Israel has a new “cyber czar.” The cabinet approved Sunday the appointment of retired Military Intelligence general Gaby Portnoy to head the National Cyber Directorate, the civilian body within the Prime Minister's Office charged with defending Israel’s cyberspace.
Portnoy, 52, served as chief operating officer for the medical high-tech firm Envizion Medical. Prior to that, he spent 31 years in the armed forces, serving in senior positions including head of operations for the Intelligence Corps, retiring with the rank of brigadier general.
Portnoy will replace Yigal Unna, who stepped down last month, as chief of cybersecurity. While Unna was considered a member of Israel’s defense establishment, serving in the Shin Bet security service before being appointed to the cyber authority, Portnoy differs from him in that he also spent time in the private sector. Industry sources say this puts him in a better position to address the real issues Israeli cyberspace faces.
The Cyber Directorate is the main body charged with defending Israel's cyberspace and advancing the build-up of its cyber strength. It works to strengthen the protection of organizations and citizens in dealing with cyberattacks and in preparing for emergencies. While state attacks are addressed by Israel’s military or intel services, which according to foreign reports also conduct offense operations, the cyber authority is an inherently defensive and civilian body.
Israeli government websites and companies face thousands of attacks daily, but most are thwarted. However, despite the fact that Israel's cyber sector is one of the country's biggest and fastest growing industries (raising $8.8 billion in 2021, triple the amount in 2020), many challenges still exist. In fact, Unna and the directorate faced a lot of criticism. Here are the biggest challenges facing Portnoy.
“I thought it would take five minutes until you asked about NSO – it took you over 15!” This is the joke Unna made when I interviewed him and his United Arab Emirates counterpart last year. The joke won Unna a chuckle from the Emirati official. However, it concealed a much bigger issue Israel’s cyberspace faces: cyberoffense firms like the NSO Group.
- U.S., Israel join forces to fight ransomware attacks
- Israel’s cyber capabilities are superior to Iran’s, but it has a soft underbelly
- Israel and UAE shared intel on Hezbollah cyberattack
Such firms pose a double threat to the directorate: First, during the term of Benjamin Netanyahu, the cyber authority played a role in pushing firms like NSO out as part of what has been termed “cyber diplomacy” – providing cyber know-how to states, especially in the Gulf, to facilitate closer ties between them and Israel.
This has cast the authority as a body working not to defend Israel but rather, to advance diplomatic goals, even at the expense of human rights. Generally, due to Unna’s background in the Shin Bet, his term in the authority was characterized by claims that it was a front for Israel’s cyber dealings, even at the expense of the defense of Israeli cyberspace.
This leads to the second issue firms like NSO pose for the cyber directorate: the world of cyberdefense is built on information-sharing.
Different firms provide disclosures of the different exploits and threats they have faced or found. With Israeli cyberoffense firms like Candiru being accused by Microsoft of sellings exploits that allow their clients to hack into Microsoft Office and other Windows-related systems, Israel is at risk of losing access to important information.
Israel has a big cyberdefense industry that constantly shares information, regardless of the country’s offensive cyber firms and their bad reputation. However, no one will share information with Israel as a state if there is concern that this information could then be leaked to those looking to exploit it.
The perception that Israel is not only a cyber superpower but an exporter of cyberoffense capabilities also puts the country at exposed risk of revenge attacks.
“Israel has enough enemies as is and firms like these, and reports that Israel is proactively pushing them to places like the Gulf, invites additional enemies to join the fray,” a senior official in the industry said on condition of anonymity due to their ties with the cyber authority.
This leads to the third problem Israel’s cyber body faces: a lacuna in defenses that experts say leaves Israel’s small-to-medium-sized business sector woefully exposed. While big firms and official government agencies enjoy state protection against state attacks, the cyber authority has left smaller firms to fend for themselves.
“We’ve seen state actors like Iran attack smaller targets,” the industry source says, “and they have faced newer and more complex attacks just because they are based in Israel. However, despite our booming cyber industry, they have only meager means to defend themselves.”
The rise of hybrid attacks – such as state attacks masquerading as criminal ones – have proved a major embarrassment for Israel. For example, a number of attacks last year made use of double or even triple extortion, stealing information from victims, seemingly with the intention of selling it back to them for a profit, but actually using it to embarrass the firms and even trolling their clients. As these are oftentimes “hacktivists” pretending to be criminals after financial ends, their victims are stuck: The authority does not deal with state attacks, which is a defense establishment issue, and the solutions provided for private firms are not enough.
“These attacks are perceived to be ‘the price of doing business.’ However, they are actually a form of terrorism,” the source explains. “The Israeli business sector is a national security risk and the authority has failed to address this.”
Cyber talent bleed
About 40 Israeli cyberfirms were bought by foreign companies last year. This led to about $3.5 billion flowing into Israeli pockets, while Israeli cyber exports soared as high as $11 billion. This boon is great for business, but, industry sources explain, also poses a unique challenge: a cyber talent brain drain.
“Israel is bleeding cyber talent. We have historically been a world leader – with Unit 8200 creating the best defensive and offensive talent. However, as more and more of the world, and more and more firms buy these services, Israel is at risk of losing its edge,” the industry source says.
World trends and disclosure politics
Those are merely the challenges that are unique to Israel. With the rise of remote working, the past few years have also been a bonanza for cybercriminals. Israel has been no exception, and such threats are only expected to rise in the next year.
Looming regulatory changes – both regarding the disclosure of attacks on private bodies and on cryptocurrency (the main currency used by cybercriminals) – are likely to make defending against cyber attacks at a national level a much bigger challenge. Fewer and fewer firms are incentivized to reveal attacks, as paying cybercriminals potentially carries some liabilities.
Conversely, hiding cryptocurrency payments is expected to grow harder. Together, both will force cybercriminals and “threat actors” – as hackers are termed in the industry – to up their game, with less and less information available about them and their activities.
Coupled with the ever present threat of state attacks – from Iran and Israel, to Russia and Ukraine – Pornoy faces an uphill battle in an uncertain world, experts say..
“Israel needs a chief information security officer, not another company man from the Shin Bet. It needs someone who knows the reality that victims in the civilian space actually face and need to deal with, at times daily,” the industry source says.
“Up till now, instead of leveraging our power, we’ve abused it and left our home front exposed. I can only hope Portnoy changes that and provides the Israeli market and cyberspace with the defenses it needs.”
Reuters contributed to this report.