sector in this regard.824 Governments could address this
by reaching out to the private sector to create agreements as to minimum levels of defense
that would be required to gain government contracts. There can also be discussion regarding
how the government can best help with this effort. This can be codified though legislation
that regulates how information is protected and shared to encourage the private sector to
play an active role.825
Role of Technology:
The point was stressed repeatedly in this dissertation: technology is not only your
enemy; it can be your friend. Technology is inherently central to defensive and offensive
efforts in cyber-space. Developing the right technology is key. The challenge is that what is
needed is constantly evolving and the range of systems to be protected keeps quickly
growing. Traditional perimeter defenses, including firewalls, access controls, and intrusion
detection and prevention technologies already are proving inadequate to the challenge as
attackers find ways around them.826 Technology needs to be able to deal with threats once
they penetrate defenses. Once discovered, attacks can be diverted to fake ones designed to
contain the attack. Such false sites can even send back false information, thus causing
823 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room. 2014. 824 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent
Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security. Vol. 1, No 1. 2017, p. 86. 825 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016; Elazari, Keren. “How to Survive Cyberwar.” Scientific American. April 2015, p. 69. 826 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow. Cyber Denial,
Deception and Counter Deception. Advances in Information Security, Vol. 63 (New York: Springer 2015), p. 1;
Thycotic Black Hat. “Hacker Survey Executive Report.” Thycotic Black Hat. 2015.
229
confusion for the attacker and hopefully make them question the value of attacking and
convincing them they are wasting their time. In fact, defenders can turn a cyber-attack to
their advantage. Once the attack is discovered and isolated, the defender can learn more
about the cyber-weapon and its intent by watching its behavior in the contained
environment. This information can help determine attribution, can provide insights into
how to prevent similar attacks, and can be used to help gather intelligence on the attacker
and its capabilities.827 The preference, as Israel’s is, should be for quality over quantity.828
While many tools will be needed, there is no point in developing a large number of tools that
do not do very much. Cost is an obvious constraint as well. Resources should be targeted to
build the most effective tools to deal with the most pressing threats.829
Hardware, Software, and the Supply Chain:
The hardware and software that actors, from governments, to militaries, to the
private sector, use are frequently off-the-shelf purchases. Often must of it is designed and
built in foreign nations. This creates enormous risks. The companies and nations in which
hardware and software is designed and made may choose to include hidden code that will
allow the device to be hacked later on or may have been created with hidden malware
already pre-loaded.830 For sophisticated attackers, the supply chain opens new doors
through which to launch attacks, and they have done so.831 Improving cyber-security
827 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, Deception and Counter Deception, p. 2. 828 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic
Affairs. Vol. 5, No. 1. 2013, p. 27. 829 Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”
Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.
Policy. 2010. http://www.nap.edu/catalog/12997.html, p. 183. 830 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 29-30. 831 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 51.
230
therefore requires that nations take the supply chain into account when designing their
defenses. There is no easy fix to this danger. One option to reduce risk is for governments
and the private sector to work together to craft an accreditation system that would aim to
ensure the process of designing and manufacturing hardware and software is transparent so
hidden attacks and vulnerabilities could be caught.832 This proposal should include
verification mechanisms, and would hopefully also create new norms against this type of
malicious behavior. There are downsides, however, to this proposal. Protection of
intellectual property would likely suffer due to increased transparency. The accreditation
system would also likely lead to increased costs as compliance would be an additional
expense for companies. Additionally, it may decrease the pace of innovation as the time it
takes to develop new products would be slowed by the inspections.833
Cyber-Hygiene:
A simple step that can help to reduce vulnerabilities in cyberspace is to improve
“cyber-hygiene.” In essence, this means to teach people how to recognize and avoid tricks
and dangers in cyber-space that open their systems to attack. Attackers often gain access to
systems when an employee clicks on the wrong link, download and open a file they should
not, share their password or too much personal information, respond to a forged email, or
other similar actions. Computer programs that are not updated with the latest patches
represent another vulnerability. Phishing and spear phishing attacks, for example, continue
832 Inserra, David and Steven P. Bucci. “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security,
Prosperity, and Freedom in Cyberspace.” Backgrounder #2880. The Heritage Foundation. March 6, 2014.
http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-
prosperity-and-freedom-in-cyberspace 833 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements.”
231
to be very successful in gaining access to networks and sensitive information around the
world.834 The rate at which people make such errors also appears to increasing.835 Likely in
part due to the fact that more and more people and organizations rely on cyber-space for
their work. More people using cyber-space increases the chances someone will make an
error. Success in launching cyber-attacks often comes, in fact, from the defender’s failures
rather than an attacker’s abilities.836 As noted, for example, during the 2014 conflict in Gaza,
attackers gained access to many Israeli systems through computer programs that were not
updated. Many cyber-attacks on Israel generally, including some of the ones mentioned in
previous chapters, are believed to have succeeded due to human error.837 Iran has learned
this lesson as well, and it has launched successful phishing and spear phishing campaigns
against Israel, the US, and other nations.838
While governments do not bear all the responsibility to protect cyberspace and train
citizens how to deal with threats, there are steps that governments can take to address these
issues, many of which are surprisingly simple. Governments could come to agreements with
companies to require all software and hardware be subject automatic updates when they are
released.839 Attackers have frequently taken advantage of vulnerabilities for which fixes
834 Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124##, p. 6. 835 Thycotic Black Hat, “Hacker Survey Executive Report.” 836 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International
System. (Oxford: Oxford University Press. 2015), p. 11. 837 Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014.
http://www.haaretz.com/news/world/.premium-1.633845 838 Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” INSS Insight, No.
561. 2014 839 Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in
International Relations.” International Studies Review. Vol. 15, No. 1. 2013; GReAT and Ido Naor. “ATMZombie:
Banking Trojan in Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016.
https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/
232
exist. Requiring the updates will greatly reduce that risk.840 Mandatory training regarding
best practices to avoid making mistakes in cyber-space can be a way to reduce the risk of
human error. Similarly, staff must be trained to understand the importance and meaning
of different security warnings computers provide and not to ignore them or downplay their
significance.841 It is also valuable to teach personnel the dangers of sharing too much
information on-line, as attackers can use that information to attempt to hack passwords or
trick employees into disclosing information they should not.842 This is an important risk
factor as people are often more willing to share information on-line or on social networking
sites than they would in real life.843 Private organizations that work with the government
and are connected to its networks and services could be required to develop better account
management policies and to ensure that their employees receive training equivalent to what
government employees are required to have. Taking these steps should generally be fairly
inexpensive. Human error will always exist, but decreasing the odds such mistakes occur
will be a valuable step in reducing the risk of cyber-attacks, particularly from non-state
actors or states will less advanced capabilities which rely on such vulnerabilities.844
840 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute
InfoSec Reading Room. 2014, p. 13. 841 Clark, “Control Point Analysis,” p. 8. 842 Radichel, “Case Study,” p. 12, 18. 843 Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy.”
4th International Conference on Cyber Conflict, eds. C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE
Publications, Tallinn, Estonia. 2012, p. 206. 844 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 51; Radichel, “Case Study;” Valeriano and Maness, Cyber
War Versus Cyber Realities, p. 185; Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation,” p. 84-85; Office of
the President. “Cyberspace Policy Review.” Office of the American President. 2011.
https://www.state.gov/documents/organization/255732.pdf; The Torrenzano Group. “General Michael V. Hayden on
Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24, 2016. www.torrenzano.com, all
quotes from Hayden unless noted; Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts,
Causes, and Assessment.” International Security. Vol 41, No 3. 2016/2017, p. 88.
