1

BEYOND THEORY: APPLYING EMPERICAL EVIDENCE TO CYBERSPACE THEORIES

A dissertation presented

By

Matthew S. Cohen

to The Department of Political Science

In partial fulfillment of the requirements for the degree of Doctor of Philosophy

In the field of

Political Science

Northeastern University Boston, Massachusetts

February 2018

2

BEYOND THEORY: APPLYING EMPERICAL EVIDENCE TO CYBERSPACE THEORIES

A dissertation presented

By

Matthew S. Cohen

ABSTRACT OF DISSERTATION

Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Political Science

in the College of Social Sciences and Humanities of Northeastern University

February 2018

3

ABSTRACT

Political science has made progress in the study of how actors behave in cyber-space, but it

is still an emerging field. Much of the academic work regarding cyber-space is focused on

theory building. There are many scholars who have produced outstanding theories, but the

field now needs to move further and begin to collect empirical evidence to determine which

theories are more useful than others. This dissertation attempts to do just that. It examines

existing theory, and proposes new theories, using evidence from Israel to improve the field’s

understanding of cyber-space. Israel is one of the most powerful states in cyber-space, but

it is woefully understudied. This is the first major book sized project that applies the Israel

case to cyber theories. This dissertation is therefore useful not only as a standalone project,

but as one that can be useful as a basis for others’ work in cyber-space. A central goal of this

project is to improve the ability of decision makers to craft good policy. Thus, policy

recommendations are offered on every topic with the goal of strengthening state’s use of

cyber-space both offensively and defensively.

The dissertation also addresses two other understudied areas, the behavior of non-state

actors in cyber-space, and the role of international law and norms. Using Israel as a case

study, this project examines both of those issues. It examines the types of dangers Israel

faces from non-state actors and Israel’s response, and evaluates what Israel has done well

and what it could do better in this regard. The role that norms and international law play in

decision making in cyber-space is also explored by examining what Israel’s actions and

decisions have been.

4

ACKNOWLEDGMENTS

I owe a great debt of gratitude to many people for their help along the way. Among them are

the members of my committee who helped guide me through this process. Denise Garcia for

taking me on as her first doctoral student. Her willingness to take a chance on me and her

faith in me and this project, and her friendship over these past nearly five years, were

invaluable. Max Abrahms’ assistance with my methods greatly strengthened this project. I

am grateful as well for his constant availability to offer his advice on all things academic. I

have known Chuck Freilich long before I set out to get my PhD, and he has been there to

support me at every step. He is the one who got me started researching cyber-space and

Israeli cyber-policy, and I have very much enjoyed working on so many projects together,

and I look forward to more to come. Thank you as well to Nazli Choucri who joined this

project in its later stages and was kind enough to offer her insights and advice.

I want to give a special thank you as well to my family. My mother and father have been

supporting me every step of the way my entire life. I cannot thank you enough for all you

have done for me. To my children, Brianna and Ben, thank you for playing with me when I

needed a break! You are the light and joy of my life. I could not have done this without the

unwavering support of my wife, Julie. Thank you for showing such faith in me. You are my

everything.

I am more grateful to all of you than I will ever be able to express. Thank you!

5

TABLE OF CONTENTS Abstract 2 Acknowledgments 4 Table of Contents 5 Chapters Chapter One – Introduction 6 Chapter Two – Israel, Culture, and Cyber-Space 51 Chapter Three – A Conceptual Model for Cyber-Space: 4Ds and an R 83 Chapter Four – Israel and Cyberspace: International Norms, Laws, and Soft-Power 137 Chapter Five – Countering Malicious Non-State Cyber Actors: The Israeli Experience 169 Chapter Six – Conclusion 222 References 238

6

Chapter 1 - Introduction

The cyber-realm presents states with both new and familiar challenges. While there

is a great deal of hype regarding the extent of the danger, there can be no doubt about the

potential peril the cyber-realm poses. Cyber-attacks can cause a wide range of damage, from

financial, to information security, to espionage, to military, to physical. In fact, cyber-attacks

have already caused physical damage (the Stuxnet worm, which will be discussed in detail

later in the dissertation, destroyed centrifuges that Iran was using to build its nuclear

weapons program). Despite its growing importance and the dangers it poses to national

security, the cyber-realm remains understudied in the field of political science.

Israel, a nation that relies heavily on cyber-technology, is particularly vulnerable to

cyber-attacks and has been a primary target thereof.1 Indeed, Israel faces a nearly constant

barrage of cyber-attacks, and many are highly complex threats that are difficult to defend

against.2 While Israel has been a target of heavy cyber-attacks for over a decade, the threat

has only grown in recent years as both state and non-state actors have increased their efforts

against Israel.

Cyber-attackers have gone after a wide range of targets in Israel encompassing

virtually every facet of life. Foreign nations, sophisticated hacker groups, and cyber-activists

have attacked Israeli hospitals, the Tel Aviv Stock Exchange, the Bank of Israel, private

1 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011; Clarke, Richard

A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do About It (Ecco:

HarperCollins Publishers, 2012), p. 155. 2 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the

support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States

Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7 (2012);

TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz, June 16, 2016.

http://www.haaretz.com/israel-news/business/1.725277.

7

companies, critical infrastructure, and government and national security websites.3 During

the 2009 operation against Hamas in Gaza, Israel was hit with four waves of progressively

stronger cyber-attacks from over half a million computers.4 Israel suspected the attacks were

paid for by Hamas or Hezbollah and conducted by an unknown organization in the former

USSR.5 Among the websites taken off-line were the Israel Security Agency (ISA, or “Shin

Bet”), and the Home Front Command, which instructs citizens how to protect themselves

from rockets and other threats.6

In 2011-2012 a group linked to China’s People’s Liberation Army hacked three Israeli

defense firms, apparently to steal blueprints of Israel’s anti-rocket and anti-missile systems,

the Iron Dome.7 Additionally, in 2013, malware that likely originated from within the

Chinese defense industry was discovered on the computers of some senior Israeli security

and defense industry officials.8 When again battling Hamas in 2012, Israel faced a

sophisticated cyber-operation aimed primarily at government websites (the president’s,

prime minister’s office and the foreign and defense ministries). A total of over 100 million

cyber-attacks were launched during the campaign. As in 2009, the website for the Bank of

Jerusalem was taken down, as well as El Al’s web site, while the IDF’s public site encountered

problems and the Kadima party’s was defaced.9 On the eve of Holocaust Remembrance Day

3 Silber, Jonathan. “Cyber vandalism – not warfare.” Ynetnews.com. January 26, 2012;

http://www.ynetnews.com/articles/0,7340,L-4181069,00.html 4 Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek, July 27, 2009, p. 11. 5 Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15., 2009.

http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 6 Herzallah, “Israel Fights Wire with Wire.” 7 Vincent, James. 2014. “Schematics from Israel’s Iron Dome Missile Shield ‘Hacked’ by Chinese, Says Report.”

The Independent, July 29. Accessed July 30, 2014. http://www.independent.co.uk/lifestyle/gadgets-and-tech/israels-

iron-dome-missile-shield-hacked-by-chinese-military-hackers-says-report-9635619.html 8 TOI Staff and AP. “Israel Reportedly Thwarts Cyber Attack from China.” Times of Israel, October 28, 2013.

http://www.timesofisrael.com/israel-reportedly-thwarts-cyber-attack-from-china/ 9 Hirshoga, Or and Nati Toker. 2012. “Cyber Battles against Israel.” The Marker (Hebrew), November 22, 2012.

http://www.themarker.com/technation/1.1871058; Khazan, Olga. “Anonymous Is Hacking Israeli Web Sites.”

8

in April 2013, hacker groups coordinated a series of cyber-attacks entitled #OpIsrael to make

financial, business, educational, non-profit and news sites inaccessible. During the 2014

campaign against Hamas the Home Front Command website was again temporarily taken off

line, as were some public IDF websites.10 The Syrian Electronic Army was able to hack the

IDF blog and Twitter account and post its own images.11 In 2015 Anonymous threatened

Israel with an “Electronic Holocaust” in which it would “erase” Israel from cyber-space,

though in the end the actual impact was limited, with the defacing of just a few dozen

websites, none of which belonged to the government websites.12

In 2011 Iran reportedly launched “Newscaster” against Israel, the US and other

Western nations, to gather intelligence by creating a series of false virtual identities with ties

to government officials and reporters. The attack, which compromised over 2000 computers,

was only uncovered in 2014.13 Iran additionally appears to have been able to penetrate

defenses in several government agencies and to have successfully accessed restricted

information.14 In 2013 Israel accused Iran, Hamas, and Hezbollah of a series of large scale

Washington Post, November 17, 2012.

http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/;

Zippori, Michal. “Hackers Attack Two IsrZivaeli Websites.” CNN, January 26, 2012.

http://www.cnn.com/2012/01/16/world/meast/israel-hacking-attack/ 10 Winer, Stuart. “Iranians Launched Cyber-Attack on Israel during Gaza Op.” The Times of Israel, August 17,

2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-during-gaza-op/ 11 Institute for National Security Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July

15, 2014.” Defense Update, July 15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-

2014.html; Ruble, Kayla. “Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com, July 7,

2014. https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak. 12 Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com, April 7, 2015.

http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176. 13 Perlroth, Nicole. “Cyberespionage Attacks Tied to Hackers in Iran.” The New York Times, May 29, 2014.

http://bits.blogs.nytimes.com/2014/05/29/cyberespionage-attacks-tied-tohackers-in-

iran/?_php¼true&_type¼blogs&_php¼true&_type¼blogs&_php¼true&_type¼blogs&partner¼rssnyt&emc¼rss&r

¼2. 14 Mandiant. “M-Trends 2014: Beyond the Breach.” FireEye. 2014. https://www.mandiant.com/resources/mandiant-

reports/, p. 8-9.

9

attacks against “vital national systems,” including water, power, and banking sites.15 During

the 2014 Gaza campaign, Iranian attacks exceeded all previous ones, both in scope and

breadth of the targets selected. The Iranian attacks mainly targeted civilian infrastructure,

including financial networks, but it also targeted government security systems, including,

reportedly, an attempt to seize control of Israeli drones.16 In 2016, Israel’s critical

infrastructure was facing as many as two million attacks a day. Some attacks were able to

obtain sensitive information, but Israel appears to have been able thus far to prevent any

disruption or damage.17 Additionally, in 2015 and 2016, Israel faced a well above average

number of threats as compared to the world average across all computers in the nation.18

In addition to Iran, Israel has faced attacks from around the world.19 The danger from

non-state actors and “cyber-activism” by individuals and groups is also growing.20 Such

operations are already capable of interfering with the government’s ability to communicate

instructions to the public in times of emergency, such as when the Home Front Command’s

public website was taken down by hackers during the operations in Gaza in 2009 and 2014.

Cyber-attacks pose additional dangers during security emergencies, and in fact, the

frequency of attacks against Israel has been shown to increase during such situations.21

Should cyber-attackers manage to disrupt communications and military systems for just a

15 Reuters. “Iran Ups Cyber Attacks on Israeli Computers: Netanyahu.” Reuters, June 9, 2013,

http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609. 16 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post, May 11, 2013,

http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716; Soffer, Ari. “Security

Services ‘Foiled Massive Cyber-Attack on Israel.’” Arutz Sheva, August 28, 2014.

http://www.israelnationalnews.com/News/News.aspx/184518#.UACmNm7Wg. 17 TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” 18 Microsoft “Microsoft Security Intelligence Report: Israel.” Microsoft Corporation. 2016, p. 3. 19 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National

Security Studies, Memorandum 117. May 2012, p. 36. 20 Ben-David, “Playing Defense.” 21 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 37.

10

short period, it could make a significant difference in Israel’s ability to respond to a physical

attack, as Israel is a geographically small country which relies mainly on a reservist army.

Israel has taken the threats posed in cyber-space very seriously, defining the cyber-

threat as one of the foremost threats it faces, and rapidly developing capabilities that have

placed it at the very forefront of the cyber-world. It has been recognized for years that Israel

is one of the most advanced nations in cyber-space.22 Indeed, Israeli policies on cyber-

defense are trend setting and have been cited as an example of what the rest of the world

should attempt to emulate.23 Israel appears to not only have been the victim of cyber-attacks,

but has reportedly also been a leader in using the cyber-realm for offense. The United States

government has been highly impressed with Israel’s work in cyber-space and attempted to

learn from its experience.24 Major technology companies have taken notice of Israel’s

accomplishments and have established offices in Israel, and Israel boasts a large number of

start-up companies.25 Israel has become a major economic power in cyber-space, exporting

more cyber-products and services than the rest of the world, excluding the US, combined.26

Far too much of the current work in political science regarding cyber-space lacks a

clear empirical basis. This can lead to an over-hyping or downplaying of the threat, and

results in faulty policy recommendations. An improved understanding of how states act in

22 Grauman, “Cyber-security;” Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber

Conflict in the International System. (Oxford: Oxford University Press. 2015), p. 26; Kapto, Aleksandr S.

“Cyberwarfare: Genesis and Doctrinal Outlines.” Herald of the Russian Academy of Sciences. Vol. 83, No. 4. 2013,

p. 364; Herzog, Stephen. “Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses.”

Journal of Strategic Security, Vol. 4, No. 2. 2011, p. 52; Benoliel, Daniel. “Towards a Cybersecurity Policy Model:

Israel National Cyber Bureau Case Study.” North Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p.

442. 23 Grauman, “Cyber-security.” 24 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington

Quarterly. Vol 40, No 2. 2017, p. 113. 25 Eisenstadt and Pollock, “Asset Test,” p. xiii, 32; Steinherz, Tal. “Israeli Innovation in Cyber-Technology.”

Presentation to the Herzliya Conference, Herzliya, Israel, June 9, 2014 26 Benoliel, “Towards a Cybersecurity Policy Model,” p. 442.

11

cyber-space can serve as the basis for building policies that will enhance both peace and

security in cyber-space for all actors. This dissertation aims to provide such an improved

understanding though a detailed case-study of Israel and its experiences and actions

regarding cyber-space.27 This dissertation will demonstrate that Israel is a nation that other

states can use as a model to improve their own offensive and defensive capabilities in cyber-

space. It will also show that Israel is a critical nation to study for scholars interested in

conducting research into cyber-space.

Israel is a perfect case to use to do this. More so than most countries, Israel faces

severe risks and benefits in cyber-space. From critical infrastructure protection, to its

military establishment, to its economy, and beyond, Israel faces enemies in cyber-space who

do not wish just to harass it, engage in espionage, or try to seek economic advantage, but

seek to cause as much harm to it as possible. This includes dangers from both states and

sophisticated non-state actors. Additionally, few countries have the capabilities to be able to

take as much advantage of cyber-space as Israel can in both the military and civilian realms.28

Despite this, Israel’s experience in cyber-space remains heavily understudied. Israel’s

success in both defending against attacks and using cyber-space to its advantage make it a

perfect case to study.

Definitions:

Before proceeding, it is important to define some terms that will be central to this

dissertation. There is still healthy debate regarding the meaning of terms related to the

27 Information for this dissertation has been pulled in part from two of the author’s previous works: Cohen, Freilich, Siboni 2015; and Cohen, Freilich, Siboni 2017. 28 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 81

12

cyber-realm, and many lack clear definitions. What is meant by “cyber-space” itself is not

fully agreed upon. The dissertation, as it is focused on Israel, will employ the Israeli

government’s current definition of cyber-space as “the physical and non-physical area

created or comprised from part or all of the following elements: mechanized computer

systems, computer and communications networks, software, computerized data, content

transferred by computer, traffic and control data, and the users of all of the above.”29 Cyber-

space consists in essence of physical components, the logical building blocks that support

the physical infrastructure and enable the delivery of services, the information content, and

those actors that make use of the arena.30

One of the key terms to define is “cyber-attack” itself. There is debate over whether

this term is even appropriate, as it is very broad. In its place, authors have used different

constructions, such as “cyber-conflict”31 or “cyber-warfare”,32 but cyber-attack can be an

appropriate term if it is clearly defined in such a way that it is both expansive and restrictive

enough. For the purposes of this dissertation, a cyber-attack both uses and targets

computers, networks, or other technologies for malevolent, destructive, or disruptive

purposes.33 A cyber-attack occurs when an actor uses the cyber-realm (excluding

propaganda) to gain an advantage over a target, or to defend or promote the actor’s interests.

Cyber-attacks have two main motivations: political and criminal. The focus of this

dissertation is on cyber-attacks against nation states and not on cyber-crime. Politically

29 Israel Government Decision no. 3611 of August 7, 2011, http://www.pmo.gov.il/secretary/

govdecisions/2011/pages/des3611.aspx. 30 Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012), p. 8. 31 Valeriano and Maness, Cyber War versus Cyber Realities. 32 Clarke and Knake, Cyber War, p. 6. 33 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. 23; Valeriano

and Maness, Cyber War versus Cyber Realities, p. 3, 32; Clarke and Knake, Cyber War, p. 6; Kenney, Michael.

“Cyber-Terrorism in a Post-Stuxnet World.” Orbis Vol. 59, No. 1. 2015, p. 113.

13

motivated cyber-attacks aim to provide a strategic, diplomatic, economic, or military

advantage over an adversary and include, among others, efforts to disable critical military,

governmental, or civilian networks; espionage; and efforts to infect systems with malware

for future use. Cyber-attacks often additionally aim to force the target to take an action it

does not want to or modify a state’s behavior.34

Cyber-attacks can be launched by nations, non-state actors, or individuals, and can

target military, governmental, or civilian systems. Cyber-attacks may or may not involve the

creation of physical damage. In cases where they do, the attack must cause the damage via

an attack on one of the systems mentioned above, unlike in a kinetic attack where the damage

done is direct.35 A cyber-attack, similarly to a physical attack, can run the gaunt from small

scale, such as DDoS attacks (defined below), to major ones, such as attacks on the Iranian

nuclear weapons program that will be discussed below.36 Cyber-attacks additionally can

originate from network traffic, through supply chains, espionage (such as inserting a flash

drive), or from human error.37

Cyber-offense overlaps with the concept of cyber-attack. Cyber-offense as a whole

refers to the tools (computer code) and strategies a nation, group, or individual employs to

design and launch cyber-attacks.38 Engaging in cyber-offense, as noted, requires the use of

34 Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p. 21-22; Valeriano and Maness, Cyber War

versus Cyber Realities, p. 3; Hathaway, Oona; Rebecca Crootof; Philip Levitz; and Haley Nix. “The Law of Cyber-

Attack.” California Law Review. Vol. 100. 2012; Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 35 Singer, P.W. and Allan Friedman, Cybersecurity and Cyberwar (New York: Oxford University Press, 2014), p.

69); Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 36 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 113. 37 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.

51. 38 Valeriano and Maness, Cyber War versus Cyber Realities, p. 26, 33; Rid, Thomas and Peter McBurney. “Cyber-

Weapons.” RUSI Journal. Vol. 157, No. 1. 2012, p. 6; Lin, Herbert S. “Offensive Cyber Operations and the Use of

Force.” Journal of National Security Law and Policy. Vol 4, No. 63. 2010, p. 64.

14

specialized computer code, which will be referred to as a cyber-weapon.39 Cyber-defense

involves the tools and strategies that nations, groups, and individuals use to protect against

cyber-attacks. This includes such factors as whether a nation controls its internet service

providers, how well it can control incoming and outgoing traffic, and how well it can halt on-

going attacks.40

Cyber-espionage refers to the use of the cyber-realm (often via malware or hacking,

such as spear-phishing, all defined below) to steal, harass, gather information, prepare for

future attacks, or make known the attacker’s ability to penetrate networks.41 Cyber-

espionage can be conducted by nations, non-state actors, and individuals. Targets include

military systems (to gather intelligence on strategies, operations, and weapons design or to

disable systems); steal government secrets, including for use in negotiations; civil

infrastructure; and economic information.42

Cyber-terrorism can be thought of very similarly to a cyber-attack. It is the use of the

cyber-realm to attempt to cause harm in order to achieve an objective or change government

policies or behaviors.43 The goal, similarly to terrorism in the physical world, is the generate

fear or cause enough damage to intimidate state actors.44 The intent is to cause death and

destruction, or at least the fear that they might occur. Actors engaged in cyber-terrorism are

39 Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on

Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia, 2010,

p. 139. 40 Valeriano and Maness, Cyber War versus Cyber Realities, p. 26-27; Demchak, Chris C. Wars of Disruption and

Resilience. (University of Georgia Press. 2011). 41 Valeriano and Maness, Cyber War versus Cyber Realities, p. 35, 68; Singer and Friedman, Cybersecurity and

Cyberwar, p. 91-92) 42 Singer and Friedman, Cybersecurity and Cyberwar, p. 93; Valeriano and Maness, Cyber War versus Cyber

Realities, p. 26; Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013,

p. 20-21. 43 Theohary, Catherine, and John Rollins. “Cyberwarfare and Cyberterrorism: In Brief.” Congressional Research

Service 2015. 44 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 112.

15

inherently non-state actors. They cannot be part of an official government system, however,

they can be state sponsored. This is distinct from activists who employ cyber-attacks (as

called “hactivism”), whose aim is instead to change policies though inconveniencing and

harassing nations and populations rather than by the threat of violence.

Dual-use technology is also prevalent in cyber-space. These technologies are ones

that are useful for both civilian and military purposes. Private, military, and governmental

networks often rely on the same systems, networks, software, and hardware. This makes it

more difficult, though not fully impossible, to judge if a particular system or network exists

for military or civilian use.45

In addition to defining general terms, there are a few major types of cyber-attacks

whose meaning needs clarifying. Malware refers to any type of computer code that aims to

either cause damage to a target or to give the attacker access to the target’s systems. Such

programing can many forms, but they share a common goal of infiltrating a target’s

machines. Malware includes viruses (malware that can travel between computers when a

person opens an infected file), worms (malware that can travel between computers without

the need for any files to be opened), and Trojan Horses (malware that appears to be useful

but secretly downloads programs intended to make modifications to the system or allow

outside users to access it). Such malware can be used to create a “backdoor” to the network

that aims to bypass security settings to allow the attacker easy access to the system. One

type of malware that has gained attention recently is ransomware. This type of program

encrypts files on the target’s computer or network, making them unable to access their files

unless they pay a ransom to unencrypt them. Attacking a target’s databases generally

45 IISS. The Military Balance 2014 (International Institute for Strategic Studies 2014).

16

involves the use of a SQL injection. A SQL injection will allow an attacker access to any

information held in a target’s databases, including things like passwords or intellectual

property.

One of the most common forms of cyber-attack is a Denial of Service Attack (DoS).

The goal behind this type of cyber-attack is to render a network or machine inaccessible to

those trying to access it. DoS attacks are launched by individuals and aim to flood the

network with more requests to access it than it can process. This can result in a network

functioning very slowly or it can cause it to crash temporarily. This is a fairly straightforward

type of attack to carry out, with tools available on-line to launch them. Related is a

Distributed Denial of Service Attack (DDoS). A DDoS attack uses hundreds or thousands of

computers to attack a single computer or network. DDoS attacks are also inexpensive to

launch. Related to this type of attack are “botnets.” Performing DDoS attacks requires a large

number of machines, thus the attacker will link a large number of machines together to form

a “botnet” in which all the networked computers launch an attack simultaneously. To gain

access to an adequate number of computers, often hackers must hijack the machines of other

users without their consent by breaching their defenses. This means the owner of the

computer being used may not even be aware their computer is being used.46

Cyber-space is also replete with trickery. One form is spoofing. Spoofing is when an

attacker impersonates an IP address, address resolution protocol message, or domain name

system address in order to trick a user into entering data that can be used to gain access to

their system.

46 Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected

Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 69.

17

Phishing or spear-phishing is another form of trickery. Phishing attacks work one of

two ways. In one, an attacker sends out a general email to an organization in which the

attacker pretends to be a legitimate actor requesting login information. Often this involves

setting up a fake website where members enter their log in information. In the second

variety, the emails are sent out with a file attached, and when opened, the file downloads a

Trojan Horse.47 Spear-phishing targets not an entire organization, but specifically targets a

few people in order to gain the most relevant information.

One of the most dangerous types of attack is known as an Advanced Persistent Threat

(APT). Unlike the attacks discussed above, these attacks are complex and are designed to

hide themselves from detection for an extended period, allowing the attacker to maintain

access to the system in order to steal information or make changes to how a system operates.

Designing an APT generally will involve the use of novel exploits, so-called zero-day exploits

(also called zero-day vulnerabilities) because only the attacker is aware the vulnerability

exists, making it nearly impossible to defend against. Thus, such attacks can last for months

or even years before being discovered. APTs are designed to target specific systems, unlike

the other forms of attack that mainly target systems that have not been properly patched or

secured. They additionally require a fair amount of prior intelligence gathering on the

targeted system so that the attacker knows what vulnerabilities exist.48

An organization type that is growing in prevalence in cyber-capable nations is the

Computer Emergency Response Team (CERT). While the exact remit of CERTs varies

between nations, they share a common goal of helping states, private companies, and the

47 Tabansky, “Cybercrime: A National Security Issue?” p. 69. 48 Tabansky, “Cybercrime: A National Security Issue?” p. 69, 70

18

general public in preparing for, responding to, and recovering from security threats in cyber-

space. CERTs aim to prevent security breaches and reduce vulnerabilities by helping private

and governmental bodies identify and correct software, hardware, and human errors,

including providing alerts on possible threats. If attacks succeed, CERTs additionally can

help coordinate responses and assist with efforts to defeat the attacker and restore systems

to normal function. CERTs originated as nonprofit organizations sustained by member

organizations that wanted their assistance, but have grown to include both public-private

partnerships and CERTs run by governments themselves (sometimes referred to as a

National CERT or nCERT).49

One group that will be discussed on numerous occasions in this dissertation is

Anonymous, and it is important to discuss what this group is. The first point to note is that

Anonymous is not a monolithic organization and has no centralized leadership, instead it

functions more as a collective that emerges on an ad hoc basis. It has many factions and they

sometimes do not agree on tactics or targets, as will be illustrated in regards to attacks on

Israel later in the dissertation. Anonymous emerged in 2004 and initially began by harassing

individuals or organizations, sometimes the goal was political activism, sometimes it was

simply for their own amusement. People acting under the name Anonymous have attacked

a wide range of targets, and have moved from harassment to more sophisticated efforts

involving DDoS and similar attacks as well as efforts at espionage. While there is no explicit

ideology or leadership, those who participate tend to be bound together by an opposition to

49 Choucri, Cyberpolitics and International Relations, p. 160; DeNardis, Laura. The Global War for Internet

Governance. (Yale University Press, New Haven, CT. 2014.), p. 91; Morgus, Robert, Isabel Skierka, Mirko

Hohmann, and Tim Maurer. “National CSIRTs and Their Role in Computer Security Incident Response.” Global

Public Policy Institute and New America, 2015, p. 13.

19

censorship and support for free speech. The level of the group’s technical abilities varies by

the members who participate in a given campaign.50

Dangers in Cyber-Space:

There is some disagreement as to the severity of the threat the cyber-realm poses to

national security.51 Some authors have questioned whether cyber-attacks, launched by

either nations or non-state actors, really have the ability to cause serious damage to

nations.52 These authors note that the most sensitive networks, ones that if compromised

would pose severe dangers to national security, such as military networks, are not connected

to the internet making them extremely difficult to penetrate. Further, cyber-defenses are

highly robust, making it unlikely that attackers can gain access to the most important

systems (though others would counter that they can still be penetrated using other means.

Stuxnet, for example, may have been uploaded to Iranian facilities by means of a flash

drive).53

Such scholars argue that cyber-attacks alone will not be effective in accomplishing

tasks typically associated with traditional military force, as the damage done by cyber-

attacks is only temporary and can usually be repaired quickly, and thus such attacks cannot

induce states to make concessions or other changes to policy.54 Cyber-attacks, they maintain,

50 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 118, 119; Rid, Thomas. Cyber War Will Not Take Place

(London: C. Hurst and Co, 2013). 51 Kello, “The Meaning of the Cyber Revolution.” 52 Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security

Vol 38, No 2. 2013; Cohen, Daniel and Danielle Levin. “Operation Protective Edge: The Cyber Defense.” In The

Lessons of Operation Protective Edge, eds. Anat Kurz and Sholmo Brom (Institute for National Security Studies

2014); Libicki, Cyberdeterrence and Cyberwar; Weimann, Gabriel. “Cyberterrorism: The Sum of All Fears?”

Studies in Conflict and Terrorism Vol 28, 2005 53 Cherry, Steven. “Terror Goes Online.” IEEE Spectrum Vol 42, No 1. 2015; Kushner, David. “The Real Story of

Stuxnet.” IEEE Spectrum Vol 50, No 3. 2013; Weimann, “Cyberterrorism: The Sum of All Fears?” 54 Gartzke, “The Myth of Cyberwar.”

20

are also not very useful for purposes of warfare because they can only really disrupt military

systems for a few days and do not last long enough to impact the balance of power.55 Cyber-

attacks cannot directly lead to the conquest of land or the seizing of assets that are likely to

be useful in negotiations. It is also highly difficult to maintain continuity of an attack as the

target is generally able to repel an attack and rebuild systems quickly after the intrusion is

discovered. This makes it difficult to create real cumulative damage via cyber-attacks, and

thus, it is difficult to use them to build adequate pressure to induce governments to change

policies.56 Terrorist groups and other non-state actors are even more unlikely to be able to

cause severe damage, as they lack the intelligence gathering skills and scientific and

technological tools needed to develop advanced cyber-capabilities that can cause significant

damage.57

Bolstering this contention, the most severe types of attacks have not yet occurred.

This raises the question as to whether or not they are even possible. Cyber-attacks have

been used to cause physical damage (Stuxnet, which will be discussed later) and even to

target electrical grids (as appears to have occurred in Ukraine), but wide-spread attacks that

successfully bring down major civilian systems and disable military networks and weapons

systems have not occurred. As Rid notes, “to date all such scenarios have another major

shortfall: they remain fiction.”58

In contrast, many academics contend that cyber-attacks pose a real and growing

danger to nations, and that these threats are outpacing defenses and existing doctrines.59

55 Libicki, Cyberdeterrence and Cyberwar, p. 139-158; Rid, “Cyber War Will Not Take Place.” 56 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 41. 57 Gartzke, “The Myth of Cyberwar,” p. 43; Cohen and Levin, “Operation Protective Edge: The Cyber Defense.” 58 Rid, “Cyber War Will Not Take Place.” 59 Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly Vol. 5. 2011; Clarke and

Knake, Cyber War; Carr, Inside Cyber Warfare; Demchak, Wars of Disruption and Resilience; Kello, “The Meaning

21

There are a wide range of dangers cyber-attacks pose to national security, including in the

areas of economics, criminal activity, warfare, terrorism, hacktivism, and espionage.60

Espionage in the cyber-realm is already common, and has proven very difficult to defend

against.61 Cyber-attacks have already caused physical damage, and therefore have the

potential to cause fatalities.62 Many militaries have, in fact, already begun to build up cyber-

capabilities that can be used to support physical attacks.63 The increasing reliance modern

militaries have on cyber-space increases the range of vulnerabilities that militaries much

defend against, thus increasing the overall vulnerabilities to national security.64 One such

target is communications infrastructure, which if disabled could make it extremely difficult

for a nation to coordinate its defenses in the event of a physical attack.65

The increasing interdependency of networks also enhances the dangers as it means

that any successful attack has the potential to cause even greater damage by harming all

systems that are connected to the compromised network. In cyber-space, military,

governmental, and civilian technology is heavily intertwined. Thus, militaries and

governments are partially reliant on what occurs in the civilian sector. In fact, military

of the Cyber Revolution;” Pederson, Christian. “Much Ado about Cyber-space: Cyber-terrorism and the

Reformation of the Cyber-security.” Pepperdine Policy Review Vol 7, No 1. 2014; Zetter, Kim. Countdown to Zero

Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York: Crown. 2014). 60 Nye, “Nuclear Lessons for Cyber Security?” p. 236. 61 Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building

Stability through Strength,” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3,

December 2012 62 Kello, “The Meaning of the Cyber Revolution,” p. 23, 26; Bamford, James. “NSA Snooping was Only the

Beginning. Meet the Spy Chief Leading Us Into Cyberwar.” Wired.com. June 12, 2013.

https://www.wired.com/2013/06/general-keith-alexander-cyberwar/ 63 Cilluffo, Cardash and Salmoiraghi, “A Blueprint for Cyber Deterrence.” 64 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge

Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.)

p. 190; Libicki, Martin C. Conquest in Cyberspace: National Security and Information Warfare (Cambridge

University Press, 2007). 65 Kello, “The Meaning of the Cyber Revolution,” p. 25.

22

effectiveness in cyber-space is often heavily based on the success of civilian and private

sector research and development.66 Attackers can attempt to gain access to more secure

systems by first breaching easier targets.67 This is what occurred, for example in a high-

profile breach of Target’s systems when the attackers targeted a refrigeration maintenance

company that handles Target’s heating and cooling systems and use that breach to gain

access to Target’s systems. Chinese spies allegedly employed similar methods to hack in

Lockheed Martin in 2011.68

Building from these dangers, among the most vulnerable systems are

communications, banking, infrastructure (such as power grids and water supply systems),

and transportation systems,69 all of which impact the civilian sector as well as the

governmental. Cyber-attacks on such systems that are used by citizens in their day-to-day

life could be just as damaging and paralyzing as physical attacks.70 Such systems are often

poorly defended against attack, meaning a sophisticated attacker could wreak havoc on such

critical systems, including disabling 911 dispatch, shutting down energy pipelines and

refineries, or derailing trains.71 There are even reports, though not any clear confirmation,

66 IISS. The Military Balance 2014. 67 Elazari, Keren. “How to Survive Cyberwar.” Scientific American, April 2015, p. 67; Even and Siman-Tov,

“Cyber Warfare: Concepts and Strategic Trends,” p. 31. 68 Elazari, “How to Survive Cyberwar,” p. 67-68. 69 Carr, Inside Cyber Warfare, p. 3; Redins, Larisa. “Understanding Cyberterrorism.” RISK Management. 2012.

http://rmmagazine.com/2012/10/05/understanding-cyberterrorism/; Nye, “Nuclear Lessons for Cyber Security?” p.

212. 70 Redins, Larisa. “Understanding Cyberterrorism;” Nye, “Nuclear Lessons for Cyber Security?” p. 212. 71 Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on

Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response: Bridging the Gap

Between Cybersecurity and Emergency Management.” Committee on Homeland Security, House of

Representatives. Serial No. 113-39, October 30, 2013, p. 2, 12, 39; Office of the President. “Cyberspace Policy

Review.” Office of the American President, 2009.

https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf, 1-2; Clarke and Knake, Cyber

War, p. 31.

23

indicating commercial airliners could be hacked in-flight.72 An attack could modify, steal, or

erase financial data, causing severe harm to a nation’s economic competitiveness.73 Of

additional concern is that even if most attacks fail, just a few successes would likely be

enough to undermine confidence.74 Compounding the danger is that many critical

infrastructure systems lack adequate and fully up-to-date security protections.75

Cyber-attacks also pose economic dangers. Attacks need not cause physical

destruction to harm the economy, as attacks on banks and companies can causes a drain on

the economy.76 Cyber-espionage poses a real danger as it can impact revenue, income,

intellectual property rights, and corporate innovation.77 Vulnerabilities in cyber-space mean

that it is now possible to cause damage to another nation’s economy without having to use

military strength or force maneuvers.78

Terrorist groups pose an interesting additional challenge. Cyber-terrorism is not

widespread, but it remains a danger. Thus far, terrorists have mainly used the cyber-realm

to recruit followers, conduct intelligence gathering for physical attacks, fundraise, and

conduct information warfare. Such groups are constantly working to further expand their

cyber-capabilities, including with the help of nation states such as Iran. Given the ability of

72 Zetter, Kim. “Feds Say that Banned Researcher Commandeered a Plane.” Wired.com. May 15, 2015,

https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ 73 Carr, Inside Cyber Warfare, p. 20; Office of the President. “Cyberspace Policy Review,” p. 1-2; Clarke and

Knake, Cyber War, p. 70; Subcommittee on Emergency Preparedness, Response, and Communications and the

Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response,

p. 2, 12, 39). 74 Carr, Inside Cyber Warfare, p. 20. 75 McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In),” Journal of Strategic Studies, vol 36, no

1, 2013, p. 109, 115. 76 Kello, “The Meaning of the Cyber Revolution,” p. 23-24. 77 Kihara, Stacy A. “A Rising China: Shifting the Economic Balance of Power Through Cyberspace.” Naval

Postgraduate School, Thesis, 2014, p. 44. 78 Siboni, Gabi “Protecting Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National

Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 7.

24

attackers to target poorly defended networks and then proceed into more highly defended

ones, there is a real danger that terror groups might increasingly turn to cyber-space to

achieve their goals.79

As will be discussed in detail later in the dissertation, cyber-attacks are also difficult

to attribute. This makes it harder for states to be able to respond to attacks.80 This difficultly

is coupled with the often diffuse nature of cyber-attacks. Cyber-attacks can come from

anywhere in the world, and in the case of some attacks, such as DDoS, they are launched from

around the world simultaneously. This complicates efforts to defend and to respond.

Regarding the argument that the world has not yet seen widespread cyber-attacks,

that does not mean the threat should be in anyway downplayed. Very few nations have the

ability to launch crippling cyber-attacks, and those that do are not going to use them for their

own sake, there has to be a compelling reason to do so and clear benefit to doing so. It is a

question in part of political motives and circumstances. Russia, in fact, does appear to have

employed cyber-attacks as part of its foreign policy, and the US and Israel appear to have

done so in regards to Stuxnet and Iran’s nuclear program. What gains there are from

launching attacks is not yet clear, and there are risks to launching attacks, thus helping to

explain the lack of major attacks.81 The lack of attacks does not imply they are not possible

or that they are not coming. As Kello notes: “To the question: Where are all the catastrophic

cyberattacks? The easy and obvious response is: Where are all the nuclear attacks?”82

79 Clarke and Knake, Cyber War, p. 136; Schweitzer, Yoram, Gabi Siboni, and Einav Yogev. “Cyberspace and

Terrorist Organizations.” in “Cyberspace and National Security – Selected Articles.” Ed. Gabi Siboni. Institute for

National Security Studies. 2013; pp. 17-25. 80 Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American, June 2016 81 Even and Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends,” p. 40-41. 82 Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.

2014, p. 189.

25

There is no clear sense regarding the number of cyber-attacks that occur or the

severity. This is partly because many attacks go unreported, partly due to national security

concerns, and partly because it is possible that some attacks are never discovered. But there

is no question that there have been many damaging cyber-attacks.83 Overall, the extent of

the danger cyber-attacks pose is somewhat open to debate. It is clear, however, that the

danger is real and should not be taken lightly.

International Relations Theory:

International relations theory underlies much of the work that will be done in this

dissertation, thus it is important at this point to provide a brief discussion of the foremost

theories. There are three dominant branches of international relations theory that drive

understandings of how states interact: realism, liberalism, and constructivism. This section

will give a brief overview of these three theories and their main arguments.

Realism can be understood through the words of one of the greatest minds in human

history: “Poor man wanna be rich, rich man wanna be king, and a king ain’t satisfied till he

rules everything.”84 The words of Bruce Springsteen, history’s greatest musical genius, aside,

realist scholars argue that the international system is dominated by anarchy. Anarchy

implies that states exist is a self-help world where there is no authority that can stop states

from acting as they choose other than a more powerful state.85 Classical realists argue that

83 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 114. 84 Bruce Springsteen. “Badlands,” Darkness on the Edge of Town (Album), First Track, 1978 85 Morgenthau, Hans J. Politics among Nations: The Struggle for Power and Peace (New York: Alfred A. Knopf,

1948); Waltz, Kenneth N. Man, the State, and War (New York: Columbia University Press, 1954); Waltz, Kenneth

N. Theory of International Politics (McGraw-Hill, 1979); Mearsheimer, John J. The Tragedy of Great Power

Politics (New York: Norton, 2001); Walt, Stephen. “The Enduring Relevance of the Realist Tradition.” In Political

Science: State of the Discipline III, eds. Ira Katznelson and Helen Milner (New York: W.W. Norton and Co., 2002).

26

human nature is conflictual, and, coupled with anarchy, this means that if states want to

survive they must seek to increase their absolute power. In this conception, power is an end

in and of itself.86 Neo-realists argue instead that the international system, not human nature,

is conflictual in that anarchy and the polarity of the system leads to conflict. Neo-realists

argue that states seek to acquire relative power gains to protect their interests and that

therefore power is a means to an end.87

From these theories regarding the use of power arises the security dilemma. The

security dilemma posits that when country A improves its capabilities, country B will do so

as well, leading country A to improve its capabilities again, and so on. An arms race thus

ensues. Countries are also hesitant, due to the condition of anarchy and the need to defend

themselves, to share information with other nations regarding their capabilities or intents.88

In this system, states will act to enhance their power with little regard for norms or

international law.89 Trust is difficult to impossible for states to achieve as a single betrayal

of that trust could lead to the destruction of the state that was betrayed.90

Liberalism, as with realism, argues that anarchy dominates international relations.

Liberals, however, argue that anarchy can be reduced, that trust can be built, and that states

do in fact take action to reduce the threat anarchy poses to national security.91 Liberalism

argues that international institutions and international law are the tools to accomplish this

86 Morgenthau, Politics among Nations; Waltz Man, the State, and War; Mearsheimer, The Tragedy of Great Power

Politics 87 Waltz, Theory of International Politics; Mearsheimer, John J. “Back to the Future.” International Security. Vol

15, No 1. 1990. 88 (Morgenthau, Politics among Nations; Waltz, Man, the State, and War; Waltz, Theory of International Politics;

Mearsheimer, The Tragedy of Great Power Politics; Walt, “The Enduring Relevance of the Realist Tradition.” 89 Buzan, Barry. “The Timeless Wisdom of Realism.” In International Theory: Positivism and Beyond, edited by

Steve Smith, Ken Booth, and Marysia Zalewski, 47-65. (New York: Cambridge University Press 1996). 90 Mearsheimer, “Back to the Future.” 91 Keohane, Robert. After Hegemony: Cooperation and Discord in the World Political Economy (Princeton

University Press, 1984).

27

task. Institutions do so by providing states with a place that they can build trust through

repeated successful interactions, which allow states a secure space to share information

regarding their capabilities and intents, thus leading to less conflict. Institutions also

decrease transaction costs and offer compliance monitoring to help decrease the chances

that a nation will renege on its commitments to other states.92 Liberals note that

governments have invested a great deal of money into these institutions, demonstrating that

states do gain value from them.93 International law is a powerful tool as well, as states that

violate it can be subject to sanctions and punishment by a unified international community.

In contrast to realism and liberalism, constructivists do not agree that anarchy is the

inherently dominant feature of the international system. As Wendt (1992) famously argued,

“Anarchy is what states make of it.” Constructivism does not argue that anarchy cannot exist,

but argues instead that it is not the driving force behind international relations. Instead,

constructivists argue that state’s interests are defined not by power, but by their identities,

which are socially constructed. It is how states view themselves and others that determines

their actions on the international stage. National interests in this view are thus difficult to

objectively determine and are fluid in nature. Constructivism thus claims to provide the

basis for the other two theories as it claims to be able to explain where state interests

originate. In constructivism it is not hard power that drives international relations, it is the

power of an idea.94

92 Keohane After Hegemony; Buzan “The Timeless Wisdom of Realism;” Keohane, Robert and Joseph S. Nye.

Power and Interdependence: World Politics in Transition (Boston: Little, Brown and Company, 1977); Gilpin,

Robert. The Political Economy of International Relations. (Princeton University Press, 1987); Hopf, Ted. “The

Promise of Constructivism in International Relations Theory.” International Security. Vol 23, No 1. 1998. 93 Keohane, Robert O. and Lisa L. Martin. “The Promise of Institutionalist Theory.” International Security. Vol 20,

No 1. 1995; p. 40. 94 Wendt, Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International

Organization Vol. 36, No. 2. 1992; Wendt, Alexander. Social Theory of International Politics. (Cambridge

28

State behavior in this paradigm can be contained through the creation of norms of

behavior (which are judged to have been created when states modify their behaviors).

Norms are defined as “collective expectations for the proper behavior of actors with a given

identity.”95 Norms can arise from a wide range of sources including treaties, international

law, discussions between leaders, and non-state actors. States will generally construct their

interests and base their actions on what is considered legitimate by the international

community at the time. When states violate these norms, as does occur, the state is named-

and-shamed, leading to political and economic sanctions and isolation, until it ceases the

behavior.96 International institutions are critical to this process as well as they provide a

place where norms can be created and where states can be taught what these norms are and

how to comply with them.97 Further, transnational organizations, which consist of

likeminded advocates around the world, play a central role in the creation and enforcement

of norms.98 Constructivism notes that norms do not determine what the outcome of a given

situation will be, instead, they argue that norms shape the realm of what is possible for states

to do in the international sphere and what the response from other states will be.99 In

regards to norms and international law, there is not always a clear distinction between the

University Press, 1999); Finnemore, Martha. National Interests in International Society. (Cornell University Press,

1996); Keck, Margaret E. and Kathryn Sikkink. Activists beyond Borders: Advocacy Networks in International

Politics (Cornell University Press, 1998). 95 Katzenstein, Peter J. “Introduction: Alternative Perspectives on National Security,” in The Culture of National

Security: Norms and Identity In World Politics ed. Peter J. Katzenstein (Columbia University Press: 1996). 96 Wendt, “Anarchy is what States Make of it;” Wendt, Social Theory of International Politics;” Finnemore,

National Interests in International Society; Keck and Sikkink, Activists beyond Borders. 97 Finnemore, National Interests in International Society 98 Keck and Sikkink, Activists beyond Borders. 99 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945

(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 435; Choucri, Cyberpolitics

and International Relations, p. 25.

