Israel´s Businesses Losing the Cyber War (WSJ) WALL STREET JOURNAL) By JOSHUA MITNICK TEL AVIV, ISRAEL 07/26/12)
WALL STREET JOURNAL
WALL STREET JOURNAL Articles-Index-Top
In a Country Known for National-Security Emphasis, Many Firms Are
Unprepared for Hacking Attacks
TEL AVIV—In January, a hacker nicknamed 0xOmar jolted Israel by
infiltrating an online coupon retailer and exposing credit-card
information for tens of thousands of customers.
A half year later, a large swath of Israeli businesses and consumers
remain prone to cyber attacks, placing individuals, companies—and
perhaps the economy—at risk in a country believed to at the forefront
of a cyber-espionage effort against Iran´s nuclear program and
targeted by political hackers.
"I haven´t done one [system] penetration test in which I didn´t get
access to sensitive information, like CEO email mailboxes,´´ said
Yuval Nativ, 23, an antihacking instructor at See Security
Technologies Ltd. who advises companies on the weaknesses of their
computer system. "Israel´s private sector is really unprepared for
It is an ironic twist for a country with a reputation as a high-tech
and cyber-warfare powerhouse. Israel´s military—renowned for cyber-
intelligence units like "8200" that churn out technology
entrepreneurs—is believed to be behind the Stuxnet virus and the
Flame spying software that targeted Iran´s nuclear program.
And Israel´s critical electricity and financial grids are among the
best secured in the world against cyber attacks that threaten
national security, according to a January report by security firm
But it is a different story among Israeli companies.
Most businesses are reluctant to invest in cyber defenses because
they don´t consider an attack a serious enough threat. Top managers
often have little appreciation that their intellectual property,
emails, data files and even factory blueprints are compromised by
subpar security. Israel also lacks strong legal incentives to compel
corporations to take the necessary precautions.
Israel´s computing talents are also drawn to offensive hacking
projects, while cyber defense is considered mundane work and carries
Shahar Maor, an information-technology analyst at Israeli market
research firm STKI, estimated that compared with large companies
associated with defense or critical infrastructure, lower tier
Israeli companies hire one-fifth as many information-security
employees relative to computer users.
"Israel is a very secure state in terms of information security;
Israelis—as individuals—are poorly secured,´´ said Nimrod Kozlovski,
chairman of Altal Security Ltd., a Tel Aviv-based information-
security consultant firm.
In addition to exposing Israel´s credit-card holders, hackers from
outside the country are believed to be responsible for temporarily
slowing down the websites of the Tel Aviv stock exchange and El Al
Israel Airlines Ltd. in January.
However, information-security experts draw a distinction between
those incidents, considered to be the work of politically
motivated "hacktivists,´´ and attacks like Flame and Stuxnet, which
are many times more elaborate and more dangerous to national security.
In order to change the cyber mindset in Israel, information-security
experts say that Israel´s government needs to update laws and
regulation governing information security to give companies more of
an incentive to boost investment in cyber security.
For one, there are no laws requiring companies to report cyber
attacks to any public agency like in the U.S., reducing transparency
on the size and scope of the attacks.
In the past year, Israel established a National Cyber Directorate to
encourage more research and development in cyber security and to
create a national "Situation Room" to handle attacks on government
and private systems.
One of the goals of the Cyber Directorate is to promote R&D in
Israeli universities and in the private sector, creating an eco-
system of cyber technology that will keep Israel at the forefront,
said Yitzhak Ben Yisrael, a Tel Aviv University information-science
professor who helped launch the directorate.
The Cyber Directorate was endowed with $500 million over five years.
This year it announced that it would invest $12 million in cyber
research and development and scholarships for students studying
Mr. Ben Yisrael said Israel is exposed to 1,000 attacks per minute.
"To protect private-sector companies, you need awareness and you need
regulation,´´ Mr. Ben Israel said. "If the smaller ones will be
attacked, it will be more of a harassment than a major disaster.
Still if you harass hundreds of thousands of people it´s a problem
and we should take care of it.´´
On a smaller scale, Israel´s government needs to push universities to
focus on cyber instruction and to encourage more venture-capital
"When talking about research for solutions, I have a lot of friends
with concepts and proof of concepts, but we don´t have the
investors,´´ said Avi Weissman, chief executive of See Security
Technologies, a company which runs a cyber college and offers
consulting services. "People all over the world expect that Israel is
strong in information security, which means cyber defense, but I´m
not sure. We have the knowledge, but we don´t have organization."
See Security offers a course in "expert´´-level hacking where
students are taught advanced techniques for breaking into computer
systems and then practice hacking virtual computer networks designed
specially for the course.
But most of the students in the course come from Israel´s Defense
Ministry and the military rather than from private companies.
In a course run by Mr. Nativ this week, students were instructed how
to clone social-networking websites to gain access to personal
data. "They will be better defenders because they know how attackers
think,´´ he said. (Copyright © Dow Jones & Company, Inc.) 07/26/12)
Return to Top
MATERIAL REPRODUCED FOR EDUCATIONAL PURPOSES ONLY