233
Coordination and Organization of Government Agencies:
Israel has reorganized existing bodies and created new agencies to attempt to ensure
that all cyber-threats, and opportunities, are addressed. The ability to defend against attacks
is at its highest when government agencies are able to quickly communicate with each other
and share relevant information. On the offensive side, sophisticated cyber-attacks are
difficult to launch, but the burden can be eased if agencies consider the use of such weapons
as part of their operative plans.845 On offense and defense, when agencies can work together
they can more easily share expertise and develop new technologies and strategies. The
creation of the NCB and a national CERT, as well as the reorganization of responsibilities
within the IDF in 2017, represent major steps forward in these regards, but there is more
Israel can do. Currently, there is no single agency responsible for overseeing all of Israel’s
national cyber-defense. This has led to turf battles and missed opportunities on offense and
defense. A single agency responsible for overseeing all national cyber-defense would
address this issue and help ensure that information was shared and acted upon by all other
agencies.846 Israel appeared it was going to address this with the creation of the unified
Cyber Command, but, as was discussed in chapter 2, that effort ended in failure.
International Cooperation, International Law, and Norm Building:
Cyber-space is global, and countries cannot truly succeed in handling the threats and
opportunities it poses on their own. Israel, for example, has worked closely with the US,
845 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 10, 12. 846 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 80.
234
including on defenses and cyber-weapons such as Flame and Stuxnet. This collaboration has
been highly beneficial for both parties. Israel has continued to expand the number of nations
it cooperates with as the examples of the World Bank meeting and India demonstrate. It is
not just in the bilateral sphere that Israel has engaged, Israel has engaged in multilateral
efforts, including at the UN. Clear norms do not yet appear to have emerged in cyber-space,
but it seems likely that efforts are underway to create them. While international law’s
applicability remains unclear, Israel’s actions show that it seems to have paid attention to its
restrictions when launching attacks. These developments are encouraging and important
for boosting cyber-security. Improved relations with other nations provides countries with
additional intelligence, technology, and insight into current and future threats.847 Bilateral
and multilateral agreements and the creation of generally accepted norms can help increase
the odds that malicious actors in cyber-space will pay a penalty for their attacks.
Keep the Internet Open and Easy to Access:
Free exchange of knowledge and ideas is key to the ability to innovate. Some nations
have tried to place restrictions on what their citizens can do in cyber-space. The idea is to
reengineer the cyber-realm to favor security over ease of access and freedom of use.848 This
is a mistake, and Israel’s example shows that this is not really necessary to do in order to
gain a high level of security. Heavy restrictions on the flow of ideas will end up harming a
nation’s ability to develop new technology in the long run as such work relies on the broader
847 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber
Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-
trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34. 848 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,
2010, p. 17.
235
community of cyber-specialists. Israel has, instead, embraced an open vision of the cyber-
realm, even with the dangers it poses. This has allowed Israel to gain the benefits the cyber-
realm offers, which in turn has helped it develop the technology and skills needed to defend
against the dangers that openness poses.
Physical Threat to Cyber-Space:
Israel has taken steps to address another underappreciated threat to its cyber-
security. For years, Israel had just one major physical cable connecting its cyber-realm to
the rest of the world. This meant that any damage to that cable would severely impact Israel’s
ability at the private and governmental levels to access cyber-space. While satellite systems
existed to help provide a backup, and more has been built, they would not be adequate to
meet the demand should the cable fail. Israel responded by building an additional cable to
address this issue, but there is more that can be done in this regard. Israel can increase naval
surveillance of the cable as well as develop rapid repair capabilities in case damage occurs
or there is an attack on the cables.
Cyber as Another Option on the World Stage:
There are numerous scholars who argue that major war between powerful nations is
increasingly unlikely, but that instead, countries will promote their values, ideas, self-
interests, and even military goals through other means.849 Small scale violence, proxy wars,
sanctions, and conflicts over values in international settings have all become new tools of
849 Mueller, John. “Is War Still Becoming Obsolete?” Presentation, 1991 Annual Meeting of the American Political
Science Association. 2012, p. 3.
236
conflict between states. Cyber-space may be emerging as another tool in that arsenal. Israel
and the US’s use of Stuxnet to attempt to achieve a military goal is an example of this. Short
of physical destruction, Israel has been using cyber-space to promote its interests more
broadly, as seen in its attempts to pioneer the use cyber-diplomacy as a counter to its
enemies’ efforts to isolate it. The range of uses cyber-attacks might serve is not yet clear, but
it is possible that they could be used as retaliation or punishment (as Iran appears to have
done on numerous occasions) or even to try to convince other states to change policies (as
Russia likely attempted to do to Estonia in 2007).
As cyber-weapons become more advanced, the ability to use them to obtain
retribution increases, as does the possibility that they could be used to compel other states
to change policies. The use of cyber-attacks for these purposes will be most effective if their
use is as part of a broader comprehensive strategy against an opponent that includes
traditional military and diplomatic efforts.850 The possibility that states might already be
using cyber-space for such purposes means that it is important that states discuss norms
regarding such behavior. International law and norms limit when physical violence can be
used in situations short of war, creating similar rules for cyber-space would be worthwhile.
States have so far avoided openly claiming that they have used cyber-space to punish another
nation out of fear of condemnation or of setting a new norm of behavior that would allow
other states to use cyber-space for similar reasons. These concerns might be a bit overblown
however. That Israel and the US were behind Stuxnet is well known, and its use did not usher
in a new age of cyber-warfare. Targeted uses in other circumstances are unlikely to lead to
850 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,
Memorandum 153. 2016, p. 12.
237
a different outcome. Cyber-attacks can, as discussed, be highly targeted weapons. In some
cases, this might even allow a state to target specific networks or systems to punish another
state without harming civilians more broadly.