29

two. Norms can arise from international law, or the existence of norms can lead to the

creation of international law. Thus, it can be hard to tell the two apart.

Current Understandings of Cyber-Space:

Many scholars argue that governments have had a great deal of difficulty gaining any

real centralized control over cyberspace and have been unable to establish a monopoly of

force, meaning that anarchy is an inherent characteristic of cyber-space.100 The very nature

of the internet helps to explain why. The internet was built around the idea of open access,

not security concerns. It is also easy for pretty much any actor to gain access to the internet,

and thus the cyber-realm, which complicates efforts to apply traditional counter-force

strategies or even keep track of all threats.101

Further limiting the ability of states to control cyber-space.102 Cyber-attacks can be

launched at a virtually unlimited number of targets anywhere in the world from any source

anywhere in the world. Further, attacks easily cross borders, and the actor that has been

attacked may not even be aware such an attack has taken place.103 Such threats mean that

defenders must protect a wide range of targets. While attacks are not limited by geography,

many physical threats, such as terrorism, poses the same dangers. Terrorists can be

recruited from around the globe and they can conduct cross-border operations.

100 Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The

MIT Press, 2010); Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked

Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013.; Nye, “Nuclear Lessons

for Cyber Security?” 101 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208. 102 Clarke and Knake, Cyber War, p. 31. 103 Kello, “The Meaning of the Cyber Revolution,” p. 22.

30

Some authors have countered this, arguing that anarchy is not an inherent condition

of the cyber-realm. Demchak and Dombrowski, for example, have argued that states are

heading towards what they term a “cybered Westphalian age.”104 The idea is that nations will

be able to use technology to create secure borders in cyber-space, similarly to the

Westphalian system of borders, which will enable nations to control the flow of information

in and out of (and sometimes within) their nations. The goal of such borders is, similarly to

the physical world, to control what occurs within the nation’s territory and protect the nation

from attack. The boarders will allow states to more easily determine where an attack

originates from, allowing for improved planning for responses to attacks from state and non-

state actors, and heightening the ability to retaliate for and deter attacks. As a part of such

efforts, states would need to develop methods of anticipating, discovering, and disrupting

attacks as far in advance as they can. Such knowledge additionally allows states to place

pressure on states conducting attacks or harboring attackers, including through the use of

norms or international norms.

There is some reason to believe states could construct such a global order. It is

possible, at least theoretically, for a nation to use technology to impose cyber-borders.105

Governments have sometimes been able to use national laws to control the behavior of

private companies in cyber-space, such as when France and Germany coerced Yahoo into

blocking hate speech in their nations despite the speech being legal in the US, where Yahoo

is based. Countries could attempt to impose other restrictions on internet service providers,

104 Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly.

2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf 105 Choucri, Cyberpolitics and International Relations, p. 39.

31

browsers, search engines, and any other entities in cyberspace.106 Further, there are

countries, such as China with its “great firewall,” that have been able to set up some measure

of control over the internet traffic and going in and out of the country.

While such a system might serve to reduce some forms of anarchy, the creation of

borders, just as in the physical world, would not be enough to create a clear mechanism to

control the anarchy that exists in cyber-space. It is far more difficult to create and protect

borders in the cyber-realm than it is in the physical world. The architecture of cyber-space,

from computers to websites and more, is not owned by nations, but rather by private

companies and non-state actors. Controlling their behavior will not be straightforward. This

is further complicated by the large number of actors who can cause damage in cyber-

space.107 Legal and political considerations further restrain the state’s ability to control

anarchy. Anyone with a computer can be a threat, even if the individual does not know he

or she is part of a cyber-attack. Attackers can hijack private machines, which limits the

options available to defenders. Counter-attacking on a private machine may violate laws or

create political problems regarding privacy. These concerns are evident on the international

scene as well, as other states may be displeased by attacks on their citizen’s computers.

In practice, China has had mixed success with its great firewall. It is still the victim of

cyber-attacks, and a great deal of information still enters and leaves the country without

China’s permission. Further, Israel’s experience in the cyber-realm thus far, as will be shown,

appears to contradict the idea that nations will look to create “Westphalian” borders or

106 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,

2010, p. 6. 107 DeNardis, The Global War for Internet Governance; Elazari, “How to Survive Cyberwar,” p. 67;

Mueller, Networks and States; Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in

International Relations.”

32

would benefit overall from doing so. Far from shutting itself off, Israel has instead aimed to

work closely with other nations and companies. Creating strictly controlled borders also

cuts nations off from what Zittrain calls the “generativity,” meaning “a system’s capacity to

produce unanticipated change through unfiltered contributions from broad and varied

audiences,” that cyber-space provides.108

Whether or not nations move towards a “cyber-Westphalia,” national level regulation

can play a major role in cyber-space. As Choucri notes, the existence of regulatory authority

is part of what enables the existence and operation of cyber-space by providing the legal

environment in which it has thrived. Further, regulations may be an imperfect tool, but they

are useful in impacting how actors behave.109 Along these lines, regulation can help improve

cyber-defenses. States can serve as a form of risk manager for society by helping (and where

appropriate requiring) private sector actors to build better defenses, recognize threats,

share information with each other and the government on attacks, and train their personnel

to better handle threats. Imposing such conditions on the private sector can be a challenge

in Western nations, but could still be a valuable tool.110

There is debate as well regarding how cyber-space has shaped offensive and

defensive state behavior. Some scholars have argued that cyber-space represents a major

transformation. The most famous, and written about, offensive incident is Stuxnet. Sanger

(2012) provides a detailed and comprehensive account of the entire joint US-Israeli “Olympic

Games” program that led to the creation of Stuxnet and Flame, and why they were deployed

108 Zittrain, Jonathan. The Future of the Internet -- And How to Stop It (Yale University Press & Penguin UK, 2008),

pp. 70. 109 Choucri, Cyberpolitics and International Relations, p. 130. 110 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent

Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security, Vol 1, No 1. 2017.

33

against Iran. There is little debate that Stuxnet proves that cyber-weapons have the capacity

to create physical damage, there is debate, however, over the severity of the damage and how

likely they are to be used.111 Such weapons are so highly complex that only states can really

create such physically damaging programing. Further, once such a weapon is used, it is

possible for the target to capture the code, modify it, and use it themselves. Thus, weapons

like Stuxnet could change foreign relations and how war is conducted.112

The use of cyber-weapons offers attackers the ability to strike targets that would be

difficult to impossible to hit using physical means, including targets that are too far away,

have strong physical defenses, or are placed among civilians.113 Scholars and policy makers

have argued that such attacks allow states to accomplish military goals that might otherwise

be extremely dangerous or difficult while also avoiding civilian casualties. Cyber-attacks

thus also reduce the risk of political blowback that would occur with the inevitably greater

collateral physical destruction of a kinetic strike.114

There is some evidence of such shifts already. Countries are rapidly developing new

cyber-weapons, suggesting they view them as a valuable tool.115 The 2013 US Defense

Science Board argued that the US should not be restrained to the cyber-realm in its response

111 Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future

Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and

General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College, May 23, 2013, p. 39;

Valeriano and Maness, Cyber War versus Cyber Realities. 112 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 113 United States Army Command and General Staff College, “The Evolution of Preemptive Strikes in Israeli

Operational Planning and Future Implications for Cyber Domain,” CreateSpace Independent Publishing Platform

(March 28, 2014), p. 4. 114 Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology on Changes in the Israeli Force

Structure.” Military and Strategy. Vol. 5, No 1. 2013; Baram, Gil. “The Effect of Cyberwar Technologies on Force

Buildup: The Israeli Case.” Military and Strategic Affairs. Vol. 5, No. 1. 2013; Even and Siman-Tov, “Cyber

Warfare: Concepts and Strategic Trends;” Farwell, James P. and Rafal Rohozinski, “Stuxnet and the Future of Cyber

War.” Survival. Vol. 53, No. 1. 2011; Kello, “The Meaning of the Cyber Revolution;” Kissinger, Henry. World

Order. (New York: Penguin Press, 2014), p. 344. 115 Singer and Friedman, Cybersecurity and Cyberwar, p. 149.

34

to cyber-attacks. Instead it argues that the US should maintain the right to retaliate in the

physical world.116 Israel has already begun to view the cyber-realm as an arena in which it

can achieve goals that would otherwise have to be achieved through conventional attacks or

warfare. Israel appears to have used preemptive cyber-weapons and is suspected to have

used the cyber-realm to enhance its ability to launch preemptive strikes in the physical

world.117

Not all scholars agree, however, that the cyber-realm really poses a radical shift in

terms of offense. They argue that cyber-attacks alone will not be adequately effective in

accomplishing tasks or goals that currently require military force to accomplish. The central

contention of such an argument is that the damage done is usually either temporary or small-

scale, and thus easy to repair. As a result, cyber-attacks cannot induce concessions, change

policies, or upset the balance of power.118

Offensive capabilities may be overstated. Current discussions of the level of offensive

ability in cyber-space may focus far too heavily on technology alone, and ignores other

factors. The high cost of the most advanced weapons and the inability of cyber-attacks to

capture enemy territory lead to a cost/benefit ratio that should decrease current thinking

about how powerful offense is in cyber-space. It is highly difficult to develop the skills,

competence, organizations, and doctrines capable of really taking advantage of offense in

cyber-space. An examination of the costs of launching Stuxnet and defending against it

illustrates that it was likely far more expensive to launch Stuxnet than it was to defend

116 Singer and Friedman, Cybersecurity and Cyberwar, p. 136, 144-145. 117 Clarke and Knake, Cyber War; Carr, Inside Cyber Warfare; Parmenter, “The Evolution of Preemptive Strikes in

Israeli Operational Planning and Future Implications for Cyber Domain.” 118 Gartzke, “The Myth of Cyberwar;” Libicki, Cyberdeterrence and Cyberwar, p. 139-158; Nye, Cyber Power.

35

against it. This focus on offensive dominance not only may not provide an accurate picture

of what is occurring in cyber-space, but may increase the risk of arms races, which could end

up leading to conventional war.119

There is also disagreement on the idea that offensive actions in cyber-space can truly

achieve the same objectives as military force. Rid, for instance, contends that “cyber-war” (a

war conducted entirely in cyber-space) cannot occur because war, as classically understood,

is violent (potential to be lethal), instrumental (it can be a means to an end), and political.

He argues that no attack to date meets these criteria, and these features cannot exist in cyber-

space. Instead, cyber-attacks are simply new methods for conducting subversion, espionage,

and sabotage. The argument is in essence that cyber-attacks cannot render an opponent

defenseless or force an opponent to change their policies. In this argument, even the most

destructive cyber-attack to date, Stuxnet, does not reach the level of cyber-war, largely

because it did not do nearly enough damage. Instead supporters of this line of argument

often contend that cyber-attacks can be used to support kinetic military actions, but are not

enough as a stand-alone method of attack.120

There is disagreement on these contentions as well, often focused, as is so often the

case regarding cyber-space and political science, around definitions. In this case, what is

meant by “cyber-war.” Authors who employ slightly different definitions of cyber-war have

used them tp argue that it is already occurring, even if it is not common. Instead of Rid’s

definition, these authors argue that cyber-war is instead a repeated attempt to use cyber-

119 Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.”

International Security. Vol 41, No 3. 2016/2017. 120 Rid, “Cyber War Will Not Take Place;” Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central

European Journal of International and Security Studies, Vol. 4, 2014, p. 58.

36

attacks to deny an adversary access to cyber-space. The argument here is that cyber-war

can be violent, but does not have to be. Under that definition, cyber-war is a much more

common occurrence.121 In either case, however, it is clear that nations are engaged in offense

in cyber-space, which illustrates that nations are using it to launch attacks in novel ways.

It is clear from the literature that states have been developing improved defensive

tools in cyber-space as well. Many nations have begun to formulate cyber-security

strategies, despite the challenges involved with working across agencies and the secretive

nature of the subject.122 The US, France, Russia, the UK, and Israel have all formulated such

documents.123 These plans share some common themes. They all have created early

warning and incident response mechanisms based on sharing information within trusted

networks. They additionally have all called for more frequent training exercises. Further,

all these strategies have created similar guidelines for ensuring that all cyber-personnel

receive minimum levels of specialized training.124 While their level of success has varied

from country to country, nations, including the US, Russia, China, and Israel, have focused on

building cyber-awareness, technical mechanisms, improved cyber-command and control,

121 Kenney, “Cyber-Terrorism in a Post-Stuxnet World;” McGraw, “Cyber War is Inevitable (Unless We Build

Security In);” Stone, John. “Cyber War Will Take Place!” Journal of Strategic Studies. Vol 36, No 1. 2013. 122 Cilluffo, Cardash and Salmoiraghi, “A Blueprint for Cyber Deterrence;” Benoliel, “Towards a Cybersecurity

Policy Model.” 123 European Union. “National Cyber Security Strategies in the World.” European Union Agency for Network and

Information Security. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-

ncsss/national-cyber-security-strategies-in-the-world; Department of Defense, “The DoD Cyber Strategy,” United

States of America, April 2015, http://www.defense.gov/home/features/2015/0415_cyber-

strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf 124 Benoliel, “Towards a Cybersecurity Policy Model,” p. 478

37

cyber-science and engineering, and cyber-tactics and strategies.125 NATO has also stated

that cyber-attacks may be viewed similarly to a military attack.126

One of the major challenges to defense is the ability to attribute attacks, as this limits

the ability to deter attackers. Numerous authors have argued that there are many difficulties

to attributing attacks and thus to deterring them.127 Deterrence requires that attacks have

an identifiable return address, but hiding actions in cyber-space is easier than in the physical

realm.128 Unlike in the physical realm, there is no need to move physical assets, making it

more difficult to determine who the attacker is. In fact, it can be difficult to even determine

that an attack has taken place.129 Without the ability to attribute attacks it is not possible to

deter them or to build adequate defenses, as deterrence rests on the ability to hold attackers’

assets at risk.

There is debate over how successful states have been in defending against, and

dealing with, cyber-attacks. Some others posit that cyber-defenses are robust and strong

enough to combat and defend against attacks capable of causing serious damage. Aiding

these efforts, once discovered, cyber-weapons can generally be easily neutralized, and the

125 Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing

Machinery, Vol. 47, No. 3, March 2004,

http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-

83b7-3eea2bd7423c.pdf 126 NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm 127 Clarke and Knake, Cyber War, p. 122-127; Even, Shmuel and David Siman-Tov, “Cyber Warfare: Concepts,

Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew) Memorandum 179, INSS, June

2011, p. 31-32; Libicki, Cyberdeterrence and Cyberwar; Rid, Cyber War Will Not Take Place; Singer and

Friedman, Cybersecurity and Cyberwar, p. 136. 128 Clarke and Knake, Cyber War, p. 122-127; Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and

Implications for Israel,” p. 31-32. 129 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” p. 31-32; Libicki,

Cyberdeterrence and Cyberwar.

38

code can then be used to create new cyber-weapons for a counter-attack, which lowers the

risk of facing an attack to begin with.130

Others argue instead, as noted, that the dangers the cyber-realm poses are outpacing

existing defenses and doctrines.131 It has been argued that traditional concepts of deterrence

are inadequate, and that nations should recognize that defense and deterrence cannot

necessarily be conducted in a symmetrical fashion. For example, when a nation with weak

financial institutions attacks one in which such institutions are strong, the victim should not

be constrained to counter-attacking financial institutions.132 Other authors have noted that

states have not developed adequate resilience (i.e. the ability to quickly recover from

attacks) as part of their defense plans. Existing systems are currently generally not able to

quickly bring systems back-up and running.133

The role and power of non-state actors in cyber-space is an area of debate. The

growing importance of the cyber-realm in international affairs has provided non-state actors

with a new method to harm states.134 State’s growing dependence on the cyber-realm

creates vulnerabilities for governments and provides non-state actors with a new way to

potentially either influence state behavior or cause damage.135 The cyber-realm offers non-

state actors an arena that is easy to gain entry to (unlike traditional military hard power),

and an arena in which smaller actors can therefore exercise more hard and soft power than

130 Gartzke, “The Myth of Cyberwar;” Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist

Organizations in Cyberspace.” Military and Strategic Affairs, Volume 5, No. 3, 2013, p. 60. 131 Kello, “The Meaning of the Cyber Revolution,” p. 8; Kissinger, World Order, p. 343-344; Siboni, Gabi and Sami

Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs, Vol. 4, No. 3. 2012. 132 Kissinger, World Order, p. 346-347. 133 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” p. 20. 134 Kello, “The Meaning of the Cyber Revolution,” p. 36; Nye, Cyber Power; Nye, “Nuclear Lessons for Cyber

Security?” Silber, “Cyber vandalism – not warfare.” 135 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208

39

they can in traditional political and military domains.136 The ease of access to the internet

also makes it difficult for states to apply counter-force strategies or disable non-state

attacker’s weapons.137

Countering this, while admitting that the power of non-state actors has increased and

there has been a diffusion of power, it can be argued that the diffusion is not enough to mean

that non-state actors have become competitors for governments in cyber-space, let replaced

governments as the most power actors in the world system.138 Non-state actors, including

sophisticated groups, are not likely to be able to cause severe damage. This is in major part

because such actors lack the capabilities of states, including intelligence gathering skills and

the scientific and technological tools needed to develop advanced capabilities.139

Complicating this picture, however, there is not always a clear dividing line between

non-state and state actors in the cyber-realm in two important senses. First, non-state actors

have often received state-sponsorship. This includes, among others, so-called “patriotic

hackers” supported by Russia, Chinese support for pro-China hackers, and Iran’s support of

terrorist organizations.140 Second, due to the interconnected nature of the internet,

governments have begun to feel the need to assist non-state actors in the private sector with

protecting their networks. For example, the US Department of Defense Cyber Strategy

argues that the US should defend a wide array military, diplomatic, and economic

networks.141 Nations can work with private organizations to create a more robust national

136 Nye, Cyber Power. 137 Nye, “Nuclear Lessons for Cyber Security?” p. 207-208 138 Nye, Cyber Power. 139 Gartzke, “The Myth of Cyberwar,” p. 43; Cohen, Daniel and Danielle Levin. “Cyber Infiltration During

Operation Protective Edge.” Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-

infiltration-during-operation-protective-edge/#757dbe0d3fbc 140 Clarke and Knake, Cyber War, p. 136. 141 Department of Defense, “The DoD Cyber Strategy.”

40

defense.142 This is not simple, however, as it poses significant information sharing problems

for both governments and the non-state actors.143

Compounding all these dangers, nations have yet to come to any understandings or

agreements regarding what types of behavior are acceptable internationally.144 Preventing

cyber-conflict is an issue too big and important to be handled by any single nation.

International collaboration is going to be critical if the world wishes to avoid conflict in

cyber-space.145 Until very recently, cyber-threats were viewed only from a national

perspective. It is only in recent years that cyber-issues have begun to be viewed as

something that needed to be dealt with across borders.146

Liberals and constructivists argue that laws, norms, and institutions can control state

behavior, and there are many scholars who argue such a situation can also hold true in the

cyber-realm.147 These authors argue that norms, treaties, cooperation, restraint and

international laws are required for building a robust cyber-defense. While some attempts to

forge international understandings have been made, they have not produced any clear

norms or laws.148 This is a situation that would need to be addressed before the frequency

142 Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014.

http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later 143 Zrahia, Aviram. “A Multidisciplinary Analysis of Cyber Information Sharing,” Military and Strategic Affairs,

Vol. 6, No. 3, December 2014. 144 Deibert, Ronald J. and Rafal Rohozinsk. “Risking Security: Policies and Paradoxes of Cyberspace Security.”

International Political Sociology. Vol. 4, Issue 1. 2010; Valeriano and Maness, Cyber War versus Cyber Realities,

p. 191. 145 Choucri, Cyberpolitics and International Relations, p. 150-151; Clarke and Knake, Cyber War. 146 Benoliel, “Towards a Cybersecurity Policy Model.” 147 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations;”

Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats,

Opportunities, and Power in a Virtual World, ed. Derek S. Reveron (Georgetown University Press, 2012); Sofaer,

Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.” Proceedings of a

Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S. Policy. 2010.

http://www.nap.edu/catalog/12997.html, pp. 185, 200; Zittrain, The Future of the Internet. 148 Sofaer, Clark; and Diffie, “Cyber Security and International Agreements;” Valeriano and Maness, Cyber War

versus Cyber Realities, p. 191.

41

and severity of cyber-attacks increases, and it becomes too difficult to reign in state

behavior.149 It is arguably particularly important to create global institutions and

understandings in cyber-space due to states’ lack of monopoly on the use of force in the

cyber-realm.150 Even noted realist Henry Kissinger argues that mutual restraint between

adversaries will be needed in the cyber-realm.151 A major concern of these authors is that

attacks will eventually harm civilians or possibly even violate the laws of war.

An additional reason states could benefit from building norms, cooperation, and

international law regarding the cyber-realm is that they could be designed to protect the

“generativity” of cyber-space. If states individually build capabilities that restrict access to

cyber-space, it would decrease its generativity. Instead, well designed laws at the national

and international level, as well as positive norms regarding the use of cyber-space, can be

created. Doing so will keep cyber-space open and free while also increasing national cyber-

security.152

At the same time, scholars argue that there are important limitations to the ability of

norms, agreements, and laws to impact behavior in cyber-space. One such problem is that it

is not at all clear if existing international law applies to actions in cyber-space.153 Further,

there exists no global system of governance or international body that could oversee the

implementation of international law in cyber-space.154 Building such a body can be

extremely challenging. It can, as noted, also be difficult to tell if an attack has taken place, or

149 Clarke and Knake, Cyber War. 150 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations.” 151 Kissinger, World Order, p. 346. 152 Zittrain, The Future of the Internet. 153 Garcia, Denise. “Killer Robots: Why the US Should Lead the Ban.” Global Policy Vol 6, No 1. 2015; Valeriano

and Maness, Cyber War versus Cyber Realities, p. 198. 154 Valeriano and Maness, Cyber War versus Cyber Realities, p. 191.

42

assign attribution. This means that it may be possible for many actors to escape punishment

or shaming, decreasing the ability of norms to shape behavior. States are additionally likely

to be highly reluctant to craft binding agreements limiting their freedom to use cyber-space

to support their national interests. This is particularly true as the cyber-realm is still a new

realm of operation and states have not yet fully determined how they can use it.155 As a result

of these factors, it appears unlikely that a binding international treaty or set of laws will arise,

and that the power of norms to constrain behavior may be less in the cyber-world than in

the physical one.

No clear norms or agreements have yet emerged, but some scholars argue they are

beginning to. Countries have shown restraint in using cyber-weapons to accomplish their

goals against other states. In this view, restraint has arisen for a few reasons: cyber-weapons

are one-shot and can be reproduced by the enemy which limits effectiveness; there is a risk

of escalation by the party that was attacked; cyber-weapons cause collateral damage and

countries do not wish to harm civilians; and fear of censure and punishment by international

institutions for violating norms.156 While cyber conflicts will still occur, the conflicts will

largely be trivial, will not lead nations to change behaviors, and will mostly be tied to regional

rivalries.157 Further, states that have the ability to launch attacks often are the ones who

would most suffer from a counter attack, limiting their willingness to launch cyber-attacks

155 Zittrain, The Future of the Internet, p. 70; Sofaer, Clark; and Diffie, “Cyber Security and International

Agreements,” p. 180. 156 Valeriano and Maness, Cyber War versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness, Ryan C and

Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed Forces and Society. Vol 1,

No 23. 2015; Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 41, 42-43. 157 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 40.

43

to begin with. Collateral damage can also spill over into a third party state, which risks

escalating the conflict.158

On the other hand, it is difficult to judge if such a norm is emerging. This is in large

part because there has not been a war between states in which both had advanced cyber-

capabilities and both had meaningful targets in cyber-space to hit. Thus, it is difficult to

determine what, if any, norms have emerged yet.159

Non-state actors pose a particularly interesting challenge in regards to norms and

international law. As noted, if you have a computer, you can be a threat. This can be true

even if the owner of the machine does not intend to attack, as hackers can use private

machines without the owner’s knowledge. This limits the options available to the entity

facing cyber-attacks. Counter-attacking a private machine may violate national laws, and

international legal and political considerations may also restrain such actions.160 Dealing

with the threats non-state actors pose will require the creation of treaties, norms, and

international law, as well as improved cooperation between states.161

There is one more interesting danger posed in cyber-space that deserves mention:

becoming too closely entangled with another nation. Nations that grow powerful in cyber-

space can offer their services to other states. Nations that accept that help may experience

improvements in the speed and efficacy of their systems, but may then fail to develop their

own technology as well. As ties grow closer, the more powerful nation may gain the ability

to access all of the other nation’s systems and networks, which leads to what Libicki refers

158 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends,” p. 42. 159 Drmola, “Looking for Insurgency in Cyberspace.” 160 Mueller, Schmidt and Kuerbis, “Internet Security and Networked Governance in International Relations.” 161 Sofaer, Clark; and Diffie, “Cyber Security and International Agreements.”

44

to as “friendly conquest.” In essence, a total dependence on another state that could be

turned against them.162 It additionally can stifle the growth of domestic cyber-capabilities.

Israel Gets Lost in Cyber-Space

Despite being recognized as a major power in cyber-space for over a decade, Israel

has received very little scholarly attention in regard to cyber-space. The scholarly focus on

Israel has, not surprisingly, though for sad reasons, been on other aspects of security.

Existing academic research regarding Israel in cyber-space has largely focused on limited

aspects of Israeli cyber policy.163 One area of focus has been on military and security policy.

Baram (2013), for example, has written about how an increasing reliance on cyber-tools by

the Israeli Defense Force (IDF) will impact Israeli force buildup and military strategy in the

physical world. In their book, Tabansky and Ben Israel (2015), focus largely on how cyber-

security policies and actions fit into Israel’s general security strategies. Their work has a

heavy focus on a descriptive examination of how Israel’s policies evolved as a result of

Israel’s specific strategic culture and context.164 Building on this and on his own previous

work, Baram (2017) argues that one of the reasons that Israel was able to develop into a

successful cyber-power is that Israeli strategic culture has always focused on technological

superiority as a means by which Israel can ensure its security against the much richer and

more populous Arab states surrounding it.165 This argument is supported by Siboni and

162 Libicki, Conquest in Cyberspace. 163 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 113. 164 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,

2015. 165 Baram, Gil. “Israeli Defense in the Age of Cyber War.” Middle East Quarterly, Winter, 2017.

45

Assaf (2016) who argue that Israel can continue to ensure their technological superiority by

relying on the informal and technology driven nature of Israeli culture.166

With the release of Israel’s new national cyber strategy, Siboni and Assaf (2016)

examine the document and argue that it reveals that Israel places a heavy focus on both

offensive and defensive strategies. A central goal of the strategy is to ensure the state’s

functional continuity by ensuring that government services and systems important to daily

life (such as banks and academia) are able to maintain functionality or quickly recover from

attack. The authors argue too, that the document shows that a central goal of Israeli strategy

is to ensure that Israel is able to decide when to launch attacks on its own terms against any

target of its choice.167

A number of articles have also identified regulatory and organizational factors that

have helped Israel to become strong in cyber-space. Israel’s National Cyber Bureau (NCB) is

generally accepted as critical to how Israel is able to maintain its advanced position.

Specifically, the NCB’s mandate to develop a comprehensive cyber strategy, to make cyber-

policies clear to relevant actors, to solicit advice from outside bodies, to advance research

and development programs between academia, the private sector, and government, to

further cyber-education programs, and to attempt to improve international cooperation

using the cyber-realm.168 Adamsky additionally notes that Israeli strategy is particularly

strong because it addresses preventing cyber-threats at the private and governmental level,

thus helping to protect all important networks. The author also highlights Israel’s ability to

166 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153, 2016, p. 12 167 Siboni and Assaf, “Guidelines for a National Cyber Strategy.” 168 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy;” Benoliel, “Towards a

Cybersecurity Policy Model.”

46

use its high level of cyber-capabilities to forge improved relations with other nations by

offering to work with them and build abilities together. Siboni (2013) and Siboni and Sivan-

Sevilla (2017) also praise Israel’s decision to focus some regulatory efforts on ensuring that

critical infrastructure is well protected, but note that these regulations are not particularly

comprehensive.169 Siboni and Sivan-Sevilla (2017) stress that in regards to regulating cyber-

defense for the private sector and critical infrastructure, Israel has taken a very hands off

approach in regards to requiring specific protections or policies. The authors argue this

remains a significant gap in Israel’s cyber-defenses.170

In discussions of Stuxnet, the focus of most academic works is either on the wider

impact Stuxnet may have on national security policies or on whether or not it was effective.

Numerous authors argue Stuxnet illustrates that cyber-attacks now afford states the chance

to successfully cause physical damage to a target for a lower cost than a physical strike would

entail in terms of both money and lives lost. At the same time, they stress that the attack also

illustrates that states now need to take into consideration the possibility that their weapons

can be turned back against them, and that possible escalation can occur from cyber-

attacks.171 On the other hand, Stuxnet can also demonstrate the limits of cyber-weapons.

The massive complexity of Stuxnet means only states that are already powerful will be able

to use them, which gives such states only a marginal increase in their hard power. Further,

the use of such weapons raises many social and technical uncertainties that make them

difficult to successfully deploy.172

169 Siboni, “Protecting Critical Assets and Infrastructures from Cyber Attacks;” Siboni and Sivan-Sevilla, “Israeli

Cyberspace Regulation.” 170 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.” 171 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War;” Even and Siman-Tov, “Cyber Warfare: Concepts

and Strategic Trends;” Valeriano and Maness, Cyber War versus Cyber Realities, p. 149. 172 Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013.

47

My own previous work, in Cohen, Freilich, and Siboni (2015), has addressed the

subject of Israel in cyber-space as well. The article, which was the first comprehensive case-

study on Israeli use of cyberspace, provides insights into the dangers and opportunities that

the cyber-realm poses to nation states. We argue Israel has excelled in developing polices

and strategies to address these dangers. In the article, we explore what Israel has done

offensively and defensively in cyber-space and argue that while the threats to Israel are

severe, they are not unique, thus nations that are looking to improve their defensive and

offensive use of cyberspace can learn much from what Israel has done. From that we then

offer policy recommendations. This dissertation will not only greatly expand upon what that

paper addresses, but will explore in detail additional topics. There has been little focus, for

example, on the role that Israel has played in the formation or norms in cyber-space or on

what the Israeli experience can teach regarding the role of non-state actors in cyber-space.

To achieve these goals, the dissertation will employ a systematic assessment of

available academic research in political science, law, UN documents, government documents,

and documents from non-governmental organizations. Some of the following chapters will

contain additional review of relevant literature as needed to address their specific topics.

Potential Problems and Limitations:

States and private entities might not actually disclose cyber-attacks that have

targeted them. This makes it more difficult to ensure that all relevant information is

incorporated. It sometimes takes years to uncover major cyber-incidents, and there are

some the world will likely never know. Just as there is espionage in the physical world the

public never learns of, there are doubtlessly cyber-attacks we never learn of. If it is not even

48

possible to uncover all major incidents, it will never be possible to uncover all minor ones.

As noted previously, nations themselves may never even be aware of attacks.

Research is additionally complicated because, as noted, definitions in the field of

political science cyber-security research are not agreed upon. This could complicate efforts

to ensure that authors are speaking of the same phenomenon and not something related

instead. Further, as with all political science research (and social science research more

broadly), due to the endlessly complex nature of human behavior, it is not possible to account

for every factor that impacts decisions.

Analyzing what is known about Israel’s cyber-security strategy poses challenges as

well. While a public document has been released, actual offensive and defensive operations

and how the strategy is implemented is shrouded in secrecy, as in every other cyber-capable

nation. The stakeholders in these policies are national security and intelligence agencies,

and they generally do not like to share information.173

Finally, as with any case-study, the generalizability of my findings will inherently be

limited by that methodological choice. A case study provides rich detail and offers insights

broader studies miss, but it can be hard to draw wider conclusions from them. Conducting

a case study on Israeli cyber-policy is highly valuable, however, as it is a critical country in

cyber-space that is badly understudied. It is not possible to compare its actions and policies

to other nations if no detailed study and analysis is conducted on it first.

173 Benoliel, “Towards a Cybersecurity Policy Model,” p. 437.

49

Chapters

This dissertation consists of 5 chapters beyond the current one. Each of the chapters

will contain relevant policy recommendations and insights to the subject matter in the

chapter. Chapter 2 will focus on examining in greater detail the nature of the threat to Israel

and exploring how Israel’s regulatory and cultural environment has allowed Israel to thrive.

Israeli culture has played a role in shaping Israel’s rise as a cyber-power, and it is important

to understand in what ways this has been the case. In addition, Israel’s government has

placed a heavy focus on ensuring Israel remains powerful in cyber-space. This chapter will

examine the ways in which Israel has achieved this through educational and research and

development programs and cooperation with the private sector and academia.

Building from this, Chapter 3 will propose a conceptual model for understanding state

behavior and test to see if Israel’s experience confirms that it provides an accurate picture

of what occurs in the real world. This model is originally from Cohen, Freilich, Siboni (2017).

The model is entitled Four Big Ds and an R. The Ds are Detection, Deterrence, Defense, and

Defeat of the enemy, while the R refers to resilience. This chapter will explain in depth the

challenge each of these aspects poses to states in cyber-space and examine how it is that

Israel has gone about attempting to meet those challenges.

Chapters 4 and 5 will look more in depth at two particular issues of interest that need

further study: the role of norms and international law in cyber-space; and the under-

examined role of non-state actors and their interactions with states in cyberspace. Chapter

4 will explore what role norms and international law have played in cyber-space. There is

debate currently, as noted above, regarding what if any role they do play at the moment.

Through an examination of Israel’s actions and experiences with other states and

50

international bodies, this chapter will help to address that debate. Chapter 5 will give a

detailed look at the threat posed by non-state actors in cyberspace. There is a healthy debate

regarding what the extent of that threat is. This chapter will aim in part to show that while

the threat is less serious than that posed by state actors, it is growing and should not be taken

lightly. From there, the chapter will explore how Israel has responded to the threat and draw

lessons from that experience.

Finally, Chapter 6 will offer conclusions and policy recommendations for how actors

can use the cyber-realm both offensively and defensively. While due to differences between

nations, not every policy will fit well with every nation, the chapter will aim to offer specific

and clear recommendations that can practically be adopted by a wide range of nations. It is

the hope that these recommendations will be useful in increasing security, peace, and

stability in the cyber-realm at both the national and international levels.

51

Chapter 2 – Israel, Culture, and Cyber-Space

Israel has quickly become of the most powerful players in cyber-space, developing

offensive and defensive capabilities that rival those of the most advanced states. How did

tiny Israel, a country of just over eight and a half million people, grow strong enough to

compete with nations roughly 15 (Russia) to 161 (China) times its size? There is no one

simple answer, and it is a central question to this dissertation. In the study of international

relations, constructivist theory argues that security threats are socially constructed in that

nations and peoples determine what threats are most important, and then how to respond

to those threats in a manner in keeping with that nation’s culture. Using that idea as a

starting point, this chapter will demonstrate that Israel has placed a high importance on

cyber-space, which has led Israel to take steps that have enabled it to gain far greater abilities

in cyber-space than its small size would predict. The importance that Israel places on

building capabilities in cyber-space is demonstrated through the work Israel has done to

create well run and organized cyber-bodies in its government, to draft and pass relevant

regulations, in its commitment to research and development, and its development of

education and training programs. Further, Israel’s culture, as would also be predicted by

constructivist theory, has played an important role in Israel’s strength in cyber-space. This

chapter will examine these issues, and at the end will offer recommendations Israel could

use to further enhance its abilities in cyber-space.

The Threat to Israel in Cyber-Space:

Before examining these issues, it is important to first discuss the scope and extent of

the threat to Israel in cyber-space to frame why it is that Israel is focused on this arena. Israel

52

faces a nearly constant barrage of cyber-attacks from both state and non-state actors.174

There are a wide array of targets to strike in Israel, from defense contractors, to banks, to

the Iron Dome and other military equipment, to the national security apparatus, to TV

stations, and more.175 The systems most often targeted are the healthcare, financial services,

and transportation sectors, as well as government agencies.176 While the capabilities and

intentions of the actors varies, the financial and security dangers posed to Israel have been

steadily increasing, as has the sophistication of the actors launching operations. More

complex attacks have aimed to either disable Israel’s critical infrastructure systems or

conduct espionage on those systems or Israel’s national security organizations.177 While

thus far no catastrophic incidents have occurred, that is not due to any lack of effort by the

attackers.

In just the period from the start of 2016 to the first half of 2017, attacks on Israel’s

critical infrastructure and other systems have been frequent. In January of 2016, for

example, the Israeli Electric Corporation (IEC) was forced to temporarily shut down a

portion of the electric grid after an employee mistakenly fell for a spear-phishing attempt

and ended up infecting numerous computers with malware. The exact details of how the

174 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the

support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States

Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7, 2012;

Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel, July 9, 2014.

http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/; Cohen, Matthew S., Charles D.

Freilich, and Gabi Siboni. “Israel and Cyberspace: Unique Threat and Response.” International Studies

Perspectives, Volume 17, 2016. 175 Weinstock, Dan and Elran, Meir. “Securing the Electrical System in Israel: Proposing a Grand Strategy.” Institute

for National Security Studies, Memorandum 165, June 2017, p. 32 176 IBM. “X-Force Threat Intelligence Index - 2016.” IBM.com, 2016.

177 TOI Staff. “Next 9/11 Will be Caused by Hackers, Not Suicide Bombers, Cyber Expert Warns.” Times of Israel.

April 15, 2015. http://www.timesofisrael.com/hackers-will-cause-next-911-cyber-expert-warns/; Ginsburg, Mitch.

“The Double-Edged Sword of Cyber Warfare.” The Times of Israel. June 24, 2015.

http://www.timesofisrael.com/the-double-edged-sword-of-cyber-warfare/

53

attack worked and the extent of any damage it caused to the IEC’s computers or networks

were not made public.178 The IEC is in general a popular target for malicious actors, with the

CEO, Eli Glickman, stating that not only is the IEC hit with on average roughly 1 million cyber-

incidents a day, but that many of these attacks are not simple DDoS efforts, but are more

complicated attempts to either gain intelligence for future operations or gain access to the

IEC’s infrastructure.179 In general, Israeli infrastructure systems, including the IEC, water,

and transportation, face as many as two million attacks a day, with the attacks varying widely

in severity.180

In January of 2017, Shin Bet (also known as the Israeli Security Agency, which is

similar in function to America’s Federal Bureau of Investigation) stated that it foiled what it

called a possible massive cyber-attack on Israeli television and radio broadcasters. The goal

of the attack was to take control of the signals and release broadcasts that aimed to cause

public panic.181 In June of 2017, Israel was again able to halt what it called a major planned

cyber-attack. This time the targets were several hospitals. Had the attacks succeeded, they

could have caused major disruption to patient care.182

178 Jerusalem Post Staff. “Israel’s Electrical Grid Attacked in Massive Cyber Attack.” Jerusalem Post, January 26,

2016. http://www.jpost.com/Israel-News/Israels-electrical-grid-attacked-in-massive-cyber-attack-442844 179 Shamah, David. “A Million Hacks a Day, but Israel’s Electric Grid Survives.” The Times of Israel. March 24,

2015. http://www.timesofisrael.com/a-million-hacks-a-day-but-israels-electric-grid-survives/; Siers, Rhea. “Israel’s

Cyber Capabilities.” The Cipher Brief, December 28, 2015. http://thecipherbrief.com/article/israel%E2%80%99s-

cyber-capabilities; Weinstock and Elran, “Securing the Electrical System in Israel,” p. 32. 180 TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz, June 16, 2016.

http://www.haaretz.com/israel-news/business/1.725277 181 Eichner, Itamar. “A Look at the Shin Bet’s Cyber Unit.” YNetNews, January 18, 2017.

http://www.ynetnews.com/articles/0,7340,L-4909435,00.html 182 Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com, June

29, 2017. http://tech.firstpost.com/author/tech2-news-staff

54

Iran:

There are a number of actors who pose dangers to Israel, one of the most dangerous

is Iran. Iran has come to view the cyber-realm as an effective platform for promoting its

interests. Cyber-space enables it to cause harm to adversaries that have military superiority

over Iran, while also providing Iran with enough plausible deniability to avoid sanctions or

counter-attacks for its actions.183 Starting in 2013, Iran has worked to greatly improve its

offensive capabilities. To this point, in 2013, Israel began to face an increase in cyber-attacks

originating from Iran or its proxies, the number and sophistication of which have continued

to increase.184 Iran’s and its proxies’ attacks on Israel have ranged from DDoS campaigns to

more sophisticated efforts mainly aimed at espionage against critical infrastructure, security

agencies, companies, and academics.185

To achieve these improvements, Iran greatly increased funding for its cyber-

programs and worked hard to develop not only better technology, but also to improve it

planning and strategy.186 Iran also increased cooperation with Russian cyber security

experts to rapidly strengthen its abilities.187 Iran now appears to be able to carry out

sophisticated operations that require prior intelligence gathering and that require fairly

extensive and complex infrastructure to engineer.188 Iran has become adept at socially

183 Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber Warfare, 2013-2014,” INSS Insight, no 536,

2014, p. 2. 184 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare.” 185 Rosen, Armin. “Israel Faced a Huge Wave Of Cyber Attacks During Its War With Hamas — And Iran Could Be

The Reason Why.” Business Insider, August 18, 2014, http://www.businessinsider.com/israel-faced-a-wave-of-

cyber-attacks-2014-8; Cohen, Sagi. “Iran Hackers Carrying Out Cyber Attacks Against Israeli Targets, Report

Claims.” YNetNews, June 15, 2015. http://www.ynetnews.com/articles/0,7340,L-4668686,00.html 186 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare.” 187 Sen, Ashish Kumar. “Iran’s Growing Cyber Capabilities in a Post-Stuxnet Era.” Atlantic Council. April 10, 2015.

http://www.atlanticcouncil.org/blogs/new-atlanticist/iran-s-growing-cyber-capabilities-in-a-post-stuxnet-era 188 Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” INSS Insight, No.

561, 2014.

55

engineering attacks as well, and is now able to select the most relevant targets and tailor its

efforts to them. Iran still lacks the ability to launch the most complicated attacks, but it is

able to make effective use of what it can do to steal information and cause disruptions. Iran

has also expanded its support for proxy groups that launch attacks on its behalf, such as the

Syrian Electronic Army (SEA) and Hamas and Hezbollah (discussed below). Doing so both

augments Iran’s own capabilities, and also gives it a way to launch attacks while maintaining

plausible deniability.

Hezbollah and Hamas:

These two groups have been able to improve their cyber-capabilities, mainly thanks

to assistance from Iran and occasionally some help from the SEA (which has mainly targeted

entities in relation to the Syrian civil war and has not focused much on Israel). Operation

Protective Edge in 2014 marked the first time Hezbollah and Hamas attempted to fully

incorporate cyber-attacks as part of their overall strategy to counter Israel. While they had

launched cyber-attacks on Israel previously both during and outside of conflicts, such attacks

were not part of their larger military strategies. In 2014, they mainly launched low-level

attacks, such as DDoS and defacements against Israeli targets in the governmental, security,

financial, and civilian sectors.189 Their largest success arguably came in taking the Home

Front Command website for a short period.190 The attacks, while not doing any real damage,

were significant, however, as they marked the first time the IDF had to fight a war and deal

189 Berman, Lazar. “Knesset Stymies Major Cyber Attack.” The Times of Israel. July 14, 2013.

http://www.timesofisrael.com/knesset-stymies-major-cyber-attack/ 190 Siboni, Gabi and Sami Kronenfeld. “The Iranian Cyber Offensive during Operation Protective Edge.” INSS

Insight, No. 598, Institute for National Security Studies, August 2014.

http://www.inss.org.il/index.aspx?id=4538&articleid=7583

56

with widespread organized cyber-attacks at the same time.191 Hezbollah also appears to

have taken part in an espionage campaign against foreign targets, including Israel, from

2012-2015, though how successful it was in targeting Israel specifically is not clear.192

Hamas appears to be somewhat less sophisticated in its abilities. In 2016, it was able to

briefly hijack the broadcast signal of an Israeli TV station to disseminate some anti-Israel

propaganda and images threatening attacks.193 Hamas’ efforts, however, have focused

mainly on low level DDoS and defacements.

Islamic Jihad:

In general, this is a group that poses limited risk to Israel in cyber-space. They did,

however, have one main success that was significant. It came thanks to Majad Awidah, who

was able to successfully hack into IDF drone communication signals and road cameras

between 2012 and 2014 before he was arrested. Islamic Jihad was able to use that

information to track where Israeli drones were flying and attempt to move militants away

from areas that appeared Israel was preparing to strike. The intelligence they gathered also

improved the terror group’s ability to target their missile launches at busy areas in Israel.194

The tools Awidah used to do this were fairly straightforward, underscoring that non-state

actors do have the potential to use cyber-space in a meaningful way against even advanced

191 Baram, Gil “Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter, 2017, p. 9-10 192 Check Point. “Volatile Cedar Threat Intelligence and Research.” Check Point. March 20, 2015.

https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf 193 Balousha, Hazem and William Booth. “Israel Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks

Israeli TV.” Washington Post, March 13, 2016. https://www.washingtonpost.com/world/israel-retaliates-for-gaza-

rocket-fire-with-air-strikes-hamas-hacks-israel-tv/2016/03/13/0214541e-f9ee-48e0-8402-

39fc4838b65c_story.html?utm_term=.fffab43baf9d 194 Cohen, Gili. “Islamic Jihad Hacker Accused of Accessing Israeli Drone Communications.” Haaretz. March 23,

2016. http://www.haaretz.com/israel-news/.premium-1.710589

57

states. Beyond this incident it does not appear that Islamic Jihad currently poses any major

dangers to Israel in cyber-space.

