Tapped by Prime Minister Benjamin Netanyahu to pioneer Israel's national cyber strategy, Eviatar Matania straddles the nexus where policy, security, technology, big business and international cooperation meet.
In less than four years, Matania has built up two organizations — the National Cyber Bureau and the National Cyber Security Authority — which respectively coordinate across government ministries and Israeli defense agencies in support of national cyber needs and objectives.
Matania reports directly to Netanyahu — a chain of command that comes in handy when negotiating inter-ministerial disputes such as Israel's recently codified cyber export licensing policy. That issue came down heavily in favor of the industry that sustains Israel's role as a global cyber power, with annual exports second only to the United States.
At an unmarked suburban office building in north Tel Aviv that serves as NCD headquarters, Matania sat down with Israel Bureau Chief Barbara Opall-Rome to discuss national cyber strategy and why he believes the cyber domain is allowing Israel to expand into new frontiers.
Q. You've likened the cyber domain to a phenomenon that can change civilization, much like the industrial revolution or the agricultural revolution before that. Please explain.
A. We view cyber not just as a domain, but as a phenomenon. And not just a phenomenon, but a revolutionary phenomenon. Before the agricultural revolution, we were totally dependent on nature. And before the industrial revolution, we were totally dependent on human labor. Now, through a series of revolutionary developments, the cyber phenomenon is freeing us from the limitations of physical domains.
When accompanied by proper security, we believe this phenomenal domain is an enabler that allows a small country like ours to prosper economically and to master new frontiers.
Q. So what's the plan?
A. First, when formulating our national cybersecurity strategy, we realized we needed to think differently and ask different questions. Most tend to focus on the cyberthreat. Who is the enemy? What new technologies will be out there in the next two to three years? How can we defend critical infrastructure? These are all important questions, but they couldn't lead us toward a new strategy. We couldn't rely on the same concepts that guide national security strategy, which tend to focus on notions of sovereignty, jurisdiction and threats.
Q. And your conclusion?
A. Since cyberspace is a borderless domain of computerized systems, networks and their interconnectivity, we realized that organizations essentially constitute our nation's digital frontier. And since there's no single technological or operational solution that can differentiate between good and bad communications in cyberspace, we concluded that we needed to devise a holistic approach to network and operations management that allows organizations to do their mission.
Q. OK. How so?
A. Our comprehensive strategy involves three distinct layers for cybersecurity. We're calling them robustness, resilience and defense. If you build the first two layers in the right way, they will mitigate 95 percent of threats. But there's still the remaining 5 percent where organizations are still susceptible to what we call high-end campaigns and campaigners. This is the layer of national defense, where we harness our national security capacity to start dealing with the attack.
Q. Let's start with the first layer.
A. Robustness is everything you need to do to maintain sound organizational operations. This layer involves working with the private sector on regulations, organizational processes, risk assessment, technical measures, human procedures, corporate norms, etc., regardless of whether you are attacked or not. Think about it in terms of the human body. Most of the time, we're not sick. We're robust. We wash our hands. We have immunizations to prevent us from catching other people's viruses.
In this layer, the government provides the clean water, electricity for refrigeration and basic infrastructure along with incentives, awareness and guidance. But it is the responsibility of organizations to make use of what the government has to offer in order to maintain basic health.
Q. The second layer?
A. Then we have resilience. This is an event-driven layer that enables an organization to snap back to good health. Once you know about a vulnerability or attack, we’re providing a systemic capacity — the hospitals, Hhealth Mmaintenance Oorganizations, and Centers for Disease Control, if you will — to handle threats/illnesses when they inevitably materialize in order to regain overall normal functioning as soon as possible.
This layer involves information-sharing, analysis of attacks, means of containing attacks and a recovery plan. This is the layer beyond the extensive work conducted by the private sector where only governments can provide national mitigation capacity.
Q. Is this where the national Computer Emergency Response Team (CERT) comes into play?
A. The CERT anchors the central layer of resilience by acting to identify, mitigate and recover from cyberattacks, while striving to maintain network continuity for as long as possible. But it's not limited to resilience. Through the CERT, we manage the third layer of defense.
The National Cyber Security Authority's responsibility it to protect critical infrastructure and support national cyber defense operations.
Photo Credit: Courtesy of the Israeli Prime Minister's Office
Our National Cyber Security Authority is responsible for protection of critical infrastructure and for national cyber defense operations, including CERT operations. If the head of the authority sees there is an attack, he doesn't care if the attacker comes from a crime organization, a terror group or a specific country. He's focused on acting against a big campaign; a mega event. In parallel, our national security agencies and the intelligence community focus on what to do with the attackers.
Q. You've used health as an analogy to explain your strategy, yet Prime Minister Netanyahu prefers to compare it to an Iron Dome against cyberattack.
A. With Iron Dome, it's not only the ability to intercept attacking rockets and missiles. You have passive and active layers of defense as well. So if you use this analogy, robustness would form the first layer of passive defense, meaning the shelters, Home Front Command safety regulations and the like. Then the second layer, resilience, would be the active defense; the actual interceptors that allow you to identify the attack, analyze it and act to protect the network. It's not an exact analogy, but it works.
But don't forget there's another layer that will be the responsibility of the military and intelligence agencies.
Q. Meaning cyberattack operations?
A. We work to identify a specific attack and prevent a continuation of the attack. But sometimes we cannot just defend and defend and defend. We often don't have the luxury of knowing who the attacker is. That's why we are focused on the attack. Identifying the attacker and dealing with him is another mission … and that is the mission of the Israel Defense Forces and the intelligence services. I have a military liaison as well as liaisons to the intelligence organizations. We work very closely together, but the separation point is attacks versus the attackers.
Q. What is the size of your organization and your budget?
A. Currently we have dozens of people, and there will be hundreds of people. And our budget will be suitable for our mission. We have a multiyear plan and I can tell you our budget is in the hundreds of millions of shekels; these are funds that go directly to the NCD. We have matching budget arrangements with the [Office of the] Chief Scientist, the ministries of economy, science, education and other government bodies to leverage our cyber spending. And of course there's a lot more invested in the security sphere.
This graph details investments in previous years. The blue line represents investments in Israeli cybersecurity companies. The red line represents the number of active Israeli cybersecurity companies.
Photo Credit: Courtesy of the Israeli Prime Minister's Office
Q. Such NCD-administered cost-sharing and inter-ministerial initiatives would be hard to pull off if your organization didn't fall under the Prime Minister's Office (PMO), correct?
A. That's why it makes so much sense to have this all under the PMO. Otherwise, as we've seen around the world, if the cyber authority comes under Interior, they focus on crime and regulation. If it comes under national security, use of force tends to prevail. By having it under PMO, it reflects a comprehensive national spectrum from cybercrime to cyberwarfare to address not only threats but the multitude of economic and social benefits to be had from this new frontier.
Q. Finally, can you share some export and investment data points to support Netanyahu's contention that Israel is one of the top cyber powers in the world?
A. In 2015, Israeli exports of cyber solutions and products was approximately $4 billion, which I believe is second only to the United States and more than all of Europe combined. Many of the world's major cyber firms are establishing operations here in the new cyber hub we're developing down south.
In 2014, some 10 percent of the world's private investment in cyber went to Israel. Think about that: With a population of some 8 million, Israel is just 0.1 percent of the global population, yet we garnered 10 percent of investment. And in 2015, it nearly doubled to close to 20 percent of global investment.