It is admittedly not possible at this time for the US, Russia, China, Israel, or other
major cyber-powers to change each other’s policies solely though cyber-actions as defenses
and counter-attack abilities are too powerful, but highly capable countries might be able to
use cyber-space to do so against less capable states. This might actually end up being a
positive development should it be shown in practice that cyber-attacks can compel less
capable states to change policies. It would show powerful nations that there is another way
to achieve policy goals outside of sanctions and bloodshed, and this may further decrease the
odds of wars breaking out. This is still a problematic outcome, of course, but far superior to
the loss of life.851
851 For more see: Cohen, Matthew S. “The US Response to North Korea - The Cyber Option.” E-International
relations (online). August 7, 2017. http://www.e-ir.info/2017/08/07/the-us-response-to-north-korea-the-cyber-
option/
238
References: Ablon, Lillian, Martin C. Libicki, and Andrea A. Golay. “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar.” RAND Corporation, 2014. http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Abu Amer, Adnan. “Hamas’ Cyber Battalions Take on Israel.” Al-Monitor. July 29, 2015. http://www.al-monitor.com/pulse/originals/2015/07/palestine-israel-internet-cyber-war-hacking.html#ixzz4Fd6XrhvZ Adams, James. “Virtual Defense.” Foreign Affairs. May-June 2001. Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington Quarterly. Vol 40, No 2. 2017. AFP. “Israeli TV Hacked with ‘Divine Retribution’ Message.” The Times of Israel. November 30, 2016. http://www.timesofisrael.com/israeli-tv-hacked-with-divine-retribution-message/ Ahronheim, Anna. “Cyber Attack Aimed at Over 120 Israeli Targets Thwarted.” Jerusalem Post. April 26, 2017. http://www.jpost.com/Israel-News/Israel-thwarts-cyber-attacks-aimed-at-over-120-targets-489010 Aizescu, Sivan. “Israeli Banks Seek to Set up Joint Cybersecurity Center.” Haaretz. May 26, 2014. http://www.haaretz.com/business/.premium-1.592767 AnonWatcher. “Beware: Israeli Malware Trojan Trap Set to Bait #OpIsrael Anonymous Campaigners.” Anonhq.com. April 6, 2017. http://anonhq.com/beware-israeli-malware-trojan-trap-set-to-bait-opisrael-anonymous-campaigners/ Apfel, Alexander J. “‘Anonymous’ Hackers Attacks on Israel More Hype than Harm.” YNetNews.com. April 7, 2016. http://www.ynetnews.com/articles/0,7340,L-4788745,00.html Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 4th International Conference on Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva. February 17, 2012. http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU Associated Press. “In Israel, Teaching Kids Cyber Skills is a National Mission.” YNetNews. February 4, 2017. http://www.ynetnews.com/articles/0,7340,L-4917408,00.html
239
Aucsmith, David, “War in Cyberspace: A Theory of War in the Cyber Domain.” Cyberbelli.com. May-June 2012. Australian Government. “Cyber Security Strategy.” Commonwealth of Australia. 2009. https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Documents/AG%20Cyber%20Security%20Strategy%20-%20for%20website.pdf Avissar, Irit. “BoI Tells Banks to Appoint Cyber Officers.” Globes. July 21, 2014. http://www.globes.co.il/en/article-boi-tells-banks-to-appoint-cyber-officers-1000957071 Balousha, Hazem and William Booth. “Israel Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks Israeli TV.” Washington Post. March 13, 2016. https://www.washingtonpost.com/world/israel-retaliates-for-gaza-rocket-fire-with-air-strikes-hamas-hacks-israel-tv/2016/03/13/0214541e-f9ee-48e0-8402-39fc4838b65c_story.html?utm_term=.fffab43baf9d Bamford, James. “NSA Snooping was Only the Beginning. Meet the Spy Chief Leading Us into Cyberwar.” Wired.com. June 12, 2013. https://www.wired.com/2013/06/general-keith-alexander-cyberwar/ Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1. 2013. Baram, Gil. “Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter 2017. Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Barzashka, Ivanka. “Are Cyber-Weapons Effective?” The RUSI Journal. Vol. 158, No. 2. 2013. BDS. “Attacks on BDS Websites Smack of Israel’s Despair at its Growing Isolation.” BDS Movement. June 2, 2016. https://bdsmovement.net/news/attacks-bds-websites-smack-israel%E2%80%99s-despair-its-growing-isolation Bejtlich, Richard. “Review of Martin Libicki’s Cyberdeterrence and Cyberwar.” TaoSecurity. November 25, 2009. http://taosecurity.blogspot.com/2009/11/review-of-martin-libickis.html Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.” Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph Nye and Monica Toft. March 20, 2012. Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology. Volume 173. 2011.
240
Ben-Horin, Yoav and Barry Posin. Israel’s Strategic Doctrine. (Rand Corporation: Santa Monica, CA 1981). Ben-Yishai, Ron. “IDF’s Cyber Defense Easily Breached.” YNetNews. March 23, 2016. http://www.ynetnews.com/articles/0,7340,L-4782445,00.html Benari, Elad. “Hackers Take Over Israeli Television.” Arutz Sheva 7. November 30, 2016. http://www.israelnationalnews.com/News/News.aspx/221025 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North Carolina Journal of Law and Technology. Vol. 16, No. 3. 2015. Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews. December 12, 2012. http://www.ynetnews.com/articles/0,7340,L-4322499,00.html Berman, Lazar. “Knesset Stymies Major Cyber Attack.” The Times of Israel. July 14, 2013. http://www.timesofisrael.com/knesset-stymies-major-cyber-attack/ Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors.” International Law Studies. Vol 89. 2013. Bob, Yonah Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post. April 28, 2016. http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-452589 Bob, Yonah Jeremy. “Islamic Jihad Cyber Terrorist Indicted for Hacking IDF Drones Over Gaza.” Jerusalem Post. March 23, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Islamic-Jihad-cyber-terrorist-indicted-for-hacking-IDF-drones-over-Gaza-448936 Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber Warfare.” Jerusalem Post. March 22, 2013. http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-307367 Bob, Yonah Jeremy. “US Deputy of Homeland Security: US-Israel to Sign Automated Cyber Information Sharing Agreement.” Jerusalem Post. June 20, 2016. http://www.jpost.com/Israel-News/Politics-And-Diplomacy/US-Deputy-of-Homeland-Security-US-Israel-to-sign-automated-cyber-information-sharing-agreement-457261 Bronk, Christopher and Eneken Tikk-Ringas. “The Cyber Attack on Saudi Aramco.” Survival. Vol. 55, No. 2. 2013. Brown, Cameron S. and David Friedman “A Cyber Warfare Convention? Lessons from the Conventions on Chemical and Biological Weapons.” In Arms Control and National Security - New Horizons, eds. Emily B. Landau and Anat Kurz, Memorandum No. 135, Tel Aviv - Institute for National Security Studies. 2014.
241
Brunner, Jordan. “Iran Has Built an Army of Cyber-Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-has-built-an-army-of-cyber-proxies/ Bussolati, Nicolo. “The Rise of Non-State Actors in Cyberwarfare.” Cyberwar: Law and Ethics for Virtual Conflicts, ed. Jens David Ohlin, Kevin Govern, and Claire Finkelstein. (Oxford University Press: New York. 2015). Buzan, Barry. “The Timeless Wisdom of Realism.” In International Theory: Positivism and Beyond, edited by Steve Smith, Ken Booth, and Marysia Zalewski. (New York: Cambridge University Press 1996). Cahanin, Steven E. “Principles of War for Cyberspace.” Air War College, Air University, 2011. Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012). Cartwright, James E. “Joint Terminology for Cyberspace Operations.” Department of Defense, Washington, DC. November 2010. http://www.nsci-va.org/CyberReferenceLib/2010-11-Joint%20Terminology%20for%20Cyberspace%20Operations.pdf Case Bryant, Christa. “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade.” The Christian Science Monitor. June 9, 2013. https://www.csmonitor.com/World/Middle-East/2013/0609/Israel-accelerates-cybersecurity-know-how-as-early-as-10th-grade Check Point. “Volatile Cedar Threat Intelligence and Research.” Check Point. March 20, 2015. https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf Cherry, Steven. “Terror Goes Online.” IEEE Spectrum Vol 42, No 1. 2015. Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012). Choucri, Nazli, Stuart Madnick, and Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current Responses and New Challenges (Revised).” Information Technology for Development. 2013. Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building Stability through Strength.” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3. December 2012. Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124## Clarke, Richard A. and Robert K. Knake. Cyber War: The Next Threat to National Security and What to do About It. (Ecco: HarperCollins Publishers, 2012).
242
Cohen, Daniel and Danielle Levin. “Cyber Infiltration During Operation Protective Edge.” Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-infiltration-during-operation-protective-edge/#757dbe0d3fbc Cohen, Daniel and Danielle Levin. “Operation Protective Edge: The Cyber Defense.” In The Lessons of Operation Protective Edge, eds. Anat Kurz and Sholmo Brom. (Institute for National Security Studies 2014). Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013. http://haaretz.ubik.net/news/politics/1.1902961 Cohen, Gili. “Islamic Jihad Hacker Accused of Accessing Israeli Drone Communications.” Haaretz. March 23, 2016. http://www.haaretz.com/israel-news/.premium-1.710589 Cohen, Matthew S. “The US Response to North Korea - The Cyber Option.” E-International relations (online). August 7, 2017. http://www.e-ir.info/2017/08/07/the-us-response-to-north-korea-the-cyber-option/ Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “Israel and Cyberspace: Unique Threat and Response.” International Studies Perspectives. Volume 17. 2016. Cohen, Matthew S. and Charles D. Freilich. “The Delegitimization of Israel: Diplomatic Warfare, Sanctions and Lawfare.” Israel Journal of Foreign Affairs. Vol. IX, No. 1. 2015. Cohen, Matthew S. and Charles D. Freilich. “War by Other Means: Modeling the Delegitimization Campaign against Israel.” Israel Affairs. Vol. 24, No. 1. 2018. Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “‘Four Big ‘Ds’ and a Little ‘r’: A New Model for Cyber Defense.” Cyber, Intelligence, and Security. Vol. 1, No. 1. 2017. Cohen, Sagi. “Iran Hackers Carrying Out Cyber Attacks Against Israeli Targets, Report Claims.” YNetNews. June 15, 2015. http://www.ynetnews.com/articles/0,7340,L-4668686,00.html Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World, ed. Derek S. Reveron. (Georgetown University Press, 2012). Correlates of War Project. (http://www.correlatesofwar.org)
243
Crosston, Matthew. “Duqu’s Dilemma: The Ambiguity Assertion and the Futility of Sanitized Cyberwar.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Currier, Cora and Henrik Moltke. “Spies in the Sky.” The Intercept. January 28, 2016. https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/ “CyberKnight.” 2016. http://cyberknight.co.il/ “CyberKnight.” “Israel: Knights of the Cyber Table.” i-HLS. June 20, 2014. http://i-hls.com/2014/06/israel-knights-cyber-table/ Dagoni, Ran. “Amos Yadlin: Cyber-Defense Includes Cyber Attack.” Globes-Israel Business Arena. April 29, 2015. http://www.globes.co.il/en/article-amos-yadlin-cyber-defenses-must-include-attack-1001031900 Dagoni, Ran. “US Congress Approves Israel Cyber Cooperation.” Globes. November 30, 2016. http://www.globes.co.il/en/article-us-congress-approves-israel-cyber-cooperation-1001163968 Demchak, Chris C. Wars of Disruption and Resilience. (University of Georgia Press. 2011). Demchak, Chris C. “Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No. 3. 2012. https://citizenlab.org/cybernorms2012/Demchak2012.pdf Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly. 2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf DeNardis, Laura. The Global War for Internet Governance. (Yale University Press, New Haven, CT. 2014.) Department of Defense. “The DoD Cyber Strategy.” United States of America. April 2015. http://www.defense.gov/home/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf Deibert, Ronald J. and Rafal Rohozinsk. “Risking Security: Policies and Paradoxes of Cyberspace Security.” International Political Sociology. Vol. 4, No. 1. 2010. Digital Shadows. “OpIsrael Hacktivists Targeted by Unknown Threat Actor.” Digital Shadows. March 30, 2017. https://www.digitalshadows.com/blog-and-research/opisrael-hacktivists-targeted-by-unknown-threat-actor/ Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central European Journal of International and Security Studies. Vol. 4. 2014.
244
Druckman, Yaron, Saul Sa’arhaas, and AP. “Apple Boosts iPhone Security after Mideast Spyware Discovery.” YNetNews. August 26, 2016. http://www.ynetnews.com/articles/0,7340,L-4846422,00.html Dvorin, Tova. “Secret Shin Bet Unit at the Front Lines of Israel’s Cyber-War.” Arutz Sheva. April 25, 2014. http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU Efrati, Rami and Lior Yafe. “The Challenges and Opportunities of National Cyber Defense.” Israel Defense. August 11, 2012. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557 Egozi, Arie. “The Secret Cyber War.” Military Technology. Vol. 35. 2011. Eichensher, Kristen E. “Cyberwar & International Law Step Zero.” Texas International Law Journal. Vol 50, No 2. 2015. Eichner, Itamar. “A Look at the Shin Bet’s Cyber Unit.” YNetNews. January 18, 2017. http://www.ynetnews.com/articles/0,7340,L-4909435,00.html Eichner, Itamar. “BDS: Israel Responsible for Cyber Attacks.” YNetNews. June 5, 2016. http://www.ynetnews.com/articles/0,7340,L-4812027,00.html Eisenstadt, Michael and David Pollock. “Asset Test: How the United States Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7. 2012. Elazari, Keren. “How to Survive Cyberwar.” Scientific American. April 2015. Elis, Niv. “Gaza Hackers Launch Porn-Based Cyber Attacks on Israel.” Jerusalem Post, February 17, 2015. http://www.jpost.com/Arab-Israeli-Conflict/Gaza-launched-porn-based-cyber-attacks-on-Israel-391330 Elis, Niv. “Multinationals Invest in Teaching Israeli Kids to Code.” Jerusalem Post. October 28, 2015. http://www.jpost.com/Business-and-Innovation/Health-and-Science/Multinationals-invest-in-teaching-Israeli-kids-to-code-430250 Eom, Jung-Ho, Nam-Uk Kim, Sung-Hwan Kim, and Tai-Myoung Chung. “Cyber Military Strategy for Cyberspace Superiority in Cyber Warfare.” 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). June 26-28, 2012. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6246114 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew) Memorandum 179, Institute for National Security Studies. June 2011.
245
Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National Security Studies. Memorandum 117. May 2012. European Union. “National Cyber Security Strategies in the World.” European Union Agency for Network and Information Security. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds. C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012. Farwell, James P. and Rafal Rohozinski. “Stuxnet and the Future of Cyber War.” Survival. Vol. 53, No. 1. 2011. Finnemore, Martha. National Interests in International Society. (Cornell University Press, 1996) Finnemore, Martha and Duncan B. Hollis. “Constructing Norms for Global Cybersecurity.” The American Journal of International Law. Vol 110, No 3. 2016. Finnemore, Martha and Kathryn Sikkink. “Taking Stock: The Constructivist Research Program in International Relations and Comparative Politics.” Annual Review of Political Science. Vol 4. 2001. Fulghum, David. “Bombing Iran.” Aviation Week and Space Technology. Vol. 174. 2012. Garcia, Denise. Disarmament Diplomacy and Human Security: Regimes, Norms and Moral Progress in International Relations. (New York: Routledge, 2011). Garcia, Denise. “Killer Robots: Why the US Should Lead the Ban.” Global Policy. Vol 6, No 1. 2015. Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security. Vol 38, No 2. 2013. Gartzke, Erik, and Jon Lindsay. “Cross-Domain Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting. July 2014. https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf Geuss, Raymond. Politics and the Imagination. (Princeton, NJ: Princeton University Press, 2010)
246
Ghermezian, Shiryn. “Israeli Hackers Strike Back at Anonymous OpIsrael, Expose Participants with Their Own Webcams (PHOTOS).” Algemeiner. April 10, 2014. http://www.algemeiner.com/2014/04/10/israeli-hackers-strike-back-at-anonymous-opisrael-expose-participants-with-their-own-webcams-photos/# Gibbs, Samuel. “Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue.” The Guardian. June 11, 2015. https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks Gilpin, Robert. The Political Economy of International Relations. (Princeton University Press, 1987) Ginsburg, Mitch. “The Double-Edged Sword of Cyber Warfare.” The Times of Israel. June 24, 2015. http://www.timesofisrael.com/the-double-edged-sword-of-cyber-warfare/ Goldman, Adam and Eric Schmitt. “One by One, ISIS Social Media Experts are Killed as Result of F.B.I. Program.” New York Times. November 24, 2016. http://www.nytimes.com/2016/11/24/world/middleeast/isis-recruiters-social-media.html?_r=2 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the support of McAfee. 2012. Gray, Colin S., “Making Strategic Sense of Cyber Power: Why the Sky Is Not Falling.” Strategic Studies Institute and U.S. Army War College Press. April 2013. GReAT and Ido Naor. “ATMZombie: Banking Trojan in Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016. https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/ Group of Governmental Experts. “Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, A/70/174. July 22, 2015. Gupta, Shishir. “India, Israel to Enlarge Web of Ties, Institutionalise (sic) Cyber Security Dialogue.” Hindustan Times. May 21, 2017. http://www.hindustantimes.com/india-news/india-israel-set-to-enlarge-web-of-ties/story-zE5EZAxjGDTvRXmHMXwWEO.html Hamodia Staff. “Israel, Japan Increase Cyber, Economic Cooperation.” Hamodia. May 11, 2017. http://hamodia.com/2017/05/11/israel-japan-increase-cyber-economic-cooperation/
