Cyber as a Strategic Component in National, Economic, and Corporate Resilience

Several years ago, Israel Aerospace Industries (IAI) recognized the rise in countries’ awareness of strategic cyber threats and the need to develop national-level solutions. Sought by many nation-states actors, the solution developed by IAI’s group and subsidiary, ELTA Systems Ltd, promises an overarching response – covering intelligence, technology and operations – to ensure robustness, resilience and the capability to recover quickly.

By YOEL TZAFRIR, in cooperation with IAI
Promoted Content
Send in e-mailSend in e-mail
“Since this is a strategic threat, the solution should also be strategic in nature"
Credit: Shutterstock
By YOEL TZAFRIR, in cooperation with IAI
Promoted Content

When the cyber historians of the future look back to the second decade of the 21st century, they will likely label these years as the perfect storm years. A convergence of events, processes and circumstances all coalesce in a clearly-defined trend: cyber has become a strategic threat to nations – not just to random facilities, enterprises or government agencies, but rather to governments’ actual capability to operate and to function as players in local politics or as actors on the geopolitical stage.

Esti PeshinCredit: IAI

“We are witnessing several trends in the world of global strategic cyber, pointing to cyber becoming a very significant factor for nation states, and the capability to deal with cyber threats is becoming a strategic component of national, economic and corporate resilience,” said Esti Peshin, VP and General Manager of the Cyber Division at Israel Aerospace Industries (IAI). Peshin is one of the pivotal figures in Israeli cyber and has lead IAI’s activity in this field over the past few years.

What trends are you noticing?
“We see more and more involvement from nations, especially superpowers, in cyber activity. This is joined by a clear trend of increase in cyber crime at all levels, including ransomware, even in nation states where the crime level is generally low. It also all comes from the ease with which attacks can be perpetrated. Nowadays it is relatively easy to purchase malware on the dark web, available cheaply to whoever will pay. Another trend is cyber attacks against critical infrastructures. There have been a few threshold events lately that caused governments’ warning sirens to blare, hammering home the understanding that one needs to prepare for dangerous situations, in which enemy state actors can, for example, bring gas stations in a country to a halt. There is also the issue of cyber espionage on an industrial level, becoming a tool for governments or groups to reveal secrets and steal intellectual property, and since all information is stored online today – and given the human element is always a weak spot – this is a hole in the fence waiting to be breached. We are also seeing an uptick in attacks against supply chains. Finally, there is a trend of influence campaigns, in which entities use cyber to disseminate lies and fake news to influence public opinion in target countries. This joins the trend of using the media and social media to amplify cyber attacks, even when their initial damage is not substantial”.

How do you build a solution for such a significant string of threats?
“Since this is a strategic threat, the solution should also be strategic in nature,” says Peshin, who leads the export of IAI cyber products to foreign countries. “I see five central components in the solution: First, of course, is technology, but no technology – as good as it gets – will be efficient if there is no clearly defined methodology for its implementation. This is the second component, the combination between technology and methodology, which creates the necessary effect. It must also be kept in mind that cyber is a dynamic dimension. Attacks evolve all the time and become progressively worse, and this is why the solution should be appropriate. It requires constant innovation, which is the third component. It also means preserving capabilities and making new investments to deal with evolving threats.

“The fourth component is cooperation. Cooperation between agencies and organizations within the state and cooperation between countries. When an entity that has been attacked shares knowledge with other entities and with national cyber agencies, it enables mapping the situation at a macro level, and this in turn helps improve response and reaction capabilities, on an organizational level, at the national level and on an international level, while increasing the overall resilience capabilities of corporations and nation states. Finally, the fifth component is capacity building, and this has two meanings: increasing the awareness of the human element – one indifferent key click may lead to a link to malware – as well as training a force of cyber warriors, and keeping them highly trained and current over time”.

Monitoring and tracking national infrastructure
As early as 2016, IAI realized the importance of cyber at the strategic-national level and the Cyber Division was established at ELTA, in order to lead the business of selling the products and services to IAI’s clients. The division is the leader of the Israel Cyber Companies Consortium (IC3) and the Israeli Aviation Cyber Consortium (IAC3). It gained significant experience in cyber projects at the national level and is considered a leading player in the field.

What can you offer national level clients?
“On the conceptual level, we speak today of transitioning from cyber security to cyber resilience,” says Noam Krakover, CRO of the Cyber Division at IAI. “The concept is that it is almost impossible to prevent attacks, no matter how strong we make the organization, and therefore it is best to minimize damage, manage risks and protect the most important elements – according to the Pareto principle – and especially, to ensure there is the capacity to recover. That is, we presuppose attacks that damage the organization will take place and the test is how quickly it can recover from them and resume activity, while preventing irreversible damage. This is especially true for critical national infrastructures.

“On a practical level, the solution includes cyber threat intelligence – not just identifying attacks but pointing to intentions; a minimal baseline security for critical infrastructure, like electricity and water; monitoring different systems, like communications and internet – including real time recognition of anomalies on the network and alerting cyber researchers at an early stage, side by side with forensics investigations of cyber incidents as well as incident resposne; and finally, training personnel.”

End to end solutions, all made in Israel
“We have another important aspect,” adds Peshin. “IAI heads the Israeli Cyber Companies Consortium (IC3) which was established under the auspice of the Ministry of Economy and Industry with sponsorship from the Israel National Cyber Directorate, the Export Institute and the Defense Ministry. IC3 provides comprehensive solutions offered by Israeli cyber companies and needed by national-level arrays. The consortium includes leading Israeli cyber companies, large corporations and startups. We are cooperating with companies in the consortium and with other companies with the goal of providing end-to-end cyber solutions, mostly based on cutting-edge Israeli technology, to nation states. This is an important integrative capability. Beyond the operational solution, this includes additional dimensions, like training, professional courses and even establishing a local or regional cyber academy. We also offer a channel to connect with the public, including a hotline to the National Cyber Directorate where citizens can report cyber incidents.”

In summary, what is your message to national level clients?
“In a world in which you need to provide cyber solutions to countries, you must be professional at the highest possible level, and with all humility – we are pros. The combination of technological, corporate, and operational capabilities, the tremendous experience and knowledge we gained over the years and our innovation and human capital, all work in concert to make our solution optimal for countries concerned by strategic cyber threats and looking for a comprehensive network of solutions.”

In cooperation with Israel Aerospace Industries (IAI)