We are really thrilled and honored by this week’s podcast special guest: Prof. Isaac Ben-Israel, a leading figure in Israeli Military Intelligence, Science and Academia.
After retiring in 2002 from a successful military career in the IDF, Isaac joined Tel-Aviv University as a professor, where he currently serves as the head of the Yuval Neeman Workshop for Science, Technology and Security, head of the Interdisciplinary Cyber Studies Center, and head of the Security Studies Program. He is also Chairman of the Israel Space Agency and Chairman of the Israel National R&D Council.
In 2011, Prof. Ben-Israel was appointed by the Prime Minister to lead a task force that formulated Israel’s national cyber policy, which led to the foundation of the National Cyber Headquarter in the PM Office. In 2014, he was once again appointed by the PM to lead another task force, which led to a government decision to set up a new National Cyber Authority in Israel.
This interview is ~20 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!
Some people call you the father of the cyber security ecosystem in Israel, credited in large part for establishing government policies that turned Israel into a powerhouse in cyber security: could you tell us why this was necessary, and what were the factors that led to its success?
My definition for cyber threats is everything related to “the dark side of computers”. We built the positive side of computers to make our lives better, but this created a dependence on computer chips, which can be used by bad guys –and there are always bad guys – not for the benefit of our society, but against it. This is what I call the dark side of computer communications.
When I was called by the PM in 2011 to prepare a 5-step national plan of government policies for future cyber threats, I told him on the spot that no one can really forecast the cyber threats three or five years from now. Because one generation in computer time is one year, predicting five generations of computers would be like predicting human life in one hundred years, which of course no one can do.
I told him the only thing we could do was to build the right ecosystem, namely: educated people and organizations that will know what to do when new threats emerge in the future. We didn’t start from zero; we already had quite a developed high-tech ecosystem, therefore what we did was to shift it a few degrees towards cyber security, which is why today the ecosystem plays such a big role in Israel’s role as a global hub for cyber.
Can other countries replicate the success of Israel?
Technologically, Israel can do things that can’t be done in the developed world. We have certain elements that are non-existent in other countries, such as compulsory military service. In Israel, every 18-year old has to do three years of military service and we send them to the units that fit their skills, so if they are good with computers we send them to units dealing with computers, including cyber warfare. When they return to civil life, they bring back skills they learned during the service, and this gives us an advantage over other countries. Other countries won’t do compulsory service, unless they have real strategic problems, like being a small country surrounded by hostile environment.
But other elements can be copied, such as the idea of an ecosystem and the need to develop educational programs. For example, and this was one of the 13 recommendations I submitted to the government in 2011 (all of which were accepted and turned into resolutions), we are the only country in the world to have matriculation examination, and can choose cyber as a subject for matriculation at the end of high school. Two years ago we also began to teach cyber security in elementary schools, the same way we educate them how to cross roads at a very young age, we are teaching them how to live in this very connected world. Every university today also teaches cyber security, unlike the rest of the world were you can learn computer science or computer engineering, but not cyber security directly. We have a cyber security research center in every university; the biggest one is in Tel-Aviv University, where I am the director. We also have a National Cyber Week to raise Cyber Awareness, with hundreds of events and conferences with international guests to discuss new ideas, and at the end of the day these are the things that make Israel one of the leading countries in cyber technology.
A large problem in cyber security today is the exponential growth of insecure IoT devices touching every corner of our lives. How do you think we can effectively mitigate these emerging structural risks without having to reinvent the Internet?
IoT is about putting computer chips everywhere, in every device, and enabling them to communicate with each other in an Internet of Things. As I mentioned before, cyber is the dark side of computer technology, so once the vision of IoT becomes real, the number of cyber problems we will have to solve will grow exponentially. Because it will go beyond the computers we have in our office or home, to almost everywhere.
We have to take security into account from the beginning, it’s not wise to develop IoT devices and only later think about making security patches to make it more secure. This is not the right way, we have to design the devices and communication systems from the beginning in a way that will be more secure.
What are some suggestions you have for the average consumers to reduce their exposure to cyber risks?
There are a lot of simple practices, such as using AV software in your computer, not opening suspicious emails, etc. These practices won’t make you immune against cyber threats if the NSA or FSB want to hack your computer – as they will overcome all these simple procedures to attack you. But it’s like crime, for example, we lock our doors because we are afraid of thieves breaking in, understanding that those simple locks will not be a big problem for a very professional criminal, but also understanding that the non-professional ones will fail at breaking in.
We have to treat cyber security the same way, we don’t demand from police and law enforcement forces to reduce crime to zero, we understand that there will never be zero crime rate, but we demand from them to keep the rate low enough to continue with our way of life. It’s almost impossible to take measures that will totally eliminate cyber attacks, but we should demand to keep the rate of serious attacks low enough to continue our way of life – and this is achievable.
You cannot really protect yourself as a person or business without some intervention at the national level, because you are not allowed to go after the bad guys, not allowed to spy on potential adversaries in order to protect yourself. Only the government can do that, and therefore one of the things we did in Israel, which you mentioned, is building the National Cyber Defense layer, which is in charge of cleaning the network from malware. This is something private people cannot do, so the government and private sector should work together.