247
Hathaway, Oona; Rebecca Crootof; Philip Levitz; and Haley Nix. “The Law of Cyber-Attack.” California Law Review. Vol. 100. 2012. Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014. http://www.haaretz.com/news/world/.premium-1.633845 Healey, Jason. “When ‘Not My Problem’ Isn’t Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United States Issue Brief. 2012. Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow. Cyber Denial, Deception and Counter Deception. Advances in Information Security. Vol. 63. (New York: Springer 2015). Herr, Trey. “PrEP: A Framework for Malware & Cyber Weapons.” Cyber Security Policy and Research Institute. George Washington University. March 12, 2014. Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek. July 27, 2009. Herzog, Stephen. “Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses.” Journal of Strategic Security. Vol. 4, No. 2. 2011. Hiner, Jason. “How Israel is Rewriting the Future of Cybersecurity and Creating the Next Silicon Valley.” Tech Republic. 2013. http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/# Hirshoga, Or and Nati Toker. “Cyber Battles against Israel.” The Marker (Hebrew). November 22, 2012. http://www.themarker.com/technation/1.1871058 Honegger, Barbara. “Former Counterterrorism Czar Richard Clarke Calls for New National Cyber Defense Policy to Prevent a Cyber 9/11,” Naval Post-Graduate School. August 30, 2010. https://web.nps.edu/About/News/Former-Counterterrorism-Czar-Richard-Clarke-Calls-for-New-National-Cyber-Defense-Policy-to-Prevent-a-Cyber-9/11-.html Hopf, Ted. “The Promise of Constructivism in International Relations Theory.” International Security. Vol 23, No 1. 1998. Horovitz, David. “US Espionage and Hamas Tunneling Highlight Malaise in Israel’s Defenses.” The Times of Israel. January 31, 2016. http://www.timesofisrael.com/us-espionage-and-hamas-tunneling-highlight-a-malaise-in-israels-defenses/ Huntley, Wade L. “Strategic Implications of Offense and Defense in Cyberwar.” 49th Hawaii International Conference on System Sciences. 2016. Hurwitz, Roger. “The Play of States: Norms and Security in Cyberspace.” American Foreign Policy Interests. Vol 36. 2014.
248
i24 News. “Israel Reorganizing Cyber Warfare Operations.” iI24news.com. June 16, 2015. http://www.i24news.tv/en/news/israel/diplomacy-defense/75069-150616-israel-reorganizing-cyber-warfare-operations IBM. “X-Force Threat Intelligence Index - 2016.” IBM.com. 2016. IISS. The Military Balance 2014. (International Institute for Strategic Studies 2014). India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf InfoSecurity. “Cyber-Terrorism Shut Down Israel’s Carmel Tunnel.” Infosecurity-Magazine.com. October 28, 2013. https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/ Inserra, David and Steven P. Bucci. “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security, Prosperity, and Freedom in Cyberspace.” Backgrounder #2880. The Heritage Foundation. March 6, 2014. http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-prosperity-and-freedom-in-cyberspace INSS. “Global Cyber Bi-Weekly Report - Mar 1, 2016.” Institute for National Security Studies. March 1, 2016. https://www.dcoi-conference.org/single-post/2016/03/01/Global-Cyber-BiWeekly-Report-Mar-1-2016 INSS. “Global Cyber Bi-Weekly Report - Sep 1, 2016.” Institute for National Security Studies. September 2, 2016. https://www.dcoi-conference.org/single-post/2016/09/02/Global-Cyber-Bi-Weekly-Report---Sep-1-2016 Institute for National Security Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July 15, 2014.” Defense Update. July 15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-2014.html IsraelDefense. “IDF Scraps Plans for a Unified Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613 Israel Advanced Technology Industries. “2016 National Coding Olympics is Underway!” Israel Advanced Technology Industries. November 23, 2015. http://www.iati.co.il/news-item/1856/2016-national-coding-olympics-underway Israel Defense Forces. “This Model City Trains IDF Coders to Stop Devastating Hacks.” Israel Defense Forces. January 2, 2017. https://www.idfblog.com/2017/01/02/model-city-trains-coders-stop-hacks/
249
Israel Government Decision no. 3611 of August 7, 2011. http://www.pmo.gov.il/secretary/govdecisions/2011/pages/des3611.aspx Israel Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on Cyberspace 2013. October 16, 2013. Jerusalem Post. “Netanyahu: We’re Building a Digital Iron Dome.” Jerusalem Post. January 1, 2013. http://www.jpost.com/Diplomacy-and-Politics/Netanyahu-Were-buildinga-digital-Iron-Dome Jerusalem Post Staff. “Israel’s Electrical Grid Attacked in Massive Cyber Attack.” Jerusalem Post. January 26, 2016. http://www.jpost.com/Israel-News/Israels-electrical-grid-attacked-in-massive-cyber-attack-442844 Jerusalem Post Staff and Yaakov Lappin. “Suspected Palestinian Hackers Interrupt TV Broadcast with Ominous Message.” Jerusalem Post. March 11, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Suspected-Palestinian-hackers-interrupt-TV-broadcast-with-ominous-message-447646 Jervis, Robert. “Cooperation Under the Security Dilemma.” World Politics. Vol 30, No 2. 1978. Johnson, Marc C. “The Rising Iranian Cyber Threat.” The Buckley Club. March 23, 2017. https://thebuckleyclub.com/the-rising-iranian-cyber-threat-15028b76e0f9 Joint Advanced Warfighting School. “Nothing New Under the Sun: Benefiting from the Great Lessons of History to Develop a Coherent Cyberspace Deterrence Strategy.” CreateSpace Independent Publishing Platform. April 8, 2014. Junio, Timothy J. “How Probable is Cyber War? Bringing IR Theory Back in to the Cyber Conflict Debate.” Journal of Strategic Studies. Vol. 36, No. 1. 2013. Kapto, Aleksandr S. “Cyberwarfare: Genesis and Doctrinal Outlines.” Herald of the Russian Academy of Sciences. Vol. 83, No. 4. 2013. Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post. June 6, 2012. http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012. http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator Katz, Yaakov. “Security and Defense: Israel’s Cyber Ambiguity.” Jerusalem Post. May 31, 2012. http://www.jpost.com/Features/Front-Lines/Security-and-Defense-Israels-Cyber-Ambiguity
250
Katzenstein, Peter J. “Introduction: Alternative Perspectives on National Security.” in The Culture of National Security: Norms and Identity in World Politics, ed. Peter J. Katzenstein. (Columbia University Press: 1996). Keck, Margaret E. and Kathryn Sikkink. Activists beyond Borders: Advocacy Networks in International Politics. (Cornell University Press, 1998). Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013. Kenney, Michael. “Cyber-Terrorism in a Post-Stuxnet World.” Orbis. Vol. 59, No. 1. 2015. Keohane, Robert. After Hegemony: Cooperation and Discord in the World Political Economy. (Princeton University Press, 1984). Keohane, Robert and Joseph S. Nye. Power and Interdependence: World Politics in Transition. (Boston: Little, Brown and Company, 1977). Keohane, Robert O. and Lisa L. Martin. “The Promise of Institutionalist Theory.” International Security. Vol 20, No 1. 1995. Kissinger, Henry. World Order. (New York: Penguin Press, 2014). Kihara, Stacy A. “A Rising China: Shifting the Economic Balance of Power Through Cyberspace.” Naval Postgraduate School, Thesis, 2014. Khazan, Olga. “Anonymous Is Hacking Israeli Web Sites.” Washington Post. November 17, 2012. http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/ Kremer, Jan-Frederik and Benedikt Müller. Cyber Space and International Relations: Theory, Prospects and Challenges. (Springer; 2014). Krepinevich, Andrew, “Cyber Warfare: A ‘Nuclear Option?’” Center for Strategic and Budgetary Assessments. 2012. Kugler, Richard L. “Deterrence of Cyber Attacks.” in Cyberpower and National Security, ed. Franklin D. Kramer. (National Defense University Press and Potomac Books, 2009). Kushner, David. “The Real Story of Stuxnet.” IEEE Spectrum. Vol 50, No 3. 2013. Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post. February 5, 2013. http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders
251
