Rhea Siers is the Scholar In Residence at the George Washington University Center for Cyber and Homeland Security and the Director of the GW Cybersecurity Initiative. She has worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency. The Cipher Brief spoke with Siers about what Israel’s growing cyber and tech sectors could mean for the overall stability of the region.
The Cipher Brief: How would you characterize the cyber-threat environment in the Middle East generally, and for Israel, specifically? How has it changed over time?
Rhea Siers: The cyber-threat environment in the Middle East is "rich," to put it mildly. The expansion of cyber capabilities coupled with lucrative targets in the private and public sectors has heightened the threat to Israel, both in volume and complexity. Israel is among the nations attacked most often in the cyber domain, and its attackers hold diverse agendas. The attacks range from intelligence activities from adversary services, political hacktivists seeking to deface or disrupt Israeli websites, intellectual property theft, and intrusions designed to "prepare the battlefield" for potential destructive attacks. Just one cyber statistic demonstrates the volume – the servers and infrastructure of the Israel Electric Company, which provides 80 percent of Israel's electricity, is being unsuccessfully attacked or probed as many as 20 thousand times per hour. It’s not surprising that Israel devotes tremendous resources and emphasis on cyber defense in all sectors and offensive cyber capabilities in the military and intelligence sectors.
TCB: What are the regional security implications for a growing cyber capability in Israel? How might this affect Israeli interactions with Iran, which has also been heavily investing in cyber capabilities?
RS: Israel's investment in cyber capabilities both in the military and civilian realms in not new. The Israeli security establishment realized early the power and criticality of offensive and defensive cyber capabilities. Cyber innovation has also become the lynchpin of Israel's economic growth. The rest of the Middle East, including Iran, has caught on to that, but they have to play catch-up. As long as Iran remains a primary intelligence and security issue for Israel, it will remain a primary target for Israel. That's a security and intelligence calculus that applies beyond the cyber domain. The key questions in Israeli-Iranian “interaction”—I think “confrontation” is more appropriate—is how both sides will utilize their offensive cyber capabilities and defend their own networks and critical infrastructure.
TCB: Do you anticipate increased cyber conflict in the region as a result of the buildup in cyber capabilities? Why or why not?
RS: There is no question that there will be additional cyber conflict, and that's not just limited to the Middle East. We are now dealing with a volatile cyber domain that includes state and non-state actors, intelligence services, militaries, hacktivists, and criminals. But we also have to remember that cyber will continue to be part of the overall package in conventional and asymmetric conflict. In other words, it will be used to assist in kinetic attack capabilities. A good example is the Israeli Air Force attack on the nascent Syrian nuclear reactor facility in September 2007. According to some reports, the Israelis were able to neutralize Syrian air defenses by the equivalent of a cyber back door or kill switch. This probably exemplifies future cyber conflict very well, although clearly there is always the possibility for direct cyber network attacks similar to those reported against Iran, such as Stuxnet.
TCB: How does Israel's growing cyber strength affect American security commitments and strategic calculus in the region, if at all? Additionally, how does it affect cooperation between the U.S. And Israel in the cyber arena?
RS: Cyber cooperation is a healthy part of the U.S. partnership with its traditional allies in the Middle East, from Israel to Jordan to Saudi Arabia. It provides the U.S. with a force multiplier when it works well. Despite the United States' dominance in the cyber intelligence arena, it doesn't hurt to have assistance from our allies in intelligence collection and specific analytic efforts as well as to share data about specific cyber-attack incidents, actors, and capabilities.
In the case of U.S.-Israeli cooperation, cyber is a huge factor, and two areas demonstrate that – innovation and field testing. Israel is recognized for its innovations in many cyber areas; for example, the Israeli firm Check Point was part of the R&D resulting in the development of firewalls and VPNs. Israeli efforts to safeguard its critical infrastructure have some scalable benefits for the U.S. And of course, there is the ongoing cooperation in the intelligence and military areas, where common targets and threats define and will continue to enhance the U.S.-Israeli strategic relationship. I'll end with the saying that "there is no free lunch" especially in the intelligence and security world, so clearly both parties to this partnership are deriving clear and measurable benefits to their cyber relationship.