22 October 2020

Dilemmas and opportunities in the cyber winter

By YONAH JEREMY BOB

What does the future of cyberwarfare with Iran, Hezbollah and Hamas look like? What about increased cyber cooperation with the US and how to handle cyber challenges from powerhouses like Russia and China?

The Jerusalem Post has exclusively obtained a sneak peek copy of former deputy National Security Council chief Chuck Freilich’s book on cyber and national security, expected to come out by mid-2021, and interviewed him regarding the key issues.

Most publications on national cybersecurity zone in on one or two narrow issues.

Part of what is unique about Freilich’s upcoming book, which he coauthored with Prof. and IDF Col. (ret.) Gabi Siboni and Prof. Matthew Cohen, is how comprehensively they treat the menu of cyber and national security dilemmas and opportunities.

Generally, Freilich believes that it is critical to define cyber victory or cyber “defeat” of an adversary as “maintaining cyber superiority” and reducing the adversary to tolerable levels of aggression.

The former NSC deputy chief writes that, “unlike nuclear and some other weapons, cyber weapons are instruments of coercive power that can be used in a first strike. They can also be used... to force a country, such as Iran, to realize that it had no choice but to compromise, or cease major offensive operations.”

The idea is that a nuclear first-strike policy can be dangerous, as it can lead to accidental nuclear conflict, whereas while there is some risk for accidental cyber conflict, the stakes are much lower.

Freilich told the Post that the idea of using cyber offense to coerce an adversary into a ceasefire came from using “terrorism as the model,” such as how Israel has used airstrikes to convince Hamas or Hezbollah to cease firing rockets against Israel.

The next point in the strategy would be for “regular” cyber engagement with adversaries.

Explaining that Israel needs to be active in cyber both offensively and defensively even during peacetime, he said it also should maintain a lower cyber footprint than, say, the US.

“US policy is for ‘continuous’ [cyber engagement]. I was suggesting something a bit less ambitious, ongoing but not constant. We aren’t a superpower and have numerous challenges all at the same time, including serious danger of blowback in a variety of ways.... So we have to be proactive, but maybe within greater reason,” said Freilich.

Unusually for top defense officials, Freilich is willing and ready to suggest more detailed cyber-offense guidelines, such as: “Use cyber superiority to cripple adversaries’ capabilities and forestall, or at least reduce the magnitude of, a cyber conflict.”

In actual wartime, he said, “hybrid actors, such as Hezbollah and Hamas... in [mixed] cyber-kinetic conflicts, seek cyber superiority but wield kinetic force as the primary means of achieving defeat.”

Other cyber-offense targets should “place particular emphasis on disruption of enemy command-and-control networks, military infrastructure and major weapons systems.”

These goals would apply equally to Iran, Hezbollah and Hamas.

In addition, regarding Iran specifically, cyber should be used to hit their “missile, drone and nuclear capabilities,” whereas with Hezbollah and Hamas, the focus would be hacking their rocket-firing capabilities.

Freilich continued that Israel will need to use cyber capabilities, “in severe and extreme scenarios, to inflict systemic disruption on an enemy’s economic infrastructure and society at large.”

This would apply to Iran and Hezbollah, but is less applicable to Hamas, since Gaza’s “infrastructure is already in such a shambles that significant further disruption may be counterproductive.”

Regarding cyber offense and Iranian critical infrastructure, Freilich had even more specific recommendations, including hitting “the financial and energy areas (both Iran’s ability to generate power for domestic use and to refine and export oil). The oil and ports infrastructure are the primary source of Iran’s national income.”

Regarding cyberattacks on Hezbollah infrastructure, the picture is complex.

Many observers have noted that damage to infrastructure caused by IDF airstrikes during the 2006 Second Lebanon War had significantly deterred Hezbollah from starting a new war.

At the same time, the war itself was viewed as drawn out because Israel had to hold its punches with airstrikes due to global criticism.

The drawn-out nature of the war meant the Israeli home front was showered with rockets, causing significant civilian casualties.

In contrast, Freilich suggested that using cyberattacks against Hezbollah and associated Lebanese infrastructure could quickly ratchet up pressure for a ceasefire while avoiding the nasty visuals and global blowback that airstrikes on critical infrastructure can cause (cyber also allows deniability.)