Lappin, Yaakov. “IAI Opens Cyber R&D Center in Singapore.” Jerusalem Post. February 13, 2014. http://www.jpost.com/Defense/IAI-opens-cyber-R-and-D-center-in-Singapore-341294. Lappin, Yaakov. “IDF Launches Massive Three-Day Drill, Calls Up Thousands of Reservists.” Jerusalem Post. July 27, 2015. http://www.jpost.com/Israel-News/IDF-calls-up-thousands-of-reservists-in-massive-three-day-drill-410282 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post. May 11, 2013. http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 Lappin, Yaakov. “Security and Defense: Network IDF.” Jerusalem Post. September 18, 2015. http://www.jpost.com/Israel-News/Security-and-Defense-Network-IDF-416497 Legal Portal for Internet, Cyber and Information Technologies. “Israeli Minister of Justice Calls for Cyber Defense Legislation and Liability on Internet Platform Providers.” Law.Co.Il. June 24, 2016. http://www.law.co.il/en/m/#/news/9308/ Levi, Ram. “The Fifth Fighting Space.” Israel Defense. December 16, 2011. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706 Libicki, Martin C. Conquest in Cyberspace: National Security and Information Warfare. (Cambridge University Press, 2007). Libicki, Martin C. Cyberdeterrence and Cyberwar. (Rand Corporation: Project Air Force, 2009). Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of National Security Law and Policy. Vol 4, No. 63. 2010. Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies. Vol. 22. 2013. Lindsay, Jon R and Lucas Kello. “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2. 2014. Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia. 2010. Lynn, William J. III. “Defending a New Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs. Vol. 89, No. 5. 2010. Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014. http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later
252
MacBride, Elizabeth. “Meet the General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.” Forbes. July 18, 2016. https://www.forbes.com/sites/elizabethmacbride/2016/07/18/five-lessons-on-cybersecurity-from-an-israeli-general/#616d36a74fd1 Maness, Ryan C and Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed Forces and Society. Vol 1, No 23. 2015. Mandiant. “M-Trends 2014: Beyond the Breach.” FireEye. 2014. https://www.mandiant.com/resources/mandiant-reports/. Mearsheimer, John J. “Back to the Future.” International Security. Vol 15, No 1. 1990. Mearsheimer, John J. “The False Promise of International Institutions.” International Security. Vol. 19, No. 3. 1994/1995. Mearsheimer, John J. The Tragedy of Great Power Politics. (New York: Norton, 2001). McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In).” Journal of Strategic Studies. Vol 36, No 1. 2013. McKean, Benjamin L. “What Makes a Utopia Inconvenient? On the Advantages and Disadvantages of a Realist Orientation to Politics.” American Political Science Review. Vol 110. No 4. 2016. Microsoft. “Impersonation.” Microsoft Tech Net. http://technet.microsoft.com/en-us/library/cc961980.aspx Microsoft. “Microsoft Security Intelligence Report: Israel.” Microsoft Corporation. 2016. Miller, Joe. “Israeli Iron Done Firms ‘Infiltrated by Chinese Hackers.’” BBC. July 31, 2014. http://www.bbc.com/news/technology-28583283 Mitzner, Dennis. “Israeli Cybersecurity Prowess on Display in DC and Tel Aviv.” InfoWorld. June 29, 2016. http://www.infoworld.com/article/3088941/security/israeli-cybersecurity-prowess-on-display-in-dc-and-tel-aviv.html Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com. April 7, 2015. http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176 Morgus, Robert, Isabel Skierka, Mirko Hohmann, and Tim Maurer. “National CSIRTs and Their Role in Computer Security Incident Response.” Global Public Policy Institute and New America. 2015.
253
Mueller, John. “Is War Still Becoming Obsolete?” Presentation, 1991 Annual Meeting of the American Political Science Association. 2012. Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The MIT Press, 2010). Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013. Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare. (Cambridge, UK: O’Reilly 2012).
Morgenthau, Hans J. Politics among Nations: The Struggle for Power and Peace. (New York: Alfred A. Knopf, 1948). Nakashima, Ellen and Ruth Eglash. “Israel Hopes a Cyber-City in the Desert Will Coax Highly Trained, Affluent, Young People Away from Tel Aviv.” Washington Post. May 14, 2016. https://www.washingtonpost.com/news/worldviews/wp/2016/05/14/israel-hopes-a-cyber-city-in-the-desert-will-coax-highly-trained-affluent-young-people-away-from-tel-aviv/?utm_term=.4a10f44101d6 Nakashima, Ellen and William Booth. “How Israel is Turning Part of the Negev Desert into a Cyber-City.” Washington Post. May 14, 2016. https://www.washingtonpost.com/world/national-security/how-israel-is-turning-part-of-the-negev-desert-into-a-cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 National Cyber Bureau. “Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014. http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs. 2010. Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017. Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly. Vol. 5. 2011. Nye, Joseph S. The Future of Power. (New York: Public Affairs, 2011).
254
O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and WMDS.” Washington University Global Studies Law Review. Vol 13, No 515. 2014. Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces. August 2015. http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf Office of the President. “Cyberspace Policy Review.” Office of the American President. 2009. https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf Office of the President. “Cyberspace Policy Review.” Office of the American President. 2011. https://www.state.gov/documents/organization/255732.pdf Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015. https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ Orpaz, Inbal. “Israel's Army is Starting to Act Like a Startup Company.” Haaretz. May 19, 2015. https://www.haaretz.com/israel-news/business/.premium-israels-army-is-starting-to-act-like-a-startup-company-1.5364013 Orpaz, Inbal. “The Secret to High-tech Success? This Elite Israeli Army Unit.” Haaretz. April 18, 2014. https://www.haaretz.com/.premium-the-armys-employment-agency-1.5245249 Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College. May 23, 2013. Pederson, Christian. “Much Ado about Cyber-space: Cyber-terrorism and the Reformation of the Cyber-security.” Pepperdine Policy Review. Vol 7, No 1. 2014. Perlroth, Nicole. “Cyberespionage Attacks Tied to Hackers in Iran.” The New York Times. May 29, 2014. https://bits.blogs.nytimes.com/2014/05/29/cyberespionage-attacks-tied-to-hackers-in-iran/ Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15, 2009. http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 Prime Minister’s Media Adviser. “Cabinet Approves Establishment of National Cyber Authority.” Israel Ministry of Foreign Affairs. February 15, 2015. http://mfa.gov.il/MFA/PressRoom/2015/Pages/Cabinet-approves-establishment-of-National-Cyber-Authority-15-Feb-2015.aspx
255
Prime Minister's Office. “Moving the ICT from the Finance Ministry to the Prime Minister's Office.” Prime Minister's Office (Hebrew). 2014. http://www.pmo.gov.il/Secretary/GovDecisions/2014/Pages/dec2099.aspx Prime Minister’s Office. “The “Magshimim Leumit” Program.” Prime Minister’s Office. http://www.pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Documents/Magshimim%20Leumit%20program.pdf Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute InfoSec Reading Room. 2014. Rana, Waheeda. “Theory of Complex Interdependence: A Comparative Analysis of Realist and Neoliberal Thoughts.” International Journal of Business and Social Science. Vol 6, No. 2. 2015. Ranger, Steve. “The Impossible Task of Counting Up the World's Cyber Armies.” Zdnet.com. May 6, 2015. http://www.zdnet.com/article/counting-up-the-worlds-cyber-armies/ Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014. http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look Ratner, Steven R. “International Law: The Trials of Global Norms.” Foreign Policy. No 110. 1998. Rattray, Gregory J. and Jason Healey. “Non -State Actors and Cyber Conflict.” America’s Cyber Future: Security and Prosperity in the Information Age, ed. Kristin M. Lord, Mike McConnell, Peter Schwartz, Richard Fontaine, Travis Sharp, and Will Rogers. Center for a New American Security. June 2011. Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz. September 21, 2014. http://www.haaretz.com/news/national/1.616990 Ravid, Barak. “Israel Vulnerable to Cyberattacks on Civilian Sector, Top-secret Report Says.” Haaretz. November 1, 2016. http://www.haaretz.com/israel-news/1.750360 Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War: Netanyahu to Decide.” Haaretz. September 14, 2014. http://www.haaretz.com/news/diplomacy-defense/1.615637 Redins, Larisa. “Understanding Cyberterrorism.” RISK Management. 2012. http://rmmagazine.com/2012/10/05/understanding-cyberterrorism/ Repik, Keith A. “Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques.” 2008. No. AFIT/ICW/ENG/08-11. Air Force Institute of Technology. Wright-Patterson Air Force Base, OH.
