Pages

20 January 2016

For sale: Israeli insights into battling cyber attacks

January 18, 2016, John Reed in Hadera
In an industrial facility, companies learn how to fend off the threat from hackers
War games: a hooded hacking instructor in CyberGym’s Red team building
The fluorescent-lit, white-walled space could be the control room of any industrial facility: a power station, factory or offshore oil rig. Alongside three people working at a bank of desktop computers is a water boiler turbine generator of the type used at power plants. Nearby, a large mainframe computer is quietly doing its work. Suddenly the turbine screeches, an alarm sounds and water begins to flow out of the boiler and fill up the glass casing behind which it stands.
It seems the facility is under attack.
This unsettling scene, entirely simulated, is unfolding at the CyberGym, a training facility in Hadera, northern Israel. It is designed to coach companies, governments and other entities in how to cope with a cyber attack. Trainers are on hand to monitor the keystrokes and reactions of the people sitting at the computers to see how they respond, and give them feedback to help them cope with attacks in real life.

“We want to see and feel how it looks to be under attack, before they are at­tacked in their real organisation,” says Ofir Hason, CyberGym’s co-founder and a former official in Israel’s Shin Bet security service.
CyberGym is one of several Israeli companies capitalising on the country’s expertise in online security, developed in response to what it describes as a new theatre of war and a threat that analysts liken to asymmetrical guerrilla warfare. The Jewish state ’s expertise has been built in symbiosis with Israeli intelligence and the military, known for their def­ensive and offensive capabilities in cyber.
Israel’s military is widely acknow­led­g­ed to have worked with the US to des­ign the Stuxnet worm, which infiltrated computers powering the centrifuges at Iran’s Natanz nuclear facility in 2009–10, although Israel never confirmed it was responsible for the attack. The Israel Defence Forces is setting up a new cyber division, the first of its kind, intended to operate on an equal footing with its land, air, and naval corps.
Israeli companies last year exported $3.5bn to $4bn of cyber security products and attracted nearly 20 per cent of global private-sector investment in the sector.
8m–9m
Average number of attempted attacks per month on IEC computers in 2015
In training customers on how to cope with cyber attacks, CyberGym is tapping into organisations’ growing fears about online security and expanding budgets for all things cyber-related — spurred on by embarrassing and costly hacks at several companies and organisations, including Sony, Target and JPMorgan.
CyberGym’s trainers watch how people react and then advise. While most companies’ chief information officers have good technical fixes for specific problems relating to online security, the Israelis say, few are dealing with the full variety of problems or challenges that reach deep into organisations.

“The weakest link in the chain is the human — it’s the providers, the suppliers, the managers,” says Mr Hason.
CyberGym is 50 per cent owned by Israel Electric Corporation, with the re­mainder held by Mr Hason and IT company Liacom. IEC, the state-owned power company, is a widely ac­knowl­ed­ged expert in fending off hackers. In 2015 it faced an average 8m to 9m at­tempted attacks a month on its computers, mostly by anti-Israel “hacktivist” groups around the world. Some, say Israeli military and government of­ficials, enjoy support from state actors such as Iran.
In Haifa, a 45-minute drive north of Hadera, IEC runs a cyber security Operation Center at its high-rise headquarters, which operates round the clock, 365 days a year. This is not simulation, but the real thing: technicians monitor an array of indicators and screens meant to track the security of the company’s network. One displays a rotating Google Earth globe that shows where attacks at any given moment emanate from, indicated by rising flames.
China, the US and Israel itself are all prime sources of cyber attacks on IEC, the company says, but many of these are automated and emanate from attackers elsewhere. IEC says Saudi Arabia, Iran, Turkey, Indonesia and Malaysia are the main sources of cyber attacks from the hacker group OpIsrael, for instance.

“We have two and a half million customers,” says Ronen Dekel, IEC cyber security manager, who operates the cyber “war room” in Haifa. “Any part of the chain could be attacked, and the ef­fect would be a shutdown of electricity.”
The trainees see and feel how it looks to be under attack before they are attacked in their real organisation. It’s like doing paintball before getting into a real fight
- Ofir Hason

IEC began selling its expertise in foiling hackers to the wider world in 2013 when it launched CyberGym. Since setting up, the facility has hosted about 80 clients in sectors including energy, finance, industry and government.

CyberGym offers what it describes as tailor-made training programmes, of a size and duration determined by its customers and on computer networks specially set up to mirror their own. The company does not disclose financial reports or discuss its fees, but offers what it describes as a “premium product”. Customers include Spain’s ministry of defence, the Portuguese bank Millennium BCP and the Lithuanian government.
The company is expanding its franchise internationally: CyberGym established a facility in Portugal for EDP, the Portuguese electricity company, and plans to open another one called CyberGym Europe in the Czech Republic next month. In 2017 it wants to open an Asian operation, probably in Singapore.

As online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world
CyberGym’s training facility at Hadera is on IEC-owned land on a former citrus plantation, in a setting that mirrors Israel’s transition from old-economy export businesses to high-tech.
The campus-like venue, comprising white, colonial-style low-rise buildings that used to house farmworkers, allows for advanced role-playing, as trainees are divided into teams for a “cyber war game”. A Blue team is told to defend against a simulated attack; a Red team carries out the attack; and a White team debriefs the trainees to piece together which vulnerability the hackers used to penetrate the Blue team’s system.

The Red team’s building is mocked up to create a menacing atmosphere. The walls have graffiti inscriptions featuring lines of code and an image of Darth Vader as well as big video monitors. The face of the trainer, wearing a hooded sweatshirt, cannot be photographed because — like most CyberGym employees — he is a veteran of either the Shin Bet, Israel’s internal security force, or one of the IDF’s secret intelligence units.
A simulation of what it is like to be under attack before it actually happens, Mr Hason says, is “like doing paintball before getting into a real fight”.

No comments:

Post a Comment