The IDF decided to assimilate the issue of cyber in all IDF layouts, including the combat layout. "We are currently everywhere within the IDF," says the head of the Cyber Instruction & Assimilation Section, Major A.
In the IDF they have been speaking, for quite a while now, about military operations in the cyber dimension, but so far these operations have remained within the domain of the more technological divisions, such as the Militry Intelligence Directorate, placed in charge of offensive cyber, and the C4I Branch, placed in charge of defensive cyber.
Now, for the first time, the IDF decided to assimilate the issue of cyber in all IDF layouts, including the combat layout. For example, Project Tzayad (Digital Land Army), in the context of which field commanders are issued handheld computers through which they are supposed to conduct the next war. The Tzayad computers by Elbit may be used to call in air strikes, to see where other IDF elements and enemy elements are located, to communicate directly with UAVs, Merkava tanks or Apache attack helicopters.
Now imagine an IDF maneuvering division, operating deep inside enemy territory in the context of the third Lebanon war, when in an instant, all divisional systems collapse. The battalion commander will not know where his brigade commander or where his company commanders are located. Even worse, he will not know where the next Hezbollah antitank detachment is deployed and worse still – he might fire at another IDF element.
Such a collapse could be the result of a cyber attack.
Based on the understanding that cyber is not a matter to be confined only to the technological layouts and that it should be assimilated throughout the IDF, Major A. was appointed to a new position: head of the Cyber Instruction & Assimilation Section at the Cyber Defense Department. He started out in the Military Intelligence Directorate and then transferred to the C4I Branch, and has been serving in his current position for the past three years.
In an interview with IsraelDefense, Major A told us: "I entered the world of cyber about three years ago. This was a fairly new subject for the IDF and in general – a new world. Up to that day we had been referring to four dimensions with which we were familiar: air, sea, land and space. We realized there was another dimension that had to be protected – the cyber dimension. Unlike the other four dimensions, this dimension is man-made and it dominates all of the other four dimensions. You can encounter the cyber dimension anywhere. The force multiplier is the damage multiplier. You will be more accurate in building your target bank and in executing whatever you want to execute. At the same time, you will be more vulnerable, and consequently you would be required to defend more effectively. Today, any six year old kid has an iPad or a smartphone and the more C3-oriented you are, the more vulnerable you will become."
What is your mandate regarding the introduction of the cyber field into the entire IDF?
"I am responsible for the training and instruction activities throughout the IDF. We understand that the organizations trying to damage the IDF through the web double and even triple their capabilities each year. The Axis of Evil attempts to threaten the IDF in every realm, and particularly in the realm of cyber. Anything that is C3-oriented is more accurate but it is also more vulnerable. We are ready to build our forces to face that threat, either through training and exercises vis-à-vis any scenario, or through dedicated instruction such as our cyber defender course. There are instruction activities for all the other elements of the IDF: from new recruits at the basic training bases to brigade commanders, battalion commanders and division commanders. The objective of the instruction activity is different for each level. In our cyber defender course, we train highly specialized and highly focused professionals. Through our instruction activities for senior officers we create a common language between the cyber defenders assigned to them and their daily operations."
How do you cause a field commander who's completely detached from the field of cyber, like the commander of the Golani brigade, to be attentive to the cyber dimension in his unit?
"It is important for us, beyond those instruction activities, to spread the word about cyber through the top echelons of the IDF. Additionally, it is clear to us that the cyber attack threat is not necessarily imposed on the most senior entity within any organization. Today, everything in the IDF is C3-oriented: the computer used by the secretary in a senior commander's office is connected to the web, so I have to explain to that senior commander that the threat pertains to all of us and we must see to it that the enemy will not be able to reach the objectives he wants to reach."
Where is the most vulnerable point of the field forces in the realm of cyber today?
"Today, all of our forces, regardless of who they are, carry and use C3 systems. Eventually, we realized that we should go over and explain to them what cyberspace is. It is important for us that they understand what this space is and what the threats are and how they fit into the picture and how their personnel should protect their C3 systems, from the computer to the server. In the end, they, too, are equipped with C3 systems of one kind or another, and these systems are vulnerable and need to be protected as effectively as possible.
So what do you teach them?
"It mainly revolves around the awareness, getting to know this world and cyberspace, becoming familiar with the threats it contains and where they can catch them and how they can catch them and if you experience a cyber event – how to deal with it."
Can you give us an example of a cyber event with which a field commander can cope?
"They must be familiar with the personnel available to them in the field of cyber. They should have a common language with their cyber defenders. We have highly skilled professional personnel. They all undergo long periods of training and it is important for us that the commanders give them a free hand to execute the defensive operations as they should be executed, and that those commanders rely on them to know what they are doing. Eventually, we have cyber defenders deployed to provide solutions in the regional commands and in the field. It may not necessarily be the cyber defender subordinated directly to the battalion commander or brigade commander, although every battalion commander and brigade commander has C3-oriented systems today."
You have evaded our request for an example of a cyber attack against a brigade on the ground…
"A situation may emerge, for example, where they should make a decision as to whether they continue using a certain system or, at that instant, they break contact with it as they realized that this system had been the target of a cyber attack. The commander's dilemma will be whether according to the risk, in terms of cost versus benefit, it would be right to continue using that system or whether it would be more appropriate to switch to an alternative system or waive the service altogether if no alternative systems are available."
