The public did not hear about this Iranian attack, but it could have done great harm to the IDF. To win the war "

• "Anyone with a computer and cable is a threat to us." Members of the Defense Brigade

  Photo: 

  Joshua Joseph

A few months ago, the IDF's defense establishment identified cyber-attacks on the "supply chain." The identity of the attacker was clear: Iran. The civil services he receives such as fuel, food and more and harm to it may not only impair his regular functioning; An effective attacker will also be able to gather valuable information about companies, facilities and modes of operation that are critical to the entire economy.

The person who exposed the attack was the Defense Brigade in the SBS (network environment), which operates in the IDF's Communications Division. This was carried out as part of close monitoring of attacks in the Israeli cyber space. Once the attack was unveiled, the Defense Brigade entered the record: General Staff Intervention Teams that specialize in cyber defense and were trained were trained to address the issue.

For several days, the teams carried out a covert operation designed to fully expose the attackers and thwart the assault. After the immediate threat to the IDF's ongoing functioning was neutralized, the defensive walls of the attacked areas were increased to further damage them. This activity allowed - a few months later - to expose Iranian attempts to penetrate the IDF supply chain - and were blocked.

This attack, first revealed here, is only a small part of the secret cyber war between Israel and Iran. This is one component of a broader campaign, the familiar part of which is under the auspices of the war (Iran's war campaign) against Iran's consolidation efforts in Syria and Hizbullah's transfers to Lebanon - whose cyber centrality has grown rapidly, both in attack and defense.

The Defense Brigade was formed about four years ago, at the end of a long-time headquarters that looked into the possibility (which was in the meantime) of establishing an IDF cyber wing that would concentrate both the attack and the defense. In the end, it was decided to leave the offensive section in the 8200 unit, which is subject to the intelligence wing and the defensive section. Listen.

The division is located in a civil office building in the heart of Tel Aviv. The entrance to it is austere and without signage. Anyway, except for the senior officer, the service in it is in civilian clothes, so as not to attract attention. Because it is a young unit, many of its senior officers came from other units in the IDF. Its current headquarters, Brigadier General D, grew up in 8200 and in his previous position commanded one of its centers. The young soldiers in the unit have already been identified directly for the defense establishment, in a long and demanding process, and recently the IDF has also recognized "Cyber ​​Shield" as a military profession.

Iran is not alone

The role of the Defense Brigade, simply, is to maintain the IDF's freedom of action and functional continuity, from the operational worlds to the day-to-day functioning of the civilian Internet space. It should allow the IDF to operate freely in routine and war, while fully exploiting the state's vast technological advantages Israel in the digital space. "If the enemy prevents us from taking advantage of these benefits - he won; and if he infiltrates us and disrupts our operations - he won," a senior official says. "It's our job to make sure that it doesn't happen."

Supplemental link. 8200 // Photo: Joshua Joseph

The IDF is an attractive target for attacks. "In the past, only technologically capable countries could attack us. Today, anyone with a computer and cable is a threat to us, "explains the senior." It is a boundary without boundaries and often without a signature. It is not always possible to know who the attacker is and where he is attacked. "

The role of the Defense Brigade is to prevent these assaults, and to find out who is behind them. Recently, it was revealed that Iran attacked Israel's water infrastructure, and in response (according to a Washington Post publication), Israel attacked Iran and disrupted operations at Bender Abbas port. While the Iranian action was not directed against military infrastructure, the defense system was part of detecting attackers' traces - a crucial process for preparing the ground for counter-attack when deciding to respond.

This attack was part of a growing trend of cyber enemies and rivals, trying to gather information or disrupt military and civilian activity in Israel. Iran has a major part in these strikes - partly to balance its inferiority with the attacks attributed to Israel in Syria, and to make up for the lack of a physical border between it and Israel - but it is not alone: ​​Hamas also has a cyber arm (which was attacked last year during one of the fighting rounds in Gaza) And you can assume that even more friendly and less powerful powers are showing interest in the digital space in Israel.

In this world, everyone is an enemy of the Defense Brigade. In 2019, dozens of assaults on the IDF and various activities were identified, as far as they were all thwarted. "We are talking about the dangerous things here. Not about pickpockets, about war, ”the senior says.

This is a significant challenge for the IDF to be present and active in every possible space: from the need to enable current and immune transfer of threats of intelligence information to the fighter plane attacking Syria or the carriage tank operating on the Gaza border, through the protection of the Home Front Command's warning and sirens (already attacked by Iran in the past) ) And the data of the servants or any other information found on computers, up to the protection of the websites and activities on the social networks of the IDF Spokesman or the USCU, which are used for regular communication with the citizens.

"The IDF has no insurance company. A civil society can also live with 99 percent protection, we must have full protection to allow a victory in the war, "explains the senior." The advantage is that we have the IDF behind us: when we detect an attack on cyber, the reaction does not have to come only through cyber. Send an F-16 to get the job done. "

Prepare for tomorrow's enemy

The IDF refers to cyber defense as a combat dimension to everything. The Defense Brigade has "red teams" who consistently attack the various IDF systems to ensure that they are protected and immune. It is also involved in characterizing the technological requirements of the various combat systems: fighter jets and submarines, for example, are manufactured overseas; it is imperative that someone does not plant anything in them during the production phase and cannot be penetrated to ensure full operational freedom of operation.