256
Reuters. “China’s Tech Money Heads for Israel as US Welcome Wanes.” YNetNews. May 11, 2017. http://www.ynetnews.com/articles/0,7340,L-4960618,00.html Reuters. “Iran Ups Cyber Attacks on Israeli Computers: Netanyahu.” Reuters. June 9, 2013. http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews. July 5, 2016. http://www.ynetnews.com/articles/0,7340,L-4824677,00.html Richet, Jean-Loup. Cybersecurity Policies and Strategies for Cyberwarfare Prevention. (Information Science Reference, an imprint of IGI Global, 2015). Rid, Thomas. Cyber War Will Not Take Place. (London: C. Hurst and Co, 2013). Rid, Thomas and Benjamin Buchanan. “Attributing Cyber Attacks.” The Journal of Strategic Studies. Vol. 38, No. 1-2. 2015. Rid, Thomas and Peter McBurney. “Cyber-Weapons.” RUSI Journal. Vol. 157, No. 1. 2012. Rosen, Armin. “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas — And Iran Could Be The Reason Why.” Business Insider. August 18, 2014. http://www.businessinsider.com/israel-faced-a-wave-of-cyber-attacks-2014-8 Ruble, Kayla. “Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com. July 7, 2014. https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak Russell, Alison Lawlor. “The Implications of Cyberspace for Navel Strategy and Security.” in Routledge Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.) Russon, Mary-Ann. “#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites.” International Business Times. July 18, 2014. http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-down-1000-israeli-government-business-websites-1457269 Sander, David E. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. (New York: Crown, 2012). Sanger, David E. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. (Broadway Books, 2012).
257
Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing Machinery. Vol. 47, No. 3. March 2004. http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-83b7-3eea2bd7423c.pdf Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed.” Harvard International Law Journal. Vol 54. 2012. Schweitzer, Yoram, Gabi Siboni, and Einav Yogev. “Cyberspace and Terrorist Organizations.” in “Cyberspace and National Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013. Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American. June 2016. Segal, Adam. “The Middle East’s Quietly Rising Cyber Super Power.” Defense One. January 27, 2016. http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-power/125472/#.Vq1gjEdsNqE.mailto Sen, Ashish Kumar. “Iran’s Growing Cyber Capabilities in a Post-Stuxnet Era.” Atlantic Council. April 10, 2015. http://www.atlanticcouncil.org/blogs/new-atlanticist/iran-s-growing-cyber-capabilities-in-a-post-stuxnet-era Shamah, David. “A Million Hacks a Day, but Israel’s Electric Grid Survives.” The Times of Israel. March 24, 2015. http://www.timesofisrael.com/a-million-hacks-a-day-but-israels-electric-grid-survives/ Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel. July 9, 2014. http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/ Shamah, David. “Israeli Group Posts Photos of Not-So-Anonymous Hackers.” The Times of Israel. April 13, 2014. http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/#ixzz2z9SQBC80 Sheldon, John B., “Deciphering Cyberpower Strategic Purpose in Peace and War.” Strategic Studies Quarterly. Summer 2011. Shemer, Nadav. “Israel Police to Tackle Cyber Crime with New Unit.” The Jerusalem Post. November 13, 2012. Shkedi, Daniel. “The Cybersecurity Sector in Israel (Report).” Embassy of India. Israel. 2015. Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014. http://www.haaretz.com/opinion/.premium-1.602413#
258
Siboni, Gabi “Protecting Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Siboni, Gabi. “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” Georgetown Journal of International Affairs. http://journal.georgetown.edu/the-impact-of-cyberspace-on-asymmetric-conflict-in-the-middle-east/ Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist Organizations in Cyberspace.” Military and Strategic Affairs. Volume 5, No. 3. 2013. Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security. Vol. 1, No 1. 2017. Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies, Memorandum 153. 2016. Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber Warfare, 2013-2014,” Institute for National Security Studies Insight No. 536. 2014. Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” Institute for National Security Studies Insight No. 561. 2014. Siboni, Gabi and Sami Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs. Vol. 4, No. 3. 2012. Siboni, Gabi and Sami Kronenfeld. “The Iranian Cyber Offensive during Operation Protective Edge.” INSS Insight. No. 598. Institute for National Security Studies. August 2014. http://www.inss.org.il/index.aspx?id=4538&articleid=7583 Siers, Rhea. “Israel’s Cyber Capabilities.” The Cipher Brief. December 28, 2015. http://thecipherbrief.com/article/israel%E2%80%99s-cyber-capabilities Silber, Jonathan. “Cyber Vandalism – Not Warfare.” Ynetnews.com. January 26, 2012. http://www.ynetnews.com/articles/0,7340,L-4181069,00.html Silverstein, Richard. “IDF to Double Unit 8200 Cyber War Manpower.” Richardsilverstein.com. October 23, 2012. http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/ Singer, P.W. and Allan Friedman. Cybersecurity and Cyberwar. (New York: Oxford University Press, 2014).