Anonymous:

Only some of Anonymous’ factions have participated in attacks on Israel. In this work,

therefore, when Anonymous is referred to it is in reference only to the factions that have

launched attacks on Israel, unless otherwise noted. Regarding Israel, Anonymous first

became involved in organized actions against the state during Operation Pillar of Defense in

2012 when it claimed it was able to block access with DDoS attacks to roughly 650 Israeli

websites, and that it leaked credit card information for thousands of Israelis.195 In 2013,

Anonymous launched the first of what would become a yearly series of attacks on Israel,

scheduled, remarkably enough, intentionally to coincide with Holocaust Remembrance Day.

These operations are titled #OpIsrael. The stated goal was to create an “electronic

holocaust” that would wipe Israel from the internet. The attacks, which have occurred every

year since, including 2017, involve the use of generally unsophisticated tools and DDoS

attacks. While some poorly defended websites have been taken off-line for short periods,

and some personal data of a few Israeli officials appears to have been published, and some

credit card data has been stolen, #OpIsrael has been largely unsuccessful in causing any real

damage or disruption.196

195 Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and Strategic Affairs,

Vol. 5, No. 1. 2013, p. 113. 196 Apfel, Alexander J. “‘Anonymous’ Hackers Attacks on Israel More Hype than Harm.” YNetNews.com. April 7,

2016. http://www.ynetnews.com/articles/0,7340,L-4788745,00.html; Sones, Mordechai. “Annual Anonymous Cyber

Attack against Israel April 7.” Israel National News, March 26, 2017.

http://www.israelnationalnews.com/News/News.aspx/227281

58

Espionage by Allies:

China is not the only foreign nation that has utilized the cyber-realm to conduct

espionage against Israel. Two nations friendly to Israel have been found to have done so as

well: the United Kingdom and the United States. The incident in question occurred between

2008 and 2012. The two nations used the cyber-realm to spy on Israeli drone and missile

defense tests, and hacked into Israeli fighter planes and drones. The attackers were able to

listen in on communications and monitor the activity of the vehicles in an effort to determine

if Israel was planning to launch an attack on Iran and to monitor activity in Gaza during

Operation Cast Lead.197 While the intent may not have been hostile, the success the attackers

had underscores that even the most sensitive systems are never fully secure.198

Overall, there is growing concern in Israel that despite its current advantages in the

cyber-realm, other nations and actors will be able to catch up, and that even if other actors

cannot fully close the technological, strategic, doctrinal, and organizational gaps with Israel,

they will come close enough in terms of capabilities to better penetrate Israeli defenses and

cause disturbances or damage.199 Even when no single actor is capable of causing damage

on its own, Israel faces a barrage of attacks from a host of different groups. When many

groups attack at once, the cumulative nature can make it much more difficult to successfully

197 Horovitz, David. “US Espionage and Hamas Tunneling Highlight Malaise in Israel’s Defenses.” The Times of

Israel. January 31, 2016. http://www.timesofisrael.com/us-espionage-and-hamas-tunneling-highlight-a-malaise-in-

israels-defenses/; Currier, Cora and Henrik Moltke. “Spies in the Sky.” The Intercept. January 28, 2016.

https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/; Bob, Yonah

Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post, April 28, 2016.

http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-452589 198 Bob, “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” 199 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011, p. 57; Cohen,

Freilich, and Siboni, “Israel and Cyberspace.”

59

defend against attacks. These attacks increase during times of conflict, as in the operations

against Hamas, which further complicates efforts in cyber-space and on the ground.

However, despite the barrage of attacks, Israel has been able to maintain a high level of

success in defending against cyber-attacks. This is in major part due to the significance Israel

places on the cyber-sphere and the resources and energy it has invested in it.

Identity and Interests in International Relations:

All states seek to survive, and to that end, all states look to directly increase their own

power and influence internationally. All states share this common interest to promote and

defend their national interests above other concerns.200 However, countries do not all do so

in the same manner. Some states place more importance on some threats and some sources

of power than other states do. How the state identifies itself, how it views its environment,

and what aspects of its society it views as critical to its security all shape which issues states

identify as central to national security and how they respond to those threats.201 The beliefs

and values that leaders bring with them into office also shape how states identify and handle

national security issues. In essence, national identity and values help to determine state

behavior.

200 Mearsheimer, John J. “Back to the Future.” International Security. Vol 15, No 1. 1990; Mearsheimer, John J.

“The False Promise of International Institutions.” International Security. Vol. 19, No. 3. 1994/1995; Waltz, Kenneth

N. Man, the State, and War (New York: Columbia University Press, 1954). 201 Finnemore, Martha. National Interests in International Society. (Cornell University Press, 1996); Finnemore,

Martha and Kathryn Sikkink. “Taking Stock: The Constructivist Research Program in International Relations and

Comparative Politics.” Annual Review of Political Science. Vol 4. 2001; Keck, Margaret E. and Kathryn Sikkink.

Activists beyond Borders: Advocacy Networks in International Politics (Cornell University Press, 1998); Wendt,

Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International

Organization Vol. 36, No. 2. 1992; Wendt, Alexander. Social Theory of International Politics. (Cambridge

University Press, 1999).

60

Any issue can become a security issue (it can be securitized), depending on how a

state experiences the threat in the real world, as well as how it is discussed in public by the

nation’s leaders.202 Cyber-security appears to have become securitized around the world.

Whether one believes that the threat in cyber-space is real and growing, or is over-blown,

there is no question that in the minds of many policy makers and in the public cyber-space

is of importance to national security. To that end, the response to cyber threats appears to

be socially constructed as well.203 This can be seen by the fact that different states have

handled the threats and opportunities in cyber-space differently. Israel has not behaved in

cyber-space in the same way that China, which has focused on espionage, has, for example.

Further, not all states place cyber-security as a key issue to their national security. Estonia,

for instance, has developed into a cyber-power as a response to Russian threats, but its

neighbors, some of whom also face threats from Russia, have not.

Cyber-Space and its Importance to Israel:

From all the way back in 1997, Israel recognized that cyber-space held danger, as

evidenced by the establishment of “Tehila” (Government Infrastructure for the Internet Age),

one of the first governmental cyber-security agencies in the world, that aimed to ensure

secure connections for government offices and secure hosting for government websites.204

The cyber-realm has long occupied a significant place in Israeli security thinking. This is

seen in Israel today in statements by Prime Minister Benjamin Netanyahu and other

202 Buzan, Barry, Ole Wver, and Jaap De Wilde. Security: A New Framework for Analysis. (Lynne Rienner

Publishers, 1997). 203 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International

System. (Oxford: Oxford University Press. 2015), p. 51. 204 Ravid, Barak. “Netanyahu Formed a Team to Prepare for Israeli Attacks on Computer Networks,” Haaretz

(Hebrew), April 3, 2011. http://www.haaretz.co.il/captain/software/1.1170180

61

government officials. Former Premier and Defense Minister Ehud Barak, for instance, has

warned that “cyber warfare has taken asymmetric warfare to a new height, allowing a lone

hacker to cause major damage.”205 Former General Isaac Ben-Israel, who served as chief

advisor to Netanyahu on cyber issues, has stated that cyber-readiness is central to Israeli

thinking, both offensively and defensively.206

Netanyahu has frequently stated his belief that Israel must become a dominant force

in cyber-space,207 even calling cyber-attacks “one of the four main threats to Israel.”208 He

has additionally called for Israel to create a “Digital Iron Dome” that would protect Israel

from cyber-threats akin to how the Iron Dome protects against rocket attacks.209 In strategic

planning, he has repeatedly called for the creation of stronger cyber-capabilities and

training. He has stressed his desire for Israel to be one of the top-five cyber-powers in the

world, and has helped pass legislation that called for steps to be taken to make Israel a

worldwide center of development for cyber-technologies.210

The IDF additionally places a heavy focus on developing and improving its cyber-

capabilities. Cyber-space was recognized as a potential danger by the IDF back in the early

1990s. At the time the focus was on information security, meaning the protection of

205 Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post, June 6, 2012.

http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader 206 Shackle, Samira. “Cyber Warfare is Key Priority for Israel,” Middle East Monitor, November 2, 2012,

https://www.middleeastmonitor.com/blogs/politics/4546-cyber-warfare-is-key-priority-for-israel 207 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,

2015. 208 Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War; Netanyahu to Decide,” Haaretz,

September 14, 2014, http://www.haaretz.com/news/diplomacy-defense/1.615637 209 Keinon, Herb. “PM: Israel Needs ‘Digital Iron Dome’ to Stop Cyber Attacks.” The Jerusalem Post, June 9, 2013.

http://www.jpost.com/Defense/PM-Israel-needs-digital-iron-dome-to-stop-cyber-attacks-315934 210 Tabansky and Ben Israel, Cybersecurity in Israel.

62

computerized systems that stored sensitive information. The range of threats has greatly

expanded since then, but the focus on cyber-space remains high.211

The weapons systems the IDF uses, including submarines, missiles, aircraft, and

radars, have electronic components that are vulnerable to cyber-attacks.212 There is concern

within the IDF that enemies will use cyber-space to penetrate, disrupt, take control and even

use military communications networks against Israel during hostilities, thus making it

difficult for Israel to defend itself from attack.213 At the same time, the IDF has also focused

on improving its ability to use offensive abilities in cyber-space. The IDF has stated that it

views cyber-space as “a platform to improve operational effectiveness and defense” and as

another potential battleground, much like the ground, sea, or air.214 This is reflected in the

newest IDF Strategy document released in August 2015, which stresses in part that the IDF

recognizes that cyber-space represents new challenges and opportunities for Israel and that

the IDF should take steps to address this. It calls for Israel to develop better tools to defend

itself against new forms of attacks originating in cyber-space and for Israel to further develop

offensive cyber-weapons.215

The cyber-realm has also become critical to Israel’s economy. Israel exports roughly

$6.5 billion a year of products related to cyber-space, which accounts for roughly 8-10% of

211 Baram, “Israeli Defense in the Age of Cyber War,” p. 5 212 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post, May 11, 2013,

http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 213 Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012.

http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator; Katz, Yaakov. “Security and Defense:

Israel’s Cyber Ambiguity.” Jerusalem Post, May 31, 2012, http://www.jpost.com/Features/Front-Lines/Security-

and-Defense-Israels-Cyber-Ambiguity 214 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews, June 4, 2012,

http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 215 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces, August 2015.

http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf

63

the world market. This is up from 1-2% of the market just six years ago.216 High-tech

products and related services make up roughly 12.5% of Israel’s gross domestic product, and

about half of its industrial exports.217 In regards to global private investment into cyber-

security firms entering a country, Israel is second to the US in the world.218 This centrality

of cyber-space to Israel’s economy arises in part due to the fact that Israel’s government has

stressed that it wants its commercial cyber-sector to become a world economic

powerhouse.219

If in the end, “identities are the basis of interests” as Wendt stated,220 it is fair to say

that Israel has become a great cyber-power in part because it chose to view itself as one. Of

course, it takes more than simply identifying yourself in a given way to create an outcome,

but the creation of that identity and norm of behavior shapes what is possible.221 Israel has

built on this identity to become the cyber-power it sought to be. The rest of this chapter will

explore a few key ways it has done so.

216 MacBride, Elizabeth. “Meet The General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.”

Forbes, July 18, 2016. https://www.forbes.com/sites/elizabethmacbride/2016/07/18/five-lessons-on-cybersecurity-

from-an-israeli-general/#616d36a74fd1; Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal

Insurrection, June 23, 2016. http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/ 217 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews, July 5, 2016.

http://www.ynetnews.com/articles/0,7340,L-4824677,00.html 218 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington

Quarterly. Vol 40, No 2. 2017, p. 119; Nakashima, Ellen and William Booth. “How Israel is Turning Part of the

Negev Desert into a Cyber-City.” Washington Post, May 14, 2016.

https://www.washingtonpost.com/world/national-security/how-israel-is-turning-part-of-the-negev-desert-into-a-

cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 219 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 220 Wendt, Social Theory of International Politics, p. 398. 221 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945

(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 435.

64

Government Bodies:

This section will explore some key bodies that have emerged and what they were

created to do as the threat in cyber-space expanded. As noted, with the creation of Tehila,

Israel began addressing threats back in 1997. Since then, cyber-space has undergone a

tremendous transformation and ballooned in importance. The Israeli government’s cyber-

apparatus has evolved along with the changes.

In 2002, to this end, Israel created a new body, the National Information Security

Authority (NISA). NISA was charged with protecting critical infrastructure systems in both

the public and private sphere from cyber-espionage or cyber-attacks looking to cause

damage. Its remit included bodies such as banks, government offices, and water and

electrical systems.222 At the time it was becoming clear that cyber-crime was on the rise, and

that terrorists were looking for new ways to strike Israel. While NISA was a step forward, it

became clear over time that once again the challenge of defending against cyber-attacks

required new ideas. In 2011, Israel established the National Cybernetic Task Force (NCTF).

Its job was to review Israeli cyber policies and recommend improvements designed to

guarantee Israel’s cyber-security and global leadership in the field. In its conclusions, the

NCTF argued that Israel must not just improve on what it already did well, but invest the

time, energy, and money necessary to develop state of the art cyber-tools necessary to

respond to new threats. It also called for Israel to ensure that security measures and

government regulations did not infringe on Israel’s democratic and open society, or its

knowledge-based economy.

222 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Siboni, Gabi “Protecting

Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National Security – Selected Articles.”

Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 8

65

To this end, the Task Force identified a number of overarching goals for Israeli policy

makers: better inform the public regarding threats from cyber-space, develop better cyber-

training programs in schools and increase funding for them, improve governmental

regulations, and expand investments in cyber R&D. The panel further advocated forming a

national body responsible for determining cyber-space policies, expanding research grants,

building a strong industrial base to safeguard Israel’s cyber advantages, and increased

international cooperation.223 Another area of concern identified was the brain drain from

the government to the private sector.224 The main recommendation of the Task Force was

the creation of the National Cyber Bureau (NCB) to oversee Israeli cyber-policy and address

the concerns in the Task Forces’ report.225

Following that recommendation, Israel established the NCB later in 2011.226 The NCB

serves in an advisory capacity to the Prime Minister, working to oversee national policy

related to cyber-space and promoting implementation of regulations.227 Its mission is to

promote and regulate government cyber-activity, improve cyber-defense for the non-

defense related sectors of the government and, especially, expand the state’s ability to defend

and secure critical infrastructure networks against all threats. The NCB was charged with a

wide range of tasks: recommending policy changes to the government in regards to

cyberspace, including the creation of a national cyberspace security doctrine; promoting

223 Levi, Ram. “The Fifth Fighting Space.” Israel Defense, December 16, 2011,

http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706 224 United Press International. “Unit 8200 and Israel’s High-tech Whiz Kids.” June 4, 2012,

http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-tech-whiz-kids/UPI-

43661338833765/ 225 Cohen, Freilich, and Siboni, “Israel and Cyberspace.” 226 Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015.

https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ 227 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North

Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p. 444

66

Israel’s cyberspace industry; funding cyber R&D; promoting national cyber-educational

programs; improving coordination and cooperation between government agencies as well

as between the government and academics, industry, and private business; and holding

national and international exercises to improve Israel’s cyber-preparedness. In addition, the

NCB publishes warnings and reports as needed on emerging threats.228 The NCB has played

a major role in shaping Israel’s successful policies regarding cyber-space.229

Israel has continued to build additional governmental organizations related to cyber-

space as needs arise. In 2015, the National Cyber Security Authority (NCSA) was founded as

a subordinate body to the NCB. The NCSA has taken over direct responsibility for

coordinating efforts with the private sector to defend against attacks, working to ensure

improved early warning of threats and threat analysis, engaging in active defense operations

to deal with threats in real time, and assisting with crafting regulation.230 The NSCA

additionally functions as the government’s CERT.

Israel had planned to unveil a new unified Cyber Command for the IDF in 2017 that

would assume all responsibilities regarding military use of cyberspace and cyber-warfare

duties.231 It would have included all of the military’s intelligence and cyber offensive and

228 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National

Security Studies, Memorandum 117. May 2012; Ben-David, “Playing Defense,” p. 57; Efrati, Rami, and Lior Yafe.

“The Challenges and Opportunities of National Cyber Defense.” Israel Defense, August 11, 2012,

http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; National Cyber Bureau. “Mission of the

Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014.

http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Israel

Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on

Cyberspace 2013, October 16, 2013; Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology

on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1. 2013; Cohen, Freilich, and Siboni,

“Israel and Cyberspace;” Benoliel, “Towards a Cybersecurity Policy Model.” 229 For more, see Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 116 230 Baram, “Israeli Defense in the Age of Cyber War;” Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace

Regulation: A Conceptual Framework, Inherent Challenges, and Normative Recommendations.” Cyber,

Intelligence, and Security, Vol 1, No 1. 2017. 231 Baram, “Israeli Defense in the Age of Cyber War,” p. 7.

67

defensive capabilities, as well as capabilities that were previously housed in the Mossad and

Shin Bet.232 However, objections from some senior IDF officials and some concerns that “the

field of cyber warfare is changing too fast,” led Israel to scrap this proposal. Instead, the IDF

will expand the powers of its C4I Corps (command, control, computers, communications and

intelligence) to include both its current responsibilities regarding network operation, as well

as new responsibilities for defending all IDF networks against attack. This will turn C4I into

an operational command unit for all of the IDF’s cyber-defenses. C4I will then have the

authority to do whatever it feels necessary to defend the IDF, including launching

counterattacks and engaging in active defenses designed to deter attacks before they

occur.233 Part of this plan also calls for the IDF to streamline and cut costs, while also

providing for an overall increase in funding for cyber-activities.234

Regulation:

Becoming a cyber-power requires not just know-how and determination, it requires

the creation of well-designed governmental regulation. This is something Israel has done

well. Israeli regulation of cyber-space differs by actor. The security services are self-

regulated, and government sites are regulated by the NCB and the Telecommunications

Authority. The defense industry is partially self-governing but is guided as well by the

Director of Security of the Defense Establishment.

232 i24 News. “Israel Reorganizing Cyber Warfare Operations.” iI24news.com. June 16, 2015.

http://www.i24news.tv/en/news/israel/diplomacy-defense/75069-150616-israel-reorganizing-cyber-warfare-

operations 233 Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber

Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-

create-cyber-command-will-strengthen-military-cyber-defences/; IsraelDefense. “IDF Scraps Plans for a Unified

Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613 234 IsraelDefense. “IDF Scraps Plans for a Unified Cyber Command.”

68

Critical infrastructure represents a hybrid in which the state has supervision over

their defenses through the National Cyber Defense Authority and Shin Bet, but the

companies also have a significant degree of freedom to make decisions regarding security

that are driven by market forces as well. Critical infrastructure companies are required to

meet certain minimum standards for cyber-security and to share some information on

attacks against them with the government. If they do not do so, the state has the authority

to impose sanctions on them.235 Israel has recently implemented a new regulation on critical

infrastructure companies requiring that all personnel in cyber-security jobs meet minimum

levels of training and education, and that they engage in continuing education. This is a

regulation that has not been tried much elsewhere in the world, and it is unclear what impact

it will have. Generally, such employees will continue to self-teach as part of their jobs, and

this new regulation could decrease such behavior. If that occurs it will lead to decreased

innovation, as standardized ways of doing things will be imparted to these employees. On

the other hand, it is likely to at least temporarily raise the quality and training of the people

defending these networks.236

In the rest of the private sector, the government provides no oversight or direct

guidance, leaving businesses, industries, and individuals to their own devices to protect their

devices. There are no laws requiring companies take any steps to mitigate the dangers of

cyber-attacks, nor are there laws that require companies to report data breaches to

customers. The lack of regulation has both positive and negative outcomes. On the positive

side, it frees the market to innovate and develop technology in response to market demands.

235 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.” p. 91. 236 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation,” p. 94.

69

On the negative side, it means that standards are not uniform, leaving some targets

vulnerable. Further, there is no requirement that companies share information regarding

attacks or threats with each other or with the government, which makes it more difficult to

detect and stop threats as they occur.237 Generally companies are reluctant to report such

information because they fear doing so will have reputational costs.238

As a useful example of how Israel handles regulation in cyber-space, the Defense

Ministry recently worked with private cyber-security companies to come to an agreement

on the sale and export of security products. Israel had initially desired to restrict their

export, but private industry pushed back, arguing that if greater regulation and controls

were placed on their business they would be unable to compete with companies in states

that did not impose similar restrictions. The two sides worked together, and in the end, the

regulations were withdrawn. The state was willing to do this in major because it wants to

ensure that Israel remains at the forefront of cyber-technology, and it feared this regulation

would make that more difficult.239

Research and Development:

Israel’s ability to execute its plans and strategies in cyber-space depends upon having

the technical ability to do so. To that end, research and development is critical to creating

and maintaining that edge over other actors. Israel is well aware of this and has focused

heavily on funding and promoting research and development.

237 Tabansky, Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security

– Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013; Siboni and Sivan-Sevilla,

“Israeli Cyberspace Regulation.” 238 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 9-10. 239 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Siboni and Sivan-Sevilla,

“Israeli Cyberspace Regulation,” p. 94.

70

There are roughly 300 start-up companies in Israel dealing with the cyber-realm, and

multinational companies have set up roughly 20 research and development centers. These

numbers are equal to the total in the rest of the world combined, excluding the US.240

Companies that have set up centers in Israel include many of the world’s biggest, such as

Microsoft, Apple, IBM, EMC, Paypal, Oracle, General Electric, Deutsche Telekom, Lockheed

Martin, McAfee, Cisco and RSA.241 These companies come to Israel for a range of reasons,

but one of them is that Israel actively seeks them out. Israeli officials, including Netanyahu,

have directly reached out to companies to convince them to set up centers in Israel in an

attempt to further boost the country’s cyber-capabilities.242

The military has played an important role in Israel’s success building these start-up

companies. Israel’s military has programs set up to train its soldiers in cyber-security. This

is important in part because all Israeli citizens who are Jewish, Druze, or Circassia are

conscripted at age 18 for a period of 2 years for women and 2 years 8 months for men. Thus,

a large number of citizens receive this training. The most promising soldiers are assigned to

work in the elite Unit 8200. People who have served in this unit have an impressive track

record of setting up start-up companies when they finish their service, and the unit has been

credited with helping to foster a mindset among its members that is conducive to forming

start-ups.243 Graduates of the unit have even stated that Unit 8200 runs much like a start-up

company. It has research and development teams that can be utilized, funds can be

240 Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya,

Israel, June 9, 2014; Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High

Tech.” The Marker (Hebrew), September 14, 2014, http://www.themarker.com/technation/1.2432479; The

Economist. “Cyber-Boom or Cyber-Bubble.” The Economist. August 1, 2015. 241 Shkedi, Daniel. “The Cybersecurity Sector in Israel (Report).” Embassy of India, Israel. 2015; Uniyal, “US,

Israel Sign Cyber Defense Agreement.” 242 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118-119. 243 MacBride, “Meet The General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.”

71

requested for projects, and there is a loose atmosphere that encourages experimentation and

innovation.244

The presence of these start-ups and multinational companies helps Israel not just

economically, but for another reason as well. Israel has fostered close ties between the

military, academia, and the private sector.245 Israel uses these ties to bolster its offensive

and defensive abilities in cyber-space. This enables Israel to have direct access to cutting

edge technology, training, and opportunities for collaboration that it might not otherwise

have. Israel’s goal in this regard is to bring together the research knowhow and capabilities

of academia, the real-world knowledge of multi-national companies, the innovative spirit of

start-ups, and the hands-on experience of the military to build more successful offensive and

defensive cyber-tools for military and governmental use.246

The best example of this effort is the Advanced Technology Park (ATP). The ATP is

located on the campus of Ben-Gurion University in Beer Sheba. It was opened in September

of 2013 with the goal of providing a place where academics, multinational corporations,

start-ups, government officials, and the IDF could collaborate on projects, share data and

knowledge, and provide each other with extra personnel support and resources, and foster

new innovative ideas.247 Numerous companies have set up offices at the ATP, including

many of the ones mentioned above. The military has personnel from Unit 8200 on site as

well.248 The ATP initiative demonstrates the importance Israel places on the cyber-realm

244 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 245 Richet, Jean-Loup. Cybersecurity Policies and Strategies for Cyberwarfare Prevention. (Information Science

Reference, an imprint of IGI Global, 2015), p.293. 246 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 247 Levi, “The Fifth Fighting Space;” Hiner, Jason. “How Israel is Rewriting the Future of Cybersecurity and

Creating the Next Silicon Valley.” Tech Republic, 2013, http://www.techrepublic.com/article/how-israel-is-

rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/# 248 Richet, Cybersecurity Policies and Strategies for Cyberwarfare Prevention, p.293.

72

through its will to transform a remote desert region into a strategic high-tech hub where a

wide range of disparate actors can come together to create cutting edge products and

services.

One of the main jobs of the NCB is to help ensure that Israel continues to maintain its

qualitative advantage in cyber-space at the governmental and private levels. To do this, the

NCB has created a range of government funding opportunities for state entities including the

military, private companies dealing with cyber-space, and academia.249 The first of these

projects came about in 2012 when the NCB, in partnership with the Israeli Ministry of

Defense’s Research Authority and Development of Ammunition and Technological

Infrastructure, offered roughly $3.5 million to promote research and development

cooperation between the military and private sectors regarding dual use cyber-technology.

The NCB has also provided money to assist private entrepreneurs for projects the NCB

believes will improve Israel’s competitive abilities in world markets.250 In 2016, Israel even

offered to provide grants to private cyber-companies that would pay for up to 20 percent of

the company’s salary expenditures.251

Promoting academic research has also been a top priority of the NCB, and in 2012

alone, the NCB endowed roughly $10 million over 2 years to promote academic research

projects.252 The NCB has expended hundreds of millions of dollars “for the consolidation of

supportive academic research and in R&D grants to companies and universities.”253 In

249 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118 250 Benoliel, “Towards a Cybersecurity Policy Model,” p. 448-449. 251 Nakashima, Ellen and Ruth Eglash. “Israel hopes a cyber-city in the desert will coax highly trained, affluent,

young people away from Tel Aviv.” Washington Post, May 14, 2016.

https://www.washingtonpost.com/news/worldviews/wp/2016/05/14/israel-hopes-a-cyber-city-in-the-desert-will-

coax-highly-trained-affluent-young-people-away-from-tel-aviv/?utm_term=.4a10f44101d6 252 Benoliel, “Towards a Cybersecurity Policy Model,” p. 448. 253 Adamsky, Dmitry “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 118.

73

addition, the NCB worked closely with two Israeli universities to establish two new research

centers. One is at Ben-Gurion University of the Negev and is focused on research related to

technology and applicative sciences. The second is Tel-Aviv University, which takes a

broader approach that includes political science and legal issues.254

The Office of the Chief Scientist (OCS) in the Ministry of Economy provides additional

support to private sector companies that conduct cyber-research and development, and

often does so in coordination with the NCB. Developing cyber-products, same as in most

other fields, is very risky for companies. Thus, the OCS looks to help ease the financial burden

of conducting research and development on projects that it believes will be successful in the

marketplace. The OCS does this by either directly providing financial resources or by

matching companies with third parties that are interested in funding the project. The direct

goal of this program is not to enhance governmental or military cyber-capabilities, but

instead to ensure that start-ups and companies continue to research and develop new

products and services in Israel, so that Israel’s private cyber-sector remains vibrant. The

idea too appears to be that that if Israeli companies are strong, then it boosts the economy

and it increases the odds that the government or military will be able to benefit from the

products in the long term.

Education and Training Programs:

Investing a nation’s resources and energy into building a field is a critical component

to its success in doing so, but it is a pointless waste if your population does not have the skills

to take advantage of the opportunities. Israel has worked to ensure that such a situation

254 Benoliel, “Towards a Cybersecurity Policy Model,” p. 449; Tabansky and Ben Israel, Cybersecurity in Israel.

74

does not arise in the nation. From grade schools, to colleges and universities, to the military,

Israel has invested resources aimed at educating and training students and soldiers to

acquire the skills needed to develop, and work with, cutting edge technology. The hope is

that better educational opportunities will further improve the development of Israel’s

human capital in cyber-space which will further enhance Israel’s qualitative advantages in

cyber-space.255

In grade schools, Israel has developed a number of programs and initiatives. Israel

has made a major push to increase enrollment numbers of students taking high school cyber-

classes.256 Israel is also a world leader in regards to the number of computer-science

teachers it employs.257 The NCB has developed advanced studies programs for students

across Israel who show promise that include additional technical training.258 In 2013, for

example, Israel created the “Magshimim Leumit” training program for high school students

with a focus on educating and developing professional skills among outstanding students

who live in Israel’s periphery (areas outside of major cities and population centers).

Entrance to the program is a highly competitive, as it accepts just 1 out of every 3 students

who apply. The goal of the program is to ensure that Israel identifies people who could

potentially serve in cyber and intelligence positions during their military service, but who

might have otherwise been missed.259

255 Benoliel, “Towards a Cybersecurity Policy Model,” p. 450. 256 Levi, “The Fifth Fighting Space;” Case Bryant, Christa. “Israel Accelerates Cybersecurity Know-How as Early as

10th Grade.” The Christian Science Monitor. June 9 2013. https://www.csmonitor.com/World/Middle-

East/2013/0609/Israel-accelerates-cybersecurity-know-how-as-early-as-10th-grade 257 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. 258 Benoliel, “Towards a Cybersecurity Policy Model,” p. 450. 259 Tabansky and Ben Israel, Cybersecurity in Israel; Prime Minister’s Office. “The “Magshimim Leumit”

Program.” Prime Minister’s Office.

http://www.pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Documents/Magshimim%20L

eumit%20program.pdf

75

In 2017, Israel announced that it would establish a national center for cyber-

education, with the goal of increasing the number, and quality, of students who could work

in military intelligence, defense agencies, the high-tech industry, and academia. The new

program will begin teaching basic computer and cyber-skills in first grade. The project

builds on another program that had begun offering children advanced computer and

robotics courses in fourth grade in roughly 40 schools around the country. The new initiative

is a joint venture between the Israeli defense establishment and academic institutions.260

The military has also been involved with improving educational outcomes related to

the cyber-realm in grade schools, particularly through its highly regarded technical schools.

The IDF has a growing need for well-trained cyber-personnel. To that end the IDF seeks out

promising students and gives them invitations to attend one of the IDF’s technical schools,

where upon graduation the students begin work for one of the IDF’s cyber units.261

Recruiters for the schools reportedly scan the internet looking for suitable candidates and

focus on their analytical capabilities, ability to process large amounts of data, attitude

towards teamwork, and how successful the candidates are at making good decisions

quickly.262 The army has also built cyber training programs for students with outstanding

talent starting in the 10th grade within some civilian high schools.263

260 Associated Press. “In Israel, Teaching Kids Cyber Skills is a National Mission.” YNetNews. February 4, 2017.

http://www.ynetnews.com/articles/0,7340,L-4917408,00.html 261 Case Bryant, “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade;” Silverstein, Richard. “IDF to

Double Unit 8200 Cyber War Manpower.” richardsilverstein.com, October 23, 2012,

http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/; Nakashima and

Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 262 Orpaz, Inbal. “The Secret to High-tech Success? This Elite Israeli Army Unit.” Haaretz. April 18, 2014.

https://www.haaretz.com/.premium-the-armys-employment-agency-1.5245249 263 Case Bryant, “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade.”

76

The private sector has seen the potential here as well and invested in training for

Israeli students. In 2015, a group of leading multinational corporations, all with research

and development centers in Israel, created a “Coding Olympics” with the goal of encouraging

Israeli students to study coding and learn more about jobs in the cyber-realm. This event

also has support from Israel’s Ministry of Education.264 The Coding Olympics appear to have

been a success as they have become a yearly event.265

The IDF also offers training to its soldiers. Israel graduated its first “cyber defenders”

in 2012 from a one year program in which the soldiers were trained to examine IDF

computers and networks in an effort to prevent and detect attacks.266 In 2013, the IDF

greatly expanded the number of soldiers it sends to cyber-warfare courses.267 Currently,

roughly 10,000 are trained in cyber-security every year. To encourage soldiers to get cyber-

training, in some programs the IDF even offers that taking the class will count as credit

towards receiving an increase in salary.268 The IDF has also developed complex simulators

on which to hone their skills. This includes a model city in which trainees remotely control

computer systems and use them to either simulate attacks on targets or defend targets from

simulated attacks.269

264 Elis, Niv. “Multinationals Invest in Teaching Israeli Kids to Code.” Jerusalem Post, October 28, 2015.

http://www.jpost.com/Business-and-Innovation/Health-and-Science/Multinationals-invest-in-teaching-Israeli-kids-

to-code-430250 265 Israel Advanced Technology Industries. “2016 National Coding Olympics is Underway!” Israel Advanced

Technology Industries. November 23, 2015. http://www.iati.co.il/news-item/1856/2016-national-coding-olympics-

underway 266 Cohen, Freilich, and Siboni, “Israel and Cyberspace;” Katz, “Security and Defense: Israel’s Cyber Ambiguity.” 267 Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013.

http://haaretz.ubik.net/news/politics/1.1902961 268 Orpaz, Inbal. “Israel's Army is Starting to Act Like a Startup Company.” Haaretz. May 19, 2015.

https://www.haaretz.com/israel-news/business/.premium-israels-army-is-starting-to-act-like-a-startup-company-

1.5364013 269 Zitun, Yoav. “Training Israel’s Cyber Warriors.” YNetNews, July 24, 2015.

http://www.ynetnews.com/articles/0,7340,L-4683636,00.html

77

Culture and Cyberspace in Israel:

Culturally, Israel has always placed a very high value on technology. This is true for

two reasons. One stems in large part from Israel’s geopolitical environment. The country is

surrounded by neighbors who are generally hostile, and those neighbors generally have

higher absolute wealth, geographically dwarf Israel, and have massive populations relative

to Israel’s. Due to this threatening situation, Israel was forced to find other ways to compete

and survive. It turned to technology.270 This point was stressed by the head of the NCB,

Eviatar Matania, who noted that Israel is so advanced in cyber-space due to a culture of high-

tech innovation fueled by the dangers Israel faces. Matania also stresses that Israeli culture

looks for how to turn disadvantages into advantages, which he argues explains why Israeli

companies have become so successful. They have turned the threat into an economic

engine.271 Israel has also created a culture in the military that values technical ability and

innovation. Many of the start-ups in Israel dealing with cyber-space, as previously noted,

were started by people who worked for Unit 8200 or other intelligence units in the

military.272

Israel has a few specific cultural features that have also made it well suited to become

a top cyber-power. The first is that collaboration is something that Israelis have a long

history of partaking in. Across Israeli society there is a willingness to collaborate instead of

trying to accomplish things alone. This is in marked contrast to, for example, the US, where

270 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City;” Adamsky, “The

Israeli Odyssey Toward its National Cyber Security Strategy,” p. 122-123; Uniyal, “US, Israel Sign Cyber Defense

Agreement.” 271 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 272 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 123

78

the culture is one of individual achievement. Additionally, while Israel often feels beset by

dangers, this feeling of anxiety has pushed Israelis to work quickly in order to address

them.273 This is a particularly valuable asset in a field such as cyber-security where there

pace of change is highly rapid. Further, Israel has a very informal and non-hierarchal

business atmosphere which is perfectly suited to the broader culture generally found in the

high-tech field.274

At the governmental level, Israeli culture attempts to find a balance between security

and privacy. In regards to critical infrastructure, thus far Israel has placed a far heavier

importance on protecting against attacks than it has on privacy. The government is heavily

involved in ensuring these companies are protected, which is in stark contrast to the US,

where these companies are largely left to their own devices to defend themselves because

the concern in America is more focused on privacy and limiting the role of government.275

The Israeli government’s intervention with these companies still only goes so far, however.

The government, for example, does not monitor the companies’ networks, instead relying on

sensors that alert the company to an attack. The company is then required to report such

breaches to the government. Regarding other private companies, as noted, Israel has largely

taken the stance that companies and the market are the forces that will determine what level

of security is necessary.276 This poses dangers, however. If these private companies are

penetrated, and they are connected to government networks, it is possible for attackers to

use their successful attack on these more poorly defended targets to gain access to the more

273 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 274 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 123 275 Nakashima and Booth, “How Israel is Turning Part of the Negev Desert into a Cyber-City.” 276 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 115; Nakashima and Booth,

“How Israel is Turning Part of the Negev Desert into a Cyber-City.”

79

secured government networks. However, Israel in this case has placed greater importance

on privacy and the need to innovate than on the need to defend.

Taken all together, Israel’s culture plays an important role in explaining why it is that

Israel has been successful in cyber-space. The value placed on cooperation, competition, and

innovation are necessary components to succeed in cyber-space. Israel, overall, has a culture

that is well suited to success in cyber-space. This is part of why Israel is excelling far beyond

what an observer might expect based on Israel’s size and lack of natural resources. But, it is

an explanation that would be just what constructivists might expect to be true.

Recommendations:

Invest in Research and Development:

This is a central recommendation, as it is the backbone to everything else.

Regulations, policy, and culture are all largely meaningless if it is difficult to research and

develop new products and services. When governments help fund and support research and

development they also help develop the talent pool and communities of researchers needed

to address emerging threats and opportunities.277 Israel is a world leader in using

technology to defend cyber-space, and it should invest the resources needed to maintain this

edge. There is an additional benefit to the government in funding private research and

development, which is that Israel’s government and military already work closely with the

private sector. Therefore, the more advanced the private sector becomes, the more

advanced the government and military will become as well.

277 Benoliel, “Towards a Cybersecurity Policy Model,” p. 477.

80

Israel should, therefore, take steps to enhance support for research and development

within the government and in the private sector. Maintaining and even expanding the ATP

would be a step in the right direction. Israel should also not only continue to work with the

universities it does, but should also build or fund new computer science labs and research

centers in a greater number of universities. Israel should also offer greater monetary

incentives to private companies, where appropriate, to assist with promising goods or

services.278

For over a decade Israel had held the top spot among OECD nations in regards to

investment in research and development. In 2014, Israel lost that top spot to South Korea.

This was mainly due to a large drop in government funding.279 Israel must reverse that trend

to stay a top cyber-power.

Improve the Regulatory Environment:

Legislation, as discussed, is an important aspect in creating an environment in which

innovation can occur, and Israel has thus far built a solid regulatory environment. The

rapidly developing nature of cyber-space means that new and updated legislation and

regulations will be necessary, and new government agencies may need to be created to help

draft specific requirements and to ensure that policies are implemented.280 There are

particular areas that Israel should focus on in order to ensure that this situation continues:

striking a balance between protecting against attacks and protecting privacy, continuing to

278 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room, 2014. 279 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews, July 5, 2016.

http://www.ynetnews.com/articles/0,7340,L-4824677,00.html 280 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room, 2014.

81

improve training, promoting research and development, and further promoting cooperation

between the military, civilian government, private sector, and academia.

Protect Against Attacks Through Regulating Businesses:

Israel does not, as has been noted, have many requirements on private businesses in

regards to cyber-security. This is a potential gap in Israel’s defenses, and it leaves customers

of those businesses with fewer protections. While Israel should not overly regulate

businesses and stifle innovation, it would be worthwhile for the state to make two basic

demands of corporations. The first is that Israel should require that any large company must

develop a plan for how it would recover from a major cyber-attack that compromised

customer data or would harm the company’s ability to function. Second, it should be

obligatory that companies report breaches of their defenses to the government. As noted,

companies often do not wish to report such breaches as they fear reputation damage. Thus,

companies should only be required to report successful attacks that compromise data or

cause damage, and, the government must ensure that all such reports are kept confidential.

Currently the private sector largely self-regulates and does not share such information.

Requiring companies to do so will make it easier to determine what threats exist, how to

neutralize existing threats, and how to prevent future attacks.281 For this to work, however,

companies must face a penalty if they fail to do take either of these steps.

One way to ensure that companies do so is through business licensing. Establishing

a business requires obtaining a license from the state. As part of that license, business must

meet requirements related to public health, fire safety and security, the environment, and

281 Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation.”

82

more. Israel could add to that list that companies must include in their licensing application

a proposal to address cyber-security threats. Business licenses must also be periodically

renewed, which means that Israel could use a threat to withhold a license as a tool to compel

companies to report successful attacks on their networks.282

Leveraging Culture:

There are two main ways Israel can continue to benefit from its culture in cyber-

space. First, be sure the government does not get in the way. Israel’s generally flexible and

cooperative culture is one that has helped to lead to success in cyber-space. The government

must avoid passing legislation or creating regulations that will interfere with this.283

Second, Israel can appeal to particular cultural aspects to help convince people to

work for the government. Jobs for the government often pay less than jobs in the private

sector. Israel therefore needs to find other ways to convince people to work for the

government or military. There are two cultural attributes of particular importance in this

regard: Israelis often wish to be at the center of important projects and to feel personally and

professionally important, and Israelis generally show a strong willingness to serve their

nation.284 Attempting to leverage these aspects of Israeli culture is one way that might find

success.

282 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153, 2016; Siboni, “Protecting Critical Assets and Infrastructures from Cyber Attacks.” 283 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 80-81. 284 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 12.

83

Chapter 3 – A Conceptual Model for Cyber-Space: 4Ds and an R

As with all emerging threats, there is deep concern that the cyber-realm represents a

new set of capabilities that will prove extremely difficult to protect against and which will

prove particularly destructive.285 In military history there has always been a time lag

between the emergence of significantly new technological and operational capabilities, and

the development of effective responses. In the interim, the outlook has looked grim, even

irreparable, for those seeking to cope with the new capability. Many scholars and

practitioners, in fact, argue that the dangers posed to nations originating in the cyber-realm

are outpacing existing defenses and doctrines.286 This chapter will propose a conceptual

model, which draws on principles of military strategy, for developing a response. This model

is entitled “4Ds and an R.” The “Four D’s” are Detection, Deterrence, Defense and Defeat and

the “R” is the concept of Resilience. Each of the components of the model will be discussed

in detail to show how they are relevant to cyber-space. The chapter will also demonstrate

that the model is a useful guide by applying it to what Israel’s experience in cyber-space has

been. While the focus of the chapter is on cyber-attacks that impact national security and

not on cyber-crime, much of what is argued applies to it as well.

The idea of crafting such a model to build strategies around is not new, though

different nations and authors have conceived of each component slightly differently. The

United States, for example, uses a 4Ds model in its fight against terrorism that was created

285 Portions of this chapter’s wording are pulled from Cohen, Freilich, Siboni 2017 and Cohen, Freilich, Siboni

2016. The presentation and argument are modified. 286 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 8; Siboni,

Gabi and Sami Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs, Vol. 4, No. 3. 2012;

Kissinger, Henry. World Order. (New York: Penguin Press, 2014), p. 343-344; Choucri, Nazli. Cyberpolitics and

International Relations. (The MIT Press: Cambridge, MA: 2012), p. 149.

84

in the 2003 “National Strategy for Combating Terrorism.” That document proposed that the

four main goals in the war on terror were to defeat terrorist organizations, deny sponsorship

and support, diminish the underlying conditions that bread terror, and defend against

attacks. It also has a heavy emphasis on the US building its intelligence capabilities and

stressing cooperation with international partners. Despite the novel nature of cyber-space,

responding to the threats it poses is in many ways similar to responding to other asymmetric

threats such as the ones the US model is meant to address.

Israel has always based its security around the need for early warning of attacks,

deterring hostile actors, and decisively defeating enemies.287 Israel’s strategy has evolved to

include a focus on defense as well.288 While not referred to specifically as a 3D or 4D strategy,

Israel’s conceptual model corresponds well with the 4Ds proposed here. Israel has already

begun to develop and employ this strategic model in cyber-space, making it a perfect case

study for this chapter.289 Resilience, however, has not yet receive the same level of attention

from the US or Israel.

In academic literature, each of the four Ds as they apply to the cyber-realm has been

touched upon. Only one work, Cohen, Freilich, and Siboni 2017, has combined them into one

overall conceptual model. This chapter will build upon our previous article and offer a test

287 Tal, Israel. National Security: The Israeli Experience (Westport, CT: Praeger, 2000); Baram, Gil “Israeli Defense

in the Age of Cyber War.” Middle East Quarterly. Winter, 2017, p. 3. 288 Ben-Horin, Yoav and Barry Posin. Israel’s Strategic Doctrine (Rand Corporation: Santa Monica, CA 1981) 289 Baram, “Israeli Defense in the Age of Cyber War;” Ben-David, Alon. “Playing Defense.” Aviation Week and

Space Technology, Volume 173, 2011; Efrati, Rami, and Lior Yafe. “The Challenges and Opportunities of National

Cyber Defense.” Israel Defense, August 11, 2012,

http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; Even, Shmuel and David Siman-Tov. “Cyber

Warfare: Concepts and Strategic Trends.” Institute for National Security Studies, Memorandum 117. May 2012, p.

79.

85

of the model to demonstrate that applying it can help both academics and policy makers

better understand the threat and how to deal with it.