Bender Abbas Port, Iran // Photo: GettyImages

"We are everywhere. From the fiber to the satellite, from the base at the home front to the foremost soldier in the field," says Col. R., commander of the US military (the Cipher and Security Center, which is responsible, among other things, for all the ciphers in the State of Israel, including the security forces And the other civic bodies). "We protect the systems, and protect the information: no one can go in, disrupt, collect or understand what's going on there, and certainly no one can exploit a loophole to penetrate the major IDF systems."

In other words, the Defense Brigade is the IDF's insurance certificate. "It's not a simple challenge, certainly when the goal is to operate in a multidimensional world where all systems are interconnected and flow freely between them," adds R. " By itself to challenge us. Even our less advanced rivals can develop tools or acquire them relatively easily in the civilian world. "

As mentioned, one of the key challenges of the Defense Brigade is to identify the attacker, preferably early and before damage is done. Unit A teams are looking for anomalies - an unconventional activity that indicates that something unusual is happening. In professional language it is called "hunting": being able to locate the enemy, and take control of the event. Often this is done without the attacker knowing that he himself has become a hunt; This is how you can follow him, know who he is, and act against him.

The Defense Brigade has a part in the response, but those who actually execute it are Unit 8200 or the GSS cyber division. Cooperation between the organizations is unprecedentedly close - including the first joint unit between the GSS and the IDF - in understanding the challenge and the need to take advantage of the relative benefits "The cyber world poses a complex problem for us, which requires a complex response," says a senior security official. "The threat is rising dramatically compared to other dimensions, and it requires strategic partnerships for us to deal with."

As a matter of principle, every body in the defense establishment is responsible for its own defense: the IDF, the Shin Bet, the Mossad (the security officer), who is responsible, among other things, for the nuclear facilities in Dimona and Sharqa, the Nes Ziona Biological Institute and its direction. Security in the security industries.) Their coordination is carried out within a single body, which is the ISA - which is responsible for countering terrorism and espionage, including those carried out by technological means - who direct its activities.

In the recent Iranian attack on water infrastructure, all the factors involved were required, along with the national cyber headquarters located in the Prime Minister's Office. "Each of the organizations has its benefits. If we don't cooperate, we can get in," the senior official says.

Endless list of potential enemies. There are also likely to be some of them who belong to our "blue" side. Here, the ISA's involvement is already essential, because it is the only one allowed to act, if necessary, against Israeli civilians. Combined activity with all other enemies / rivals, although the IDF - and its center of defense - has its central part.

"Our hunt is carried out all the time, 24/7," says Col. Y., a center commander in the defense division responsible for dealing with enemies and rivals. "Our fight is not just the enemy of today. We must know who tomorrow's enemies will be, what technologies they will use and what they can do for us, to be ready. Look five and ten years ahead. "

Well beyond product development

Just as with the physical boundaries where the iron rule is that the line of contact will always be breached, so the basic task of the defense division is that the enemy can penetrate. "We work in real-time, on diverse systems, sometimes in low-energy areas or in civilian-classified systems - these are complicated challenges to protect," says R. "We understand today that the information and systems that convey it are weapons of all things that must be protected in order for us to win."

The activity itself is complex. In the Defense Brigade it is geared up for a special operation. Sometimes this activity takes place in our territory, and sometimes it takes place in enemy territory. "We must act secretly so that we do not know that we have entered," says Lt. Col. S., head of the industry responsible for developing weapons and defense components in the military. 

"When we detect an enemy, we do not always remove it immediately. Sometimes we want to track it down and study it. We are not a security company whose only function is to report that it was an attack and that it was thwarted; we need to tell the chief of staff or the prime minister who attacked us, to allow the State of Israel to respond".

"We must demonstrate supremacy in this world, and also show it," she continues. "Just as the Air Force is responsible for Israel's air supremacy, we are responsible for cyber supremacy: This is also true in border defense, and in enemy territory activity, at depth." However, the unit admits that, in the current technological reality, it is not possible to build a complete wall of defense on everything; Therefore, the permanent decision is also to respond forcefully to any assault - as happened recently to Iran according to the publications - "so that the enemy does not think that he can go around the net without having a hard response."

To identify the attacker, the Defense Brigade must know how to think. That's another reason for the 8200 synergy, which is considered one of the best assault units in the world. "We need to know what an attacker looks like. It sounds simple, but it is far from it. The networks are noisy, with lots of traffic. See. "On the other side, there are no dumb workers. We see quite a few sophisticated, long, clandestine operations that need to be spent to unravel them and make sure no damage is done."

The growing need to thwart enemy attacks is just one challenge the Defense Department faces. Another challenge is budget. The technological world requires huge investments, even in defense. Few in the world know how to do what the Defense Brigade does - from fortifying the IDF's technological boundaries, to detecting the enemy and participating in its attack. "It was not a classic military knowledge. There are civilian companies that were willing to pay a fortune to buy what we do here, ”says the senior.

And as always in the technological world, the most difficult challenge is leaving the high-quality personnel in the IDF. The motivation of the youth to reach the Defense Brigade (as per 8200) is at a peak, in the future career of citizenship. The service in the IDF technology systems not only gives cyber servants experience in the environment. Particularly advanced technology, but also a significant challenge facing a real enemy. 

"I end up competing for these excellent people with the world's biggest tech powers," he adds. "They offer my people four or five times the salary they receive in the IDF, and yet they remain. Why? Because they know they are not helping to develop another product that will make more money for some civil society. Here they really protect the state and their parents. "