259
Sklerov, Matthew J. “Responding to International Cyber Attacks as Acts of War.” in Inside Cyber Warfare, ed. Jeffery Carr. (Cambridge: O’Reilly, 2012). Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.” International Security. Vol 41, No 3. 2016/2017. Smith, Daniel. “OpIsrael.” Radware Blog. April 25, 2017. https://blog.radware.com/security/2017/04/opisrael-2017/ Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.” Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S. Policy. 2010. http://www.nap.edu/catalog/12997.html Soffer, Ari. “Security Services ‘Foiled Massive Cyber-Attack on Israel.’” Arutz Sheva. August 28, 2014. http://www.israelnationalnews.com/News/News.aspx/184518#.UACmNm7Wg. Sones, Mordechai. “Annual Anonymous Cyber Attack against Israel April 7.” Israel National News. March 26, 2017. http://www.israelnationalnews.com/News/News.aspx/227281 Spacewatch. “Iranian-Linked ‘OilRig’ Hacker Group Accused of Cyber Espionage Operation Against Israel.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/iranian-linked-oilrig-hacker-group-accused-cyber-espionage-operation-israel/ Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-create-cyber-command-will-strengthen-military-cyber-defences/ Springsteen, Bruce. “Badlands.” Darkness at the Edge of Town. 1978. Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya, Israel. June 9, 2014. Stone, John. “Cyber War Will Take Place!” Journal of Strategic Studies. Vol 36, No 1. 2013. Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management.” Committee on Homeland Security, House of Representatives. Serial No. 113-39. October 30, 2013. Suciu, Peter. “Why Israel Dominates in Cyber Security.” Fortune. September 1, 2015. http://fortune.com/2015/09/01/why-israel-dominates-in-cyber-security/
260
Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business Directive—361—Israeli Government. 2015. http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegulations/361_et.pdf Tabansky, Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. (London: Springer, 2015). Tal, Israel. National Security: The Israeli Experience. (Westport, CT: Praeger, 2000). Tallinn Manual on the International Law Applicable to Cyber Warfare. Edited by Michael N. Schmitt. (New York: Cambridge University Press, 2013). Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945 (Cambridge Studies in International Relations). (Cambridge University Press 2008). Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com. June 29, 2017. http://tech.firstpost.com/author/tech2-news-staff TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz. June 16, 2016. http://www.haaretz.com/israel-news/business/1.725277 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. The Economist. “Cyber-Boom or Cyber-Bubble.” The Economist. August 1, 2015. The Torrenzano Group. “General Michael V. Hayden on Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24, 2016. www.torrenzano.com The Tower Staff. “U.S., Israel Sign Cybersecurity Intelligence-Sharing Agreement.” The Tower. June 22, 2016. http://www.thetower.org/3545oc-u-s-israel-sign-cybersecurity-intelligence-sharing-agreement/ Theohary, Catherine, and John Rollins. “Cyberwarfare and Cyberterrorism: In Brief.” Congressional Research Service 2015. Thycotic Black Hat. “Hacker Survey Executive Report.” Thycotic Black Hat. 2015.
261
Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015. http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ Times of Israel Staff. “NSA Chief ‘Makes Secret Israel Trip to Talk Iran, Hezbollah Cyber-Warfare.’” Times of Israel. March 28, 2016. http://www.timesofisrael.com/nsa-chief-makes-secret-israel-trip-to-talk-iran-hezbollah-cyber-warfare/ TOI Staff. “Next 9/11 Will be Caused by Hackers, Not Suicide Bombers, Cyber Expert Warns.” Times of Israel. April 15, 2015. http://www.timesofisrael.com/hackers-will-cause-next-911-cyber-expert-warns/ TOI Staff and AP. “Israel Reportedly Thwarts Cyber Attack from China.” Times of Israel. October 28, 2013. http://www.timesofisrael.com/israel-reportedly-thwarts-cyber-attack-from-china/ Uchill, Joe. “Israel Cyber Head: US-Backed Cyber Norms Too Broad.” The Hill. September 13, 2016. http://thehill.com/policy/cybersecurity/295651-israel-cyber-head-us-supported-cyber-norms-too-broad United Press International. “Unit 8200 and Israel’s High-tech Whiz Kids.” June 4, 2012. http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-tech-whiz-kids/UPI-43661338833765/ United States Army Command and General Staff College. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber Domain.” CreateSpace Independent Publishing Platform. (March 28, 2014). Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal Insurrection. June 23, 2016. http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/ Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International System. (Oxford: Oxford University Press. 2015). Valeriano, Brandon and Ryan Maness. “Persistent Enemies and Cyberwar.” In Cyberspace and National Security. Ed. Derek S. Reveron. (Georgetown University Press: Washington D.C. 2012). Villeneuve, Nart, Thoufique Haq, and Ned Moran. “Operation Molerats: Middle East Cyber Attacks Using Poison Ivy.” FireEye. August 23, 2013. https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html
262
Vincent, James. “Schematics from Israel’s Iron Dome Missile Shield ‘Hacked’ by Chinese, Says Report.” The Independent, July 29, 2014. http://www.independent.co.uk/lifestyle/gadgets-and-tech/israels-iron-dome-missile-shield-hacked-by-chinese-military-hackers-says-report-9635619.html. Walt, Stephen. “The Enduring Relevance of the Realist Tradition.” In Political Science: State of the Discipline III, eds. Ira Katznelson and Helen Milner. (New York: W.W. Norton and Co., 2002). Waltz, Kenneth N. Man, the State, and War. (New York: Columbia University Press, 1954). Waltz, Kenneth N. Theory of International Politics. (McGraw-Hill, 1979). Weimann, Gabriel. “Cyberterrorism: The Sum of All Fears?” Studies in Conflict and Terrorism. Vol 28. 2005. Weinstock, Dan and Elran, Meir. “Securing the Electrical System in Israel: Proposing a Grand Strategy.” Institute for National Security Studies, Memorandum 165. June 2017. Wendt, Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International Organization. Vol. 36, No. 2. 1992. Wendt, Alexander. Social Theory of International Politics. (Cambridge University Press, 1999). Winer, Stuart. “Iranians Launched Cyber-Attack on Israel During Gaza Op.” The Times of Israel. August 17, 2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-during-gaza-op/ World Bank. “Israel Shares Cybersecurity Expertise with World Bank Client Countries.” The World Bank. June 22, 2016. http://www.worldbank.org/en/news/feature/2016/06/22/israel-shares-cybersecurity-expertise-with-world-bank-client-countries Wulman Israel. “IDF Unveils New Cyber Defense HQ.” YNetNews. June 24, 2016. http://www.ynetnews.com/articles/0,7340,L-4820035,00.html YNetNews. “IDF says ‘Defined Essence of Cyber Warfare.’” Ynetnews. June 4, 2012. http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm YNetNews. “SOCOM, Israeli Start-Ups, Tampa Jewish Community Team Up.” YNetNews. August 30, 2016. http://www.ynetnews.com/articles/0,7340,L-4848048,00.html Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York: Crown. 2014).
263
Zetter, Kim. “Feds Say that Banned Researcher Commandeered a Plane.” Wired.com. May 15, 2015. https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ Zetter, Kim. “‘Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” WIRED. May 28, 2012. http://www.wired.com/2012/05/flame/ Zippori, Michal. “Hackers Attack Two IsrZivaeli Websites.” CNN. January 26, 2012. http://www.cnn.com/2012/01/16/world/meast/israel-hacking-attack/ Zittrain, Jonathan. The Future of the Internet -- And How to Stop It. (Yale University Press & Penguin UK, 2008). Zitun, Yoav. “From Gaza With Love: Hamas Hacks IDF Soldiers’ Cell Phones.” NYetNews. January 11, 2017. http://www.ynetnews.com/articles/0,7340,L-4906289,00.html Zitun, Yoav. “IDF Training to Defend Against Cyber Attacks on Vital Infrastructure.” YNetNews. February 17, 2016. http://www.ynetnews.com/articles/0,7340,L-4767429,00.html Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” YNetNews. January 25, 2012. https://www.ynetnews.com/articles/0,7340,L-4180485,00.html Zitun, Yoav. “The IDF Prepares for Cyber-Battles.” YNetNews. September 2, 2015. http://www.ynetnews.com/articles/0,7340,L-4696003,00.html Zitun, Yoav. “Training Israel’s Cyber Warriors.” YNetNews. July 24, 2015. http://www.ynetnews.com/articles/0,7340,L-4683636,00.html Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High Tech.” The Marker (Hebrew). September 14, 2014. http://www.themarker.com/technation/1.2432479 Zrahia, Aviram. “A Multidisciplinary Analysis of Cyber Information Sharing.” Military and Strategic Affairs. Vol. 6, No. 3. December 2014.