Do you expect a brigade commander operating in the middle of Lebanon and directing a brigade assault to be able to identify a cyber event affecting his brigade?
"First of all, I expect that brigade commander to be aware. I expect even the commander of the Golani brigade to understand that what he is experiencing is unusual. I do not expect him to understand that this is a cyber attack, but I do expect him to raise the flag to the elements charged with the task of administering that event so that they may examine it and announce that it is a cyber event. Yes, I expect that much from the commander of the Golani brigade. In the end, the user's experience is something that often identifies web irregularities. In the event of a user's experience where the user identifies something that is not routine, it will be important for us to understand what it is and interrogate and examine it so as to determine whether it is a cyber event or an operating-related event."
And then what would you do with a cyber attack in the middle of a ground maneuver in Lebanon?
"We also have special forces that would link up with the commander on the ground, even the commander of the Golani brigade. They will reach him on the ground and determine whether it is a cyber event or an operating-related event."
Even if he is operating in the middle of Bint Jbeil?
"They will go anywhere, as required. We have GHQ elements capable of doing it. In the end, you should bear in mind that the cyber defense layout includes additional forces charged with cyber defense. Particularly because it is a new field of activity in the IDF, we will send relevant GHQ elements to execute whatever is necessary.
How long will it take you to repel a cyber attack in the context of a total war situation?
"A cyber event is not an event that will necessarily end in a minute or two. Investigating the events of cyber attacks can take an hour or two, a month or even two months – it all depends on the complexity of the event and the sequence of occurrences and the complete picture of the events that the forces had assembled during the process."
How do you conduct the cyber defense assimilation course?
"It also involves the inclusion of contents in existing courses, like the brigade commanders course, for example. We always adapt the contents to the population they are delivered to. The section head level will receive different training from the brigade commander level and definitely different from the training delivered to new recruits.
"We currently go anywhere within the IDF. For example, we provide training as part of the mandatory contents new recruits receive during their basic training. Our objective is to reach each and every echelon in the IDF, from the lowest echelon to the most senior echelon. We even reach the General Staff."
Have you had a chance to teach the subject of cyber to the general officers of the IDF General Staff and to the Chief of Staff?
"Not me personally, my superiors went to those places in order to train the General Staff. You deliver relevant contents in the context of a complete training program. In the end, what matters to us is that every senior commander should understand that an attack through the cybernetic dimension can affect the physical dimension. If you neutralize some of my C3 systems and I have forces on the ground and suddenly I do not see them, it could cost human lives."
Have you ever encountered anything like that?
"I will skip that question. I cannot answer it. Generally speaking – yes. We have experienced a number of attacks. I will not say where and how many.
"Eventually, the systems used by the field echelon are not different from systems used by other echelons of the IDF. Eventually, several organs are using the same systems.
"There is one more thing that should be remembered in this context: we are currently experiencing the butterfly effect. Pressing the Enter key just once can change complete systems. Look, for example, at the Arab Spring. It began with a relatively small group of people and look how far it has come. The question is who will press the Enter key first. The cyber defense layout protects all of the systems in the IDF, and at any level where we are required – we will be there.
"The cyber dimension is a highly dynamic space. It is something that changes at a very fast pace. It changes every hour and every minute and it compels us, as defenders, to be thoroughly familiar with the field and to keep learning every day."
Have you ever encountered disdain on the part of senior field commanders you had come to teach about cyber?
"There were places where the level of awareness was lower, and when we tried to speak about cyber, well… when you are faced with something you do not know, you will try to repress it. There were places where we were told: 'Give me a break! Let me go on with my job! In order to avoid such situations we come to them and explain it to them. If necessary, we can call on the head of our branch."
Do you want to tell on who was disdainful to cyber?
"I would rather not. In today's reality, the entire military fully understands the importance of this dimension, notably the matter of defending this dimension. Our objective is to save lives and we will protect our systems with all our might."
When you picture your cyber attacker in your mind, who is he?
"He can be anyone – from a random hacker, an eight year old child sitting at home, bored, who wants to see how far he can go, without necessarily having anything against us, to organizations, states and superpowers. There is no end to it. There is no one in charge of cyberspace. Anyone cando whatever they want with it."
What would the cyber dimension look like in the third Lebanon war?
"Look, eventually, the cyber dimension is a combat zone to all intents and purposes. If in the past the primary threat consisted of the tanks and aircraft and the weapon systems we were familiar with to this day, then today cyberspace is a combat zone. Today, at the push of a button, you can render a complete airbase inoperable. The most important thing for us to understand in this context is that the war goes on all the time. You have chosen to ask about the third Lebanon war, which is something with a start date and an end date. The fighting that goes on in cyberspace has no start date and end date. It is something where you do not have to come face-to-face with your opponent. Instead, I can sit at home and stage my attack from there."
Has there been an increase in the number of cyber attacks against IDF?
"We are working 24/7 at the cyber layout and cannot rest on our laurels. You may draw your own conclusions from this statement."
No comments:
Post a Comment