In regards to detection, Shmuel Even and David Siman-Tov argue that detection can

be problematic in the cyber-realm as unlike conventional attacks, cyber-attacks do not

require the movement of any physical assets, and cyber-attackers can disguise their attacks,

making it difficult to determine if an attack has even taken place.290 The Australian national

cyber security strategy attempts to address this by stressing improved detection through

continuous real time monitoring online.291 Singer and Freedman build on this when they

contended that nations will struggle to conduct threat-assessments in cyber-space as there

are too many points of entry for attackers and adversaries are rapidly developing new cyber-

weapons that can attack in many different ways.292 Applegate notes that perimeter defenses,

systems that are designed to prevent attacks from penetrating networks, can not only

defend, but can also help detect and alert to attacks. Applegate also contends that what he

refers to as “deceptive maneuvers” can help detect attacks. They are actions and systems

designed to trick attackers into targeting the wrong system, thus alerting defenders to their

presence.293 Singer and Freedman build on this as well, and argue that systems should be

built in such a way that if a part of the system fails, it will alert the user of the problem.294

290 Even, Shmuel and David Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute

for National Security Studies, (Hebrew) Memorandum 179, INSS, June 2011, p. 31-32. 291 Australian Government. “Cyber Security Strategy.” Commonwealth of Australia. 2009.

https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Documents/AG%20Cyber%20Security%20Strategy%2

0-%20for%20website.pdf 292 Singer, P.W. and Allan Friedman, Cybersecurity and Cyberwar (New York: Oxford University Press, 2014), p.

149. 293 Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 2012 4th International Conference on

Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. 294 Singer and Friedman, Cybersecurity and Cyberwar, p. 171.

86

Many different authors and countries have noted the struggle with creating

deterrence in cyber-space. Libicki argues that there are too many potential difficulties to

build a strong cyber-deterrence posture, including the ability to hold potential attackers’

assets consistently at risk, deciding on a consistent threshold for a response, preventing

escalation, and difficulties disarming attackers.295 Libicki as well as Rid, Rid and Buchanan,

and Singer and Freedman contend that determining attribution of cyber-attacks poses

difficulties to deterrence.296 Clarke and Knake build on this, noting the relative ease with

which attackers can disguise their actions.297 Valeriano and Maness argue that deterrence is

unrealistic in cyber-space in part because it is difficult to display resolve and credibility in

cyber-space. Deterrence requires that a nation’s capabilities be made known, but doing so

in cyber-space means others can copy your code. Along those lines, if a nation uses a weapon

to demonstrate its abilities, other nations are then capable of modifying that weapon and

turning it back on the first state. Further, cyber-weapons do not stay contained to their

targets, which makes states less likely to use them.298

In contrast to these arguments, other scholars believe that deterrence is possible. A

book by the Joint Advanced Warfighting School argues that deterrence rests on the ability to

develop systems that will make investigating attacks easier, thus making it simpler to assign

blame and take action.299 Kugler argues that cyber-deterrence strategies must be

295 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009). 296 Libicki, Cyberdeterrence and Cyberwar; Singer and Friedman, Cybersecurity and Cyberwar, p. 136; Rid,

Thomas. Cyber War Will Not Take Place (London: C. Hurst and Co, 2013); Rid, Thomas. & Buchanan, Benjamin.

“Attributing Cyber Attacks.” The Journal of Strategic Studies, Vol. 38, No. 1-2, 2015. 297 Clarke, Richard A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do

About It (Ecco: HarperCollins Publishers, 2012), p. 122-127. 298 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International

System. (Oxford: Oxford University Press. 2015), p. 47. 299 Joint Advanced Warfighting School, “Nothing New Under the Sun: Benefiting from the Great Lessons of History

to Develop a Coherent Cyberspace Deterrence Strategy,” CreateSpace Independent Publishing Platform (April 8,

2014), p. 51.

87

straightforward so that adversaries know what to expect.300 Nye contends further that

deterrence in cyber-space does not require that every attack be stopped. Cyber-threats

should instead be viewed more similarly to crime in that it is not possible to prevent every

act, but many can still be deterred.301 Cooper states that crafting better cyber-deterrence

policies will require moving past the idea that deterrence rests on punitive retaliation

alone.302 Numerous authors, in fact, noted that when deterring cyber-attacks, nations need

not be limited to cyber-space, and can include diplomatic, economic, cyber, military, and, at

the most extreme level, nuclear force.303 Kissinger further argues that deterrence cannot

necessarily be conducted in a symmetrical fashion. For example, when a nation with weak

financial institutions attacks one in which such institutions are strong, the victim should not

be constrained to counter-attacking financial institutions.304 Baram builds on this idea by

positing that demonstrating a state’s capabilities may in fact lead to deterrence. He argues

that Israel’s use of Stuxnet (to be discussed later in the chapter) may have deterred other

powerful potential adversaries from attacking.305 Further, Nye states that deterrence by

denial should also be considered a part of any deterrence strategy by making it pointless for

enemies to attack.306 If states can achieve deterrence, it has an additional benefit. It can

300 Richard L. Kugler, “Deterrence of Cyber Attacks,” in Cyberpower and National Security, ed. Franklin D.

Kramer. (National Defense University Press and Potomac Books, 2009) 301 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.

45. 302 Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats,

Opportunities, and Power in a Virtual World, ed. Derek S. Reveron (Georgetown University Press, 2012). 303 Singer and Friedman, Cybersecurity and Cyberwar, p. 136, 144-145; Libicki, Cyberdeterrence and Cyberwar;

Nye, “Deterrence and Dissuasion in Cyberspace,” p. 45; Kissinger, World Order. 304 Kissinger, World Order, p. 346-347. 305 Baram, “Israeli Defense in the Age of Cyber War.” 306 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 56.

88

greatly reduce the cost of cyber-defense. Defense and deterrence go hand in hand, and

deterring attacks before they occur means one does not have to defend against them.307

There is no general agreement on how to build successful cyber-defenses. Lynn

stresses that due to the universal reach of the internet, it is not enough to simply protect

government networks, but that the government must work with private organizations to

create a robust defense.308 Cohen and Rotbart posit that cyber-weapons have a unique

character that aids in defense. Once discovered, any cyber-weapon can be easily neutralized,

although the danger continues for the defender as it is still possible to manipulate the same

code to create new weapons.309 NATO has sought to boost its defenses by working with allies

to secure their national infrastructure, strengthening its own network through NATO

Incidence Response Capability, training and educating its employees, and working with

private industry.310 Syadjari argues that cyber-defense involves an enormous range of

activities for states, including: research and development on improved technology,

intelligence gathering on potential threats, building cyber-command and control

organizations, and developing cyber tactics and strategies.311 Singer and Friedman note that

China views defense in a more offensive manner. China sees infiltrating and disrupting

foreign systems as a form of defense, in that it can disable the ability of adversaries to

attack.312

307 Libicki, Cyberdeterrence and Cyberwar; Adams, James. “Virtual Defense.” Foreign Affairs May-June 2001. 308 Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014.

http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later 309 Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and Strategic Affairs,

Vol. 5, No. 1. 2013. 310 NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm 311 Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing

Machinery, Vol. 47, No. 3, March 2004,

http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-

83b7-3eea2bd7423c.pdf 312 Singer and Friedman, Cybersecurity and Cyberwar, p. 143.

89

There have been some attempts by nations to create Demchak and Dombrowski’s

cyber-Westphalia.313 The idea in this context is that once created, states will be better able

to control what enters their cyber-space, simplifying efforts to identify and defend against

attacks. Such systems are technically possible, as Cahanin notes, China has been attempting

to change the “cyber terrain” by creating its own secure operating system, thereby making it

more difficult for other nations to attack.314 Not all authors, however, agree this is occurring

in a widespread manner, with Choucri, for example, noting that even as barriers are erected

in cyber-space, other actors are pushing for them to be taken down.315

The topic of defeat in the cyber-realm is an area in which a great deal of research

remains to be conducted. There is not even a clear sense of what it means to defeat an enemy

in cyber-space or how to accomplish it. Kello, for example, argues that cyber-weapons are

ineffective as a coercive tool.316 For authors who contend that it is possible to achieve defeat

in cyber-space, many of the strategies they propose are technical in nature, such as Repik,

who states that nations can achieve cyber-defeat of an enemy using network reconfiguration

and decoy networks.317 Eom, Kim, Kim and Chung argue that nations should aim to create

cyber-space superiority, by gaining the operational advantage necessary to continue

conducting military operations without having their efforts interrupted. They argue that to

achieve this will require increased and improved training of cyber personnel, the gathering

313 Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly.

2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf 314 Cahanin, Steven E. “Principles of War for Cyberspace.” Air War College, Air University, 2011. 315 Choucri, Cyberpolitics and International Relations, p. 51. 316 Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.

2014, p. 189. 317 Repik, Keith A. “Defeating adversary network intelligence efforts with active cyber defense techniques.” 2008.

No. AFIT/ICW/ENG/08-11. Air Force Institute of Technology. Wright-Patterson Air Force Base, OH.

90

of intelligence, and cyber propaganda efforts.318 Despite this disagreement, it is nearly

universally agreed that nations can supplement military or diplomatic strategies using

cyber-attacks.319

Relatedly, it is unclear if offense or defense currently holds the advantage in cyber-

space. It appears that most policy makers and many, if not most, academics hold the view

that offense is stronger. They argue this is true for a number of reasons: vulnerability of

defenses; the speed of cyber-attacks; the absence of distance as an inhibiting factor;

attribution difficulties; and the availability of a massive number of targets. Further, the

attacker does not need to win every battle to cause problems for the defender, while the

defender cannot fail even once. These dangers are heightened due to the ease of launching

cyber-attacks.320 There are many, however, who disagree with these contentions. Launching

an effective attack in cyber-space against an even moderately well defended target requires

that the attack, and the vulnerabilities used to create it, be a surprise to the target. Otherwise

an attack can be blocked easily with a simple patch. Thus, if attackers do not have access to

a zero-day vulnerability, the defender may have already found the vulnerability and closed

it before the cyber-attack was launched. This means that attackers must have highly detailed

intelligence in order to successfully cause damage.321 Slayton additionally argues that

318 Eom, Jung-Ho, Nam-Uk Kim, Sung-Hwan Kim, and Tai-Myoung Chung. “Cyber Military Strategy for

Cyberspace Superiority in Cyber Warfare.” 2012 International Conference on Cyber Security, Cyber Warfare and

Digital Forensic (CyberSec). June 26-28, 2012. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6246114 319 Baram, “Israeli Defense in the Age of Cyber War 320 Huntley, Wade L. “Strategic Implications of Offense and Defense in Cyberwar.” 49th Hawaii International

Conference on System Sciences, 2016, p. 5590; Sheldon, John B., “Deciphering Cyberpower Strategic Purpose in

Peace and War,” Strategic Studies Quarterly, Summer 2011; Kello, “The Meaning of the Cyber Revolution;”

Krepinevich, Andrew, “Cyber Warfare: A ‘Nuclear Option’?” Center for Strategic and Budgetary Assessments.

2012. 321 Huntley, “Strategic Implications of Offense and Defense in Cyberwar,” p. 5590; Aucsmith, David, “War in

Cyberspace: A Theory of War in the Cyber Domain,” Cyberbelli.com, May-June 2012; Gray, Colin S., “Making

Strategic Sense Of Cyber Power: Why The Sky Is Not Falling,” Strategic Studies Institute and U.S. Army War

College Press, April 2013.

91

offense is far more expensive than defense though an analysis of the costs to launch and

defend against Stuxnet.322

Building a resilient network, i.e one that can quickly recover from attacks, must

include the ability to rapidly bring systems back-up and running. How to achieve this, as it

is in the case of recovery from natural disasters, is unclear.323 Demchak posits that the

increasing interdependency of networks means that any successful attack has the potential

to cause even greater damage by harming all systems that are part of the same network. She

thus argues that in cyber-space the key to building resilient systems is to minimize the

element of surprise by adopting technologies and policies designed to help defenders

anticipate the timing and nature of attacks, and thus to respond and recover rapidly.324

Singer and Friedman, along with Gray, argue for the creation of resilient systems and

organizations that can continue to function at a high enough level to fulfil their main function

after sustaining damage.325 Singer and Friedman note that different organizations will have

different needs, thus the way to build resiliency varies on a case by case basis. They do

propose, however, three elements that can help: build “intentional capacity to work under

degraded conditions;” build systems designed to quickly recover; and learn from failures in

order to deal with threats going forward.326

322 Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.”

International Security. Vol 41, No 3. 2016/2017, p. 75. 323 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 20. 324 Demchak, Chris C. “Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber

Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No. 3. 2012,

https://citizenlab.org/cybernorms2012/Demchak2012.pdf 325 Singer and Friedman, Cybersecurity and Cyberwar, p. 170-171; Gray, “Making Strategic Sense Of Cyber

Power.” 326 Singer and Friedman, Cybersecurity and Cyberwar, p. 170-171.

92

The 4D’s and R Conceptual Model:

Detection – or early warning of impending attacks, is as critical in the cyber-realm as

in the physical. It is far easier to defeat an attack before it occurs than after it has breached

the network. Prevention, of course, is only possible if one has sufficient early warning and it

is usually easier to defend against an attack, or at least to minimize the effects, the greater

the advance time. Much as cyber-technology poses new problems of detection, it also

provides new options for doing so. Some already exist, more are in development. A vast

number of cyber-attacks can be launched simultaneously from numerous sources, but the

technology can be used to detect and counter a similarly large number.

Few states, let alone non-state actors and individuals, have the capabilities required

to successfully conduct a major cyber-attack against a sophisticated state-defender. The true

detection challenge thus lies not in the vast number of potential attackers around the globe,

but in a more limited number of highly sophisticated ones. In this case, the detection

problem becomes more similar in magnitude to other asymmetric threats and more

manageable.

Complicating the picture is that states face dangers not just regarding governmental

systems, but all critical infrastructure and many major organizations and companies. Any

private sector company with ties to government networks now poses vulnerabilities as

attackers can attempt to gain access to the more poorly defended systems and use them as a

backdoor to attack more secure ones.327 Thus nations need to detect possible threats on

327 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room, 2014, p. 7.

93

such companies. Advanced nations have already begun to develop protocols to do so and

have increased information sharing with the private sector.

A particular difficulty involved in detecting attacks from non-state and individual

actors, is that they can be located in friendly nations, which constrains the ability to spy on

them without straining relations with the host-state. Technology can assist with this, since

detection can be done from afar without violating a state’s sovereignty. Conversely, the need

for heightened international cooperation and information sharing is clear and can be

conducted through long existing channels of intelligence and law-enforcement cooperation.

Improved cyber-intelligence is key. Efforts to detect cyber-attacks should be based

both on specially tailored means of gathering cyber-intelligence, including examining

network behavior and meta-data of attackers, analyzing malware and forensics, and by

devoting a greater portion of already existing human and electronic intelligence resources

to the cyber-realm. The tools needed to detect attacks, and the likely success achieved, may

vary with the kind of attacker. One option, appropriate primarily for non-state and individual

attackers, is to impersonate members of the cyber-networks they use to gain intelligence, i.e.

to pose as fellow activists.328 Another option, appropriate for all potential attackers, is to

develop improved capabilities to monitor anomalies in cyber-traffic that might indicate

impending attacks.329

A number of factors work to the defender’s advantage. Attackers often conduct

“cyber-reconnaissance missions” before attacks begin, to assess the weak points in the

328 Microsoft. “Impersonation,” Microsoft Tech Net, http://technet.microsoft.com/en-us/library/cc961980.aspx 329 Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare (pp. 179-190)

(Cambridge, UK: O’Reilly 2012), p. 188.

94

defender’s systems.330 The larger a planned or ongoing cyber-attack, the easier it is to

intercept communications between attackers and conduct a defense. For many nations, the

detection problem is further simplified by the small number of communications cables

carrying Internet traffic, meaning it is easier to monitor traffic in and out of the nation. None

of this resolves the problem of cyber-attacks by other means, such as dangers from inside an

organization or the uploading of malware from thumb drives, but these can be dealt with

through standard security precautions.

Detection and Israel – Israel appears to have put an emphasis on early warning and

preemptive action to thwart cyber-attacks. This is fully in keeping with Israeli security

strategies more generally. Early warning has always been a cornerstone of Israeli policy, as

Israel has faced constant existential threats since its founding.331 Yuval Diskin, the former

head of the ISA, has even stated that Israeli cyber-defense policy has strived to “develop the

means of identifying potential attackers and preventing them from operating.”332 As part of

these efforts, Israel has used its advanced cyber-abilities to develop technology that has

assisted in gathering information and data regarding potential attackers’ intentions and

capabilities. With this information, Israel can focus on preparing to prevent attacks by those

actors.333 Additionally, Israel has developed systems that identify which Internet Service

Providers (ISP) and countries are most likely to be used to host attacks. Israeli cyber-

330 Moran, “A Cyber Early Warning Model,” p. 181. 331 Baram, “Israeli Defense in the Age of Cyber War,” p. 3-4. 332 Ben-David, “Playing Defense.” 333 Baram, “Israeli Defense in the Age of Cyber War,” p. 8; Baram, Gil. “Influence of the Development of

Cybernetic Warfare Technology on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1.

2013, p. 23.

95

defenders are given wide latitude in blocking certain ISPs from these nations when they

detect an attack, even before it is clear the ISPs are the source.334

Private companies in Israel have also been developing new technology. One of the

most significant steps came in 2014 when an Israeli defense contractor, Israel Aerospace

Industries, opened a new R&D center in Singapore with the goal of developing new

technologies and new techniques that provide early warning of cyber-attacks. The center

aims to examine how to improve technologies that can identify cyber-attacks as they begin

in real time, monitor them, and then redirect the attacks to websites set up to absorb them.

The new technology will also look to improve detection of anomalies that might indicate

impending attacks.335

Organizationally, Israel has created units in the ISA and IDF that employ hackers who

attempt to breach defenses in both the public and private realm (critical infrastructure such

as banks, hospitals, water, so on) in order to expose potential vulnerabilities and fix them

before they can be attacked by malicious actors.336 This is useful in regard to early warning

because it provides valuable insight into how to identify enemy hackers and detect the

signatures of an attack as it gets underway.337 The government’s CERT will also provide

information on potential attacks, which could provide critical early warning. The IDF also

gathers intelligence on parties that might have the desire to launch attacks.338

334 Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post, February 5, 2013,

http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders 335 Lappin, Yaakov. “IAI Opens Cyber R&D Center in Singapore.” Jerusalem Post. February 13, 2014.

http://www.jpost.com/Defense/IAI-opens-cyber-R-and-D-center-in-Singapore-341294 336 Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews, December 12, 2012,

http://www.ynetnews.com/articles/0,7340,L-4322499,00.html; Dvorin, Tova. “Secret Shin Bet Unit at the Front

Lines of Israel’s Cyber-War.” Arutz Sheva, April 25, 2014,

http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU 337 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Lappin, “IAI Opens Cyber R&D Center in

Singapore.” 338 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.”

96

Deterrence – refers to the ability to harm assets or values of importance to an

adversary as a means of dissuading it from taking unwanted action.339 Deterrence can be

achieved through denial, meaning convincing the adversary that one has the capability to

prevent it from achieving its objectives, or through the threat of retaliation (punishment). In

either strategy, the goal is to convince the attacker it is not even worth it to try to achieve its

goals. For deterrence to be effective, the adversary must have capabilities, resources, assets

or other values to which it attaches significant importance. Further, a successful deterrent

policy requires that the actor send a clear and consistent message regarding what will

happen if particular boundaries are crossed.340 This can be difficult to create in cyber-space

as signaling intent and making clear the threat is credible can be a challenge. In regards to

signaling, cyber-attacks tend to be secretive, so it is difficult for a target to know that it has

been hit with an attack.341 Further, once a target is aware of the attack it is generally fairly

easy to stop it, which means the attacker cannot make clear it is behind the attack while it is

underway. For this reason, it is difficult to enhance credibility by disclosing capabilities.

Once a cyber-weapon is public it can be quickly defeated, unlike physical weapons.342 If

states could provide a sign of their capabilities without disclosing specifics that could,

however, greatly enhance cyber-deterrence.343 How to do that is not clear, however. Further

complicating the credible nature of a cyber-deterrent, for these reasons, it is not clear if

assets can be consistently held under threat.344

339 Ben-Horin and Posin, Israel’s Strategic Doctrine, pp. vii; Gartzke, Erik, and Jon Lindsay. “Cross-Domain

Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting, July 2014,

https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf; p. 12-13. 340 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 12-13. 341 Libicki, Cyberdeterrence and Cyberwar, p. 52; Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58. 342 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58. 343 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 54. 344 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 58.

97

Attribution is central to deterrence based on punishment, as to deter an adversary

this way requires that it have an identifiable “return address” to retaliate against. The cyber-

attack on Sony in 2014 illustrates this point, as no known group has taken responsibility, it

limits the options available to Sony or America to respond. This situation arises in part from

the nature of the internet and the outdated communications protocols that underlie it which

make it easier for actors to hide their identities.345 The more sophisticated the actor, the

harder attribution becomes. Often attribution of attacks can be determined by finding

mistakes or signals the attackers mistakenly left behind, but more competent and advanced

actors make fewer mistakes. Further, even the best teams can struggle to assign attribution

for an attack in a short period of time, so if a quick response is needed it will have to be

undertaken without proper attribution. The challenge of attribution is also growing as

cryptography is becoming stronger and as attackers learn from the mistakes that they, and

others, have made in the past.346

Despite these challenges, attribution is possible. To do so effectively, states need to

develop skills, tools, and an effective organizational culture. This involves high quality

training and experienced team members and leaders. How certain a state needs to be

regarding the actor behind a cyber-attack also matters as determining attribution takes time

and resources. Thus, if consequences of the attack were not severe, states might choose not

to invest a great deal in the way of resources into determining who was behind it.347 The

international context surrounding an incident can also simplify attribution. Understanding

345 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent

Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security, Vol 1, No 1. 2017, p. 84. 346 Rid and Buchanan, “Attributing Cyber Attacks,” p. 29-30. 347 Rid and Buchanan, “Attributing Cyber Attacks,” p. 27-28.

98

the broader geopolitical circumstances can help limit the number of culprits as cyber-attacks

do not tend to target countries at random. Thus, the number of suspects is already narrowed

by examining the context.348

In cases were attribution is possible, the type of perpetrator (state-actor, terrorist

group, other non-state group, or individual) plays an important role in determining the

nature of the deterrent policy. Deterrence of cyber-attacks by state actors is not

substantively different from deterrence in other conflicts and the retaliatory considerations

are essentially the same. The state under attack can retaliate with the entire spectrum of

capabilities at its disposal, cyber, diplomatic, kinetic, economic, or some combination

thereof. Deterrence becomes more problematic when attribution is not possible, especially

given the unseen or ambiguous nature of some cyber-attacks. This is not unique to the cyber-

realm. States have encountered this problem in the physical world, primarily in regard to

terrorism, and developed forensic tools to help them assign attribution.

Deterring non-state actors is far more difficult as in most cases it is not clear which

particular actor is behind an attack.349 The good news regarding non-state actors and

individuals is that they are less likely to have the resources required to launch crippling

cyber-attacks against advanced countries, and that publicity is often one of their primary

motivations, thereby facilitating attribution. Additionally, developing better forensic tools

will help to determine who launched an attack, thus easing attribution concerns.

Deterring cyber-attacks by terrorist groups, assuming attribution, should also be

essentially similar to deterring them from physical ones, again running the gamut of

348 Valeriano and Maness, Cyber War Versus Cyber Realities. 349 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 187; Blank, Laurie R. “International Law and

Cyber Threats from Non-State Actors.” International Law Studies. Vol 89. 2013, p. 419.

99

potential cyber and non-cyber forms of retaliation. Most terrorist organizations are not

nihilistic and have values they wish to protect, though their values and tolerance for

punishment may be different than that of most states. Cyber-attacks can be cheap, but

building sophisticated capabilities required to penetrate the defenses of countries with

advanced cyber-capabilities, is not. This raises the possibility that in addition to physical

assets and other values, a terrorist organization may be vulnerable to cyber-retaliation.350

Regardless of the type of asset, the ability to retaliate would only be complicated by the same

considerations that apply to a physical attack, including distance and vulnerability.

The real problem in deterring terrorists, in the cyber-realm as in the physical world,

may be that the damage they cause, painful as it is, is usually limited, while terrorists’

tolerance for pain often exceeds the responding state’s willingness to mete out punishment,

or risk further harm to itself. This is especially true of Western democracies; it is not that

they are incapable of suppressing terrorism and insurgencies, but that the overall effort

required, including the level of damage and cost in lives, has typically not been perceived to

be commensurate with the threat to their interests. Should a terrorist organization conduct

a drastic cyber-attack, or there be convincing information of an impending one, the

willingness of the targeted country to adopt severe deterrent measures will undoubtedly

grow.

The nature of the host country the cyber-attack originated in is again of great

importance, i.e. whether it has a friendly, effective government willing to cooperate. In

countries such as these, independent retaliation would not be possible, unless the target was

willing to breach the host government’s sovereignty. Instead, deterrence would be achieved

350 Libicki, Cyberdeterrence and Cyberwar.

100

by working with the host-government’s intelligence and law enforcement agencies to

prevent the attacker from acting or by affecting their expectations of paying a price for their

actions. In some cases, the likelihood of severe legal action might be a sufficient retaliatory

deterrent. Today, this expectation is quite limited, thereby emboldening organizations and

individuals to conduct cyber-attacks. When attacks do not originate in countries with

cooperative and effective governments, the ability to deter through legal means is of course

far more limited. The deterrent question then is whether the terrorist organization has cyber

capabilities or other values that are worth attacking, and the feasibility of doing so. The

considerations involved are similar to those in retaliating against a physical act.

A further complication is that cyber-attacks may be routed through ISPs (Internet

Service Providers) in other nations. It is possible for a government to work with or pressure

the ISPs, or these host governments, to halt such attacks as they are occurring.351 If nations

do not receive adequate cooperation, it may be possible instead to retaliate by publicly

shaming the ISP and nation, or the group or individual that attacked. This has the additional

benefit that it will draw the attention of security services around the world to that particular

group or individual in an effort to ensure they cannot launch further attacks.

Deterrence and Israel – Israel has a long history of attempting to deter attacks in the

physical realm. Israel has come to accept that deterrence will fail from time to time against

all manner of threats, but that temporary failure should not lead the country into abandoning

an otherwise successful policy.352 Instead, Israel views deterrence as a cumulative effort.

351 Clarke and Knake, Cyber War, p. 16. 352 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 14.

101

Each successful attempt at deterrence enhances the next, and each failure must be countered

by a success.353 This type of understanding of deterrence is well suited to the cyber-world

where attacks are easy to launch.

One of the pillars Israel bases its cyber-policy policies on is to enhance deterrence.354

In cyber-space, Israel appears to base its deterrence on both its defensive (denial) and

offensive (punishment) capabilities. Israel emphasizes its defensive capabilities in the hope

that it will succeed in showing potential attackers, both state and non-state, that their

chances of success are limited and that it is not worth their time.355 At the same time, as will

be detailed later in the chapter, Israel has developed an impressive record of using the cyber-

realm for offensive purposes as well. These offensive capabilities aim in part to accomplish

specific goals, and also appear to be aimed at showing potential attackers what Israel is able

to do if it chooses to respond to an attack.356 Here again, research and development of new

technology, coupled with training programs, is critical to enhancing these abilities vis-à-vis

Israel’s opponents.

It is not clear, however, if Israel has really been successful in deterring cyber-attacks.

The sheer number of attacks that continue today would suggest otherwise. However, the

situation is not necessarily that straightforward. Take the case of Stuxnet. Whether or not

Stuxnet was successful in harming Iran’s nuclear program (more on this below), it is possible

that Israel’s ability to deploy a worm that could cause physical damage deterred other

353 Baram, “Israeli Defense in the Age of Cyber War,” p. 3. 354 Baram, “Influence of the Development of Cybernetic Warfare,” p.22. 355 Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber Warfare.” Jerusalem Post, March 22, 2013,

http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-307367 356 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic

Affairs. Vol. 5, No. 1. 2013.

102

potential actors from launching cyber-attacks.357 Overall, it is not yet clear how successful

Israel’s efforts at deterrence have been.

Defense – addresses the prevention of attacks on military, governmental and critical

infrastructure networks, as well as on private networks, businesses, and individuals. There

are numerous challenges to conducting defenses in cyber-space, including the wide range of

targets that need defending, and that most attacks can afford to fail if just one major one

succeeds, where defenders have to be successful nearly every time. Additionally, hardware

and software contain a nearly endless supply of vulnerabilities that can be exploited. In

many cases, all attackers need to do is modify cyber-weapons that were successful in

previous attacks. In cases where that does not work, there is a flourishing dark-web market

of exploits and zero-day vulnerabilities that attackers, be they states or non-state actors, can

purchase.358

Defending the cyber-realm will demand the continuing improvement of existing

technologies and the creation of new ones. Among the areas requiring improvement are

perimeter defenses, which can be accomplished by creating systems that defend end-points

against penetration, such as anti-virus software and firewalls, anomaly detection to discover

abnormal users or communications, and malware payload blocking technology to neutralize

malware that has already penetrated the system in order to prevent it from activating at a

later date.

357 Baram, “Israeli Defense in the Age of Cyber War,” p. 7-8. 358 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84.

103

Cyber-defense cannot be conducted on-line only, but requires a multi-layered effort

involving intelligence gathering, efforts to interrupt attacks, securing networks, and effective

cooperation with foreign governments to handle legal issues that arise. Cooperation with

foreign nations can be a valuable tool for boosting defenses. Agreements can be reached to

share information on attacks so countries can defend themselves from similar threats.

Sharing some advances in technology can also be a useful way to improve defenses if both

countries can offer something new to each other. Countries can also establish joint network

monitoring and intelligence cooperation regarding threats so better responses can be

developed.359

The source of an attack impacts how best to defend against it, as different actors are

capable of different types of attack. As already noted, it is generally more difficult to defend

against attacks from states as they have the greatest capabilities and ability to hide their

actions, whereas the technological capabilities of non-state actors and individuals, such as

denial of service attacks, are typically less sophisticated and can be handled through simpler

technological solutions. One goal is to identify and deflect threatening traffic to websites set

up to absorb the additional traffic. Active cyber-defenses are critical to defending networks.

Designing such systems includes identifying which Internet Service Providers (ISP) and

countries are most likely to be used to host attacks on the nation’s networks. To be most

effective, defenders should be given wide latitude in choosing when to block ISPs.360

359 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 33. 360 Sklerov, Matthew J. “Responding to International Cyber Attacks as Acts of War.” In Inside Cyber Warfare,

edited by Jeffery Carr, p. 45–76. (Cambridge: O’Reilly, 2012), p. 195; Even and Siman-Tov, “Cyber Warfare:

Concepts, Trends and Implications for Israel,” (Hebrew), p. 19.

104

Defenders must also take into account the supply chain used to design and

manufacture their equipment. Hardware, firmware, and software for everything from

computers, to smartphones, to missiles, are currently created and built around the world,

which makes it difficult to ensure that a product is secure. The companies and nations in

which such equipment is designed and made may include hidden code that will allow the

device to be hacked later on. Governments could work in conjunction with foreign

companies and nations to develop an accreditation system that would focus on ensuring the

design and manufacturing processes are transparent and that the products are secure.361

It is no longer enough to simply defend government networks as the private and

civilian sectors also play a major role in national security. Militaries often rely on private

industry and defense contractors to design, research, and build products and services the

military needs. Thus, governments need to protect these companies from espionage.362 At

the most basic level, states must define what they consider critical infrastructure and have a

plan to defend it. In many nations, critical infrastructure is privately owned, which

complicates efforts to create defense plans. States must develop plans on how to assist the

private sector.363

The private sector comprises the majority of cyber-space and is the focus of most of

the attacks. Generally, it is also more poorly defended than government systems. This is of

great importance to national security for two main reasons. First, many private companies

361 Inserra, David and Steven P. Bucci, “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security,

Prosperity, and Freedom in Cyberspace,” Backgrounder #2880, The Heritage Foundation, March 6, 2014,

http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-

prosperity-and-freedom-in-cyberspace 362 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge

Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge.

2016.), p. 193. 363 Kello, “The Meaning of the Cyber Revolution,” p. 29.

105

provide services to the government that involve the exchange of sensitive information. Thus,

the security of that information now relies in major part on the company’s security. Second,

private companies often provide technical services to the government as well. This means

that attacks on these often less secure private companies can be used, as noted, as a backdoor

to gain accesses to sensitive systems. Small companies and start-up firms that lack resources

to create adequate defenses are particularly vulnerable.364 This is a problem in nations with

a lot of these companies, such as Israel. Overall, the importance of the private sector in cyber-

space complicates defensive strategies as states do not control all relevant organizations.365

Israel and Defense – Israel has found great success with its cyber-defenses and has

consistently been recognized as one of the most advanced nations in this regard. Israel’s

success is all the more impressive when one considers the massive range, and unrelenting

nature, of the threats Israel faces in cyber-space. This success has come about for a number

of reasons. One is the importance Israel has attached to the sector as discussed in the

previous chapter. Further, Israel’s cooperation with the private sector and academia, as is

demonstrated by the ATP, has greatly boosted Israel’s technical defensive abilities. Israel

has been focused on the cyber-realm since the 1990s, which has also given it a huge

advantage over its adversaries.366

Beyond technical ability, Israel has taken other steps to boost its defenses. Israel has

placed a high strategic importance on defense in cyber-space. This is reflected in the 2015

IDF strategy which lists cyber-space as an arena of conflict on par with land, sea, and air. The

364 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 95. 365 Kello, “The Meaning of the Cyber Revolution,” p. 29. 366 Baram, “Influence of the Development of Cybernetic Warfare,” p. 22.

106

document stressed that the IDF must work to constantly improve its technical abilities,

manpower, and training. The IDF additionally notes that it must be willing to change its

organizational structure to address new threats if necessary.367 Israel also attaches high

priority to defense in cyber-space, and it has developed strategies involving not only purely

defensive actions, but counter-attacks as well.368

Israel has also established numerous agencies to meet the threats posed in cyber-

space. The National Cyber Bureau (NCB), established in 2011, was created in part to help

enhance the security of private and non-defense governmental systems.369 Israel set up a

National Cyber Event Readiness Team in Beer Sheva in 2014 to test Israel’s ability to manage

cyber-attacks as an integrated part of enhancing cyber preparedness. The Ministry of

Defense has a cyber-defense body to help protect the Israeli defense industry and Mossad

has reportedly built defensive cyber-capabilities to address a wide range of threats.370 For

years the Telecom Branch of the Ministry of the Treasury was responsible for ensuring the

cyber-security of Israel’s various civil ministries and government computers. In 2015 Israel

moved these responsibilities to the Government’s Telecom Authority, which is within the

367 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces, August 2015.

http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf, p. 29. 368 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington

Quarterly. Vol 40, No 2. 2017, p. 117. 369 Even and Siman-Tov, “Cyber Warfare: Concepts, Trends and Implications for Israel; Ben-David, “Playing

Defense;” Efrati and Yafe, “The Challenges and Opportunities of National Cyber Defense;” National Cyber Bureau.

“Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014.

http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Israel

Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on

Cyberspace 2013, October 16, 2013; Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “Israel and

Cyberspace: Unique Threat and Response.” International Studies Perspectives, Volume 17, 2016; Benoliel, Daniel.

“Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North Carolina Journal of Law

and Technology, Vol. 16, No. 3. 2015; Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War:

Netanyahu to Decide.” Haaretz. September 14, 2014. http://www.haaretz.com/news/diplomacy-defense/1.615637;

Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz,

September 21, 2014. http://www.haaretz.com/news/national/1.616990 370 Katz, Yaakov. “Security and Defense: Israel’s Cyber Ambiguity.” Jerusalem Post, May 31, 2012,

http://www.jpost.com/Features/Front-Lines/Security-and-Defense-Israels-Cyber-Ambiguity; Bob, “Rule of Law.”

107

Prime Minister’s Office. Additionally that year Israel founded the National Cyber Security

Authority (NCSA) within the NCB. The NCA is responsible for coordinating efforts with the

private sector to defend against attacks and engaging in active defense operations to deal

with threats in real time.371 In 2017, the IDF will turn its C4I Corps into an operational

command unit for all the IDF’s cyber-defenses. It will now have the authority to do whatever

it feels necessary to defend the IDF, including launching counterattacks and engaging in

active defenses designed to deter attacks before they occur.372 These agencies have given

Israel flexibility in their ability to respond to cyber-attacks, while also providing a guiding

framework that has been valuable in ensuring that threats do not slip through the cracks.

There are two CERTs that currently operate in Israel. One is a privately owned and

operated organization, and the other is a part of the NCSA. Both CERTs state that they exist

to protect civilian cyber-space. The private CERT claims to offer investigation and real-time

response assistance to those who request it, as well as provide information to the public

about existing, and potential future, threats. The government run CERT provides the same

services, but has an additional focus on critical infrastructure and efforts to improve

resilience.

Israel has created guidelines to determine which infrastructure facilities should be

considered “critical” and thus protected. These include the likely number of people injured

in a successful attack; the severity of the economic damage; and the impact on Israeli morale.

Under these criteria, roughly 80 bodies are counted as “critical infrastructure,” including

371 Baram, “Israeli Defense in the Age of Cyber War,” p. 7; Siboni and Sivan-Sevilla “Israeli Cyberspace

Regulation.” 372 Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber

Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-

create-cyber-command-will-strengthen-military-cyber-defences/; IsraelDefense. “IDF Scraps Plans for a Unified

Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613

108

some hospitals, heavy industrial plants, and energy, communications, and transportation

companies.373 There will always be a subjective aspect to such classifications, but Israel has

taken steps to ensure that the criteria help guide the process.374 The ISA contains a unit

responsible for defending against cyber-attacks on critical cyber-infrastructure as they occur

and for running simulations of attacks so that Israel is prepared.375 The NCB, as noted, also

plays a central role. Further, the Bank of Israel has assumed responsibility for ensuring the

cyber-defense of the banking sector, and has required that banks develop plans for how to

prevent cyber-attacks and deal with the aftermath.376 Despite some restrictions and

requirements on critical infrastructure, Israel’s private sector remains largely unregulated

in regards to cyber-security.377

To increase the odds that Israel’s defenses will hold against attacks, Israel has run a

number of training exercises and drills to test if the systems and personnel in place are up to

the challenge. The objective is to reduce the paralyzing effect of a surprise cyber-attack

against Israel. The first cyber drill occurred in 2012.378 In 2015, Israel integrated cyber-

exercises with more general military training exercises involving other units in the army,

373 Ben-David, “Playing Defense;” Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders;” Tabansky,

Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security – Selected

Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p.62. 374 Tabansky, “Critical Infrastructure Protection against Cyber Threats,” p. 69. 375 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Dvorin, “Secret Shin Bet Unit at the Front

Lines of Israel’s Cyber-War.” 376 Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva, February 17, 2012,

http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU; Aizescu, Sivan. “Israeli Banks Seek

to Set up Joint Cybersecurity Center.” Haaretz, May 26, 2014, http://www.haaretz.com/business/.premium-

1.592767; Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business

Directive—361—Israeli Government, 2015.

http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegu

lations/361_et.pdf; Avissar, Irit. “BoI Tells Banks to Appoint Cyber Officers.” Globes, July 21, 2014.

http://www.globes.co.il/en/article-boi-tells-banks-to-appoint-cyber-officers-1000957071 377 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 94-95. 378 Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” YNetNews. January 25, 2012.

https://www.ynetnews.com/articles/0,7340,L-4180485,00.html

109

navy, and air force. Home Front Command also took part in this drill. The main objectives of

the drill were to verify the mobilization speed of Israel's cyber-defense system, its ability to

act in a coordinated manner, its ability to respond under pressure, and to see how cyber-

attacks can play an integrated role in defending Israel.379 The IDF, in 2016, held its first drill

for its information security teams.380 The C4I Corps has also developed its own “Sim City.”

This is a model city complete with “residential areas, commercial buildings, a railroad

system, a runway, a military base, a missile defense system, a stock market, an electricity

grid, and a radio station.”381 The IDF uses to model city to train soldiers and recruits on how

to defend against various types of attacks.382

Israel has also worked to enhance its international cooperation regarding joint

network monitoring and intelligence cooperation. In June 2016, for example, the US and

Israel reached an agreement that will lead to the automatic sharing of information on threats

between the two countries. This is highly valuable as threats are constantly evolving in

cyber-space. The agreement will also lead to the creation of new joint infrastructure,

encourage partnerships in the private sector, and provide funds for research and

development of new technologies.383

379 Lappin, Yaakov. “IDF Launches Massive Three-Day Drill, Calls Up Thousands of Reservists, Jerusalem Post. July

27, 2015. http://www.jpost.com/Israel-News/IDF-calls-up-thousands-of-reservists-in-massive-three-day-drill-

410282 380 Bob, Yonah Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post, April

28, 2016. http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-

452589 381 Israel Defense Forces. “This Model City Trains IDF Coders to Stop Devastating Hacks.” Israel Defense Forces.

January 2, 2017. https://www.idfblog.com/2017/01/02/model-city-trains-coders-stop-hacks/ 382 Israel Defense Forces, “This Model City Trains IDF Coders to Stop Devastating Hacks.” 383 Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal Insurrection, June 23, 2016.

http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/; The Tower Staff. “U.S., Israel Sign

Cybersecurity Intelligence-Sharing Agreement.” The Tower. June 22, 2016. http://www.thetower.org/3545oc-u-s-

israel-sign-cybersecurity-intelligence-sharing-agreement/; Bob, Yonah Jeremy. “US Deputy of Homeland Security:

US-Israel to Sign Automated Cyber Information Sharing Agreement.” Jerusalem Post. June 20, 2016.

110

Defeat – The concept of defeat in the cyber-realm is, as noted, still ill-defined, but

should not be viewed as the complete prevention of all attacks by an opponent. Much as in

the physical world, where decisive defeats in both conventional wars and asymmetric

conflicts have been rare in recent decades, decisive defeat in the cyber-realm should be

thought of as the attainment of superiority over the enemy, or “cyber-space superiority.”384

Nations cannot hope to prevent every attack from every individual and non-state actor

around the world. Instead, they should focus on major attacks capable of widespread

disruption or damage, aim to lower the overall number of attacks to a tolerable level, and

make the likelihood of success so low that the attackers have, in effect, been defeated.385 To

achieve cyber-space superiority a nation must be able to show opponents that it can prevent

attacks before they occur, that attacks that are not prevented will be futile because they will

not be able to cause significant damage, and that successful attacks will be met with some

form of retaliation. This may take the form of a physical strike, cyber-counterattack,

diplomatic or economic costs, or in the case of non-state organizations and individuals,

arrest, fair trial, and detention. Just as in the physical world, the ability to maneuver forces

is critical in that states must be able to “capture, disrupt, deny, degrade, destroy or

manipulate computing and information resources in order to achieve a position of advantage

in respect to competitors.”386

http://www.jpost.com/Israel-News/Politics-And-Diplomacy/US-Deputy-of-Homeland-Security-US-Israel-to-sign-

automated-cyber-information-sharing-agreement-457261 384 For more see: Cartwright, James E. “Joint Terminology for Cyberspace Operations.” Department of Defense,

Washington, DC. November 2010. http://www.nsci-va.org/CyberReferenceLib/2010-11-

Joint%20Terminology%20for%20Cyberspace%20Operations.pdf 385 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 62. 386 Applegate, “The Principle of Maneuver in Cyber Operations,” p. 3.

111

Due to the highly diffuse nature of the threat and the low cost of launching cyber-

attacks, however, it is not practical, or a good use of resources, to attempt to defeat every

individual who decides to attack. Defense is a more appropriate response to such threats,

particularly as individuals are not likely to be able to cause severe damage. Nevertheless,

there are still steps states can take to mitigate the threat, for example, isolating hackers from

the broader community they rely on, disrupting their internet connections, or planting

defamatory information on the websites they use.387 This strategy may also be effective

against many non-state actor groups, whose members rely on similar communities for

support.

International cooperation is of great importance and states should seek to deepen

and expand the number of nations they cooperate with on cyber-security. Intelligence

sharing, bilateral and multi-lateral agreements, and improved cooperation with law

enforcement agencies in other countries, can be of great value.388 Improved intelligence,

information sharing and cyber-forensics are also required to achieve the legal standard of

proof necessary in court and can improve states’ ability to determine attribution, even if after

the fact. These actions will further improve the ability of states to achieve cyber-space

superiority by imposing legal and criminal penalties for attacks.

Achieving cyber-space superiority against states, terrorist organizations, and major

non-state actor groups, in contrast to individuals, is something that states can more

realistically aspire to. Destroying the opponent’s cyber-capabilities may be effective in

387 Applegate, “The Principle of Maneuver in Cyber Operations.” 388 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber

Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013, http://www.bic-

trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34.

112

combatting threats from state actors and major non-state actors. Large scale cyber-attacks

take extensive planning and require expensive equipment,389 thus if a state can destroy an

adversary’s capabilities, it may be able to halt the attack and convince the attacker that trying

again is not worthwhile. States can seek to isolate attacking nations and adopt

confrontational tools, such as economic or diplomatic sanctions. The considerations here

are similar to physical asymmetric threats.

There are dangers, however, to employing cyber-attacks to achieve superiority. One

is that it is extremely difficult to do sufficient damage to an enemy in cyber-space that they

cannot retaliate. Thus, nations that launch cyber-attacks on countries with roughly equal

capabilities can expect retaliation, even if only symbolic.390 Further, the victim of an attack

can modify the code and either point it back at the attacker or learn from it and advance their

own capabilities more generally.391

States must be prepared to treat cyber-attacks in the same way as physical attacks

and use similar methods and strategies. It may be necessary to respond to cyber-attacks not

just with cyber-tools, but kinetic capabilities as well. Launching kinetic attacks is most

straightforward against attacking states, but is far more complicated against non-state actors

and individuals, and would require either gaining the permission of the host-state or risk a

military escalation, as in the case of any asymmetric threat. Additionally, there is likely to be

significant public backlash against the use of kinetic strikes in response to cyber-attacks by

non-state actors.

389 Silber, Jonathan. “Cyber vandalism – not warfare.” Ynetnews.com. January 26, 2012;

http://www.ynetnews.com/articles/0,7340,L-4181069,00.html 390 McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In),” Journal of Strategic Studies, Vol 36,

No 1, 2013, p. 117 391 Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly Vol. 5. 2011; Valeriano and

Maness, Cyber War Versus Cyber Realities, p. 62.

113

Achieving cyber-space superiority also means that a nation is able to deploy cyber-

attacks as part of other military operations in order to gain an edge on the battlefield or as a

standalone weapon to achieve an objective. Countries that can achieve cyber-space

superiority are able to deliver cyber-attacks at the time and place of their choosing in order

to compliment another action when it takes place. Such actions can include everything from

radar jamming up to cyber-attacks with physical effects. Launching such efforts takes

enormous coordination by multiple branches. The goal is to overwhelm the enemy in as

many domains as possible, but also to provide support for battlefield operations where

possible by disabling enemy weapons or warning systems.392

Israel and Cyber-Superiority – Israel has taken steps to obtain cyber-space

superiority in multiple ways, and had made clear it is capable and willing to use cyber-

weapons. In 2012, the IDF stated that, if necessary, it would be ready and able to use cyber-

weapons,393 although the nature of these weapons and the conditions under which Israel

would use them remain unknown. As in other spheres, Israel neither confirms nor denies

cyber-attacks, at least partly because they are difficult to trace, thereby allowing it to avoid

taking responsibility for them and lessening the chances of reprisal.394 It does appear from

392 Russell, “The Implications of Cyberspace for Navel Strategy and Security,” p. 191-192. 393 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews, June 4, 2012,

http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 394 Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. 19; Egozi,

Arie. “The Secret Cyber War.” Military Technology. Vol. 35. 2011, p. 6; Even, Shmuel and David Siman-Tov,

“Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew)

Memorandum 179, INSS, June 2011, p. 19; Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p.

252; Fulghum, David. “Bombing Iran.” Aviation Week and Space Technology, Vol. 174. 2012, p. 29; Katz,

“Security and Defense;” Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning

and Future Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army

Command and General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College, May

23, 2013, p. 3.

114

the actions Israel has taken that it has aimed to lower the overall number of attacks to an

acceptable level, but it is unclear exactly how Israel would define defeat of an attacker in the

cyber-realm.

Israel has built powerful offensive capabilities in cyber-space.395 This is in keeping

with Israel’s general military doctrine that it must maintain offensive superiority in every

war-fighting arena vis-à-vis its rivals.396 In its 2015 strategy document, the IDF stresses this

point as well. Including noting that the IDF aims to ensure Israel’s security through land, sea,

air, and cyber-space. The IDF aims to do this through the creation of cyber-weapons that can

be used as standalone weapons and as part of a broader campaign in support of other

warfighting efforts.397 Israel views this as a valuable edge over its opponents, particularly

given that very few countries have been able to develop advanced cyber-capabilities yet.398

There are several government agencies in Israel that are engaged in building and

deploying cyber-weapons. The IDF currently has two primary bodies dealing with the cyber-

realm, Intelligence Unit 8200 and the General Staff’s C4I Branch. Unit 8200 was entrusted

with the IDF’s offensive cyber capabilities in 2009 and reportedly created a “cyber-staff” in

2011 to develop and deploy offensive cyber-weapons.399 Unit 8200 was reportedly involved

in the development and use of the Stuxnet worm, and is reportedly working to develop the

ability to sabotage critical infrastructures if necessary of potential enemies, particularly

395 Dagoni, Ran. “Amos Yadlin: Cyber-Defense Includes Cyber Attack.” Globes-Israel Business Arena, April 29,

2015. http://www.globes.co.il/en/article-amos-yadlin-cyber-defenses-must-include-attack-1001031900 396 Kremer, Jan-Frederik and Benedikt Müller. Cyber Space and International Relations: Theory, Prospects and

Challenges (Springer; 2014). 397 Office of the Chief of Staff, IDF, “The IDF Strategy,” p. 13, 17-18. 398 Kremer and Müller, Cyber Space and International Relations. 399 Ben-David, “Playing Defense;” Katz, “Security and Defense.”

115

Iran.400 Unit 8200 and the US, reportedly, were also behind the Flame malware used against

Iran, which took screenshots, recorded audio conversations, viewed network traffic,

intercepted keyboard strokes and likely stole information from infected computers, while

allowing all of this to be viewed remotely.401 Mossad is also said to have developed offensive

capabilities and to have worked with Unit 8200 to help create Stuxnet and Flame.402 Funding

and personnel for cyber programs within the military have also been increasing.403

Additionally, Lebanon has claimed that Israel hacked into its cellular telephone

infrastructure to spy on it.404

The ISA has also developed both offensive and defensive capabilities in order to

defend Israel from attack. The SIGINT and Cyber Branches are the units responsible for

cyber-actions within ISA, and it has a different set of responsibilities than those of the IDF.

In both the physical and cyber-realms, the IDF focuses on external enemies and military

threats, while the ISA focuses on internal security. The ISA has focused a great deal of effort

on improving the ability to extract intelligence from computer networks, social media, and

telephone conversations.405

Israel has also used cyber-space on multiple occasions in support of efforts to defeat

enemies in other realms. Israel has continued to develop such capabilities. Improving

Israel’s ability to quickly develop and build malware that can be used to sabotage critical

400 Katz, “Security and Defense;” Silverstein, Richard. “IDF to Double Unit 8200 Cyber War Manpower.”

richardsilverstein.com, October 23, 2012. http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-

cyber-war-manpower/ 401 Zetter, Kim. “‘Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” WIRED. May 28, 2012.

http://www.wired.com/2012/05/flame/ 402 Katz, “Security and Defense.” 403 Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012.

http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator 404 Egozi, “The Secret Cyber War,” p. 6. 405 Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014.

http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look

116

infrastructures of potential enemies has been a top priority.406 Israel is additionally a world

leader in using cyber-attacks to support its soldiers on the battlefield.407

In Israel’s 2014 conflict with Hamas, named Operation Protective Edge, Israel, for the

first time on a wide scale, used cyber-space to enhance its warfighting abilities. C4I created

mobile digital networks that soldiers could employ wherever they were on the battlefield.

The military could now connect soldiers to each other quickly, transfer data, share videos,

and help pinpoint the positions of friendly and hostile soldiers. Further, the different

branches of the military were able to share that same information with each other to speed

coordination.408

There are two other major occasions that Israel used cyber-space as a means to defeat

an enemy. The first is Operation Orchard. This was the code name for the successful 2007

air strike that destroyed a Syrian nuclear reactor suspected of being used as part of a nuclear

weapons program.409 In this incident, the Israeli Air Force was apparently able to fly into

Syrian air space and bomb the reactor without alerting Syrian air defenses.410 To accomplish

this, Israel appears to have taken control of Syrian radar systems and tricked them into

thinking that nothing was happening even while the attack was underway, and without

alerting guards to the system’s capture.411 Israel chose not to blind the Syrian defenses, or

shut them down, which would have alerted Syria to trouble, but instead temporarily

406 Silverstein, “IDF to Double Unit 8200 Cyber War Manpower.” 407 Baram, “Influence of the Development of Cybernetic Warfare,” p. 23. 408 Lappin, Yaakov. “Security and Defense: Network IDF.” Jerusalem Post, September 18, 2015.

http://www.jpost.com/Israel-News/Security-and-Defense-Network-IDF-416497; Zitun, Yoav. “The IDF Prepares for

Cyber-Battles.” YNetNews, September 2, 2015. http://www.ynetnews.com/articles/0,7340,L-4696003,00.html 409 Carr, Inside Cyber Warfare, p. 51; Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational

Planning and Future Implications for Cyber Domain,” p. 35-38. 410 Fulghum, “Bombing Iran.” 411 Egozi, “The Secret Cyber War,” p. 6.

117

reprogramed them to make the system appear to be functioning normally.412 To launch such

an attack, Israel would have had to maneuver its cyber-weapons into the Syrian systems,

meaning they knew how to gain access prior to the attack. It also required that Israel be able

to practice the attack beforehand to make sure that it would work.413

The most famous cyber-attack is Stuxnet.414 Stuxnet was reportedly launched by

Israel and the US to attack Iran’s nuclear program as part of a broader campaign of cyber-

attacks and espionage against Iran entitled “Olympic Games.”415 The worm targeted the

supervisory control and data acquisition systems of Iran’s uranium enrichment centrifuges;

once a computer was infected, Stuxnet did not need any further commands and could alter

information to hide its presence and cause damage until it was discovered.416 It is considered

by most people to be the first malware to inflict physical damage, destroying roughly 1000

of Iran’s centrifuges.417 The use of Stuxnet aimed to achieve a broader national security goal

of preventing Iran from acquiring a nuclear weapon.418 Such a goal in the past could only

really be achieved via the use of force or diplomacy, but the cyber-realm opened up a new

possibility and Israel and the US used it.

412 Egozi, “The Secret Cyber War;” Clarke and Knake, Cyber War, p. 4-6; McGraw, “Cyber War is Inevitable

(Unless We Build Security In),” p. 112 413 Applegate, “The Principle of Maneuver in Cyber Operations,” p. 7. 414 For a detailed technical discussion of how Stuxnet worked, see: Barzashka, Ivanka. “Are Cyber-Weapons

Effective?” The RUSI Journal. Vol. 158, No. 2. 2013. 415 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow (2015) Cyber

Denial, Deception and Counter Deception. Advances in Information Security, Vol. 63 (Springer: New York), p. 54-

55; Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York:

Crown. 2014). 416 Fulghum, “Bombing Iran;” Farwell, James P. and Rafal Rohozinski, “Stuxnet and the Future of Cyber War.”

Survival. Vol. 53, No. 1. 2011, p. 25; Joint Advanced Warfighting School, “Nothing New Under the Sun,” p. 14;

Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber

Domain,” p. 45-49; Zetter, Countdown to Zero Day; Sanger, David E. Confront and Conceal: Obama’s Secret Wars

and Surprising Use of American Power. (Broadway Books, 2012). 417 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 53-54; Sanger, Confront and Conceal. 418 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 60.

118

This raises an important question: Did Stuxnet achieve the broader goal of slowing

Iran’s nuclear program? The answer is actually unclear. There are many who argue that

Stuxnet not only failed to slow Iran’s program, but had other negative effects as well. Some

argue that that Stuxnet had no medium or long term impact on Iran’s program as Iran simply

swapped out older damaged centrifuges for newer ones. It does appear that Iran was quickly

able to restore the rate at which it was enriching uranium to the levels it had been prior to

the deployment of Stuxnet.419 Many estimates put the delay to Iran’s program at only about

three months.420 Thus, there are many who argue Stuxnet failed at its primary goal.

Compounding that failure, it is clear that Iran was able to improve its own offensive

and defensive cyber-capabilities by studying Stuxnet. Iran did not have to put in any effort

to develop the complex worm, but it was able to quickly learn from its coding for essentially

free.421 In fact, ever since Stuxnet, Iran has been far more aggressive in cyber-space and has

invested heavily in developing its own cyber-capability. Stuxnet also spread beyond its

initial target. From Iran’s nuclear program, Stuxnet spread to hundreds of thousands of

other machines around the world.422 In fact, it is estimated that roughly 40% of all

computers infected by Stuxnet were outside of Iran.423 In this case, Stuxnet was harmless

and did not cause collateral damage, but the danger it could have done so is real.

419 Barzashka, “Are Cyber-Weapons Effective?” p. 48; Valeriano and Maness, Cyber War Versus Cyber Realities, p.

156; Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013, p. 369. 420 Slayton, “What is the Cyber Offense-Defense Balance?” p. 104. 421 Cohen and Rotbart, “The Proliferation of Weapons in Cyberspace;” Lindsay, Jon R and Lucas Kello

“Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2. 2014, p. 183; Bronk, Christopher

and Eneken Tikk-Ringas. “The Cyber Attack on Saudi Aramco.” Survival. Vol. 55, No. 2. 2013, p. 84; Brunner,

Jordan. “Iran Has Built an Army of Cyber-Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-

has-built-an-army-of-cyber-proxies/ 422 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, p. 54-55. 423 O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and

WMDS.” Washington University Global Studies Law Review, Vol 13, No 515. 2014, p. 519.

119

Stuxnet was also massively difficult and expensive to plan and create. Enormous

intelligence gathering efforts would have been required to learn exactly what systems Iran

had installed and how they had configured them to make sure Stuxnet would operate as

intended. It is unclear how this information was obtained by Israel and the US. The coding

used in Stuxnet was also highly targeted as it impacted only Iran’s configuration of its

machinery (which is why it did not cause collateral damage), meaning that it was necessary

to create a replica of Iran’s set up to test it first. The coding was also massively complex as

Stuxnet was able to communicate between infected machines, including those without an

internet connection, it was able to be updated, and could modify industrial control systems

without alerting operators. All of this requires enormous time, money, human resources,

and expertise. Stuxnet also used four zero-day exploits (which, as noted, are difficult to

obtain), two stolen digital certificates, and software granting hidden privileged access to

systems running Windows, among other things.424 As a result of all these factors, Stuxnet

was extremely expensive, possibly as much as $300 million to design and deploy.425

It is additionally possible that Stuxnet harmed diplomatic efforts to address Iran’s

nuclear program. This is in part because it decreased the urgency to reach a deal. If nations

believed the cyber-attack had slowed Iran’s progress, then there was no need to push

forward for a deal quickly. Further, a deal on Iran’s nuclear program would require trust on

both sides, and Stuxnet may have made building such trust all the more difficult.426

Despite these arguments, there is good reason to believe that Stuxnet did achieve its

goal and was a useful tool in preventing Iran from acquiring a nuclear weapon. Even the

424 Rid, Cyber War Will Not Take Place;” Slayton, “What is the Cyber Offense-Defense Balance?” 425 Slayton, “What is the Cyber Offense-Defense Balance?” p. 98. 426 Barzashka, “Are Cyber-Weapons Effective?”

120

most conservative estimates of Stuxnet’s impact admit that it did succeed at delaying Iran’s

nuclear program, even if just for a few months, which was its goal. Stuxnet did not

completely derail the nuclear program, which would have obviated the need for other

measures such as military action.427 It did, however, buy time. Further, Stuxnet was

intentionally designed not to cause centrifuges to explode as the goal was to slowly erode

Iran’s program and cause delays. A more drastic cyber-attack was possible, but it would have

been discovered quickly.428 The goal of Stuxnet was to avoid detection so it could operate

over time.

Stuxnet had other advantages as well. Unlike a physical strike, which can only target

known facilities, a worm can be unknowingly transferred to secret facilities whose existence

Israel and the US suspected, but did not have firm information about.429 Thus it enabled the

Israeli military to discover secret infrastructures in Iran which conventional intelligence

would have struggled to find.430 Additionally, a physical strike on Iran would have been

extremely difficult for Israel to carry out, due to geography and Iran's likely response, so

Stuxnet provided a unique opportunity to accomplish an important military goal with

minimal risk.431

The cost of the worm appears to have been largely irrelevant to both sides in the

conflict. The US and Israel, the latter of which views Iran’s nuclear program as an existential

threat for good reason, placed far more value on halting the nuclear program than on the cost

427 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War,” p. 11; Sanger, Confront and Conceal. 428 Barzashka, “Are Cyber-Weapons Effective?” p. 54. 429 Farwell and Rohozinski, “Stuxnet and the Future of Cyber War,” p. 25. 430 Cohen, Freilich, and Siboni, “Israel and Cyberspace.” 431 Parmenter, “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for

Cyber Domain,” p. 39-40, 42-43; Joint Advanced Warfighting School, “Nothing New Under the Sun,” p. 14-15;

Sanger, Confront and Conceal; Cohen, Freilich, and Siboni, “Israel and Cyberspace.”

121

of the cyber-attack. Iran as well was willing to continue the program despite the costs that

Stuxnet imposed.432

In regards to diplomacy, Stuxnet may have not only not harmed, but actually helped

negotiations. At the time, there was a growing sense that it would be difficult to prevent Iran

from obtaining a weapon or of finding a deal it would be willing to accept. The impression

that Stuxnet had caused significant damage, whether true or not, may have reinvigorated

talks. The P5+1 could now believe there were ways to slow or stop Iran’s program and Iran

felt more vulnerable and thus perhaps more ready to make a deal.433

Overall, while it is unclear exactly how much damage Stuxnet did, it does appear to

have been a useful weapon. It provided improved intelligence, did not cause any significant

collateral damage as an air-strike would have, gave Israel enough confidence it had damaged

Iran’s nuclear program that it could hold off launching airstrikes, destroyed centrifuges, and

possibly helped lead to a diplomatic solution. In addition, Stuxnet could have done far more

damage than it did, illustrating that cyber-attacks can have value both as a tool in and of

themselves, and as part of a broader effort.

Resilience – there is no way to prevent every dangerous cyber-attack from

penetrating defenses, eventually one will succeed and cause damage. The question thus

becomes not just how to prevent cyber-attacks, but how to manage a system once defenses

fail, and to recover as fully and as rapidly as possible, i.e. to build “resilient” systems.

Different systems will require different levels of resilience. Some networks will only need to

432 Slayton, “What is the Cyber Offense-Defense Balance?” p. 75. 433 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 155; Gartzke and Lindsay, “Cross-Domain

Deterrence,” p. 4.

122

be able to quickly return to their most minimal level of functioning, while others must be

designed to return to the original level as soon as possible. Many of the same challenges that

apply to the four Ds apply here as well. The ease of launching large volumes of attacks makes

it more likely that one will penetrate defenses. The fact that users often do not fix

weaknesses in hardware and software even when patches are available, coupled with the

mistakes users make, further increase these odds. Lack of information sharing continues to

plague resilience as well as it is far easier to recover if others have already done it and can

advise.434

The primary goal of any strategy aiming to build resilience must to ensure that the

state can maintain functional continuity.435 Due to the inherent limit on resources, it is

critical to prioritize the systems that need to be made resilient. For example, military

systems and the power grid are likely to be far more important to a nation than other

networks. When designing networks, features aimed at improving resilience can be built-in

to speed and support the recovery process. Metrics can be developed that will help

determine which systems are most critical and thus where to guide technological resource

investment.436 There are situations where physical overrides should be built in as well.

States should not ignore the private sector, as it is the backbone of the economy. Damage to

major companies could threaten the larger economy and therefore the nation’s broader

resilience.437 Thus states need to work with private companies to determine minimum

standards for cyber-security.

434 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84-85. 435 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153, 2016, p. 10. 436 Singer and Friedman, Cybersecurity and Cyberwar, p. 172. 437 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 95.

123

The process of building resilient systems in cyber-space includes drafting various

high probability “reasonable” scenarios, as well as low probability “extreme” ones. Once

these scenarios are developed, it is possible to build plans and tools to make a system more

resilient. This needs to take place before failures occur and, as in any capabilities build-up

procedure, includes: technological measures, human resource development, training

exercises and drills, and assimilation measures.438 Reality is likely to present unexpected

cyber-defense failures, with results that are sometimes extreme, and a resilient system could

be the difference between relatively rapid recovery and severe consequences. Resilience is

also important because such systems make attacks far less consequential, thus reducing the

overall threat as well as the payoff for the attackers. This, in turn, decreases the likelihood

that an attack will take place to begin with. In other words, resilience improves deterrence

by denial.

Building resilient systems is critical for another reason. As noted above, when states

launch cyber-attacks they run a high risk that they will be hit with an attack in response.

Therefore, the attacking states needs to be sure that if it cannot prevent or defend against

the retaliatory attack that it is resilient enough to bounce back quickly.439

Israel and Resilience – Israel has not released detailed information regarding any plan

for how it would recover from damaging cyber-attacks, and it is not clear how Israel intends

to do so. A 2017 cyber-strategy document does offer some hints. Israel stresses that it views

438 Singer and Friedman, Cybersecurity and Cyberwar, p. 172; Demchak, Chris C. Wars of Disruption and

Resilience. (University of Georgia Press. 2011); Demchak, Chris C. “Resilience and Cyberspace: Recognizing the

Challenges of a Global Socio-Cyber Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No.

3. 2012. https://citizenlab.org/cybernorms2012/Demchak2012.pdf 439 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 10.

124

resilience the capacity to regain normal functioning as quickly as possible following an

attack, and to this end, the state takes on a role in both the governmental and private levels.

Israel stresses that it will offer to assist companies hit with attacks and work to ensure that

the threat does not reoccur either at the same company or elsewhere. The main vehicle for

achieving this is Israel’s national CERT which will provide that advice and assistance.440 The

2015 IDF Strategy also notes that the IDF views resilience as important, stressing that the

IDF will work to ensure that it has the ability to operate while under cyber-attack.441 How it

will achieve this is not made clear.

To help ensure that it is ready to withstand and recover from attacks, Israel conducts

drills to simulate different types of cyber-attacks. In 2012 one such drill, called “Lights Out,”

tested the readiness of Israel’s critical infrastructure defenses, as well as contingency plans

during a cyber-attack.442 In 2015, Israel decided to use its yearly home front defense drill

"Turning Point" to simulate cyber-attacks that brought down the electrical and telephone

grids in order to improve its response during, and in the aftermath, of an attack.443 Israel,

however, has yet to develop robust resilience capabilities and methodologies on the national

level that also integrate the civilian business sector.444

Concluding Observations:

Cyber-attacks present new challenges, but they can be addressed by applying the

Four D’s and R model. The model may not provide a complete response, much as it does not

440 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 116. 441 Office of the Chief of Staff, IDF, “The IDF Strategy,” p. 30. 442 Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” 443 Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015

http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ 444 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 86.

125

regarding other asymmetric and conventional threats, and modifications will certainly be

required to adapt them to the challenges posed by cyber-threats. In those areas in which

they prove deficient, however, new capabilities will be developed over time. Israel’s

experience demonstrates this to be true, as the following final example illustrates. Generally,

when states address national security threats the focus is on the attacker. Thus states will

often determine which organization is responsible for dealing with the danger based on

whether the attack is an act of war, a criminal action, international, domestic, or conducted

by a non-state group or individual. This, however, does not work well in cyber-space where

the identity of the attacker is not always clear and the nature of threats is constantly evolving.

Israel recognized this challenge, and Israel’s 2017 National Cyber Security Strategy

document took steps to address it. The most important shift is that Israel’s strategy for

dealing with major threats is not dependent on knowing the actor behind it. Instead, the

focus is on types of threats and the actors it might target. Israel stressed that it views

protecting the targets of attacks and helping them recover as more important than focusing

right away on the identity of the attacker. Thus, Israel has set up governmental organizations

and strategies that exist to protect critical systems and entities from attacks no matter where

they originate from.445

Recommendations:

Despite Israel’s successes in cyber-space, there are always ways that nations can

improve. This final section will offer some recommendations that Israel, or other nations,

could adopt.

445 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 121.

126

Enhance Information Sharing with the Private Sector – This recommendation is

useful across all the 4Ds and R. As discussed above, the private sector faces the majority of

threats in cyber-space, but they do not tend to share information with the government or

with each other. This hampers the government’s overall efforts to implement effective

cyber-defenses. Policies can be crafted that require companies to disclose data breaches,

intellectual property theft, DDoS attacks, and loss or degradation of services. Sharing

information regarding the most effective detection methods, cyber-weapons, remediation

techniques, and forensic practices would help to make sure the same threats do not keep

causing problems.446 Protections must be built in to ensure that all information that is

shared is kept confidential to address industry concerns. Additionally, closer ties between

the private sector and government will beneficial to both sides. Governments have strong

intelligence, regulatory, and organization capabilities, while the private sector has

technological assets and manpower, and controls many systems governments rely on. New

regulations and legislation will be required to build the mechanisms needed to create

cooperation and facilitate partnerships and information sharing.447 Overall, Israel should

increase its cooperation with the private sector, and work with them to create the needed

legislation and requirements as both sides share common cyber-risks and interests.

Intelligence Gathering – As these recommendations suggest, intelligence gathering is

critical to addressing the threat from all actors and across all 4Ds and R. Some of this can be

446 Office of the President. “Cyberspace Policy Review” Office of the American President. 2011.

https://www.state.gov/documents/organization/255732.pdf 447 Office of the President. “Cyberspace Policy Review” Office of the American President. 2011.

https://www.state.gov/documents/organization/255732.pdf

127

done on-line, reading chat rooms or impersonating members or supporters of the non-state

actor, intercepting communications, and other tactics.448 Intelligence conducted in the

physical world is just as critical as not everything important is said on-line. Israel must rely

not only on cyber-intelligence gathering, but on traditional intelligence tools as well.449

Relatedly, Israel can try to convince some hackers to serve as informants, or can try to

penetrate non-state actors groups by planting agents within them. Israel is currently moving

many intelligence resources into the cyber world, but Israel must utilize regular intelligence

means in the physical world as well.450 Israel should look to increase the number, and type,

of sources that it relies on to gather intelligence. This will enable Israel to be more certain

that the intelligence is accurate.451

Enhancing Detection – Israel must continue to develop new technology to assist with

detection. The tools needed to detect attacks, and the likely success achieved, may vary with

the kind of attacker. One option, appropriate primarily for non-state and individual

attackers, is to impersonate members of the cyber-networks they use to gain intelligence, i.e.

to pose as fellow activists.452 Another option, appropriate for all potential attackers, is to

develop improved capabilities to monitor anomalies in their cyber-traffic that might indicate

448 Microsoft, “Impersonation.” 449 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz, July 2, 2014.

http://www.haaretz.com/opinion/.premium-1.602413# 450 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 44-71; Siboni, “Cyber-tools are No Substitute for Human

Intelligence.” 451 Rid and Buchanan, “Attributing Cyber Attacks,” p. 8-9. 452 Microsoft, “Impersonation.”

128

impending attacks.453 Continuous real time monitoring of threats online can also boost

detection abilities.454

Enhancing Deterrence – To achieve Deterrence, Israel must be able to make clear to

their adversaries what their retaliatory capabilities are and what penalties they are likely to

pay. Doing so in the cyber-realm is similar to other asymmetric conflicts. Deterrence

postures and intentions can be made through public statements or back channel

communications.455

When an attack is underway, Israel can work with ISPs to halt attacks by blocking

traffic from IPs being used in the attack.456 If the ISPs are not willing to help, Israel can turn

to the nation hosting the ISP and request that they place pressure on the ISP to assist. If

Israel cannot convince either to intervene, it can threaten to make public that refusal and

name and shame the ISP and the host nation, with the goal being that the threat will lead the

ISP or nation to comply. This has the additional benefit that it will draw the attention of

security services around the world to that particular group or individual in an effort to

ensure they cannot launch further attacks. It is useful before an attack occurs to create lists

of the ISPs and nations most likely to be used in an attack, just as Israel has done.457 A further

453 Moran, “A Cyber Early Warning Model,” p. 188. 454 Australian Government, “Cyber Security Strategy.” 455 Department of Defense, “The DoD Cyber Strategy.” United States of America, April 2015.

http://www.defense.gov/home/features/2015/0415_cyber-

strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf 456 Clarke and Knake, Cyber War, p. 16. 457 Sklerov, “Responding to International Cyber Attacks as Acts of War,” p. 195; Even and Siman-Tov, “Cyber

Warfare: Concepts, Trends and Implications for Israel,” (Hebrew), p. 19.

129

complication is that cyber-attacks may be routed through ISPs in third-party nations,458

further highlighting the importance of expanding the number of friendly nations.

Deterrence can also be expanded beyond the cyber-realm. Simply because an attack

takes place in cyber-space does not mean that Israel must restrict their threats of retaliation

(or acts of retaliation if needed) to cyber-space. Some opponents may not have cyber-assets

worth striking, or may be more vulnerable in a different realm. This raises dangers of

escalation, but in some cases might be the only way to deter an enemy from launching cyber-

attacks.459

Enhancing Attribution – To achieve deterrence, as noted above, Israel must be able to

assign attribution for an attack. To this end, Israel must boost its ability to assign attribution

by deploying, and continuously improving, technological and intelligence tools, including

gathering information on the types of coding used by different types of attackers and their

goals. This is an area in which private entities and the government should consider ways to

work together. Private cyber-security companies, such as McAfee, Symantec and others, have

been able to identify malware and offer insights into its possible origins.460 Having this extra

analysis and information can assist Israel in ensuring correct attribution for an attack.

Not every cyber-attack requires perfect attribution, or even investigation. Many

attacks cause little to no damage or disruption. Given that states have limited resources and

cyber-attacks are common, Israel needs to determine criteria regarding when a cyber-attack

458 Nye, “Deterrence and Dissuasion in Cyberspace.” 459 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 3, 13. 460 Rid and Buchanan, “Attributing Cyber Attacks,” p. 25.

130

is worth further investigation.461 Criteria can include, among others, the country of origin of

the attack, the target of the attack, the level of damage, the suspected goal of the attack

(which is also often difficult to determine), or the type of attack used (e.g. DDoS vs. malware).

Enhancing Defense – Technology is central in creating effective defenses. A well

designed defensive system will disperse information, and possibly even key components of

the network or system itself, so that attackers must hit multiple sites and targets to gain

access to the information they are seeking.462 Encryption is also key, as strong encryption

can be highly difficult to break.463 Defenses must go beyond firewalls and similar efforts and

have a heavy focus on patrolling for anomalies insides one’s own cyber-systems.464 Ideally,

Israel should work to develop technology that will allow deep packet inspection before they

even reach the network.465 All technical solutions can fail, thus a strategy that has multiple

chances and tools to catch intruders or prevent them from accessing information makes

defenses much stronger.466 This recommendation can be fairly inexpensive to implement, in

that a great deal of excellent software already exists and is not prohibitively expensive.

However, developing such software can be very expensive (obviously as is having an “air-

gapped” separate network without internet access). Thus, Israel must determine if existing

programs are adequate for its needs. In a nation like Israel with so many private cyber-

461 Rid and Buchanan, “Attributing Cyber Attacks,” p. 7. 462 For more on the technical aspects of this, please see: Fahrenkrug, David T. “Countering the Offensive Advantage

in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds. C.

Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012. 463 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace,” p. 197, 202. 464 Nye, “Deterrence and Dissuasion in Cyberspace.” 465 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace.” 466 Radichel, “Case Study,” p. 7.

131

companies, the cost of developing new methods and software can be reduced through

cooperation between the companies and government.467

Defensive technology needs to be developed that covers a wide range of scenarios as

it must also be appropriate to varied situations. In the initial stages of an attack, before any

real damage has been done or systems penetrated, efforts to disrupt or redirect the attack

may be adequate. If the system has been penetrated, or damage done, defenses should seek

to contain the attack, as well as aim to prevent the attacker from knowing that the intrusion

has been discovered and successfully stopped. If successful, this would allow Israel to protect

the system from further damage, learn how the attacker operates for future reference, and

possibly feed it with misinformation.468 An ongoing dialogue between government agencies

and private sector companies involved in the development and use of such technologies is

important to ensure that the threats are addressed as successfully as possible. Such

collaboration can also be strengthened by working with friendly foreign governments and

private companies in other nations.469

Protecting networks in the governmental and private sector will require new

legislation, regulations, and technology. The private sector, however, often resists any

efforts to regulate their activities.470 As noted, private sector companies with ties to

government networks pose vulnerabilities as attacks on more poorly defended systems can

serve as backdoors to more secure ones.471 Israel can encourage companies to improve their

security through technical or monetary assistance, or through legislation and regulation

467 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 78-79. 468 Applegate, “The Principle of Maneuver in Cyber Operations;” Siboni and Assaf, “Guidelines for a National

Cyber Strategy,” p. 79. 469 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 79. 470 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 88. 471 Radichel, “Case Study,” p. 7.

132

requiring that they do so. New government agencies may need to be created to help draft

specific requirements and to ensure protections are implemented. In addition, once again

legislation and regulation can be used to boost information sharing between the private

sector and the government as this will boost defenses.472

One important aspect Israel and other states must consider is the idea of counter-

attacking or preemptively attacking. If Israel can eliminate a cyber-weapon it knows is going

to be used before it is deployed, it greatly boosts Israel’s defensive posture. Counter-attacks

can possibly cause attackers to halt their initial attacks as well. Israel should be very careful

about launching such cyber-attacks, however. Counter-attacks and preemptive attacks run

not only the same risks as any other cyber-attack, but additional ones as well. Cyber-

attackers sometimes intentionally route their attacks through nations, companies, and

servers that have nothing to do with the incident in an effort to create confusion and an

international incident.473 Similarly, attackers can hijack the computers of innocent people to

help launch their cyber-attacks, therefore simply because a computer is taking part in an

attack does not mean the owner is aware of that.474 Thus attacking that machine could

damage the computer of an innocent person and would certainly be a violation of

international law and norms against damaging civilian infrastructure. This risk is

particularly acute for Israel, which opponents often attempt to portray as a violator of

472 Siboni and Sivan-Sevilla “Israeli Cyberspace Regulation,” p. 84. 473 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 377; Healey, Jason. “When ‘Not My Problem’ Isn’t

Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United

States Issue Brief, 2012, p. 3; Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.”

Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph

Nye and Monica Toft, March 20, 2012, p. 102. 474 Applegate, “The Principle of Maneuver in Cyber Operations.”

133

international law.475 Thus Israel might be wise to avoid actions that could help support such

a narrative.

Achieving Decisive Defeat – Not every attack has to be Stuxnet. If attacks were

needed on another cyber-power, Israel would need to deploy sophisticated tools. Against

targets that are not highly advanced, even DDoS or defacements can have an impact. Thus,

when deciding what cyber-weapon to use in a situation, Israel must think carefully about

how advanced the target is, what the goal of the operation is, how dependent the targeted

nation or group is on cyber-space, and what tool will be least likely to lead to retaliation or

escalation. In some cases, Israel can even decide to have a proxy launch the attack to avoid

attribution. This is something to weigh carefully as proxies cannot always be controlled after

they are given the cyber-weapon. It can, however, be an effective strategy to avoid

escalation.476

Israel must also accord cyber-attacks the same importance it attaches to physical

attacks and use similar methods and strategies, for example, responding not just with cyber-

tools, but kinetic capabilities as well. Launching kinetic attacks is most straightforward

against attacking states, but is far more complicated against non-state actors, and would

require either gaining the permission of the host-state or risk a military escalation, as in the

case of any asymmetric threat. Additionally, there is likely to be significant public backlash

475 Cohen, Matthew S. and Charles D. Freilich. “The Delegitimization of Israel: Diplomatic Warfare, Sanctions and

Lawfare.” Israel Journal of Foreign Affairs. Volume IX, Number 1. 2015; Cohen, Matthew S. and Charles D.

Freilich. “War by Other Means: Modeling the Delegitimization Campaign against Israel.” Israel Affairs. Volume 24,

Issue 1. January 2018. 476 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 72-73.

134

against the use of kinetic strikes in response to cyber-attacks by non-state actors, certainly

individuals, but organizations as well.477

The prospects of defeating an enemy in the cyber-realm can be increased if Israel

focuses on destroying opponents’ cyber-capabilities, whether those of state actors or major

non-state actors. Large scale cyber-attacks take extensive planning and require expensive

equipment,478 thus if Israel can destroy an adversary’s capabilities, it may be able to halt the

attack and convince the attacker that trying again is not worthwhile. Israel can also seek to

isolate attacking nations and adopt confrontational tools, such as economic or diplomatic

sanctions. The considerations here are similar to physical asymmetric threats.479

Enhancing Resilience – Building a plan to enhance resilience should focus on two

main aspects: how to mitigate the impact of the attack and bring the system back to full

functionality; and ensuring that critical systems can maintain their ability to function during

an attack. This is true for governmental systems as well as critical infrastructure.

Israel could additionally craft legislation that requires that features aimed at

improving resilience be built into private and government systems to speed and support the

recovery process. Israel can require the largest private companies to develop and submit a

plan as part of their businesses licensing requirements for how they will work resilience into

their cyber-systems. To help build resilience for the most critical government networks,

Israel can design cyber-architecture that offers multiple pathways for controlling the system.

477 Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “‘Four Big ‘Ds’ and a Little ‘r’: A New Model for

Cyber Defense.” Cyber, Intelligence, and Security, Volume 1, Number 1, 2017. 478 Silber, “Cyber vandalism – not warfare.” 479 Cohen, Freilich, and Siboni, “‘Four Big ‘Ds’ and a Little ‘r.’”

135

Thus, if one pathway fails, a back-up is available. This would allow Israel to continue to use

the system, even if not at full strength, and thus provide it with the ability to either continue

to control the conflict environment, or at least prevent a worsening of the situation.480

Part of the process of building resilient systems in cyber-space is drafting various high

probability but low cost scenarios, as well as low probability but high cost ones. Once these

scenarios are developed, it is possible to build plans and tools to make a system more

resilient. This must take place before failures occur and should include technological

measures, human resource development, training exercises and drills, and implementation

measures.481 A part of this planning should focus on the most extreme cases where physical

damage is caused by a cyber-attack. In such a case a plan must also be developed to deal

with the fallout from that physical damage as well.

To enhance resilience in the cyber-realm, Israel should strive to achieve a diversity of

equipment. Hardware and software should not all be supplied from one source or company,

but instead, critical systems should be based on a variety of sources. The diversity of

equipment will allow Israel to more quickly isolate problems, switch to a different company’s

equipment, and resume operations. This may increase supply-chain risks, but it will also

allow Israel to address them if an intentional vulnerability is found built into a company’s

equipment. There are additionally some cases where physical overrides should be built in as

well in order to ensure that there is another way to regain control of critical systems.

Railways, for example, can be built with the ability to stop a hijacked train using physical

controls that do not depend on cyber-systems.

480 Department of Defense, “The DoD Cyber Strategy.” 481 Singer and Friedman, Cybersecurity and Cyberwar, pp. 172; Cohen, Freilich, and Siboni, “‘Four Big ‘Ds’ and a

Little ‘r.’”

136

International Cooperation is Critical – Within the limitations of operational security,

Israel should seek to deepen and expand the number of states it cooperates with on

cybersecurity issues. This is a topic that has come up repeatedly across the 4Ds and R and

deserves to be stressed as a central recommendation. Having agreements to share

intelligence information on possible cyber-attacks with other states makes it easier to

prevent and respond to them. Israel should also run joint cyber-training drills with foreign

partners similar to the drills run to handle physical threats. Such cooperation is particularly

important for Israel to develop as it is under constant attack and thus could benefit from any

additional assistance it can garner. The more nations that Israel can work with, the greater

the chance that one of them will be able to provide intelligence information that can prevent

an attack or help respond to one once it is underway.482

Of particular value to Israel is to enhance cooperation with the US. The US and Israel

already have close ties regarding cyber-space at both the governmental and private level.483

Many US companies (such as IBM, Microsoft and Intel) have large operations in Israel, and

there are close cyber-ties between the two nations in the banking, utilities, and critical

infrastructure sectors.484 The US and Israel are also suspected to have worked together to

develop Stuxnet. Israel and the US have worked together to create bi-national foundations

482 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber

Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013, http://www.bic-

trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34; Cohen, Freilich, and Siboni, “Israel

and Cyberspace.” 483 Nakashima, Ellen and William Booth. “How Israel is Turning Part of the Negev Desert into a Cyber-City.”

Washington Post, May 14, 2016. https://www.washingtonpost.com/world/national-security/how-israel-is-turning-

part-of-the-negev-desert-into-a-cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-

4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 484 Eisenstadt, Michael and David Pollock. “Asset Test: How the United States Benefits from Its Alliance with Israel.”

Washington Institute for Near East Policy, Strategic Reports 7, 2012, p.36.

137

aimed at supporting R&D in both nations.485 Both nations stand to gain greatly from

enhanced cooperation as working together they can develop more sophisticated technology

and strategies for dealing with the threats cyber-space poses.

The creation of global norms and international agreements can be useful in bolstering

cyber-defenses as well. In order to build useful global norms and international agreements,

states must identify the types of activity to be addressed, state responsibilities under the

agreement, and the punishments for violating them. States should also establish

international bodies to oversee compliance.486

485 Dagoni, Ran. “US Congress Approves Israel Cyber Cooperation.” Globes, November 30, 2016.

http://www.globes.co.il/en/article-us-congress-approves-israel-cyber-cooperation-1001163968 486 Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”

Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.

Policy. 2010. http://www.nap.edu/catalog/12997.html, p.180, 191.

138

Chapter 4 – Israel and Cyberspace: International Norms, Laws, and Soft-Power

There is a growing recognition that the creation of norms and international law is an

additional possible method to enhance cyber-security at the national and international

levels. This effort stems from a more general trend outside of cyber-space. Countries in the

physical world have increasingly been turning to these two tools to decrease anarchy and

insecurity. Calls for such restraints on state behavior are increasingly being heard in cyber-

space as well, and they are only likely to get louder. There are, as this chapter will show,

possible emerging norms, but no clear norms regarding behavior in cyber-space yet exist. It

is also unclear what existing international law applies or how it would be interpreted given

the differences between cyber-space and the physical world. This ambiguity and uncertainly

gives states greater room to create mischief and behave in ways they might not in the

physical world.487

This chapter will explore the efforts to create and interpret norms and international

law in cyber-space, and examine what role Israel has played. The central goal of this chapter

is to examine the what norms and international law exist in cyber-space and what questions

remain unanswered, and how Israel’s experience can inform and help clarify and answer

those debates and issues. Relatedly, the chapter will look at how Israel has used its advanced

cyber-abilities consistent with possible emerging norms calling for cyber-powers to help

487 Finnemore, Martha and Duncan B. Hollis. “Constructing Norms for Global Cybersecurity.” The American

Journal of International Law. Vol 110, No 3. 2016, p. 426; Choucri, Nazli. Cyberpolitics and International

Relations. (The MIT Press: Cambridge, MA: 2012), p. 171; Applegate, Scott D. “The Principle of Maneuver in

Cyber Operations.” 2012 4th International Conference on Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski

(Eds.) NATO CCD COE Publications, Tallinn, 2012, p. 4.

139

build capabilities in other nations and how Israel has used its compliance with that norm to

build its soft power.

Norms in Cyberspace:

There are many scholars who argue that norms are beginning to emerge in cyber-

space. The major cyber-powers, including the US, Russia, China, and Israel, as well as major

international corporations like Microsoft, have all expressed an interest in the creation of

norms and have taken part in trying to create them. These attempts to build norms have

occurred at the national, bilateral, and multilateral levels. Norms may be taking on an

increased importance to nations as a tool to increase cyber-security as they are an

inexpensive means to enhance security. Thus far, initial attempts to build norms have

generally been on a voluntary and nonbinding basis, instead of via the creation of legally

binding treaties.488

Countries’ decisions regarding whether to launch cyber-attacks appear to have a

socially constructed aspect to them. Cyber-attacks are generally only used in situations

where a rivalry exists between two states, and the decision is impacted by the system of

norms in place and the level of fear of retaliatory punishment from the international

community if an attack is launched.489 Regulatory norms (ones that prohibit or permit

particular behaviors) have already begun to emerge in cyber-space, as can be seen in

international agreements regarding the prohibition of cyber-crime.490 Those who believe

488 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity.” 489 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International

System. (Oxford: Oxford University Press. 2015), p. 51. 490 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 440.

140

norms are emerging admit, however, that no clear or universal norms yet exist regarding the

use of cyber-attacks. Instead, norms are beginning to emerge and will continue to do so.491

There is reason to believe norms are already emerging and will continue to do so. One

prominent example is an ultimately unsuccessful deal between the US and China. The US

and China initially reached an agreement in principle in 2015 to restrict the use of cyber-

espionage against each other’s private companies. As China engages heavily in such actions,

this was hailed as a major step. However, the deal quickly fell apart as China did not curb

the intrusions. As an effort to enforce the norms, the US responded by issuing arrest

warrants for Chinese hackers engaged in the attacks. This was a largely symbolic effort, as

China would have to arrest the attackers and they will not do so.492 Despite the failure of the

agreement, this is still important, as it made clear what the US expects in regards to behavior

in cyber-space and indicated that failure to follow that norm of behavior can lead to

punishments.

One norm that may be emerging is one where states show restraint in launching

cyber-attacks that could cause significant damage of any kind, including physical or

economic harm.493 This norm may have begun to arise for a range of reasons. There is a fear

that cyber-weapons can only be used once, so nations do not want to waste them. Further,

once the weapon is used, the target will have access to the code used to create the weapon

and can turn it back on the attacking state with some minor modifications.494 Another factor

491 Valeriano and Maness, Cyber War Versus Cyber Realities 492 Maness, Ryan C and Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed

Forces and Society. Vol 1, No 23. 2015, p. 15. 493 Valeriano and Maness, Cyber War Versus Cyber Realities; Maness and Valeriano, “The Impact of Cyber

Conflict.” 494 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The

Impact of Cyber Conflict;” Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.”

Institute for National Security Studies, Memorandum 117. May 2012.

141

restraining cyber-attacks is the fear that their use will lead to an escalation in hostilities.495

Along these lines, countries that can launch powerful and destructive cyber-attacks are also

the ones most reliant on cyber-space, thus they fear that if they launch cyber-attacks they

could end up suffering a greater loss than their target. In the physical world there are norms

against causing collateral damage, and it appears this norm might be carrying over into the

cyber-realm as well. Nations may be holding back from launching attacks over the fear of

causing collateral damage to citizens, a fear that is particularly acute as cyber-attacks that

accidentally expand beyond their targets can easily travel to nations that were uninvolved in

the dispute and end up expanding the conflict.496 Additionally, countries might be holding

back from launching attacks due to fears that they will be named and shamed, and then

sanctioned or isolated by the international community.497 While many of the reasons listed

here may not appear to be related to the creation of a norm, the restraining influence they

have on nations’ behavior could lead to an expectation that these weapons will not be

deployed, thus creating a norm.

Role of Institutions in Cyberspace – Institutions can enhance security. Membership

in regional or international organization encourages states to hold to common norms, rules,

and principles which can reframe national interests. Generally, institutions will arise after a

norm has already been agreed upon by the member states.498 Norms will then shift and

495 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The

Impact of Cyber Conflict.” 496 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 497 Valeriano and Maness, Cyber War Versus Cyber Realities, p. x, 4-5, 46, 59-60, 138; Maness and Valeriano, “The

Impact of Cyber Conflict.” 498 Choucri, Nazli, Stuart Madnick, Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current

Responses and New Challenges (Revised).” Information Technology for Development, 2013, p. 3.

142

evolve over time as regular interactions between actors help to shape expectations of

behavior.499 In cyber-space, the process may actually end up being reversed, with either new

or existing institutions developing the norms that will take hold. This may occur in large part

because cyber-space was built by the private sector and is still largely managed and owned

by private companies. While the US government played a major role in the creation of cyber-

space, the infrastructure and foundation of cyber-space is still privately owned. State

sovereignty in cyber-space is additionally a new concept, and the role of the state in cyber-

space is still unclear. For these reasons, there is good reason to suspect that institutions,

including private ones, and not states, will play the dominant role in creating any norms in

cyber-space.500 There is evidence this is already occurring at the private and supra-national

levels.

At the private level, groups ranging from tech giants to standards setting

organizations have been pushing for the creation of norms. Much of this effort began in

groups working at setting technical standards and enhancing cooperation between

government and industry. From there the goals have expanded, and now include efforts to

enhance the security and resilience of cyber-space and stressing efforts to enhance

collaboration between actors in cyber-space. This includes work by groups like the

International Organization for Standardization and the Information Security Forum, whose

members draw from academia and industry, as well as international political non-

governmental organizations such as Human Rights Watch.501

499 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 445. 500 Choucri, Madnick, and Ferwerda, “Institutional Foundations for Cyber Security: Current Responses and New

Challenges (Revised).” 501 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North

Carolina Journal of Law and Technology, Vol. 16, No. 3. 2015, p. 435-436, 440.

143

Existing supra-national organizations have also become involved in shaping norms.

The G-20 has endorsed a prohibition on cyber-espionage for commercial purposes. The

Organization for Security and Cooperation in Europe and the Shanghai Cooperation

Organization have both issued declarations regarding responsible behavior in cyberspace,

as have NATO, the European Union, ASEAN, and the African Union.502 There has not,

however, been agreement among these actors regarding what the appropriate norms should

be.

The United Nations (UN) has also been involved in efforts to create norms. The main

achievement of the UN in this regard has come from a group of nations named the UN Group

of Governmental Experts (UNGGE). The effort began in 2010 when the UN Information and

Communications Technology Task Force recommended that the UN push nations to create a

treaty regarding not only responsible use of cyber-weapons, but what would constitute

responsible behavior more broadly.503 That push has not yet led to a treaty, but it did lead

to the creation of the UNGGE in 2013 when the UN, for the first time, convened experts from

15 member states, including Israel, to discuss state responsibility and the applicability of

international law to cyber-space.504 The UNGGE has since issued yearly statements on

appropriate behavior in cyber-space based on the recommendations. The norms the UNGGE

sought to create include that countries should not allow their territory to be used to launch

cyber-attacks, enhanced information sharing between governments on existing threats,

protection for human rights including privacy and freedom of expression, states should take

502 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 439, 442; Benoliel, “Towards a

Cybersecurity Policy Model,” p. 441, 480. 503 Even and Siman-Tov, “Cyber Warfare: Concepts and Strategic Trends.” 504 Benoliel, “Towards a Cybersecurity Policy Model,” p. 441.

144

steps to protect their own infrastructure from attack, and prohibitions on cyber-attacks

against emergency response teams or critical infrastructure. Further, the UNGGE has called

for increased transparency regarding capabilities as well as confidence-building measures

between states, including regular dialogue through the UN and bilateral or multilateral

forums. The UNGGE also stressed that cooperation and confidence building will only succeed

if nations with more advanced capabilities assist with capacity-building in nations that have

not yet achieved the same level of technological advancement. This includes assisting with

securing critical infrastructure, developing technical skills and abilities, and advising on

strategies and legislation.505 While these pronouncements are important steps forward in

the creation of norms, the UNGGE’s decision has not become customary international law

and it is nonbinding.506

Treaties – While these efforts to begin to craft norms of behavior are important,

legally binding treaties with enforcement mechanisms are far more powerful tools, and are

sorely lacking in cyber-space.507 The international community is still at a very early stage in

this regard, and not much has been accomplished. The most successful treaty thus far

remains one signed in 2001. This was the Convention on Cybercrime, which was drafted by

the Council of Europe in conjunction with observer states. While this treaty has been

successful in enhancing cooperation between law enforcement agencies in states that have

signed or ratified it (including Israel, which has ratified it), it still has just 56 signatories. Not

505 Group of Governmental Experts. “Report of the Group of Governmental Experts on Developments in the Field of

Information and Telecommunications in the Context of International Security.” United Nations Group of

Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of

International Security, A/70/174, July 22, 2015. 506 Benoliel, “Towards a Cybersecurity Policy Model,” p. 441. 507 Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American, June 2016.

145

included on that list are both China and Russia which worried the treaty would infringe on

their sovereignty and ability to control information in their nations.508 While the treaty

creates regional norms, the lack of China’s or Russia’s ascension limits the treaty’s power as

a universal norm.

There have been proposals for treaties by most of the major cyber-powers.509 Russia

and the EU have pushed for a wide-ranging treaty that would create norms regarding the

types of weapons that could be developed and deployed in cyber-space as well as how

countries should interact. Thus far, the US has rejected such attempts, in part fearing they

would be unenforceable and would be abused by Russia.510 The US has pushed for treaties

that accept that the laws of armed conflict (LOAC) be adopted by all states when planning

and launching cyber-operations. This includes banning attacks on civilians and on critical

infrastructure during peacetime.511 Russia and China have been reluctant to accept these

proposals however.

The Limits of the Power of Norms in Cyberspace – Despite some hopeful signs, there

is reason to doubt that norms are emerging in cyber-space, or that it will even be possible to

craft norms that can be enforced.512 One major issue is that there are profound differences

between the cyber-powers, and these differences will make it nearly impossible to find

508 Choucri, Cyberpolitics and International Relations, p. 168; Finnemore and Hollis, “Constructing Norms for

Global Cybersecurity,” p. 437-438. 509 Hurwitz, Roger. “The Play of States: Norms and Security in Cyberspace.” American Foreign Policy Interests.

Vol 36. 2014. 510 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 106. 511 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.

61. 512 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 437-438; Even and Siman-Tov,

“Cyber Warfare: Concepts and Strategic Trends.”

146

agreement.513 Russia, China, and the US, the three most powerful nations in the world

system, have fundamentally different goals and desires regarding cyber-space. Where the

US and other Western states are interested in protecting freedom of speech, privacy, and

individual liberty on-line, Russia and China are primarily concerned with using information

campaigns on their own populations (and on citizens in other nations as Russia’s actions

regarding the 2016 US Presidential election illustrate) to control what they see and

believe.514 China is highly worried that calls for freedom of expression in cyber-space are

simply being used to undermine its regime.515 This is not an area on which compromise is

likely to be achieved due to the fundamentally contradictory nature of the goals.

Russia has also at times pushed for cyber-weapon arms control treaties that it claims

would limit the development of such weapons and create international supervisory systems

to ensure compliance. Western states have not inherently opposed the goal, but have

greeted the Russian push for such a treaty with great suspicion. Part of the reason is that

Western states fear Russia is simply attempting to create a treaty that will limit political

speech and action in cyber-space. Additionally, the US has expressed skepticism that any

new international agency would be needed, instead preferring to rely on cooperation and

existing international law. Doubts on the efficacy of enforcement have also been key to US

objections. This stems mainly from the difficulties in attributing attacks. The US therefore

fears that Russia would simply blame its attacks on the US on non-state actors in order to

513 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,

2010, p. 18; Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”

Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.

Policy. 2010. http://www.nap.edu/catalog/12997.html, p. 194. 514 Hurwitz, “The Play of States.” 515 Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected

Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 73.

147

continue its offensive actions while pretending to be in compliance with the treaty. The US

is also concerned that Russia is simply attempting to close the gap with the US’s superior

capabilities by restraining US capabilities but not impacting Russia’s.516

For the US, the main concern has been the theft of intellectual property. This danger

mainly arises from China, which is notorious for such cyber-espionage. China has been

accused of using widespread cyber-espionage against US companies in order to steal

intellectual property to advance China’s economy. The US views such actions as a threat to

America’s economic strength and strategic advantage as a center of innovation.517 The US

and China briefly came to an agreement to halt such actions, as mentioned above, but the

deal quickly unraveled. This is in major part because the interests of the two sides are

diametrically opposed. Further, it would be very difficult to create an enforceable treaty in

this regard that would also contain penalties severe enough that it would deter China from

engaging in an activity that has been highly valuable to its economy and thus, in China’s eyes,

to its national security.518

Further decreasing the chances of success, relations between the US and China as well

as the US and Russia have been deteriorating in cyber-space and overall.519 This is evidenced

by the US indictment of the Chinese hackers as well as Russia’s efforts to use cyber-space to

undermine the integrity of the US electoral system. As relations between these countries

have soured, so have the chances of finding agreement on a treaty regarding interactions and

behaviors in cyber-space. If the dominant countries cannot agree, treaties can still be struck

516 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 437-438; Even and Siman-Tov,

“Cyber Warfare: Concepts and Strategic Trends.” 517 Tabansky, “Cybercrime,” p. 73; Hurwitz, “The Play of States,” p. 329. 518 Hurwitz, “The Play of States,” p. 329. 519 Maness and Valeriano, “The Impact of Cyber Conflict,” p. 15.

148

by other nations, but it will be difficult for any norms those treaties might create to take effect

if powerful nations will not abide by them.

In addition to these differences complicating efforts at a treaty, cyber-capabilities

have become a central component of nations’ national security strategies and cyber-space

has become a critical support mechanism for modern warfighting as Israel’s experience in

Operation Cast Lead demonstrates.520 Cyber-weapons have already been shown to be useful

at achieving a range of effects, from disabling enemy radar systems, to jamming

communication systems, to supporting troops in the field, to, in the case of Stuxnet, causing

physical damage. New advances and capabilities continue to be developed as well.521 Due

to the fact that countries are still discovering what these weapons can do, and the central

role they already play, it is highly unlikely that treaties could be reached that would restrict

the use of cyber-weapons as part of war, limit the use of cyber-espionage against other states,

or place any control on how a country thinks it could use cyber-space to enhance its national

security.522

Barring a new way to discover and monitor cyber-weapons, verification challenges

would make the enforcement of any treaties difficult.523 It would be fairly simple to destroy

evidence of cyber-weapons as inspectors arrived; a flash drive could do the trick.524 Further,

just as in the physical realm, it would be very hard to tell if a particular weapon was created

to launch attacks or to be used only as part of a counter-attack.525 In addition, the difference

520 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 192-193. 521 Brown, Cameron S. and David Friedman “A Cyber Warfare Convention? Lessons from the Conventions on

Chemical and Biological Weapons.” In Arms Control and National Security - New Horizons, eds. Emily B. Landau

and Anat Kurz, Memorandum No. 135, Tel Aviv - Institute for National Security Studies, 2014, p. 56. 522 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 191. 523 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 192-193. 524 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 61. 525 Jervis, Robert. “Cooperation Under the Security Dilemma.” World Politics. Vol 30, No 2 1978, p. 202.

149

between computer code that creates a cyber-weapon and that which is used for other

purposes can theoretically come down to a single line of coding. Dual-use technology is an

issue here as it might be difficult to tell if software had written for military purposes or

another purpose.526 Therefore, even under the best of circumstances, it will be very difficult

to tell what the purpose of any particular program is.

Along these lines, private companies play a major role in cyber-space and in the

development of at least some of the technology that is used to create cyber-weapons. Any

treaty would therefore need to include some sort of inspections on them, which would be

fought against strongly by these companies. This is in large part over fears of industrial

espionage.527 Further, complicating the picture, many of the people involved in planning and

developing cyber-attacks are not part of militaries. This makes it that much harder to

determine who should be targeted by any treaty and expands the ways that states can avoid

detection if they choose to violate the norms.528

Attribution is another major challenge as was discussed in the previous chapter.

Norms cannot work to constrain behavior if attribution cannot be determined as a state

cannot be held accountable for its actions.529 Cyber-attacks may not be uncovered for years,

if they are uncovered at all. Cyber-weapons are not always as easily identifiable and

attributable as weapons in the kinetic realm. Thus, the types of weapons control treaties

that are successful in the physical world may not be relevant to cyber-space.530

526 Brown and Friedman, “A Cyber Warfare Convention?” p. 56. 527 Brown and Friedman, “A Cyber Warfare Convention?” p. 57. 528 Crosston, Matthew. “Duqu’s Dilemma: The Ambiguity Assertion and the Futility of Sanitized Cyberwar.”

Military and Strategic Affairs. Vol. 5, No. 1, 2013, p. 120-121. 529 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 60. 530 Brown and Friedman, “A Cyber Warfare Convention?” p. 57.

150

Conclusion – Overall, at this stage the creation of large multi-lateral treaties is highly

unlikely.531 This does not mean, however, that it is a lost cause. There are still areas of

agreement, and there does appear to be a shared desire to reduce the dangers cyber-spaces

poses to national security. While treaties and norm creation are likely not going to be

possible in areas states view as key to their visions of national security, there are still issues

that can be discussed, and perhaps more importantly, areas where cooperation can begin to

occur.532 Even if this cooperation starts out small and on a limit range of issues, it is possible

to use successes in those arenas to build trust and over time expand into more difficult issues.

Even norms that receive insincere conformity from actors can slowly begin to shape the

realm of what is possible and push all state actors towards genuine compliance.533 Currently,

cyber-attacks by states have been increasing, yet, the severity of those attacks have not. The

longer the world goes without large-scale and devastating cyber-attacks, the more likely it

becomes that a norm emerges against the use of such attacks and states will set up rules to

ensure those norms become enforceable through treaties.534 In the end, norms and

pronouncements against attacks are useful, but they are not nearly as useful as formal

treaties and commitments.535 The road appears to be long, but working toward that goal is

worth the effort.

International Law:

International law plays an important role in constraining state behavior, as Garcia

531 Nye, “Cyber Power,” p. 18. 532 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 180. 533 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 443. 534 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 63. 535 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 205.

151

(2014) states, “there is little progress in international relations without progress in

international law.”536 It is arguable that international law is the tool best suited for

regulating weapons in the physical realm. When laws have not existed, arms races have

inevitably followed. Using force to attempt to control weapons development has generally

failed and has often been counterproductive.537 Thus, it is possible that international law

will be the tool that is most effective in controlling behavior in cyber-space as well.

A critical question in that regard is whether existing laws apply to cyber-space, and

whether they really fit considering the differences between the physical and cyber-realms.

There is strong disagreement on this question.538 The US has embraced the idea that existing

international law applies as is, stating so unequivocally in its International Strategy for

Cyberspace. By contrast, neither China nor Russia appear to support the conclusion that it

applies as is.539

Arguably the most important and well known attempt to apply international law to

cyber-space is the Tallinn Manual, which was published in 2013. It is the culmination of a

three-year effort (on which work continues as of 2017) by twenty international experts,

known as the International Group of Experts (IGE), on international law. The Tallinn Manual

was developed under the auspices of NATO’s Cooperative Cyber Defnse Centre of Excellence,

but is non-binding, including on NATO and its members. The goal of the project was to help

build customary international law that would become binding over time on all nations.

536 Garcia, Denise. Disarmament Diplomacy and Human Security: Regimes, Norms and Moral Progress in

International Relations. (New York: Routledge, 2011), p. 1. 537 O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and

WMDS.” Washington University Global Studies Law Review, Vol 13, No 515. 2014, p. 517. 538 Eichensher, Kristen E. “Cyberwar & International Law Step Zero.” Texas International Law Journal. Vol 50, No

2. 2015; Nye, “Deterrence and Dissuasion in Cyberspace,” p. 47. 539 Eichensher, “Cyberwar & International Law Step Zero,” p. 364.

152

Therefore, each of the rules the Tallinn Manual lays out are adopted by consensus (with any

differences in opinion regarding application included as commentary). The overall

conclusion of the IGE was that existing laws do apply to cyber-space, albeit sometimes with

modifications to adjust for differences in cyber-space.540

Much of the question regarding the applicability of international law revolves around

the UN Charter and Articles 2(4) and 51. Article 2(4) states: “All Members [of the United

Nations] shall refrain in their international relations from the threat or use of force against

the territorial integrity or political independence of any State, or in any other manner

inconsistent with the Purposes of the United Nations.” Article 51 reads as follows: “Nothing

in the present Charter shall impair the inherent right of individual or collective self-defence

if an armed attack occurs against a Member of the United Nations, until the Security Council

has taken measures necessary to maintain international peace and security.” These

principles underpin much of international law. The central issues for this chapter are that it

is not clear in cyber-space what a “use of force” or “armed attack” are, or what it means to

engage in “self-defense.”

The distinction between an “armed attack” and a “use of force” is important. An

armed attack triggers the right to self-defense, where as being targeted by a use of force does

not, but the use of force can still be met with sanctions and retaliatory measures short of self-

defense. There is general agreement that determining if an armed attack has occurred in

540 Tallinn Manual on the International Law Applicable to Cyber Warfare. Edited by Michael N. Schmitt.

(Cambridge, New York: Cambridge University Press, 2013).

153

cyber-space necessitates basing that decision on the effect of that attack. In essence, what

was the level of damage caused, and what was targeted.541

While there is general agreement that an armed attack in cyber-space triggers the

right to self-defense, there are competing schools of thought regarding when the threshold

is crossed and an act becomes an “armed attack.” One group holds that an armed attack in

cyber-space requires that there be physical damage or death as a result of the attack. This is

the position of the Tallinn Manual.542 Others, including the US government, contend this

definition does not go far enough. They argue that in addition to attacks that cause

destruction or death, it is important to look at the broader context and examine what the

target of the attack was and what the goal of the attack was. An attack targeting critical

infrastructure that does not lead to physical destruction could still be an armed attack under

this argument depending on the damage done and the context surrounding it.543 The

argument of the US government is, therefore, that there is no inherent threshold for what

qualifies as an armed attack.544

There are also calls to modify the existing definition of armed attack due to the new

types of dangers cyber-space poses. The argument is that cyber-attacks can destabilize

economies, which is a threat to national security. Thus, attacks that, for instance, destroy

financial data should be considered as armed attacks if they are severe enough.545 The

541 Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors.” International Law Studies. Vol

89. 2013; p. 415; Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and Tallinn Manual

Juxtaposed.” Harvard International Law Journal, Vol 54. 2012, p. 21-22; Tallinn Manual on the International Law

Applicable to Cyber Warfare; Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of

National Security Law and Policy. Vol 4, No. 63. 2010. 542 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 415; Schmitt, “International Law in

Cyberspace,” p. 21-22; Tallinn Manual on the International Law Applicable to Cyber Warfare. 543 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 415; Schmitt, “International Law in

Cyberspace,” p. 21-22. 544 Schmitt, “International Law in Cyberspace,” p. 21-22. 545 Eichensher, “Cyberwar & International Law Step Zero,” p. 373.

154

Tallinn Manual authors diverged on this point and were unable to find a consensus view.546

Thus, overall it remains unclear exactly what constitutes an armed attack in cyber-space.

The definition of “use of force” has overlap with “armed attack,” but is more expansive

given that being a victim of a use of force does not necessarily allow a country to engage in

self-defense (though when the use of force results in destruction or death there is agreement

that prohibitions on use of force and armed attacks are broken and self-defense is triggered).

There is again nearly unanimous agreement that cyber-attacks resulting in destruction or

death are a use of force. From there the question again becomes less clear. Here again, the

generally accepted conclusion is that determining if a use of force has occurred is effects

based.547 The problem lies again in attacks that do not cause death or destruction. There is

agreement that such attacks can qualify, but where that threshold lies is unclear. The IGE

recommends that attacks be examined based on the following central criteria: severity (how

much damage is caused), “immediacy (the speed with which consequences manifest),

directness (the causal relation between a cyber operation and its consequences),

invasiveness (the degree to which a cyber operation intrudes into targeted systems),

measurability of the effects, military character of the cyber operation, extent of State

involvement, and presumptive legality (acts not expressly prohibited by international

law).”548 The IGE goes further as well, arguing that the target can be of importance (military

or critical infrastructure), the attacker’s identity and track record, and the broader

546 Tallinn Manual on the International Law Applicable to Cyber Warfare, p. 56. 547 Schmitt, “International Law in Cyberspace,” p. 19; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 11, supra note 5, R. 11 cmt. 8. 548 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 11 cmt. 9.

155

geopolitical context of the attack.549 In general, all actors agree that the threshold for use of

force is lower than that of an armed attack.

There is generally consensus that a series of low-level attacks occurring all at once or

spread over time that combine to create damaging effects can qualify as either an armed

attack or a use of force. This is a very important issue to states like Israel that face nearly

constant barrages of such low-level attacks. The IGE and many others generally agree that if

the attacks originate from the same actor (or group of actors working together) and there is

accumulation of effects severe enough to meet the definition of use of force or armed attack,

then the targeted state would be justified in responding as allowed under international law

for either use of force or armed attack.550 It remains debated, however, if cyber-espionage

can quality as a use of force, even if it is conducted over a long period of time and against

sensitive targets.551

In regards to state support for non-state actors, the consensus appears to be that

states can be held responsible for non-state actors’ behavior, but only under certain

situations. A nation targeted by a non-state group would not be able to claim it was a victim

of a use of force or armed attack by another state if the state from which the group operates

is only providing sanctuary but no further support. If, however, a state offers cyber-weapons

to a group to use against another state, the state that provided the cyber-weapon has, if the

effects rise to the level required, engaged in a use of force or an armed attack.552

549 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 11 cmt. 10. 550 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 417; Schmitt, “International Law in

Cyberspace,” p. 22-23; Tallinn Manual on the International Law Applicable to Cyber Warfare, supra note R. 13

cmt. 8. 551 Lin, “Offensive Cyber Operations and the Use of Force,” p. 78. 552 Schmitt, “International Law in Cyberspace,” p. 20; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 11 cmts. 4,5.

156

The protection of civilians raises additional questions regarding how to apply

international law in cyber-space. In international law, the law of armed conflict (LAOC)

governs how states are allowed to behave during armed conflict. It consists of a wide range

of laws from a variety of sources, including the Geneva Conventions, customary law, and

treaties. A main goal of LOAC is to decrease the suffering of persons not participating in the

conflict, in other words, civilians.553 Targeting of civilians is strictly forbidden, as is failing

to take steps to limit collateral damage.554 Attackers must take steps to ensure that they hit

targets that provide military advantage while causing as little damage to civilian

infrastructure as possible.555 These protections arise mainly from the Geneva Conventions

and the Rome Statute.556

Cyber-weapons pose some interesting issues in this regard. It is possible that states

have been showing restraint in deploying cyber-weapons due to fears they will cause

collateral damage.557 Cyber-weapons can escape from their original target and do damage

elsewhere. Therefore, there is an inherent danger to the use of such weapons. On the other

hand, cyber-weapons can be programmed to be far more discrete than other types of

weapons. They can be coded in ways that will only allow them to activate and cause damage

either in specific networks or computers, or under certain conditions. This could actually

decrease the likelihood of causing collateral damage to civilians.558 This uncertainty as to

the level of collateral damage cyber-weapons cause complicates efforts to apply

553 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 420. 554 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 77. 555 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 434-435. 556 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 426-427. 557 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 62. 558 Russell, Alison Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge

Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge.

2016.), p. 197-198.

157

international law to cyber-space as it is not clear what the impact of cyber-weapons are on

civilian systems.

The issue of so-called “dual-use” technology further complicates the issue. Dual-use

technology is anything that has both civilian and military uses, such as GPS systems.559 While

this can be a problem in the physical realm, it is a major concern regarding the ability to

apply LOAC to cyber-space. Military and civilian networks heavily overlap, and in no country

are the two systems fully separate. This can manifest in many ways, for example, cyber-

weapons that target military equipment might also end up damaging the same systems used

in commercially available equipment, and attacks on communications networks which are

used by the military are also networks likely to be used by civilians. This means that in many,

if not most, cases, attacks on “military” targets will also be attacks on “civilian” ones. There

is thus an argument that LOAC cannot be successfully applied to cyber-space. If you cannot

delineate or clearly separate military and civilian networks, it then becomes impossible to

say when civilians are being targeted and an action should be illegal. This further

complicates questions as to what qualifies as an act of war or a war crime.560

There appears to be a consensus, however, that LOAC can still be applied even if these

lines are not always clear. LOAC does not completely prohibit an attack if there will be

incidental damage to civilians anyway. In the physical realm, harm to civilians can occur as

long as the damage is not excessive in relation to the military advantage the attack gains.

This standard can apply to cyber-space.561 The IGE argued that in cases where it is not

possible to determine what parts of a network are used for civilian purposes vs. military

559 Brown and Friedman, “A Cyber Warfare Convention?” p. 55. 560 Crosston, “Duqu’s Dilemma.” 561 Crosston, “Duqu’s Dilemma.”

158

purposes, the entire network can be considered as a military objective for a cyber-attack.562

More complicated is the question of social media networks. Social media sites such as

Facebook and Twitter have been used in some recent conflicts to convey military

information. In such cases, the IGE came to the opinion that those facets of the social media

sites would be legitimate targets, but the network as a whole would not.563

Israel, Norms, International Law and Cyber-Space:

Israel has had a complex relationship with the building of norms in cyber-space. As

part of the UNGGE, Israel played a central role in one of the only major attempts to build

universal cyber-norms, and has been supportive of its recommendations. Israel’s actions

have generally also been consistent with the UNGGE recommendations. Israel has protected

its critical infrastructure and defended free speech and expression in cyber-space. Israel has

also engaged in confidence building measures, including working closely with the US and a

small number of other nations. Further, as will be discussed in the following section, Israel

is playing a role in helping other states to boost their cyber-defenses. How Israel views the

norm against attacking critical infrastructure in enemy states is less clear. As noted in the

previous chapter, Israel is reported to be developing cyber-weapons that can target potential

adversaries’ critical infrastructure. Eviatar Matania, the head of the NCB, has questioned if

such a norm can even exist since there is no universally accepted definition of what critical

infrastructure is.564 However, no evidence suggests Israel has actually targeted critical

562 Schmitt, “International Law in Cyberspace,” p. 30; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 39 cmt. 3; Eichensher, “Cyberwar & International Law Step Zero,” p. 375. 563 Schmitt, “International Law in Cyberspace,” p. 30; Tallinn Manual on the International Law Applicable to Cyber

Warfare, supra note 5, R. 39 cmt. 4. 564 Uchill, Joe. “Israel Cyber Head: US-Backed Cyber Norms Too Broad.” The Hill, September 13, 2016.

http://thehill.com/policy/cybersecurity/295651-israel-cyber-head-us-supported-cyber-norms-too-broad

159

infrastructure. While it is possible that Israel has not done so because it has had no need to

and does not want to waste the weapon, it is also possible to argue that a norm against such

attacks is beginning to take hold. The longer the world goes without such an attack, the more

a norm is likely to develop against doing so.

Despite Israel’s participation in the UNGGE, Netanyahu has expressed doubts that a

universal code of norms in cyber-space can be created and applied, and Matania has stated

that he believes that the universal norms the US proposed in 2016 were too broad to be

implemented. This may stem in part from the disproportionately harsh treatment Israel has

received at the UN, but the doubt appears to stem more from worries that consensus will be

hard to build and that countries will not abide by the norms, thus handcuffing states that do.

This fear too, is based in Israel’s previous experiences with international norms and laws.

Four nations that have engaged in armed conflict with Israel in the Middle East have violated

the Non-Proliferation Treaty, and three have violated bans on chemical and biological

weapons. At the same time, both men have expressed support for the creation of regional

norms by like-minded nations that can then impose coordinated sanctions on nations that

violate them.565 Thus, despite Israel’s doubts regarding the creation of universal norms,

Israel still believes that norms are an important tool in promoting cyber-security.

Israel may also be hesitant to create new norms and laws limiting the use of cyber-

space as it has an advantage over its adversaries in this realm. It is unlikely that Israel, or

other cyber-powers, would want to create limits to their capabilities, particularly given the

565 Uchill, “Israel Cyber Head: US-Backed Cyber Norms Too Broad;” Segal, Adam. “The Middle East’s Quietly

Rising Cyber Super Power.” Defense One, January 27, 2016.

http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-

power/125472/#.Vq1gjEdsNqE.mailto

160

novel nature of cyber-space and cyber-weapons. This does not mean there is not hope that

agreements and understandings can be reached. Israel, for example, would likely be more

open to laws and norms regarding protection of critical infrastructure or cyber-crime.

Israel’s actions and experience in cyber-space provide insight regarding the interplay

of cyber-weapons and international law. Stuxnet is a primary example. There is general

consensus that under international law, the use of Stuxnet was illegal.566 The is regarding

whether it was a use of force or an armed attack. In this regard, despite the physical

destruction it caused, expert opinion is generally that Stuxnet was an illegal use of force, but

that it was not an armed attack as the level of destruction was not great enough.567 This

means that under international law Iran would not be entitled to act in offensive self-defense.

That Stuxnet caused physical destruction, but is generally not viewed as an armed attack,

raises some doubts regarding the ease of applying existing international law to cyber-space.

In regards to protection for civilians, Stuxnet is also instructive. While Stuxnet did

escape its intended target, it did not cause collateral damage. The designers of the cyber-

weapon may have failed to account for all the ways that it could escape and infect outside

machines, but they were able to code Stuxnet in such a way that its escape did not really

matter. Stuxnet could only cause damage inside Iran’s nuclear weapons enrichment

facilities.568 This would seem to show that international law and normative requirements

played an important role in how Stuxnet was designed and developed.

566 O’Connell, “21st Century Arms Control Challenges,” p. 519; Tallinn Manual on the International Law Applicable

to Cyber Warfare. 567 O’Connell, “21st Century Arms Control Challenges,” p. 525; Tallinn Manual on the International Law Applicable

to Cyber Warfare. 568 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow (2015) Cyber

Denial, Deception and Counter Deception. Advances in Information Security, Vol. 63 (Springer: New York), p. 63.

161

The constant barrage of cyber-attacks Israel faces provides an interesting case to

consider regarding issues related to self-defense. Israel has faced numerous rounds of

coordinated cyber-attacks. It is not clear if Israel can invoke self-defense against them,

however. Most of the attacks have been low level incidents, which could be grounds to

invoke self-defense if they caused damage. Israel likely cannot, however, invoke self-defense

as the attacks have not caused significant damage. Complicating matters, most of these

attacks are launched by non-state actors, many of which have ties to Iran. Should any of

these efforts cause significant damage, Israel, under international law, might have the right

to invoke self-defense against either Iran, if it supplied the weapons,569 or against the non-

state actors themselves. This second contention is more controversial and it is not clear if

states can invoke self-defense against non-state actors. Article 51, however, does not specify

that armed attacks must be launched by state actors, so a good case can be made that it is

legal to invoke self-defense against them.570 There are a number of states that do in fact

claim this right in cyber-space. Israel is one of them.571 Thus, Israel appears to be trying to

help push international law and norms toward a position that would allow nations to invoke

self-defense against non-state groups. Considering Israel’s history of being targeted in

cyber-space and the physical world by non-state actors, this is not surprising.

569 Blank, “International Law and Cyber Threats from Non-State Actors;” Schmitt, “International Law in

Cyberspace,” p. 20. 570 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 413. 571 Blank, “International Law and Cyber Threats from Non-State Actors,” p. 414.

162

Capacity Building and Soft Power:

One of the norms that the UNGEE report hoped to create was for countries with

advanced capabilities to work with nations that are less advanced and help them boost their

cyber-security. Israel has taken steps that appear to both support the creation of this norm,

and benefit Israel directly. Whatever its intentions, Israel’s actions in this regard could be

an important step in ensuring this norm becomes more commonly accepted. One way in

which norms can emerge is when powerful countries offer incentives to other nations.572 In

cyber-space, for example, non-state actors or governments can offer technical assistance to

other actors in exchange for setting up CERTs or modifying behaviors.573 Cyber-space is

particularly well suited for this approach to setting norms as no country can address the

dangers on their own.574 International collaboration is critical to building strong cyber-

defenses, so offers of assistance by strong states are powerful incentive. Israel, to this point,

has been a pioneer in cyber-diplomacy.

Netanyahu has expressed a desire to not only use cooperation in cyber-space to boost

Israel’s national security, but additionally to view it as a public good that can improve

security around the world. This cooperation has involved inter-government interactions,

including with neighboring Arab states. Israel has also allowed private sector cyber-security

firms to work with and provide tools to foreign governments as a way to boost

cooperation.575 In June of 2016, for example, the World Bank organized a workshop in Tel

572 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 449. 573 Finnemore and Hollis, “Constructing Norms for Global Cybersecurity,” p. 452. 574 Clarke, Richard A. and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do

About It (Ecco: HarperCollins Publishers, 2012); Choucri, Cyberpolitics and International Relations, p. 150-151,

156. 575 Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington

Quarterly. Vol 40, No 2. 2017, p. 124.

163

Aviv between eight developing nations and Israel’s Ministry of Economy and the NCB so the

developing nations could learn how to boost their cyber-security abilities from Israel. Israel

stressed that it saw this meeting as a chance to boost capacity in the developing states and

thus improve cyber-security for all the nations involved.576 Additionally, in 2016, a private

Israeli security company, Vital Intelligence Group, announced that it was setting up

academies in India that would provide cyber-defense training to India’s government and

private citizens.577 In 2017, Israel and India agreed to discuss how to institutionalize their

cyber-security cooperation.578

For Israel, this has the benefit of not only fulfilling the goal of building capacity in

other nations, but boosting Israel’s soft power as well. Israel appears to be attempting to use

the incentive of cyber-assistance through a possible developing norm of capacity building to

boost relations with the nations it offers assistance to. This has become one of the main tools

Israel uses to try to improve its international standing. Israel provides assistance and in

exchange requests that the nations it helps take a more friendly approach in international

forums, such as the UN. The long-term hope is that Israel can even use cyber to help

normalize relations with its Arab neighbors, some of which have received assistance from

Israel in this realm.579

576 World Bank. “Israel Shares Cybersecurity Expertise with World Bank Client Countries.” The World Bank. June

22, 2016. http://www.worldbank.org/en/news/feature/2016/06/22/israel-shares-cybersecurity-expertise-with-world-

bank-client-countries 577 INSS. “Global Cyber Bi-Weekly Report - Sep 1, 2016.” Institute for National Security Studies. September 2,

2016. https://www.dcoi-conference.org/single-post/2016/09/02/Global-Cyber-Bi-Weekly-Report---Sep-1-2016 578 Gupta, Shishir. “India, Israel to Enlarge Web of Ties, Institutionalise (sic) Cyber Security Dialogue.” Hindustan

Times. May 21, 2017. http://www.hindustantimes.com/india-news/india-israel-set-to-enlarge-web-of-ties/story-

zE5EZAxjGDTvRXmHMXwWEO.html 579 Adamsky, “The Israeli Odyssey Toward its National Cyber Security Strategy,” p. 124.

164

In that regard, Israel has also found there are dangers to offering assistance to other

nations. In 2016, the United Arab Emirates attempted to hack into a human rights worker’s

phone using a cyber-weapon that had been developed by a private cyber-security company

in Israel.580 As a major cyber-power, Israel is helping to determine what norms will be. This

is an area in which Israel should be careful. Such actions undermine stated commitments to

ensuring freedom of expression in cyber-space and commitment to democracy more

broadly. Further, Israel should be wary of helping to create a norm that would allow such

behaviors. Using cyber-space to improve relations is a valuable tool, but Israel should be

careful to strike a balance between enhancing its own standing and setting responsible

norms.

Concluding Observations:

Norms do not appear overnight. This is particularly true regarding new weapons

systems.581 Developing those norms will take time and careful thought. Simply applying

what is used in the physical world to cyber-space may not prove effective. While applying

existing international law and norms to cyber-space as a stop gap measure to try to help

prevent harm might be a valuable idea, this is not a long-term solution.582 Scholars and

practitioners should pay careful attention to what is really happening in cyber-space before

attempting to apply old norms to it or build new ones. Norms are only effective if they are

based in their context.

580 Druckman, Yaron, Saul Sa’arhaas, and AP. “Apple boosts iPhone security after Mideast spyware discovery.”

YNetNews. August 26, 2016. http://www.ynetnews.com/articles/0,7340,L-4846422,00.html 581 Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945

(Cambridge Studies in International Relations). (Cambridge University Press 2008), p. 442. 582 Eichensher, “Cyberwar & International Law Step Zero,” p. 378.

165

As is always the case when discussing norms and international law, underlying all of

this is the question of enforcement. There is no supra-national body with the power to

enforce international law or police norm violations. Realists would argue that for this

reason, international law has a very limited ability to overcome the anarchy inherent to the

world system. Countering this, Israel’s example shows that efforts are beginning to take

shape to create norms and apply international law to how countries determine how and

when to use cyber-weapons, and that they do appear to have at least some impact on state

behavior. Further, attempts to create such norms and international law will never have

perfect compliance, just as is true in the physical realm. That does not mean these attempts

do not have value. Countries sign onto these types of agreements, such as prohibitions

against genocide, because they bring benefits that outweigh the costs associated with

compliance.583

Recommendations:

Find Compromise – Creating norms or finding agreement on remaining questions

regarding international law will be a major challenge. Therefore, the most productive path

moving forward is to attempt to identify where agreement might be possible.584 The area

that seems most ripe for an agreement is regarding protecting against attacks on critical

infrastructure, despite disagreements on what qualifies as critical.585 Israel should also push

583 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 205. 584 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p. 180. 585 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” pp.193, 206; Valeriano and Maness,

Cyber War Versus Cyber Realities, p. 192; Clarke and Knake, Cyber War, p. 270; Nye, “Deterrence and Dissuasion

in Cyberspace,” p. 61; Honegger, Barbara. “Former Counterterrorism Czar Richard Clarke Calls for New National

Cyber Defense Policy to Prevent a Cyber 9/11,” Naval Post-Graduate School. August 30, 2010.

https://web.nps.edu/About/News/Former-Counterterrorism-Czar-Richard-Clarke-Calls-for-New-National-Cyber-

Defense-Policy-to-Prevent-a-Cyber-9/11-.html

166

to ensure there is agreement that protections for civilians in the physical world are broadly

accepted as applying to cyber-space as well.586 Israel has already shown its support for such

protections through it actions, so this would simply be a public push in support of what Israel

already does in practice. It may also be possible to reach an agreement in which states

commit not to be the first to use cyber-weapons in a conflict.587 This will be harder to

achieve, but even if states to do fully adhere to it, it could be a valuable deterrent to an

expansion in the use of cyber-attacks. As discussed, it is probable that in cyber-space existing

organizations or new bodies will take leading roles and formulate new norms, thus, Israel

should focus on helping to shape the administrative structure and function of existing or new

bodies to shape what norms emerge. Any agreements that do emerge will require that states

determine what responsibilities they will have under the agreement, what types of activities

are covered, and what the punishments are for failing to meet them. To be effective, even if

norms arise out of an existing body, it may also be necessary to establish a new international

body focused solely on these issues to ensure requirements are being met.588

Any agreement that is reached will also have to be flexible due to the novel nature of

states’ ability to exploit cyber-space. For example, the Convention on Cybercrime allowed

states to exempt themselves from prosecuting particular crimes and further permitted that

they could withhold cooperation if they viewed enforcement of a particular statute to be

inconsistent with their domestic policies or national security concerns.589 While clearly this

weakens any treaty or agreement, it might be a necessary step to get countries to agree, and

586 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” pp.193, 206. 587 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.

61. 588 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements.” 589 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements,” p.185.

167

agreements can later be modified and strengthened later on. Thus, Israel should be willing

to be flexible.

Global Problems Need Global Solutions – While Israel can, and should, strike bilateral

deals regarding cyber-security, and despite its expressed reservations, Israel should work

towards helping to create a basic set of global norms, laws, and institutions that can help

contain the anarchy of cyber-space.590 As with climate change, cyber-security requires

countries to work together to address challenges. Individual efforts are a good starting point,

but will not enough. Currently, in much of the world cyber-security is viewed as a national

interest, not a global or international one.591 Israel has begun to view it differently as its

work with developing countries and nations such as India or the US shows. Israel can begin

to encourage other nations it cooperates with to view cyber-threats in this new way as well.

Israel, and any interested state, should attempt to play an active role in the creation

of new laws and norms, as the more involved a role a state adopts in relevant international

forums the greater its ability to protect its interests and to shape the future system.592 Israel

should not reject the usefulness of universal international norms or law. Even if, for instance,

some UN bodies have treated Israel unfairly, the UN has done much good, and it would be a

mistake for Israel not to participate in UN backed efforts. To this point, Israel played a major

role in the 2013 UNGGE report, and it can do so again. If universal norms backed by a

powerful body like the UN do exist that ban states or non-state actors attacking critical

590 Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in

International Relations.” International Studies Review. Vol. 15, No. 1. 2013. 591 Benoliel, “Towards a Cybersecurity Policy Model,” p. 440. 592 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153, 2016.

168

infrastructure, as often occurs to Israel, then Israel can name and shame those involved. This

will only produce results, however, if Israel stays involved in crafting such norms and assists

with maintaining and working to enforce such norms.

169

Chapter 5 – Countering Malicious Non-State Cyber Actors: The Israeli Experience

Technologically advanced nations have grown increasingly dependent on the cyber-

realm across the private sector, government, and military. This dependence creates an

expanded range of novel ways that hostile actors can launch attacks that can inflict harm and

threaten national security.593 State actors with massive resources pose an obvious threat in

cyber-space, but less studied is the growing danger that non-state actors pose. In cyber-

space, as is increasingly true in the physical realm as well, states are not the only actors of

importance. Non-state actors play a major role in cyber-space from creating standards and

norms, to developing and maintaining the backbone of the cyber-realm, to launching cyber-

attacks.594 States do not enjoy anything resembling a monopoly on violence in cyber-

space.595 Non-state actors have the ability to conduct espionage, hack weapons systems,

instigate diplomatic crises, and even, theoretically, to cause physical damage in cyber-

space.596

Nations have struggled to establish centralized control or a monopoly on the use of

force in the cyber-realm which has opened the door for non-state actors to become an

important security concern.597 The open nature of the internet exacerbates this challenge.

The internet was not designed with security in mind. It was initially intended to be used by

593 Nye, Joseph S. The Future of Power (New York: Public Affairs, 2011), p. 207-208; Nye, Joseph S. Cyber Power.

Harvard Kennedy School, Belfer Center for Science and International Affairs, 2010, p. 4. 594 Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012), p. 31, 155;

Lindsay, Jon R and Lucas Kello “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2.

2014, p. 189; Nye, “Cyber Power,” p. 1. 595 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International

System. (Oxford: Oxford University Press. 2015), p. 30; Nye, “Cyber Power,” p. 23. 596 Kello, “Correspondence,” p. 188. 597 Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The

MIT Press, 2010); Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked

Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013.

170

people who trusted one another, meaning there was little need to work in security measures.

This design survives today, and has made it easier for many players, from states to non-state

actors, to launch attacks.

Non-state actors have a diverse range of targets. While some target national security,

governmental, or military networks, many others target the civilian sector and critical

infrastructure. On the economic level, the damage done by non-state actors through attacks

on banks, stolen intellectual property, identity theft, and similar attacks in cyber-space is

significant. Estimate vary widely, with former Interpol President Khoo Boon Hui stating that

US banks alone lose roughly $900 million a year. Other estimates of the damage to the world

economy range from roughly $12.5 billion to over $1 trillion a year.598 Whatever the true

number, there is no doubt it is a significant sum.

Israel faces a nearly constant barrage of cyber-attacks from both state and non-state

actors.599 Attacks against Israel range widely in regards to the type of target selected, the

type of harm intended, and in regards to the actor’s ability to cause such harm. The Israel

Electric Company, for instance, faces as many as 20 thousand attacks an hour. Most of these

attacks are simply nuisances, but some are more sophisticated efforts to penetrate the

system.600 The more complex attacks have aimed to disable Israel’s electric system or are

espionage efforts to gain insights into how Israel defends the electric system’s network in

598 Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building

Stability through Strength,” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3,

December 2012, p. 5; Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace,” Military and

Strategic Affairs, Vol. 5, No. 1. 2013, p. 111; Nye, “Cyber Power,” p. 12. 599 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the

support of McAfee. 2012, p. 66; Eisenstadt, Michael and David Pollock. “Asset Test: How the United States

Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7, 2012;

Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel, July 9, 2014.

http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/ 600 Siers, Rhea. “Israel’s Cyber Capabilities.” The Cipher Brief, December 28, 2015.

http://thecipherbrief.com/article/israel%E2%80%99s-cyber-capabilities

171

order to launch more successful attacks in the future. In June of 2017, non-state actors

attacked hospitals in Israel, though the goal of the attackers remains unclear.601 Attacks on

Israel by non-state actors have become increasingly complex and have been increasing in

frequency and intensity.602 While the conflicts with Hamas that began in 2009 have generally

produced the periods of greatest cyber-attacks against Israel, attacks come all year round.

Non-state actors have, nearly ceaselessly, targeted virtually every network imaginable in

Israel, from private companies, to military networks, to critical infrastructure, to

government websites, to security service systems, to banks, and more. Israel’s economy has

faced nearly constant attacks as well.603

This chapter will examine, using Israel as a case study, the growing danger that non-

state actors pose to state interests in cyber-space,604 will explore how Israel has responded

to that threat, and will offer policy recommendations regarding both what other nations can

learn from Israel’s experience, and how Israel can continue to improve its response. Israel

views cyber-attacks as a serious threat to national security, and Israel’s experience and

actions can serve as a valuable reference point for other nations. Despite the growing

capabilities of non-state actors, Israel has been able to deal with them successfully and

minimize the damage they can cause.605

601 Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com, June

29, 2017. http://tech.firstpost.com/author/tech2-news-staff 602 Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology, Volume 173, 2011. 603 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153, 2016, p. 9-10. 604 For examples, one can examine Estonia in 2007, Georgia in 2008, the Red October organization, or Anonymous,

among others. 605 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 168.

172

Capabilities:

There are many types of cyber-attacks. At the low end of capabilities, some attacks

are fairly straightforward to execute, such as simple malware or denial of service (DoS) or

distributed denial of service (DDoS) that can be a nuisance to a system but cannot really

cause any long-term harm. There is a fairly low entry cost to launching this type of attack, as

all you need is a computer and some basic knowledge. It is even possible for an attack to be

coming from a computer without the owner’s knowledge of consent, as attackers are capable

of hijacking private computers, sometimes even millions of computers, and using them as

part of a broader attack (known as a botnet or zombie army).606 This means that defenders

must protect against such attacks originating from a nearly endless number of sources. At

the high end of capabilities are highly sophisticated weapons that penetrate well defended

systems and that can autonomously influence a system. These attacks are exceedingly

difficult to execute for any actor. In between is a wide range of attacks, some of which can

be used to cause damage to a system or information in it (such as the suspected Iranian

attack on Saudi Aramco that damaged computer hard drives), others of which can commit

acts akin to espionage (such as the Red October attack that stole information, likely for

economic gain, from various government networks).607 This situation is akin to what exists

in the physical world. A safe with a single cheap lock can be entered with a bit of skill, but a

safe with multiple well designed locks placed underwater would be much more difficult.

Similarly, cyber-payloads can be more or less advanced, with some able to view information,

606 Nye, “Cyber Power,” p. 12. 607 Rid, Thomas and Peter McBurney. “Cyber-Weapons.” RUSI Journal. Vol. 157, No. 1. 2012, p. 8; Russell, Alison

Lawlor “The Implications of Cyberspace for Navel Strategy and Security.” In Routledge Handbook of Naval

Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.), p. 198.

173

some capable of altering or destroying information, and still others capable of causing

physical damage.608

Non-state actors have little trouble attacking less well defended targets. This includes

systems that are easy to access, are not properly updated, and are generally lacking

defenses.609 Non-state actors will often hit such systems with attacks that can disable or

slow the system, deface websites, or conduct espionage or theft.610 Anonymous, a group of

loosely associated hackers behind numerous well known cyber-incidents, for example, uses

such attacks frequently against governmental and private organizations around the world,

including against Israel. While these attacks cannot damage a system, they should not be

underestimated. Systems and websites that do not work can complicate communications in

an emergency, and the theft of government data could obviously be problematic. Further,

while most cyber-attacks fail, the sheer number of attacks appears to have led to enough

successes that actors still consider it worthwhile to continue attacking.611

Hitting the best defended, and usually most valuable, targets is difficult for a number

of reasons.612 The complexity of the best defended systems is very high, which makes it

difficult to create a payload that can bypass and defeat all the defenses in place.613 This

means that attackers must carefully test and design their payloads, which takes time and can

sometimes demand significant investment in research and development. Due to the

complexity of the defenses, attackers need to acquire intelligence on the system in question

608 Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of National Security Law and

Policy. Vol 4, No. 63. 2010, p. 64. 609 Lin, “Offensive Cyber Operations,” p. 66. 610 Rid and McBurney, “Cyber-Weapons,” p. 8. 611 Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22. 2013, p. 396. 612 Lin, “Offensive Cyber Operations,” p. 66. 613 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 397.

174

to make sure that their attack will work as intended.614 Often a payload built specifically for

the purpose in mind is required as well, so teams must have the specialized skill to write the

type of code needed for that particular type of attack.615 Due to the greater investment of

time and resources such an effort requires, these attacks are more difficult to successfully

execute.616 Of benefit to the attacker, however, is that much of the same equipment needed

to breach easier targets overlaps with what is needed to attack harder targets.

Conducting an attack requires there be a vulnerability that the attacker can exploit,

and then a payload that can be delivered to create the desired effect. Finding vulnerabilities

can be challenging, but many are already known and shared on-line between non-state

actors (this strategy works in large part because not all computer owners patch their

systems to fix these issues), thus if the attacker has enough skill, they can exploit the

vulnerability.617 More dangerous, and not surprisingly also more difficult to find, are so

called zero-day vulnerabilities, which are previously unknown vulnerabilities against which

there is no defense yet available.618

There are a few sets of tools that non-state actors generally use to achieve their goals,

all of which can be deployed at various levels of sophistication depending on the technical

ability and resources available to the group. Non-state actors generally rely on viruses and

614 Rid and McBurney, “Cyber-Weapons,” p. 6, 11; Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 378-

379; Barzashka, Ivanka. “Are Cyber-Weapons Effective?” The RUSI Journal. Vol. 158, No. 2. 2013, p. 51. 615 Herr, Trey. “PrEP: A Framework for Malware & Cyber Weapons,” Cyber Security Policy and Research Institute.

George Washington University. March 12, 2014, p. 8. 616 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 396. 617 Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist Organizations in Cyberspace.” Military

and Strategic Affairs, Volume 5, No. 3, 2013, p. 17-18; Finnemore, Martha and Duncan B. Hollis. “Constructing

Norms for Global Cybersecurity.” The American Journal of International Law. Vol 110, No 3. 2016. 618 Lin, “Offensive Cyber Operations,” p. 65; Finnemore and Hollis, “Constructing Norms for Global

Cybersecurity.”

175

worms, SQL injections, web defacements, and DDoS/DoS attacks against targets.619

Phishing/spear phishing efforts also continue to be popular and meet with surprisingly high

levels of success in acquiring relevant information as well.620 People also often email their

passwords to others over unencrypted networks, allowing the password to be captured and

used to access systems.621

Cyber-capabilities are becoming more prevalent and easily accessible, and non-state

actors have been improving their abilities to launch attacks as a result.622 The decentralized

nature of the internet makes it easy for black markets selling technology and expertise for

malicious purposes to flourish.623 Hackers, whether individually or as part of small groups,

have been selling cyber-goods and services to various non-state actor and terrorist

organizations. These abilities are sometimes sophisticated enough to allow the non-state

actor to gain access to well protected computer systems to conduct espionage. In fact, there

is evidence that such services have been used in efforts to breech some government

networks, military contractors, communications providers, and industrial companies

(though as of yet there is no evidence they have been able to penetrate the most highly secure

governmental networks).624 Recently, for example, hackers disclosed that they had

619 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 371; Siboni, Cohen, and Rotbart, “The Threat of

Terrorist Organizations in Cyberspace,” p. 8, 17-18; Bussolati, Nicolo. “The Rise of Non-State Actors in

Cyberwarfare.” Cyberwar: Law and Ethics for Virtual Conflicts, ed. Jens David Ohlin, Kevin Govern, and Claire

Finkelstein. (Oxford University Press: New York. 2015). 620 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room, 2014, p. 1; Herr, “PrEP,” p. 5; Valeriano and Maness, Cyber War Versus Cyber Realities, p.

183. 621 Lin, “Offensive Cyber Operations,” p. 68. 622 Herr, “PrEP,” p. 7; Siboni, Gabi. “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.”

Georgetown Journal of International Affairs, http://journal.georgetown.edu/the-impact-of-cyberspace-on-

asymmetric-conflict-in-the-middle-east/; Bussolati, “The Rise of Non-State Actors in Cyberwarfare.” 623 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 7, 10, 11; Rid and

McBurney, “Cyber-Weapons,” p. 12; Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 375. 624 Bussolati, “The Rise of Non-State Actors in Cyberwarfare;” Ablon, Lillian, Martin C. Libicki, and Andrea A.

Golay. “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar.” RAND Corporation, 2014,

176

successfully stolen tools used by America’s National Security Agency and were willing to sell

them, albeit at an exorbitant price. While the Agency had stopped using these tools by 2003,

if transferred to malicious actors, they would still provide most non-state actors with a

massive boost in their capabilities.

Many times such tools or assistance, while not always cheap, are not prohibitively

expensive to obtain. This has allowed non-state actors to enhance their abilities through

purchases big and small. Goods and services that can be purchased include tools to give

initial access to a network, enable payload delivery, automated systems that search for

vulnerabilities, and a wide range of payloads.625 Small scale DDoS operations can be bought

cheap. More worryingly, sophisticated attacks that can make use of uncommon

vulnerabilities, and even zero-day vulnerabilities, can be purchased.626 Previously, hackers

would generally sell newfound zero-day vulnerabilities back to the original software

vendors, but as the price has risen, sometimes reportedly to roughly $250,000 for new

vulnerabilities, they have increasingly been selling to governments and non-state actors.627

The markets are growing more sophisticated as are the products for sale.628 The willingness

of many individuals and groups to sell their technology or their assistance to others amplifies

the power of non-state actors by forming these alliances of convenience that can serve as a

http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf, p. ix; Siboni,

Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 10, 11; Bussolati, “The Rise of Non-

State Actors in Cyberwarfare;” Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and

National Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 68-69. 625 Tabansky, “Cybercrime: A National Security Issue?” p. 68-69; Ablon, Libicki, and Golay, “Markets for

Cybercrime Tools and Stolen Data,” p. 10. 626 Bejtlich, Richard. “Review of Martin Libicki’s Cyberdeterrence and Cyberwar.” TaoSecurity. November 25,

2009. http://taosecurity.blogspot.com/2009/11/review-of-martin-libickis.html 627 Herr, “PrEP,” p. 7. 628 Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” p. ix, 39; Lindsay, “Stuxnet and the

Limits of Cyber Warfare,” p. 375, 376; Russell, “The Implications of Cyberspace for Navel Strategy and Security,”

p. 198.

177

form of force multiplier.629 Often such coordination is done via social media sites such as

Internet Relay Chats, Twitter, Facebook, and Telegram. Through these sites they offer each

other guidance and assistance, as well as transfer cyber-weapons.630

The markets additionally provide a venue in which intelligence can be gathered.

Stolen records (from governments or private entities), information, and data are available

for purchase that can be used as intelligence to enhance the chance of success of future

attacks.631 The forums also give non-state actors a chance to discuss and test their payload

designs to see if they will be effective. These tools and services have the potential to allow

non-state actors to threaten state interests in new ways.632 Although truly sophisticated

cyber-attacks require technological capabilities that are often beyond those of an individual,

it is possible that a well-funded non-state organization would be able to build such

capabilities with the help of these forums and markets.633

Attackers have also been able to learn from previously successful attacks. While

patches can be built to neutralize attacks, that does not mean the initial cyber-weapon loses

all value. Attackers can modify existing code to get around fixes or build a new cyber-

weapon. There is a great deal that can be learned by studying pervious attacks. Parts of old

cyber-weapons may even be able to be reused, simplifying the process as well as assisting

629 Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 5, 8. 630 Smith, Daniel. “OpIsrael.” Radware Blog. April 25, 2017. https://blog.radware.com/security/2017/04/opisrael-

2017/ 631 Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” p. x; Lindsay, “Stuxnet and the

Limits of Cyber Warfare,” p. 370. 632 Rattray, Gregory J. and Jason Healey. “Non -State Actors and Cyber Conflict.” America’s Cyber Future: Security

and Prosperity in the Information Age, ed. Kristin M. Lord, Mike McConnell, Peter Schwartz, Richard

Fontaine, Travis Sharp, and Will Rogers. Center for a New American Security. June 2011. 633 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 36; Silber,

Jonathan. “Cyber Vandalism – Not Warfare.” Ynetnews.com. January 26, 2012.

http://www.ynetnews.com/articles/0,7340,L-4181069,00.html

178

people just learning how to build cyber-weapons. Flame and Stuxnet, for instance, appear to

have aided non-state actors in improving their capabilities.634

State Support for Non-State Actors:

There is an additional danger non-state actors present to states. States have

increasingly been working directly or indirectly with non-state actors. These non-state

actors are groups or individuals, such as so called “patriotic hackers,” that launch attacks on

behalf of their home country, and it is not always clear what role the state plays in these

efforts.635 This can include working directly in coordination with these groups during

attacks, offering training or cyber-weapons to them, or turning a blind eye to their activity.

The capabilities of these groups will thus depend in part on how powerful the state is that

supports them, as well as what the state is willing to provide. This complicates efforts to

determine how strong many of these groups really are. It is possible that some of these

groups have already acquired, or will acquire, fairly advanced technology.636 Employing a

strategy that relies on patriotic hackers allows states to obtain plausible deniability for their

actions against an opposing state, and complicates efforts to attribute where an attack on

state infrastructure arose from.637 State may view the use of such attacks as a way to reduce

634 Cohen and Rotbart, “The Proliferation of Weapons in Cyberspace,” p. 106, 117; O’Connell, Mary Ellen. “21st

Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and WMDS.” Washington University

Global Studies Law Review, Vol 13, No 515. 2014, p. 520. 635 Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 2012 4th International Conference on

Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. 636 Bussolati, “The Rise of Non-State Actors in Cyberwarfare.” 637 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Schweitzer, Yoram, Gabi

Siboni, and Einav Yogev. “Cyberspace and Terrorist Organizations.” in “Cyberspace and National Security –

Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013, p. 20; Valeriano and Maness,

Cyber War Versus Cyber Realities, p. 68; Nye, “Cyber Power,” p. 12.

179

the risk of escalation, and it is also a tool that weaker states can use in an attempt to equalize

capabilities with a rival.638

Israel has seen firsthand the impact such state support for non-state actors has. Many

of the non-state actors attacking Israel have received support, funding, and training from

Iran, and have taken actions both in concert with Iran and on their own.639 One of Iran’s best

known proxies is the Syrian Electronic Army (SEA), which, while a non-state actor, has heavy

ties to Iran.640 The SEA has been an active participant in cyber-attacks against Israel since

its founding, and is suspected of playing a major role in many of the more sophisticated

attacks against Israeli infrastructure during the 2014 conflict in Gaza.641 Iran has

additionally provided support for attacks against Israel to the nominally non-state actor

Iranian Cyber Army642 as well as Qods Freedom and Ashiyane Digital Security Team among

others.643

Iran has also assisted Hamas (prior to the deterioration in relations between the two

sides over the war in Syria) and Hezbollah in launching attacks on Israel, the impact of which

638 Valeriano and Maness, Cyber War Versus Cyber Realities. 639 Valeriano, Brandon and Ryan Maness. “Persistent Enemies and Cyberwar.” In Cyberspace and National

Security. Ed. Derek S. Reveron. (Georgetown University Press: Washington D.C. 2012), p. 150; Clarke, Richard A.

and Robert K. Knake, Cyber War: The Next Threat to National Security and What to do About It (Ecco:

HarperCollins Publishers, 2012), p. 136; Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber

Warfare, 2013-2014,” INSS Insight. No 536. 2014, p. 2; Brunner, Jordan. “Iran Has Built an Army of Cyber-

Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-has-built-an-army-of-cyber-proxies/;

Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 9; Times of Israel Staff. “NSA chief

‘makes secret Israel trip to talk Iran, Hezbollah cyber-warfare.’” Times of Israel. March 28, 2016.

http://www.timesofisrael.com/nsa-chief-makes-secret-israel-trip-to-talk-iran-hezbollah-cyber-warfare/ 640 Siboni and Kronenfeld, “Developments in Iranian Cyber Warfare,” p. 2; Brunner, “Iran Has Built an Army of

Cyber-Proxies;” Cohen, Daniel and Danielle Levin. “Cyber Infiltration During Operation Protective Edge.”

Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-infiltration-during-

operation-protective-edge/#757dbe0d3fbc 641 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 642 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.” 643 Rosen, Armin. “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas — And Iran Could Be

The Reason Why.” Business Insider. August 18, 2014. http://www.businessinsider.com/israel-faced-a-wave-of-

cyber-attacks-2014-8

180

will be discussed further below. This has included direct assistance to Hamas’ and

Hezbollah’s cyber operations and support for groups linked to the organizations, such as Izz

al-Din Al Qassam Cyber Fighters.644 These organizations have launched attacks on various

critical infrastructure systems, including water, power, and banking sites. Further

complicating the picture, Israel suspects that Hamas and Hezbollah paid another unknown

non-state actor in the former USSR to launch attacks against Israel during the 2009

conflict.645

Iranian supported non-state actors are suspected of being behind some of the more

successful attacks against Israel. Such groups are believed to have been behind attacks that

took the Shin Bet’s (or Israel Security Agency, ISA) website off-line646 as well as attacks that

defaced the IDF’s blog and Twitter feed.647 Most troublingly for Israel, such attackers have

been able to take the Home Front Command, which instructs citizens how to protect

themselves from rockets and other threats, off-line more than once.648 Attacks by Iranian

proxies have increased since the signing of the Iran nuclear deal and have grown in

sophistication.649 Iran appears to have been able to use these groups to cause harm to Israel

while escaping retribution. The use of proxies has provided Iran plausible deniability. This

is a clear illustration of why states use these groups.

644 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas.” 645 Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15., 2009.

http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 646 Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek. July 27, 2009. 647 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security

Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July 15, 2014.” Defense Update. July

15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-2014.html 648 Herzallah, “Israel Fights Wire with Wire;” Winer, Stuart. “Iranians Launched Cyber-Attack on Israel during

Gaza Op.” The Times of Israel. August 17, 2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-

during-gaza-op/ 649 Johnson, Marc C. “The Rising Iranian Cyber Threat.” The Buckley Club. March 23, 2017.

https://thebuckleyclub.com/the-rising-iranian-cyber-threat-15028b76e0f9

181

The Growing Danger of Non-State Actors and Attacks on Israel:

The improving capabilities of non-state actors has led to an enhancement of their

ability to launch successful cyber-attacks. When coupled with Israel’s, and many other

states’, increasing dependence on cyber-space to meet a broad range of needs and goals, the

consequences of a successful cyber-attack could be devastating.650 In recent years, these

factors have led non-state actors to become more expansive in their goals, and in the systems

they target.

Espionage, Sabotage, and Compromised Data – One way in which non-state actors

have employed cyber-attacks has been to attempt to steal, alter, or delete data. Cyber-

espionage does not cause physical damage, but can be highly problematic depending on what

hackers gain access to. Stolen information can pose a threat should cyber-attackers sell

sensitive information to an adversary of the state, gain information on weapons systems, or

use the information and intelligence on a system’s cyber-architecture to plan future and

more sophisticated attacks.651 Cyber-attacks can also aim not just to steal information, but

destroy or alter data in the targeted system, including wiping hard disks.652 Such attacks are

akin to sabotage. This can have different impacts depending on the system targeted and the

data or program destroyed or altered. Altering data or programming can have an impact in

the physical world as well, for example, if the attack targets power generation facilities or

650 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 651 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 370. 652 Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on

Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia, 2010,

p. 135.

182

weapons systems it could cause them to stop functioning. If financial data were altered or

stolen and released, such an attack could have an economic impact. Once compromised, the

user can no longer trust the integrity of the system or the information they are seeing, no

matter what the target.653

Accessing or stealing information on well defended systems can be highly

challenging,654 but it can be done. In 2012, for instance, a hacker group in Saudi Arabia

managed to penetrate secure financial networks and steal the credit card information of

numerous Israeli citizens, which it then published on-line.655 Israel, as noted, has also faced

attacks from Hamas and Hezbollah on critical infrastructure, including water, power,

hospitals, and banking sites.656 Some of these attacks appear to be efforts to damage the

system directly, while others seem to be aiming to gather intelligence to improve future

attacks.

In 2012, Israel faced attacks during the conflict with Gaza on numerous financial

institutions, such as the Tel Aviv Stock Exchange and Bank of Jerusalem. These attacks did

not succeed in gaining access to sensitive economic information due to successful security

procedures, but had they been successful they had the potential to deal a major economic

blow to Israel and undermine confidence in Israeli financial institutions generally.657 Israel’s

police force was also targeted by a group named “Molerats” in 2012 seeking to gain

653 Lin, “Offensive Cyber Operations,” p. 69-70. 654 Rid and McBurney, “Cyber-Weapons,” p. 9. 655 Tabansky, “Cybercrime: A National Security Issue?” 656 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas;” Reuters. “Iran Ups Cyber

Attacks on Israeli Computers: Netanyahu.” Reuters. June 9, 2013. http://www.reuters.com/article/2013/06/09/us-

israel-iran-cyber-idUSBRE95808H20130609 657 Clarke and Knake, Cyber War, p. 70; Subcommittee on Emergency Preparedness, Response, and

Communications and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.

“Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management.” Committee on

Homeland Security, House of Representatives. Serial No. 113-39. October 30, 2013, p. 2, 12, 39; Carr, Jeffrey.

Inside Cyber Warfare. (Cambridge: O’Reilly, 2012), p. 20.

183

intelligence. In response, Israel was forced to temporarily shut down internet access to the

police and banned the use of USB drives.658 A long-running espionage attack by Hezbollah

was discovered in 2014 that met with more success than previous efforts. The attack was

able to gather data from government, military, and economic networks, and overlapped with

Operation Protective Edge. While this attack was uncovered and destroyed by Israeli

security specialists, it lasted for 3 years.659 Between 2016 and January 2017, Hamas targeted

cell phones of IDF soldiers to attempt to gain intelligence on Israeli capabilities and troop

locations along the Gaza border, using a cyber-weapon far more advanced than they had

previously deployed. They gained access by posing as attractive young women in order to

convince soldiers to download a video chat app that was, in reality, a cyber-espionage tool

that would give Hamas access to virtually every facet of the phone without the soldier’s

knowledge. The application was also able to be updated remotely without the soldier’s

approval or knowledge. The IDF has not commented on how much information Hamas may

have gained.660 Further, in April of 2017, over 120 organizations, including companies,

government ministries, and individuals in academia and research fields in Israel were

targeted by coordinated cyber-attacks aiming at collecting information.661

658 Villeneuve, Nart, Thoufique Haq, and Ned Moran. “Operation Molerats: Middle East Cyber Attacks Using

Poison Ivy.” FireEye. August 23, 2013. https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-

middle-east-cyber-attacks-using-poison-ivy.html 659 Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015.

https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ 660 Zitun, Yoav. “From Gaza With Love: Hamas Hacks IDF Soldiers’ Cell Phones.” NYetNews. January 11, 2017.

http://www.ynetnews.com/articles/0,7340,L-4906289,00.html 661 Spacewatch. “Iranian-Linked ‘OilRig’ Hacker Group Accused of Cyber Espionage Operation Against Israel.”

Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/iranian-linked-oilrig-hacker-group-

accused-cyber-espionage-operation-israel/; Ahronheim, Anna. “Cyber Attack Aimed at Over 120 Israeli Targets

Thwarted.” Jerusalem Post. April 26, 2017. http://www.jpost.com/Israel-News/Israel-thwarts-cyber-attacks-aimed-

at-over-120-targets-489010

184

Access and Impersonation – Cyber-attacks are also capable of targeting individual

websites or networks, with the goal being to make a resource unavailable to those

attempting to use it. These are generally conducted using DoS/DDoS attacks, with the goal

being to overload a network with requests for information so that it handle all the requests,

and thus becomes unavailable. This type of attack is often simply a nuisance, but they have

the potential to be highly problematic.662 Not being able to access an official government

website describing the correct way to throw out your trash is annoying but not likely to be

particularly dangerous. More problematic, but still not necessarily disastrous to national

security, is being unable to access bank accounts (as occurred due to cyber-attacks on

Estonia in 2007) for a few days. What is dangerous is if communication networks cannot be

accessed, particularly military ones.663 This is particularly dangerous if such attacks are

coupled with a traditional military invasion, as occurred in 2008 when Russia invaded

Georgia.664

Non-state actors have frequently launched attacks aimed at blocking access against

Israel, and continue to do so. In the most high profile example of such efforts, every year

since 2013 a faction of Anonymous comes together to launch cyber-attacks on Israel under

the name #OpIsrael. These attacks were first launched on the eve of Holocaust Memorial

Day in 2013, and the attackers have threatened to “erase” Israel from cyber-space as part of

662 Siboni and Assaf, “Guidelines for a National Cyber Strategy,” p. 49. 663 Lorents and Ottis, “Knowledge Based Framework for Cyber Weapons and Conflict,” p. 135; Lin, “Offensive

Cyber Operations,” p. 69-70. 664 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 371.

185

an “electronic Holocaust.”665 #OpIsrael has occurred once a year through to 2017.666 The

targets of the attacks have not only been websites operated by the Israeli government and

Israeli political parties, but also private websites belonging to financial and business

organizations, educational institutions, non-profits, and news sites. These attacks mainly

involve website defacements and DDoS attacks.667 Anonymous is not alone in this effort.

There are many pro-Palestinian groups and individuals who have been involved. The

majority of such attacks have originated from around the world, not just from nations in the

Middle East, complicating defensive efforts and attempts to pinpoint attribution.668

In each of the Gaza conflicts in 2009, 2012, and 2014, Israel has faced particularly

intense waves of these types of cyber-attacks. Attackers have been able to deface or block

access to dozens of Israeli government websites as well as take down numerous private

websites, including Israeli Gmail and Hotmail accounts. Such attacks have also targeted

hospitals in Israel, the Tel Aviv Stock Exchange, Bank of Israel, and government websites,

blocking both the ability of individuals to access these websites, as well as the ability of these

organizations to talk with each other online.669 Traffic to and from Israeli internet providers

was frequently redirected, and at times many Israelis could not access foreign IP

addresses.670 In the 2012 attacks, roughly 2,500 websites were defaced, 87 pages were

665 Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com. April 7, 2015.

http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176; Siboni,

Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 6, 7. 666 Sones, Mordechai. “Annual Anonymous Cyber Attack against Israel April 7.” Israel National News. March 26,

2017. http://www.israelnationalnews.com/News/News.aspx/227281 667 Siers, “Israel’s Cyber Capabilities.” 668 Rosen, “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas.” 669 Silber, “Cyber Vandalism – Not Warfare;” Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-

171. 670 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge;” Siboni, Gabi and Sami Kronenfeld.

“The Iranian Cyber Offensive during Operation Protective Edge.” INSS Insight. No. 598. Institute for National

Security Studies. August 2014. http://www.inss.org.il/index.aspx?id=4538&articleid=7583

186

deleted, and a major Israeli internet service provider’s services were heavily slowed.

Attackers additionally posted thousands of passwords to various Israeli websites.671 In

2014, a similar number were attacked, but the sites that were hacked were more difficult to

hit than those that had been attacked in previous rounds of hostility, showing improvements

in the capabilities of the non-state actors involved.672

Most troublingly for Israel is that these attacks came during a physical conflict,

meaning attention had to be divided to address dangers in multiple arenas of conflict. Some

of the targets were additionally ones that could have led to safety issues for Israeli citizens.

Non-state actors were, as noted above, able to take the Home Front Command page off-

line.673 Hackers have also succeeded in defacing ISA’s public website on more than one

occasion.674 Similarly, in 2014, attackers succeeded in taking the Tel Aviv Police

Department’s website down for a few days, making it more difficult for the police to

communicate with the public during the conflict.675 Cyber-attacks that undermine the ability

of the state to protect its citizens may end up costing lives as citizens do not get information

they need on when to take cover from attacks, and such failures could be highly damaging to

the public’s morale. Cyber-attacks pose heightened dangers during security emergencies,

671 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-171; Rosen, “Israel Faced a Huge Wave of

Cyber Attacks During Its War with Hamas.” 672 Russon, Mary-Ann. “#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business

Websites.” International Business Times. July 18, 2014. http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-

down-1000-israeli-government-business-websites-1457269 673 Herzallah, “Israel Fights Wire with Wire;” Winer, “Iranians Launched Cyber-Attack on Israel during Gaza Op.” 674 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security

Studies, and the Cyber Security Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Ruble, Kayla.

“Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com. July 7, 2014.

https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak; Herzallah, “Israel

Fights Wire with Wire.” 675 Siboni and Kronenfeld, “The Iranian Cyber Offensive during Operation Protective Edge.”

187

and in fact, the frequency of attacks against Israel has been shown to increase during such

situations.676

Relatedly, states are vulnerable to attacks that penetrate networks and then use those

networks to impersonate the true owner. This can manifest in a number of ways. Should an

attacker gain such access, they could use the medium, including systems such as Twitter or

Facebook, to send out incorrect information to others in an agency, across the government,

or to the general public. Israel experienced such an incident in 2014. The aforementioned

success in gaining temporarily control of the IDF blog and Twitter feeds.677 The attackers

used the accounts to send out a message saying that the Dimona nuclear reactor had been

struck by rocket fire and there was danger of a radioactive leak.678 While the IDF was able

to restore their control over the system fairly quickly, in the interim many citizens feared

what might occur as a result of the inaccurate claim. The goal of these actions is two-fold.

One is to strike fear. The second is to draw attention to the attackers and their cause.679 An

additional danger impersonation poses is that attackers could try to trick other uses into

providing their login information, thus expanding the cyber-attackers’ information and

access to the system.680

Physical Impacts – States should also be concerned about the potential of non-state

actors to develop the ability to launch cyber-attacks capable of causing physical damage.

676 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National

Security Studies. Memorandum 117. May 2012. 677 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East;” Institute for National Security

Studies, and the Cyber Security Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Ruble, Kayla.

“Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak;” Herzallah, “Israel Fights Wire with Wire.” 678 Siboni and Kronenfeld, “The Iranian Cyber Offensive during Operation Protective Edge.” 679 Kenney, Michael. “Cyber-Terrorism in a Post-Stuxnet World.” Orbis. Vol. 59, No. 1. 2015, p. 117-118. 680 Lin, “Offensive Cyber Operations,” p. 69-70.

188

While non-state actors have not yet succeeded in launching this most dangerous type of

attack, that is no reason for complacency. A cyber-attack could lead to physical damage in

one of two ways. First is an attack along the lines of Stuxnet, that is capable of creating

physical destruction on its own and can even find its way to clandestine facilities and

unknown targets.681 These attacks are highly difficult to execute. While these attacks have

not been successfully attempted by non-state actors, it is not actually entirely clear how

difficult it is to launch attacks against industrial control systems, making this a possibility

states must pay attention to, even if it seems unlikely given current non-state actor

capabilities. Further, it is not possible to block all incoming attacks on such critical systems

as control and communications systems must be able to accept incoming connections, and

therefore it is possible to trick and attack them.682 The second way damage could be created

is through an attack that gains control of computers that control critical infrastructure. An

unsophisticated attack on, for example, an electrical company’s computer network, if they

are linked to the system controlling the grid, may produce indirect effects on the grid and

provide the attacker with the ability to take control of the grid.683 Israel faces a nearly

constant barrage of such attacks, as the numbers regarding the electrical company

illustrate.684 The closest non-state actors have come to successfully executing such an attack

against Israel came in 2013, when cyber-attackers gained access to the network controlling

the Carmel Tunnel under Haifa and shut it down for 8 hours.685

681 Barzashka, “Are Cyber-Weapons Effective?” p. 54. 682 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 374-375. 683 Lin, “Offensive Cyber Operations,” p. 68. 684 Reuters, “Iran Ups Cyber Attacks on Israeli Computers.” 685 InfoSecurity. “Cyber-Terrorism Shut Down Israel’s Carmel Tunnel.” Infosecurity-Magazine.com. October 28,

2013. https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/

189

Interconnections in Cyber-Space – A central danger in cyber-space is that it is not

clearly divided between governmental, military, and civilian networks. Governmental and

military networks rely heavily on civilian infrastructure, including for things like logistics

and electricity. Further, a successful attack on one network might provide the attacker with

access to additional networks connected to the compromised one, providing, in essence, a

backdoor into better protected networks. This gives the attacker the potential to rapidly

spread the damage from an attack. Civilian networks are generally not defended as well as

governmental, intelligence, and military networks. Thus, the interdependent nature of the

networks means that an attack on an advanced state’s non-governmental systems can create

dangers for critical national security infrastructure.686

Attribution – An additional benefit that the cyber-realm offers non-state actors is that

it can be difficult to attribute an attack to an actor. Even large attacks such as DDoS can be

difficult to attribute to a particular actor.687 The sheer number of potential non-state

organizations and individual attackers dispersed around the globe, presents a challenge to

the monitoring and attribution capabilities needed for purposes of deterrence. Further,

attackers can take steps to hide their identity by having the attack routed through numerous

servers in different nations, making it difficult to determine if the investigator has found the

686 Bejtlich, “Review of Martin Libicki’s Cyberdeterrence and Cyberwar;” Lynn, William J. III. “Defending a New

Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs. Vol. 89, No. 5. 2010; Gartzke, Erik, and Jon Lindsay.

“Cross-Domain Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting. July

2014. https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf; Baram, Gil.

“Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter 2017, p. 2; Radichel, “Case Study,” p. 2. 687 Applegate, “The Principle of Maneuver in Cyber Operations;” Even and Siman-Tov, “Cyber Warfare,” p. 32-33;

Libicki, Martin C. Cyberdeterrence and Cyberwar (Rand Corporation: Project Air Force, 2009), p. xiv-xv; Clarke

and Knake, Cyber War, p. 45, 51; Silber, “Cyber Vandalism – Not Warfare;” DeNardis, Laura. The Global War for

Internet Governance. (Yale University Press, New Haven, CT. 2014), p. 100.

190

final point of origin.688 To be effective, any deterrence policies a state wishes to create must

provide attackers with a clear and predictable sense of what actions will lead to particular

responses.689 The lack of ability to assign attribution makes creating deterrence or engaging

in retribution much harder as both require that one know who to target.690 Non-state actors

use this anonymity to their advantage to avoid punishment for their actions.

Attribution problems are not impossible to solve, however.691 Countries have

continuously improved their technological and intelligence forensic tools and have thus been

able to improve their ability to determine who was behind an attack. A state-actor’s

sophisticated cyber-capabilities, coupled with intelligence work and cooperation between

states can be used to make an organization’s or individual’s attempts to hide its identity more

difficult.692 Sometimes attribution efforts are assisted by the attackers. For instance, so

called “hacktivists” (organizations that are attacking in support of a cause) often make clear

that they as individuals or their organization is behind a particular attack. Publicity for

themselves and their cause is one of their goals. Even with this information, however,

attribution can still be problematic as individuals launching attacks do not publish their real

names or identifying information, and organizations do not disclose how to find them. Thus,

even after a group takes responsibility it may not be possible to engage in deterrent actions

as the state may be unable to identify who was directly responsible.

688 Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017, p.

51. 689 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 13. 690 Rid, Thomas and Benjamin Buchanan. “Attributing Cyber Attacks.” The Journal of Strategic Studies. Vol. 38,

No. 1-2. 2015. 691 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 400. 692 Rid and Buchanan, “Attributing Cyber Attacks,” p. 7.

191

Israel has faced issues attributing attacks. Sometimes the attacks are minor and not

worth investigating, but that is not always the case. In each of the Gaza conflicts since 2009,

Israel has faced heavy waves of attacks originating somewhere in the former USSR. The

attacks are suspected to have been launched by unknown non-state actors (paid for

independently by Hamas and Hezbollah), but it is not clear. Israel has not even been able to

pin-point the physical origin of the attacks with high levels of certainty.693 This complicates

any efforts to take counter-measures against the attackers.

Cyber-Terrorism – Cyber-terrorism is the use of a cyber-attack to try to achieve

psychological coercion in support of a political goal, this must include at least the fear that

physical destruction will result from the cyber-attack.694 Thus far, no such attacks have

occurred. Instead, terror groups, including ISIS and al-Qaeda, have mainly used cyber-space

for propaganda purposes, fundraising, and to gather intelligence to support attacks in the

physical realm.695 It is not fully clear why it is terror groups have not been able to use cyber-

space for terror acts. One thought is that it is complicated to develop the technology and find

the intelligence needed to launch attacks that can instill fear that physical damage will occur.

Thus, unless terror groups have state sponsorship, they will not be able to launch such

attacks.696 Further, terror groups are limited by state intelligence capabilities that can gather

693 Pfeffer, “Israel Suffered Major Cyber Attack During Gaza Offensive.” 694 Kenney, “Cyber-Terrorism in a Post-Stuxnet World,” p. 122; Valeriano and Maness, Cyber War Versus Cyber

Realities, p. 70. 695 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 19-20. 696 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 70; Schweitzer, Siboni, and Yogev, “Cyberspace

and Terrorist Organizations,” p. 21; Even and Siman-Tov, “Cyber Warfare,” p. 43-44; The Torrenzano Group.

“General Michael V. Hayden on Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24,

2016. www.torrenzano.com, all quotes from Hayden unless noted.

192

information on their activities, making planning such operations more challenging.697 Terror

groups also appear to prefer violence in the physical world that creates powerful images.

The use of methods such as bombs, vehicular attacks, and gunfire still appear to be their

preference.698 It is also possible these attacks are not occurring because while cyber-attacks

are less costly than building an army, suicide bombers and improvised explosives are still

less expensive.699 This is not a situation that countries should necessarily assume will

continue. Terror groups continue to launch low level attacks on critical infrastructure

around the world, many of these attacks are likely searching for vulnerabilities. This is a

clear indication that nations should take this threat seriously even if it has not occurred

yet.700

Military Realm – Cyber-attacks by non-state actors pose a number of dangers to the

military. Attacks on Israel’s communications systems and the government’s ability to

address its citizens poses an important risk. Israel relies on a reservist army and is

geographically very small. Thus, a successful cyber-attack that disrupts communications or

military systems for even a short period of time could prove to make a significant difference

in Israeli efforts to defend the nation from an attack in the physical realm.

Coordinated large-scale cyber-attacks by non-state actors could also serve as a force

multiplier should Israel face an invasion. During each of the three conflicts with Hamas,

cyber-attacks on Israel spiked, and it seems safe to assume that in any future conflicts with

697 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 21. 698 Even and Siman-Tov, “Cyber Warfare,” p. 43-44. 699 Even and Siman-Tov, “Cyber Warfare,” p. 43-44; Nye, “Cyber Power,” p. 12. 700 Choucri, Nazli, Stuart Madnick, and Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current

Responses and New Challenges (Revised).” Information Technology for Development. 2013, p. 22; The Torrenzano

Group, all quotes from Hayden unless noted.

193

Hamas or other actors, cyber-attacks on Israel would spike as well. The IDF noted that the

cyber-attacks in 2014 were far more advanced than in the past, and represented a new threat

they had not had to deal with in the past.701 While no single attack caused a great deal of

damage, they divide Israel’s defensive and offensive attention, and may cause enough

distraction from another danger that an attacker can cause meaningful harm in either the

physical or cyber-realms.

An additional danger is that virtually all weapons systems rely on cyber-space for

their operation, from fighter planes, to missiles, to the Iron Dome, to Home Front Command.

Should an attacker gain access to any of these systems, even briefly, it could be disastrous.702

IDF drones already fell victim to a cyber-attacker from Islamic Jihad between 2012 and 2014.

In this case, a single individual, Maagad Ben Juwad Oydeh, was able to figure out how to gain

access to the cameras in some models of IDF drones. He was also able to pin-point the

location of other IDF drones. Using the same techniques he also gained access and conducted

espionage on Israel’s transportation infrastructure, government ministries, and the

Palestinian Authority. Access to the drone’s system did not include the ability to fire any

rockets, but it did allow him to use the cameras, which may have been used to help target

Islamic Jihad rocket fire towards areas where large numbers of people were gathered. It

could also have allowed them to figure out where Israeli troops were massing during combat.

He did all of this without any access to advanced tools.703

701 Baram, “Israeli Defense in the Age of Cyber War,” p. 9. 702 Zitun, Yoav. “The IDF Prepares for Cyber-Battles.” YNetNews. September 2, 2015.

http://www.ynetnews.com/articles/0,7340,L-4696003,00.html 703 Bob, Yonah Jeremy. “Islamic Jihad Cyber Terrorist Indicted for Hacking IDF Drones Over Gaza.” Jerusalem

Post. March 23, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Islamic-Jihad-cyber-terrorist-indicted-for-

hacking-IDF-drones-over-Gaza-448936; Ben-Yishai, Ron. “IDF’s Cyber Defense Easily Breached.” YNetNews.

March 23, 2016. http://www.ynetnews.com/articles/0,7340,L-4782445,00.html

194

Morale – Non-state actors, even if they cannot launch spectacular cyber-attacks, pose

the danger of “death by a thousand cuts,” the launching of constant low-level attacks against

financial and governmental networks in order to cause paralysis.704 The goal is to slowly

weaken the opponent’s economic system and public morale, and thus force it to make

concessions it does not wish to make.705 Israel, which is highly dependent on cyber-space, is

a prime candidate for this style of cyber-attack campaign.706 There is no question attacks by

non-state actors can harm banks and cause economic damage.707 Successful attacks on

critical infrastructure or civilian targets can instill fear in citizens and slowly damage the

nation and its ability to compete on the world stage.

Israel has faced, for instance, numerous attacks on its financial sector. In addition to

the examples already noted is the so-called “ATMZombie.” This was sophisticated malware

designed to steal money from Israeli banks. While many of the techniques used could be

easily found on-line, the malware had a number of innovative characteristics, the malware

was programed to attack a range of systems and designed to avoid detection. The malware

also required strong intelligence-gathering abilities or the assistance of an insider as it was

able to target not only clients of Israeli banks in general, but it was able to determine if a

victim was a client of specific banks, allowing specific malware to be sent to each recipient.

The exact extent of the damage is not clear. The malware was caught early on, but if it had

704 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 69; Gartzke Erik and Jon Lindsay, “Cross-Domain

Deterrence,” p. 10. 705 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 9; Bejtlich, “Review of Martin Libicki’s Cyberdeterrence

and Cyberwar;” Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central European Journal of

International and Security Studies. Vol. 4. 2014, p. 62-63. 706 Tabansky, “Cybercrime: A National Security Issue?” 707 Lorents and Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict,” p. 130.

195

not been, the amounts stolen could have quickly risen.708 While this appears to be a case of

cyber-crime, such an attack could be used as part of a cyber-operation designed to damage

the financial sector.

Cyber-attacks in Israel have also targeted Israeli TV in an effort to cause panic. In

March 2016, Hamas purportedly hacked into Israeli TV station Channel 2, and began to

disseminate anti-Israel propaganda and threatening images. The attackers included

messages in Hebrew telling people to “stay in your homes.”709 In November of that year, two

Israeli TV news programs were hacked as well.710 While these incidents were short lived

and caused no damage, the goal was to intimidate Israel’s citizenry. When the government

fails to protect its citizens from these types of cyber-attacks, it may begin to erode the faith

the population has in the government’s ability to protect its citizens.711

The increasing importance of the cyber-realm for national security has greatly

increased the ability of non-state actors to harm states in ways beyond what was previously

possible. A terrorist organization might be capable of destroying an individual branch of a

bank with a bomb in the physical world, but doing so would not cripple the bank’s broader

708 For more information and technical details, please see: GReAT and Ido Naor. “ATMZombie: Banking Trojan in

Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016.

https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/ 709 Jerusalem Post Staff and Yaakov Lappin. “Suspected Palestinian Hackers Interrupt TV Broadcast with Ominous

Message.” Jerusalem Post. March 11, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Suspected-Palestinian-

hackers-interrupt-TV-broadcast-with-ominous-message-447646; Balousha, Hazem and William Booth. “Israel

Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks Israeli TV.” Washington Post. March 13, 2016.

https://www.washingtonpost.com/world/israel-retaliates-for-gaza-rocket-fire-with-air-strikes-hamas-hacks-israel-

tv/2016/03/13/0214541e-f9ee-48e0-8402-39fc4838b65c_story.html?utm_term=.fffab43baf9d 710 Benari, Elad. “Hackers Take Over Israeli Television.” Arutz Sheva 7. November 30, 2016.

http://www.israelnationalnews.com/News/News.aspx/221025; AFP. “Israeli TV Hacked with ‘Divine Retribution’

Message.” The Times of Israel. November 30, 2016. http://www.timesofisrael.com/israeli-tv-hacked-with-divine-

retribution-message/ 711 Tabansky, “Cybercrime: A National Security Issue?”

196

ability to continue to trade or provide services to customers. A cyber-attack could take the

bank entirely off-line, or cripple the entire financial network, which would be a far more

devastating outcome. Currently, most non-state actors lack the ability to launch such

widespread damaging attacks, but the tools they are already using can disrupt daily life, deny

the ability to use needed services, and gain access to sensitive data and information.712 As

hackers improve their abilities it becomes increasingly likely that they will be able to launch

a successful attack on power grids, water systems, refineries, pipelines, emergency response

systems, or transportation networks.713 If successful, such an attack could be as devastating

to day-to-day life as a physical strike.714 All of these dangers are heightened by the increasing

use of vulnerable information and communications technology.715

Israel is facing increasingly dangerous non-state actors. The Syrian Electronic Army

has launched many sophisticated attacks on Israeli infrastructure, particularly during the

conflict in Gaza in 2014.716 The attacks on Israel during the 2014 conflict were the most

advanced Israel has faced, were massive in the number of targets attacked, and selected far

more difficult targets than in the past. Systems ranging from financial, to private businesses,

to websites of political parties, to private citizens, to governmental and military networks

were targeted. Private information of some Israeli government employees was posted on-

line. While most of these attacks were DDoS and website defacements,717 some of the

websites that were taken off-line or defaced were fairly well defended, which required more

712 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 8, 17-18. 713 Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on

Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response,” p. 2, 12, 39;

Clarke and Knake, Cyber War, p. 31. 714 Nye, The Future of Power, p. 212. 715 Herr, “PrEP,” p. 8. 716 Siboni, “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” 717 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.”