For Iran, Hezbollah and Hamas, Freilich also suggested, “Disrupt the regime’s ability to communicate with the public (Internet, TV, radio), to sow chaos and discord,” which for Iran could also “create a threat to regime stability.”

But offense is not the only tool Freilich writes about regarding national cybersecurity.

He writes that Israel can, in parallel, “pursue informal understandings with Israel’s adversaries regarding ‘rules of the game,’ or unilateral limitations on cyberattacks. Understandings such as these can be reversed at any time, but Israel and its adversaries have abided by similar ones... in the past.

“Informal understandings would be narrowly defined, to include avoidance of attacks resulting in direct and immediate mass casualties, for example, air traffic control systems, or passenger trains, both in peacetime and war,” he said.

Furthermore, he said, “These understandings could be further expanded in peacetime to such sensitive targets as hospitals and critical infrastructure systems,

Freilich writes that such informal understandings will have a better chance of having an impact than attempts to get Israeli adversaries to sign on to cyber conventions.

He describes how countries like Iran and Syria have signed on to conventions against developing nuclear and chemical weapons, while blatantly violating their obligations.

THE BOOK also invests significant time in discussing how to expand US-Israeli cyber cooperation.

US-Israeli security and cyber cooperation is considered extremely tight. But Israel is still in some ways a second-class citizen when it comes to automatic sharing of certain intelligence and cyber data and capabilities.

Looking at the Five Eyes (the US, Canada, the United Kingdom, Australia and New Zealand), Freilich acknowledged to the Post, “We will not be a sixth eye for a long time to come, if ever,” but raised the question of “what they have that we don’t, what greater cooperation in the cyber field do they have that we could aspire to?”

One specific avenue where Freilich thinks Israel might be able to achieve a higher level of cyber cooperation is to seek security-related cyber deals at the state level.

Though there are certain almost set bars to Israel obtaining certain federal cyber contracts, he said that at the state level, “There are differences in potential areas of cooperation and consequent levels of sensitivity.”

Another crucial area Freilich encourages is joint potential cyber offensive operations.

Drawing on foreign reports of US-Israeli cooperation to strike Iran’s nuclear program with the Stuxnet virus in 2009-2010, he writes that Israel and the US should “expand operational cooperation against common adversaries, such as Iran. Overcoming the mutual reluctance to divulge unique capabilities is not easy, but has apparently been done in the past (e.g., Stuxnet) and should be done again, especially in an era when the US is increasingly reluctant to deploy military forces and use kinetic means in the region.

”
In a 2017 interview with the Post, former deputy Mossad chief Ram Ben Barak, without confirming US-Israeli involvement in Stuxnet, pushed back hard against accusations from the film Zero Days in which CIA and NSA sources anonymously accuse Israel of having been overly aggressive with Stuxnet to the point of losing control of the code.

Ben Barak responded to the allegations saying that the only reason Iran did not get nuclear weapons long ago was “because of many reasons which stopped it from succeeding... and we need to make sure it never gets one.”

Freilich believes that Israel and the US could overcome any alleged leftover tension from Stuxnet to engage in future joint offensive cyberoperations.

However, Freilich suggested Israel’s cyber approach to unwanted cyber activities by Russia and China should be more toned-down.

Unlike the aggressive approach with Iran, Hezbollah and Hamas, he suggested, “merely seek to prevent or mitigate damage caused by global powers, whose cyber capabilities are greater and who may otherwise be friendly to Israel.”

In communications with the Post, Freilich confirmed that with Russia or China, “Taking them on more offensively... is a losing cause, we can’t do it – don’t sacrifice the relationship to this.”
The book also addresses securing a second-strike cyber capability in the event that some adversary initially succeeds in a large-scale surprise attack against Israel, as well as whether more can be done to secure the two submarine cables that connect Israel’s Internet to the outside world.

Freilich added that “a third cable is scheduled to come online in 2020, and satellite systems provide a partial but inadequate backup” for Israel’s physical Internet connection.

Without drawing conclusions, he also raised the question of whether Israel can receive a guaranteed cyber response from the US on its behalf, in the event an adversary initiates a major cyber strike on Israel, similar to certain nuclear counterstrike commitments between the countries.

In the book, Freilich, along with his coauthors, shows again that he is one of the few truly systematic thinkers when it comes to the plethora of national security challenges confronted by Israel.

No comments: