Retired US Army Gen. Wesley Clark, left, plays the role of US president in this month's cyber war game in Israel that showed how difficult it is to find the source of a cyber attack. (Chen Galili / SimLab/)
TEL AVIV — The war game began in Israel with coordinated attacks: An explosion at an offshore drilling platform, multiple blasts in Haifa and Tel Aviv and network disruptions that sent aviation authorities scrambling to regain contact with an inbound airliner.
Public suspicion of Iran-backed Hezbollah triggered a rain of rockets from Lebanon while Gaza-based militants took advantage of the chaos with rocket salvos and a subterranean cross-border ambush/kidnapping of two Israeli soldiers.
In short order, Israel was waging a two-front air war that threatened to escalate to the Syrian front, where Hezbollah was battling al-Qaida insurgents in support of the Russian-backed Assad regime.
Within hours, it spread to US shores, where network glitches disrupted power, halted Wall Street trading and shut down air traffic at New York’s John F. Kennedy International Airport and other hubs. The White House declared a national state of emergency after some 700 perished in a crash landing at Washington’s Dulles and a similar event at Chicago’s O’Hare.
Frenzied diplomacy failed to arrest the spiraling crisis, with Russia and China demanding a cybernetic smoking gun as precondition for concerted UN Security Council action.
For its part, Hezbollah continued to deny any role in the initial cyber-terror attacks, while Tehran insisted the Iranian server traced by US intelligence to a site in California was actually hijacked by the Israelis in attempts to ignite an anti-Shia regional war.
Defying US warnings, Russia deployed a battalion of troops near Damascus to safeguard Syrian chemical weapon sites. In parallel, a Russian flotilla with S-300 intercepting batteries and other gear was en route to its naval base in Tartus with orders to defend the Syrian port town and other critical assets from Israeli aggression.
By the time war game administrators halted the nearly five-hour simulation here at Tel Aviv University (TAU) on Nov. 11, Moscow and Washington had amassed forces in support of respective allies and were nearing the brink of Mideast war.
“If we hadn’t stopped when we did, the entire region could have been engulfed in flames,” said Haim Assa, an expert in game theory and longtime Defense Ministry consultant who designed the game for Simulation Laboratories (SimLab), part of the Yuval Ne’eman Workshop of TAU.
In an interview with Defense News, which observed the simulation, Assa said the scenario was based on extreme, yet realistic events, reflecting cyber capabilities that exist or are projected to materialize by state and non-state actors in the coming years.
“What we all learned was how quickly localized cyber events can turn dangerously kinetic when leaders are ill-prepared to deal in the cyber domain,” Assa said.
“We also learned to check 70 times over, and not to take decisions on the basis of news reports.”
He was referring to a point — more than halfway into the game — when televised images of victims ostensibly suffering from breathing disorders led Israeli officials to erroneously assume it was under attack from nonconventional weapons.
No Smoking Gun
While Washington managed to a reasonable degree to identify the sources of the cyber attacks, Israeli decision-makers agonized over their elusive search for the so-called smoking gun.
Until the end, Israeli decisions were based only on strong suspicions, with leaders gravitating to the familiar conventional realm that was not always relevant to the cyber domain, participants here said.
“When confronted with this new cyber situation, our responses simply weren’t good enough,” said retired Maj. Gen. Eitan Ben-Eliahu, a former Israel Air Force commander playing the role of Israel’s defense minister.
Retired US Army Gen. Wesley Clark, playing the role of the US president, acknowledged the challenges inherent in conflicts with faceless cyber foes. “In the simulation, we realized how difficult if not impossible it is to ascertain the source of attack,” he said.
At an early point in the game, when pressed by the Israeli prime minister — played by Ami Ayalon, a retired vice admiral and former Mossad chief — the expert playing the head of military intelligence replied: “We have no smoking gun in the legal sense, but all indications lead to Iran.”
But with the Iranian president, played by former Mossad Director Shabtai Shavit, proclaiming Tehran’s innocence and victimization by the Israelis to the very end, Clark refused to countenance a coordinated attack on Iran, yet vigorously defending Israel’s right to self-defense.
In the end, it was revealed that al-Qaida leader Ayman al-Zawahri and allied groups in the region were responsible for the initial cyber-terror attacks that Israel erroneously attributed to Iran-backed Hezbollah. Zawahri planned the attack as a means of sparking an Israeli war with Hezbollah, with whom global jihadist forces were engaged in increasingly bloody battles to overthrow the Assad regime in Syria.
The al-Qaida leader correctly assumed that Israel would blame the Lebanese-based Shiite organization, thereby deflecting resources and manpower from the Syrian theater, experts here said.
As for the mega cyber attacks on the US, Iran indeed was to blame.
But in a twist that surprised the roughly two dozen participants playing respective officials from Israel, the US, Russia, China, Syria, Hezbollah, Hamas and al-Qaida, Tehran hijacked an Israeli server in attempts to pin the atrocities on Israel.
“Iran crashed the stock exchange and caused the airliner to crash,” Assa said. “In its bid to isolate Israel in the run-up to a nuclear disarmament deal, Iran executed a dirty trick to show the world that Israel would stop at nothing to provoke Washington into a coordinated attack.”
Ultimately, US cyber warriors managed to expose Iranian subterfuge and exonerate Israel. By the end of the game, Israel had not yet acted on government-approved plans to invade Lebanon and had no time to retaliate for the initial al-Qaida attacks.
Best Defense is Defense
Erez Kreiner, a former Shin Bet official who established Israel’s national authority for information protection, played the US defense secretary. The simulation, he says, underscored the primary importance of cyber defense, not only as a smart strategy, but as a means for preventing cyber attacks from deteriorating into kinetic war.
“In contrast to the accepted concept in conventional war that posits that the best defense is offense, in the cyber domain, the best defense is defense,” he said.
“Very few decision-makers understand this field in depth…. While it is clear to most in the senior political echelon and the military top ranks what the S-300 or Kalashnikov is, they have no clue about Zeus or Conficker,” Kreiner said in reference to highly infectious computer worms.
Retired Maj. Gen. Itzik Ben-Israel, chairman of the Yuval Ne’eman Workshop and a former chief of Israel’s Defense Research and Development Directorate, said the simulation underscored that fact that without proper cyber defenses, decision-makers have very limited room for maneuver.
“Defenses must include all civilian infrastructure: hospitals, electricity, water, transportation, etc., since everything connected to computers can become a target for cybernetic attack,” Ben-Israel said.
Beyond technological capabilities, nations dealing in the cyber domain must develop legal, societal, educational, diplomatic and other norms, including a strengthened understanding of international law, he said.
Findings from the Nov. 11 workshop will be forwarded to the Israeli government as a tool for honing cyber-related processes.