197

sophisticated techniques from the non-state actors. Many of the successful attacks in all of

these incidents exploited known vulnerabilities, meaning that systems did not receive

adequate or timely software updates, or that password or login information was

compromised. If the attackers were able to obtain passwords, it opens the possibility that

the passwords could be used to penetrate more sensitive systems as well. The groups

involved were well known, including Hamas, Hezbollah, and Anonymous. What was

particularly striking about the attacks in 2014 was that they appeared to have taken months,

or even years, to prepare, and that the attackers were waiting for the right moment to

strike.718 This is a highly worrying trend for Israel.

Non-state actors are not likely to decrease their efforts to attack nations in cyber-

space. When there is conflict between a stronger a weaker power, the weaker power will

seek an advantage in any arena it can. Non-state actors cannot match the military power of

capable state actors, and thus many have turned to cyber-space as an alternative realm to

damage states. In Israel’s case, groups like Hamas cannot hope to defeat Israel militarily. As

a result, they have attempted to use cyber-space to help level the playing field.719 Despite

this, overall, non-state actor attacks against Israel have not succeeded in creating any

devastating incidents; but the potential is growing, and there still have been important

successes.720

718 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 167. 719 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170. 720 Moore, “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.”

198

Israel’s Response Thus Far:

Israeli defenses have generally held against cyber-attacks, including the over 44

million attacks they faced in 2014’s conflict with Hamas alone. The danger of such attacks,

however, should not be dismissed.721 Israel’s success stems from the resources and energy

it has put into defeating these threats, not due to the lack of danger these actors pose. Israel

has attached great importance to the cyber-realm. Prime Minister Benjamin Netanyahu has

stated that cyberattacks are “one of the four main threats to Israel.”722 The importance Israel

places on cyber-space is also made clear in the 2015 IDF Strategy manual, which identifies

the cyber-realm as one of the dimensions Israel must be prepared to fight in.723 Israel has

created organizations, strategies, and new technologies in order to address threats in cyber-

space. Non-state actors have been specifically identified as a danger Israel must focus on,

with former Prime Minister and Defense Minister Ehud Barak stating, for example, that

“cyber warfare has taken asymmetric warfare to a new height, allowing a lone hacker to

cause major damage.”724

Governmental/Organizational Level – Israel has established specialized agencies to

handle the dangers and opportunities cyber-space creates. One is the National Cyber Bureau

(NCB), which is responsible for regulating cyber-space, as well as helping to promote and

facilitate coordination between the government and private groups (such as universities and

721 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 170-171. 722 Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz.

September 21, 2014. http://www.haaretz.com/news/national/1.616990 723 Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces. August 2015.

http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf 724 Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post. June 6, 2012.

http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader

199

businesses) with the goal of more effectively pooling resources and information.725 The NCB

publishes warnings and reports as needed on emerging threats, including threats from non-

state actors.726 A second agency is the National Cyber-Security Authority (NCSA), which is a

subordinate body to the NCB. This is an operational authority with the duty to enhance

cyber-defense for the non-military sectors of the government,727 and expand “the state’s

capabilities to secure critical infrastructure systems against cyber-terrorism, carried out

both by foreign nations and by terrorist groups.”728 Within the NCSA, Israel has created a

Computer Emergency Response Team (CERT), in line with CERTs in other nations,729 that

offers assistance to government agencies and Israeli companies regarding preventing,

defending against, and recovering from cyber-attacks. As part of this work the CERT will

create guidelines and recommendations for how private citizens and companies, as well as

government agencies, can improve their cyber-defenses.730 The IDF has its own cyber-

defense units as well, mainly housed in the C4I Corps. The Shin Bet (ISA) focuses on the

protection of critical infrastructure and enhancing information security by working to help

private internet providers bolster their security. Israel’s Telecom Authority, located in the

725 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic

Affairs. Vol. 5, No. 1. 2013, p. 30-32; Israel Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber

Security.” Address to the Seoul Conference on Cyberspace 2013. October 16, 2013 726 National Cyber Bureau. “Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime

Minister. 2014.

http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx; Even and

Siman-Tov, “Cyber Warfare;” Ben-David, “Playing Defense;” Efrati, Rami and Lior Yafe. “The Challenges and

Opportunities of National Cyber Defense.” Israel Defense. August 11, 2012.

http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557; Israel Ministry of Foreign Affairs, “Deputy

FM Elkin;” Baram, “The Effect of Cyberwar Technologies on Force Buildup,” p. 30-32; Cohen, Freilich, and

Siboni, “Israel and Cyberspace;” Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber

Bureau Case Study.” North Carolina Journal of Law and Technology. Vol. 16, No. 3. 2015. 727 Ben-David, “Playing Defense;” Efrati and Yafe, “The Challenges and Opportunities of National Cyber Defense.” 728 Even and Siman-Tov, “Cyber Warfare,” p. 79. 729 Morgus, Robert, Isabel Skierka, Mirko Hohmann, and Tim Maurer. “National CSIRTs and Their Role in

Computer Security Incident Response.” Global Public Policy Institute and New America. 2015. 730 Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post. February 5, 2013.

http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders

200

Prime Minister’s office, oversees efforts to protect Israel’s civil ministries and government

networks and machines.731 Financial and banking networks are the responsibility of the

Bank of Israel, which requires banks to develop plans for preventing successful cyber-attacks

and for how to deal with attacks that do succeed.732 Israel has also empowered the Ministry

of Defense to help protect the defense industry from attacks. Part of the remit for all of these

organizations is to guard against cyber-attacks from non-state actors.733

The goal in creating these agencies has been described with a medical metaphor. It is

to immunize organizations and individuals though the development of improved practices

and standards that all critical systems should be expected to implement. The idea is that

Israel wants to help governmental and non-governmental organizations improve their

defenses against intrusions, with the goal being that in virtually every case the non-

governmental organizations will be able to deal with the threats themselves. This will in

turn reduce the dangers to the state from attacks on poorly defended interconnected

networks. This is a potentially inexpensive way Israel is trying to boost its cyber-security.

Israel has made clear as well that if an attack on a private sector actor is particularly massive,

731 Prime Minister's Office. "Moving the ICT from the Finance Ministry to the Prime Minister's Office." Prime

Minister's Office (Hebrew). 2014. http://www.pmo.gov.il/Secretary/GovDecisions/2014/Pages/dec2099.aspx 732 Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva. February 17, 2012.

http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU; Aizescu, Sivan. “Israeli Banks Seek

to Set up Joint Cybersecurity Center.” Haaretz. May 26, 2014. http://www.haaretz.com/business/.premium-

1.592767; Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business

Directive—361—Israeli Government. 2015.

http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegu

lations/361_et.pdf 733 Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews. December 12, 2012.

http://www.ynetnews.com/articles/0,7340,L-4322499,00.html; Dvorin, Tova. “Secret Shin Bet Unit at the Front

Lines of Israel’s Cyber-War.” Arutz Sheva. April 25, 2014.

http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU; Katz, Yaakov. “Security and

Defense: Israel’s Cyber Ambiguity.” Jerusalem Post. May 31, 2012. http://www.jpost.com/Features/Front-

Lines/Security-and-Defense-Israels-Cyber-Ambiguity; Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber

Warfare.” Jerusalem Post. March 22, 2013. http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-

307367

201

widespread, or difficult to defend against, the government will step in to help address the

situation.734

The goal of these programs is ideally to ensure that every computer in Israel is

properly defended, but this is, of course, not really possible. Thus, a focus in Israel has been

on defending critical infrastructure. Such facilities receive additional protection and

attention from the government to help them boost cyber-defenses and respond to incidents.

The criteria Israel uses to select critical infrastructure organizations includes the likely

number of people injured in a successful attack; the severity of the economic damage caused;

and the impact on Israeli morale. It includes some hospitals, heavy industrial plants, energy

companies, communications networks, banking systems, and transportation companies.735

These types of targets, as noted above, are ones that are frequently hit by non-state actors.

These agencies have also been working together to run drills and simulations of

massive attacks by state and non-state actors in order to improve their ability to defend

against them. For example, in 2015, Israel’s annual home front defense drill, Turning Point,

was used in part to simulate a cyber-attack that crippled electrical and telephone grids.736

This is a useful exercise in order to help determine where defenses are weakest and what

areas Israel needs to improve in. It has additionally been reported that the ISA has created

a unit that attempts to launch exploratory attacks on critical networks in both the public and

private sectors in Israel to uncover and address potential vulnerabilities.737

734 Segal, Adam. “The Middle East’s Quietly Rising Cyber Super Power.” Defense One. January 27, 2016.

http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-

power/125472/#.Vq1gjEdsNqE.mailto 735 Ben-David, “Playing Defense;” Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.” 736 Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015.

http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ 737 Bergman, “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit;” Dvorin, “Secret Shin Bet Unit at the Front

Lines of Israel’s Cyber-War.”

202

Defensive Level – The IDF has taken notice of the danger that non-state actors pose

to Israel. While he was Commander of the Mamram (the IDF’s Center of Computer and

Information Systems), Col. H. commented on the danger, noting that the growing abilities of

non-state actors has led the IDF to be concerned about the dangers from both state

sponsored non-state actors as well as those acting without a state sponsor.738 Israel is

concerned that enemies will be able to use cyber-attacks to harm Israel’s ability to defend

itself against simultaneous physical attacks. Almost every major IDF weapon, including

submarines, missiles, aircraft, and radar systems, contains components that could be

attacked in cyber-space.739 The IDF is working to boost defenses to ensure that attackers

cannot take control or disable the weapons. More than that, however, the IDF has expressed

serious concern that cyber-attacks could be used to take control of military communications

networks, particularly during times of hostilities.740 In response, the IDF has stressed

“thwarting and disrupting enemy projects which may aim to target the Israeli military and

government,” as well as developing tools and strategies to defend communication and

weapons systems.741 In response to the hack of Israeli drones, for example, the IDF has

greatly strengthened its encryption methods regarding communications to reduce this type

of risk.742

Yuval Diskin, the former head of the ISA, has stated that Israel must work to defend

not only networks, but also individual computers and all communications entering the

738 Zitun, “The IDF Prepares for Cyber-Battles.” 739 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post. May 11, 2013.

http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 740 Katz, “Security and Defense;” Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5,

2012. http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator 741 YNetNews. “IDF says ‘Defined Essence of Cyber Warfare’.” Ynetnews. June 4, 2012.

http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm 742 Ben-Yishai, “IDF’s Cyber Defense Easily Breached.”

203

country due to the interconnected nature of cyber-space. Outside of the IDF, the NCB and

NCSA have helped deal with numerous threats to the private sector, including the

aforementioned attacks on Israeli hospitals in 2017.743 Building defenses for all systems

requires developing ways to identify potential attackers in order to prevent them from

acting, and is a critical component of Israeli’s defensive efforts.744 The value of this type of

intelligence can be seen regarding #OpIsrael. Anonymous creates a list of targets prior to

launching the attacks, having that information would make it easy for Israel to boost

defenses at the targets. Israel has additionally stated that if an attack causes damage, it has

the right to employ self-defense, including in response to attacks by non-state actors.745

Israel has invested a great deal of money and resources into creating and improving

its technology across a wide range of abilities. Central to this effort are perimeter defenses

and active defenses. In regards to perimeter defenses, Israel has built a range of tools,

including firewalls, intrusion detection systems, the rerouting of attacks to dummy sites,

virtual private network (VPN) servers, and application proxies.746 Such tools are particularly

valuable against the types of less sophisticated attacks that non-state actors tend to launch.

These strategies fit with the general Israeli Defense Force cyber-strategy of “thwarting and

disrupting enemy projects which may aim to target the Israeli military and government.”747

Israel has also been working with private companies that to protect communications to

boost their defenses.748 Active defenses can be highly useful tools for nations looking to

743 Tech2, “Israel Thwarts Major Cyberattack on Hospitals.” 744 Ben-David, “Playing Defense.” 745 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare;’” Blank, Laurie R. “International Law and Cyber

Threats from Non-State Actors.” International Law Studies. Vol 89. 2013. 746 Applegate, “The Principle of Maneuver in Cyber Operations.” 747 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare.’” 748 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.”

204

prevent cyber-attacks.749 To this end, Israel has identified the Internet Service Providers

(ISP) that are the ones more likely to be used to host an attack, and cyber-defenders in Israel

have been given wide latitude to block traffic from those ISPs. They are given the freedom

to do so even before it is clear there is an attack taking place or before it is clear the ISP in

question is the source of the attack.750 Active defenses can be boosted by gathering

intelligence to use to tailor particular tools to particular threats.751

Offensive Level – Israel has not stuck solely to defense, however. The IDF has stated

that it is prepared to use cyber-weapons whenever it feels they are needed.752 It is not clear,

however, what the nature of those weapons are, and it is also unclear what conditions would

lead to Israel launching them. Israel has pointedly neither confirmed nor denied previous

accusations that it launched cyber-attacks, likely because it lessens the chances of a reprisal

(particularly true given, as previously mentioned, that it is difficult to attribute cyber-

attacks).753 Unit 8200 is the agency that oversees much of Israel’s offensive cyber-weapons

development, though ISA has also developed weapons.754 It is known as well that the ISA

749 Even and Siman-Tov, “Cyber Warfare,” p. 19; Sklerov, Matthew J. “Responding to International Cyber Attacks

as Acts of War.” In Inside Cyber Warfare, edited by Jeffery Carr, p. 45–76. (Cambridge: O’Reilly, 2012), p. 195. 750 Lappin, “Cyber-Terrorism: Defending the Country’s Online Borders.” 751 Lynn, “Defending a New Domain.” 752 YNetNews, “IDF says ‘Defined Essence of Cyber Warfare;’” Blank, “International Law and Cyber Threats from

Non-State Actors.” 753 Libicki, Cyberdeterrence and Cyberwar, p. 19; Egozi, Arie. “The Secret Cyber War.” Military Technology. Vol.

35. 2011, p. 6; Even and Siman-Tov, “Cyber Warfare,” p. 19; Carr, Inside Cyber Warfare, p. 252; Fulghum, David.

“Bombing Iran.” Aviation Week and Space Technology. Vol. 174. 2012, p. 29; Katz, “Security and Defense;”

Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications

for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and General Staff

College, Fort Leavenworth, KS: US Army Command and General Staff College, May 23, 2013, p. 3. 754 Ben-David, “Playing Defense;” Katz, “Security and Defense.”

205

has attempted to improve its ability to extract intelligence information from state and non-

state actor computer networks and social media sites.755

Israel appears to be trying to build deterrence by signaling to non-state attackers that

their chances of success are very limited, and whether or not they succeed, they may face

retribution.756 Israel, as in other asymmetrical domains, expects that deterrence will fail

periodically, so Israel expects the need to deal repeated punishments over time.757 Proxies

appear to play a major role in these efforts, as it is unclear what, if any, counter-attacks have

been launched directly by the state. Patriotic hackers backing Israel appear to be the ones

that have been responsible for most attacks on non-state actors targeting Israel.758 During

the 2012 conflict with Hamas, a group of students in Israel created a botnet under the name

“Help Israel Win” to launch counter-attacks on anti-Israel groups launching cyber-attacks.

The botnet was entirely voluntary and people had to download a tool to join.759 The waves

of cyber-attacks targeting Israel during the 2014 Gaza campaign, also appear to have

provoked a counter-offensive.760 Several websites that were used to organize anti-Israel

attacks were defaced, and many networks used to launch attacks on Israel were taken off-

line. Pro-Israel hackers also appear to have managed to obtain and post personal

information of hacker’s attacking Israel.761 Further, Israeli hackers appear to have leaked

information from the Palestinian Population Registry, including information on roughly 700

755 Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014.

http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look 756 Bob, “Rule of Law: Obama, Israel and Cyber Warfare.” 757 Gartzke and Lindsay, “Cross-Domain Deterrence,” p. 14. 758 Valeriano and Maness, “Persistent Enemies and Cyberwar,” p. 146. 759 Rid, Thomas. Cyber War Will Not Take Place (London: C. Hurst and Co, 2013) 760 Valeriano and Maness, Cyber War Versus Cyber Realities, p. 168. 761 Ghermezian, Shiryn. “Israeli Hackers Strike Back at Anonymous OpIsrael, Expose Participants with Their Own

Webcams (PHOTOS).” Algemeiner. April 10, 2014. http://www.algemeiner.com/2014/04/10/israeli-hackers-strike-

back-at-anonymous-opisrael-expose-participants-with-their-own-webcams-photos/#

206

Palestinian Authority employees.762 Israel and pro-Israel hackers have also been accused by

the Boycott, Divest, Sanction (BDS) campaign of launching attacks against websites

supporting BDS, knocking six of them temporarily off-line in 2016.763 There is no actual

evidence, however, to suggest that the Israeli government was behind any of these attacks

or was aware of them beforehand.

Counter-attacks have also occurred in relation to #OpIsrael. One of the more

successful of the patriotic hacker groups, the Israeli Elite Force, arose in 2013 as a response

to #OpIsrael. Israel Elite Force has launched numerous counter-attacks on Anonymous

members participating in #OpIsrael, including allegedly posting screenshots of the

Anonymous hackers themselves.764 Many other groups and individuals have joined this

effort as well. In 2017, for instance, pro-Israel hackers overran chats set up to help

coordinate attacks leading many rooms to be abandoned.765 Further, each year #OpIsrael

campaigns offer free DDoS tools to all participants. In 2017, an unknown group, possible

either the Israeli government or patriotic hackers, set up their own DDoS distribution

system. It was designed to look like one set up by the Anonymous faction, but instead the

file the users downloaded was malware that would allow the group to spy on the potential

attacker’s computer.766

762 Abu Amer, Adnan. “Hamas’ Cyber Battalions Take on Israel.” Al-Monitor. July 29, 2015. http://www.al-

monitor.com/pulse/originals/2015/07/palestine-israel-internet-cyber-war-hacking.html#ixzz4Fd6XrhvZ 763 Eichner, Itamar. “BDS: Israel Responsible for Cyber Attacks.” YNetNews. June 5, 2016.

http://www.ynetnews.com/articles/0,7340,L-4812027,00.html; BDS. “Attacks on BDS Websites Smack of Israel’s

Despair at its Growing Isolation.” BDS Movement. June 2, 2016. https://bdsmovement.net/news/attacks-bds-

websites-smack-israel%E2%80%99s-despair-its-growing-isolation 764 Shamah, David. “Israeli Group Posts Photos of Not-So-Anonymous Hackers.” The Times of Israel. April 13,

2014. http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/#ixzz2z9SQBC80 765 Smith, “OpIsrael.” 766 Digital Shadows. “OpIsrael Hacktivists Targeted by Unknown Threat Actor.” Digital Shadows. March 30, 2017.

https://www.digitalshadows.com/blog-and-research/opisrael-hacktivists-targeted-by-unknown-threat-actor/;

AnonWatcher. “Beware: Israeli Malware Trojan Trap Set to Bait #OpIsrael Anonymous Campaigners.”

207

Whatever the level of direct state involvement might be, Israel appears to be

supportive of such counter-attacks. The Israeli government and private companies, for

instance, have begun working together to host a hackathon/competition under the name

Cyber (K)night. The goal is to bring pro-Israel hackers and organizations together to have

them compete to see which team can best prevent and mitigate a simulated catastrophic and

wide-ranging cyber-attack, as well as develop ways to counter-attack.767 The 2017 event

was held on the same day that factions of Anonymous launched their yearly #OpIsrael

attacks.

Research and Development – Israel has a booming private sector for companies

dealing with cyber-security.768 There are as many start-up companies and research and

development centers run by multilateral corporations in Israel as there are in the entire rest

of the world excluding the US.769 There is good cooperation between the private and military

sectors, the most prominent example of which is the Advanced Technology Park (ATP) at

Ben-Gurion University in Beer Sheba. The ATP provides a large complex of three buildings

where government officials, academics, companies, and the IDF work together on cyber-

projects, including sharing data and assisting one another with resources, ideas, and

personnel.770 Further the largest US technology companies have offices in Israel. This

Anonhq.com. April 6, 2017. http://anonhq.com/beware-israeli-malware-trojan-trap-set-to-bait-opisrael-anonymous-

campaigners/ 767 “CyberKnight,” 2016. http://cyberknight.co.il/; “CyberKnight.” “Israel: Knights of the Cyber Table.” i-HLS.

June 20, 2014. http://i-hls.com/2014/06/israel-knights-cyber-table/ 768 See chapter 2 for more detailed discussion 769 Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya,

Israel. June 9, 2014; Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High

Tech.” The Marker (Hebrew). September 14, 2014. http://www.themarker.com/technation/1.2432479 770 Even and Siman-Tov, “Cyber Warfare,” p. 22; Institute for National Security Studies, and the Cyber Security

Forum Initiative, “Cyber Intelligence Report—July 15, 2014;” Levi, Ram. “The Fifth Fighting Space.” Israel

Defense. December 16, 2011. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706; Hiner, Jason.

208

includes Microsoft, Apple, Cisco, IBM, and Google.771 In Israel there are additionally roughly

300 start-up companies dealing with cyber-space as well as around 20 research and

development centers set up by multinational corporations. These numbers are roughly

equal to the total number of companies in this field worldwide, excluding the US.772 Israel

has also invested heavily in promoting research and development through the NCB, which

has provided money and grants to companies working in cyber-space. This is in addition to

research and development work done directly by the government and IDF. Cooperation

between the private sector, the military, and universities has been a major factor in Israel’s

ability to develop the sophisticated offensive and defensive capabilities that are used to

target non-state actors.

Training and Human Resources – Israel has also invested heavily in improving

training on many levels.773 The IDF has created a year-long training program that teaches

soldiers how to prevent and detect attacks.774 It has also worked with the defense industry

to develop “cyber-simulators” that are being used to train military personnel how to defend

critical assets and networks.775 Further, in 2012, Israel started a program that aims to

identify students who demonstrate exceptional computer skills between the ages of 16 and

18 and offer them the chance to attend one of the IDF’s technical high schools, with the

“How Israel is Rewriting the Future of Cybersecurity and Creating the Next Silicon Valley.” Tech Republic. 2013.

http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-

silicon-valley/# 771 Eisenstadt and Pollack, “Asset Test,” p. xiii, 32. 772 Steinherz, “Israeli Innovation in Cyber-Technology;” Ziv, “Theft, Business Espionage, and War.” 773 See chapter 2 for more detailed discussion 774 Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013.

http://haaretz.ubik.net/news/politics/1.1902961; Katz, “Security and Defense.” 775 Israel Ministry of Foreign Affairs, “Deputy FM Elkin;” Katz, “Elbit Unveils New Cyber War Simulator.”

209

students then serving in an IDF cyber-unit upon graduation.776 Israel has also aimed to

increase the number of students enrolled in high school computer science classes, and

colleges and universities have created or expanded such programs as well.777 Along these

lines, Israel has roughly 1,000 computer science teachers in its primary schools, which

makes it a world leader in that regard.778 These programs have helped develop the talented

personnel Israel currently employs defending against cyber-attacks. Israel has additionally

been working with colleges and universities to offer training to government employees on

enhancing their “cyber-hygiene” (such as keeping passwords secret, keeping computers up

to date, and not posting private information on-line).779 This type of training is highly

valuable since these mistakes are often how non-state actors gain access to systems.

It is unclear whether Israel’s efforts are working. This year’s #OpIsrael might suggest

some level of success. The event had far fewer participants that usual, meaning that the DDoS

attacks lacked adequate numbers to cause any remotely significant outages. The cyber-

weapons Anonymous offered were also frequently outdated with attack vectors requiring

vulnerabilities that had been patched as early as 2012.780 These factors suggest many of the

more technologically advanced members of Anonymous who had participated in the

planning or execution of this event in the past did not do so this year. While it is not known

776 Jerusalem Post. “Netanyahu: We’re Building a Digital Iron Dome.” Jerusalem Post. January 1, 2013.

http://www.jpost.com/Diplomacy-and-Politics/Netanyahu-Were-buildinga-digital-Iron-Dome; Silverstein, Richard.

“IDF to Double Unit 8200 Cyber War Manpower.” Richardsilverstein.com. October 23, 2012.

http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/ 777 Levi, Ram. “The Fifth Fighting Space;” United Press International. “Unit 8200 and Israel’s High-tech Whiz

Kids.” June 4, 2012. http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-

tech-whiz-kids/UPI-43661338833765/ 778 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. 779 United Press International, “Unit 8200 and Israel’s High-tech Whiz Kids.” 780 Smith, “OpIsrael.”

210

why, it does suggest that Israeli efforts on defense and offense convinced many attackers

from previous years not to participate.

On the other hand, Israeli defensive and offensive actions have generally been fairly

limited. Members of groups like Anonymous might be able to be deterred, but it is highly

doubtful that groups as invested as Hamas or Hezbollah in attacking Israel will abandon their

efforts; they have not done so in the physical realm, it is not clear why they would in cyber-

space where the costs to them have been lower. Overall, Israel has not been able to create

any particularly noticeable deterrence against non-state actors. This is evident from the

sheer number of attacks Israel faces on a daily basis. Overall, however, there is no question

that Israel has been able to prevent catastrophic attacks despite a barrage of efforts to cause

them, which is an indication of success in and of itself.

Policy Recommendations:

This section provides recommendations regarding how to improve defenses against

non-state actors. It will begin by offering suggestions based on the Israeli experience that

other nations could benefit from. Recommendations will then be presented for how Israel

can further improve its ability to handle non-state actors, these suggestions will also be

useful for other nations. Importantly, in cyber-space many strategies that apply to non-state

actors will be effective against attacks by states, and vice-versa. This fact further enhances

the value of these recommendations.

Lessons from Israel – Part of the reason Israel has been successful in defending

against cyber-attacks by non-state actors is the way in which Israel has structured its

211

agencies. Each agency has specific networks it is responsible to defend. This allows each of

the agencies to tailor their responses to the types of threats they will face, which can create

more precise solutions as well as foster focused innovation. The creation of the NCB has also

been valuable for Israel, as it has enhanced ties between private entities and the government,

which has improved Israel’s ability to create innovative tools and strategies. Other nations

looking to emulate such a system will of course need to vary the types of agencies and their

responsibilities to fit their national needs. States should at least consider creating agencies

similar to Israel’s in which a specific agency will be responsible for governmental systems,

another for military, one for critical infrastructure, and one that assists the private sector.

Creating new agencies always has difficulties and turf wars associated with it, and Israel

experienced these, but in the end, this is a fairly inexpensive step that nations can take to

help defend against cyber-attacks from any source. Israel’s decision to specifically instruct

agencies with cyber-capabilities to address non-state actors in addition to state actors

appears to have been valuable. This emphasis allows Israel to develop strategies and tools

that are focused on, and tailored to, dealing with these specific types of threats.

In the battle against non-state actors, technology is your enemy, but it is also your

friend. Many of the attacks non-state actors launch, such as DDoS, are fairly unsophisticated

and Israel has worked to address them with improved technological means. Improving the

ability to monitor networks for anomalies is valuable as it makes it easier to determine if an

attack is just getting underway and makes it easier to identify one before it starts.781 Known

exfiltration websites can also be blocked, making it more difficult for attackers looking to

781 Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare (pp. 179-190)

(Cambridge, UK: O’Reilly 2012), p. 188.

212

steal data to succeed in doing so.782 Similarly, monitoring outbound traffic from the network

for unexpected occurrences or anomalies can provide warning of a problem.783 Improved

end-point protections, such as anti-virus software, firewalls, and malware payload blocking

technology are all valuable tools to help prevent successful attacks of the types non-state

actors primarily use. The most critical systems can also be kept off the internet and instead

use their own separate network.784 While this is far from impenetrable or ideal, it can

decrease dangers. Technology can also be useful in defending against attacks by allowing

the defender to disperse information, and even the system itself, across multiple computers

and systems so that attackers must hit multiple sites and targets to gain access.785

Encryption is also key, as strong encryption can be highly difficult to break.786 These

technological systems and tools are particularly valuable against non-state actor attacks as

they are well suited to address the types of attacks non-state actors launch.

To stay ahead of the improving capabilities of non-state actors, states must invest in

research and development. Threats are constantly evolving, requiring new technology, new

patches, and new ways of evaluating the dangers. Countries must be willing to invest the

time, energy, and money into staying one-step ahead of non-state actors. When states invest

in research and development they can maintain an advantage over non-state actors. States

have greater resources, so their capabilities will end up being superior virtually every time.

782 Radichel, “Case Study,” p. 16. 783 Radichel, “Case Study,” p. 23. 784 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 13. 785 For more on the technical aspects of this issue, please see: Fahrenkrug, David T. “Countering the Offensive

Advantage in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds.

C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012, p. 201; Applegate,

“The Principle of Maneuver in Cyber Operations.” 786 Fahrenkrug, “Countering the Offensive Advantage in Cyberspace,” p. 197, 202.

213

The black market technology will not be able to keep up with these new advances.787 To this

end, Israel’s decision to heavily invest resources, both financial and human, into training and

research regarding cyber-space has been a critical. It is how Israel has developed the

personnel that have been able to create the strategies and technologies to successfully to

deal with non-state actor attacks.

Where Israel Can Further Improve – Israel has taken a range of steps, as shown above,

to address non-state actor threats, but there is more that Israel can do to improve. The

private sector remains a significant weakness in Israel’s cyber-defenses.788 Israel has stated

that it believes it is the responsibility of both the government and the private sector to secure

private networks against attacks and cyber-crime, but Israel has not yet done enough to

ensure they boost their defenses.789 Israel can take steps to establish guidelines, rules, and

regulations for what private sector actors must do to defend their networks.790 The NCB

appears to be well suited to take on such efforts and discuss with the private sector exactly

what would be reasonable and how the state can help in these efforts.791

In 2012, Israel established a 60 person task-force within the police to investigate and

stop cyber-crime.792 This effort should be expanded. First, the remit should grow and

include investigations into all cyber-attacks and the threats posed by all non-state actors.

787 Tabansky, “Cybercrime: A National Security Issue?” p. 71. 788 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 26. 789 Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. London: Springer,

2015, p. 7, 36. 790 Siboni, Cohen, and Rotbart, “The Threat of Terrorist Organizations in Cyberspace,” p. 26. 791 Prime Minister’s Media Adviser. “Cabinet Approves Establishment of National Cyber Authority.” Israel Ministry

of Foreign Affairs. February 15, 2015. http://mfa.gov.il/MFA/PressRoom/2015/Pages/Cabinet-approves-

establishment-of-National-Cyber-Authority-15-Feb-2015.aspx 792 Shemer, Nadav. “Israel Police to Tackle Cyber Crime with New Unit,” The Jerusalem Post. November 13, 2012.

214

Second, more national security agencies should become involved. Third, the task-force

should also attempt to build cooperation with foreign nations on this issue.793

A simple step that can help to reduce vulnerabilities to non-state actor attacks is to

improve “cyber-hygiene.” Security vulnerabilities often arise from mistakes individuals

make.794 Many cyber-attacks on Israel, including some of the ones mentioned above, are

believed to have started due to human error.795 In the 2014 conflict in Gaza, for example,

hackers often gained access to networks through computer programs that were not updated,

by cracking weak passwords, or when employees clicked the wrong link or responding to a

forged email. There are steps that governments can take to address these issues. Israel can

make it mandatory for all government personnel with access to computer systems to attend

university courses regarding cyber-security mentioned above. Ensuring employees at

critical infrastructure facilities receive proper training on how not to fall victim to such

scams is also well worthwhile. Private organizations that work with the government and are

connected to its networks and services could also be required to develop better account

management policies and to ensure that their employees receive training equivalent to what

Israeli government employees are offered. Israel could also come to an agreement with such

companies to require all software and hardware be subject automatic updates when they are

released.796 Taking these steps should be fairly inexpensive. Human error will always exist.

793 Tabansky, “Cybercrime: A National Security Issue?” 794 Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124##, p. 6, 8. 795 Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014.

http://www.haaretz.com/news/world/.premium-1.633845 796 Mueller, Schmidt; and Kuerbis, “Internet Security and Networked Governance in International Relations;” Lynn,

“Defending a New Domain;” GReAT and Naor, “ATMZombie.”

215

Decreasing the odds such mistakes occur, however, will be a valuable step in reducing the

risk of cyber-attacks, particularly from non-state actors who rely on such vulnerabilities.

Israel should seek to deepen its cooperation with nations it already works with and

look to expand the number of nations with which it cooperates on cyber-security issues. The

more nations that Israel works with, the greater the chance that one of them will be able to

provide intelligence information that can prevent an attack or respond to one once it is

underway.797 Specifically in regards to non-state actors, strong cooperation with intelligence

and law enforcement agencies in other nations can make it easier for Israel to discover who

was behind an attack and make them pay a price.798 Tighter cooperation should also make

it easier to threaten non-state actors’ interests by creating a heightened expectation of

retribution, such as being forced to pay damages, being shut-down, or even being jailed.

Today, this expectation is quite limited, thereby emboldening organizations and individuals

to conduct cyber-attacks. The higher the level of cooperation, the more successful such

efforts will be.799 Improving working relationships with private cyber-security firms can

help with attribution and defenses as well.800

An additional possibility that Israel should consider in order to deal with non-state

actors is to attempt to isolate them from the resources and broader community of hackers

they rely on in order to improve their knowledge base and coordinate actions. These market

places and discussion groups, as described above, have become critical to the ability of non-

state actors to launch attacks. To do this, Israel could attempt to disrupt internet connections

797 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber

Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-

trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34 798 Lynn, “Defending a New Domain.” 799 Lin, “Offensive Cyber Operations,” p. 78. 800 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 68.

216

and service to individuals or groups planning or launching attacks. Israel can also share

information on dark web message boards regarding the hacker that the broader community

might not approve of.801 An additional possibility is to target and take down a non-state

actor’s websites, or go after their finances.802 The idea is to expose these groups in the hope

that it will lead others to shun them. It has the added benefit that once these individuals and

groups are made public, they will be known to law enforcement around the world, which

may further restrict their freedom of action. Such an action could also boost deterrence as it

heightens the potential that attackers will face retribution for their actions.

Intelligence gathering is also critical to addressing the threat from non-state actors.

This can be done many ways, including on-line by reading chat rooms, posing as a member

of the non-state actor group, intercepting communications, and many other tactics.803

Intelligence conducted in the physical world, however, is just as necessary, as not everything

important is said on-line. Israel must rely not only, as it appears to increasingly be doing, on

cyber-intelligence gathering, but on traditional intelligence tools as well.804 Relatedly, Israel

can try to convince some hackers to serve as informants to spy on these groups, or they can

try to penetrate the groups by planting agents within them.

Counter-Attacks and Non-State Actors – One important aspect Israel and other states

must consider carefully is the idea of directly counter-attacking or preemptively attacking

non-state actors in cyberspace. States should be very careful in launching such operations,

801 Applegate, “The Principle of Maneuver in Cyber Operations.” 802 Cohen and Levin, “Cyber Infiltration During Operation Protective Edge.” 803 Microsoft. “Impersonation.” Microsoft Tech Net. http://technet.microsoft.com/en-us/library/cc961980.aspx 804 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014.

http://www.haaretz.com/opinion/.premium-1.602413#

217

however, as there are substantial drawbacks. One issue is that, as with Stuxnet, once

uncovered, non-state actors can use the code used against them to improve their own

abilities. Further, once code is launched it may spread beyond the computer or network

initially targeted, creating unnecessary and unintended collateral damage. If a mistake in

attribution is made and the counter-attack hits the wrong target, it could create additional

problems.805 In fact, attacks are often intentionally routed through nations, companies,

servers, and computers that are not directly involved. This is done to hide attribution and

also sometimes in an effort to create confusion and an international incident.806 Similarly,

as noted, simply because a computer is taking part in an attack does not mean the owner is

aware of that.807 Thus, attacking that computer could destroy the equipment of an innocent

person and would certainly be a violation of international law and norms. It is also not a

settled question regarding when states are permitted to use counter-attacks or engage in

self-defense under international law against non-state actors.808 Counter-attacks may

therefore end up being a violation in and of themselves. This risk is particularly acute for

Israel, as opponents often attempt to portray it as a violator of international law.809 Thus,

Israel might be wise to avoid actions that could help support such a narrative.

805 Applegate, “The Principle of Maneuver in Cyber Operations.” 806 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 377; Healey, Jason. “When ‘Not My Problem’ Isn’t

Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United

States Issue Brief. 2012, p. 3; Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.”

Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph

Nye and Monica Toft. March 20, 2012, p. 102. 807 Applegate, “The Principle of Maneuver in Cyber Operations.” 808 Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors;” Schmitt, Michael N.

“International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed.” Harvard International Law

Journal. Vol 54. 2012. 809 Cohen, Matthew S. and Charles D. Freilich. “War by Other Means: Modeling the Delegitimization Campaign

against Israel.” Israel Affairs. Vol. 24, No. 1. 2018.

218

Additionally, as discussed, launching most of the types of cyber-attacks non-state

actors employ is fairly cheap, thus destroying their equipment or temporarily blocking

access to websites is not very likely to cause any long-term disruption to such efforts. This

calculation can change, however, if more powerful and expensive equipment can be targeted.

If a more capable non-state actor, such as Hezbollah or the Syrian Electronic Army, is

preparing or launching a sophisticated attack, a counter-attack or preemptive strike could

be valuable. Israel already appears to be at least offering tacit support for launching some

counter-attacks, as seen through the Cyber(K)night program.

The Danger of Non-State Actor Propaganda – Arguably, the biggest danger non-state

actors pose to states in the cyber-realm is their use of cyber-space and cyber-attacks as a

propaganda tool. Terror groups in Israel and around the world have used the cyber-realm

mainly as a recruitment tool, often quite effectively.810 The main difference between past

forms of non-state actor propaganda and such efforts in cyber-space is simply that it is easier

to reach a larger number of people now than in the past. Cyberspace is a highly cost effective

realm in which to launch propaganda. This does not, however, much change how states

should respond to it. States must continue to counter such propaganda and work with the

sites hosting such material to remove it whenever possible.

There appears to be growing recognition of this danger, with major social media

companies promising to take action. The US also appears to take this threat seriously, as it

810 Schweitzer, Siboni, and Yogev, “Cyberspace and Terrorist Organizations,” p. 19-20; Nye, “Cyber Power,” p. 12;

Cilluffo, Cardash, and Salmoiraghi, “A Blueprint for Cyber Deterrence,” p. 5.

219

has been killing ISIS social media experts.811 Israel is attempting to work with major social

media companies, such as Facebook and Twitter, and is considering legislation making it

easier for the Israeli government to remove material that Israel considers incitement or hate

speech from such sites. In general, Israel, and other nations, should attempt to improve their

cooperation with private companies to deal with incitement and propaganda. Israel’s

outreach to Facebook and Twitter has generally been met positively by the companies and

such efforts should continue.812

This is one arena where cyber-attacks on non-state actors might have an impact.

Israel could deface non-state actor websites with messages and images that aim to portray

the group as weak or ineffective. This might serve as a useful counter-propaganda method.

In the end, propaganda is an old tool, cyber-space is simply a shiny new toy with which to

engage in the same old behavior.

Conclusion:

In cyber-space, the state is still king. Non-state actors, however, are capable of

causing damage, even if not at the level the state can. As Nye states: “A teenage hacker and a

large government can both do considerable damage over the internet, but that does not make

them equally powerful in the cyber domain. Power diffusion is not the same as power

equalization.”813 Non-state actors have some advantages in cyber-space, a key one being

811 Goldman, Adam and Eric Schmitt. “One by One, ISIS Social Media Experts are Killed as Result of F.B.I.

Program.” New York Times. November 24, 2016. http://www.nytimes.com/2016/11/24/world/middleeast/isis-

recruiters-social-media.html?_r=2 812 Legal Portal for Internet, Cyber and Information Technologies. “Israeli Minister of Justice Calls for Cyber

Defense Legislation and Liability on Internet Platform Providers.” Law.Co.Il. June 24, 2016.

http://www.law.co.il/en/m/#/news/9308/ 813 Nye, “Cyber Power,” p. 11.

220

that, so far, very few have faced retribution for their actions.814 Non-state actors have

already shown an ability to knock important websites off line and gain at least a basic level

of access to some government systems and to critical infrastructure networks, and non-state

actors’ abilities are rapidly improving. Attackers are also able to quickly vary their vectors

and signatures faster than defenders can close them.815 Non-state actors can find support

from many sources now, ranging from nations to people with no technical ability who simply

volunteer their machines as part of an attack.816 An attack only needs to succeed or get lucky

one time to cause damage. Even if an attacker cannot penetrate the most sensitive systems

directly, taking down a softer target can create a cascade effect leading to more severe

damage elsewhere. For all these reasons, and more, it seems likely that it is only a matter of

time before non-state actors figure out how to exploit vulnerabilities to launch larger and

potentially more crippling attacks.

Such an outcome can still be prevented, however, if states maintain their edge in

technological ability. Even nations as advanced as Israel can still do more in this regard.

While Israel currently maintains significant superiority over most other cyber-actors, both

state and non-state, there is concern that these other actors will be able to catch up enough

(even if not all the way) to be able to do real damage.817 The more nations can invest in

research and development, the more secure they are likely to be.

This chapter has aimed to offer insights into the threat non-state actors pose in the

cyber-realm and their interactions with Israel. It also offered recommendations as to how

814 Nye, “Cyber Power,” p. 13. 815 Lindsay, “Stuxnet and the Limits of Cyber Warfare,” p. 376. 816 Rid, Cyber War Will Not Take Place. 817 Ben-David, “Playing Defense.”

221

to improve national cyber-defenses against attacks by non-state actors. Israel’s example

provides some clear guidelines regarding steps nations can take to bolster their defenses

against non-state actor cyber-attacks. Non-state actors are growing more sophisticated, and

the threat they pose is growing along with their capabilities. Nations would be wise to pay

careful attention to the dangers of non-state actors in cyber-space and take steps to ensure

no major successful attacks occur and that they do not suffer a “death by a thousand cuts.”

222

6 – Conclusion

Israel faces a barrage of cyber-threats and the dangers continue to grow, as do the

threats facing the world at large. As Israel’s experience has demonstrated, it is possible to

build successful defenses in cyber-space against a range of actors, even if those defenses are

not always perfect. Israel has responded to the new challenges posed in cyber-space by

developing myriad ways to not only defend, but to use it as a platform for promoting its

interests. Its policies and technology have made it a world leader in the field both offensively

and defensively. Israel has been largely successful in mitigating the negative impacts of

cyberattacks to date, but the potential for damage in the future is still great. Israel’s

experience additionally helps to highlight what other nations can do to enhance their ability

to use cyber-space to promote and defend their interests.

This dissertation aimed to provide a clearer understanding of how states behave in

cyber-space though a detailed case-study examination of Israel in cyber-space.

Understanding how countries actually act, and are acted upon, in the real world is critical to

anyone looking to create or enhance security, peace, cooperation, or even offensive abilities

in the cyber-realm. This is a gap this work looks to fill by examining a highly powerful

country in cyber-space that remains largely unstudied. It is the hope of the author that filling

in these missing portions of the picture of behavior in cyber-space will help lead to a more

secure and peaceful world. To that end, this final chapter aims to highlight some of the main

findings that illustrate some of the main issues and how Israel has made effective use of

cyber-space.

223

Research and Development:

Research and development is the backbone of everything else in cyber-space, as

noted throughout the previous chapters. Israel’s investment of financial and human

resources into training programs and research, and its close cooperation with the private

sector in these endeavors is a central reason for Israel’s strength in cyber-space. Israel has

invested heavily in attempts to not only train students in primary schools, but to identify the

most promising and offer incentives for them to join appropriate military units during their

compulsory service and to work for the government thereafter. Citizens in the military also

receive training in an effort to improve the abilities of cyber units. Israel has also engaged

academia to help with trainings and to produce novel cyber tools for private and

governmental use. The government has also been involved helping start-up companies and

funding research. Israel’s efforts in this regard could be emulated where possible by other

nations looking to bolster their cyber capabilities. Israel must continue, and if possible

increase, funding for such programs in order to maintain its edge in cyber-space. The drop

to second place among OECD nations in spending on research and development is a worrying

sign for Israel’s continued strength.

Intelligence Gathering:

Advanced technology and abilities are inherently necessary to be able to create strong

cyber-defenses or engage in offense in cyber-space effectively. Alone, however, they will not

be enough. Intelligence gathering is critical to these efforts. Knowing what adversaries are

planning allows states to build defenses tailored to those threats and makes it possible to

either halt attacks before they occur or hold those responsible accountable after the attack.

224

On offense, cyber-attacks are most effective when they are built to specifically target a

particular network, configuration of hardware or software, or system.818 Stuxnet was able

to cause damage in Iran because of the massive intelligence work that went into determining

exactly how Iran’s systems worked. Intelligence must be gathered in cyber-space, but should

also be collected in the physical world using traditional means. There is much to learn about

cyber-attacks outside of the cyber-realm.819

Range of Actors:

As Israel’s experience has demonstrated, it is possible to successfully defend against

attacks that originate from a wide range of actors. Not all actors are equally dangerous,

however. An important starting point in building cyber-defenses is identifying which

attackers require the greatest attention. This will vary from nation to nation. Some states

will need to worry more about cyber-criminals, others about espionage, others about “death

by a thousand cuts,” still others about crippling attacks aimed at causing physical damage,

others about all of the above and more. Non-state actors are improving their capabilities,

particularly in the wake of the lead of the NSA tools. In the case of the most advanced states,

however, attacks by actors with low capabilities, both state and non-state, pose mainly an

annoyance. For states with advanced capabilities, their focus should instead be on actors

that can launch more sophisticated attacks as existing defenses and tools will generally

already be adequate to handle less advanced attacks.

818 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016. 819 Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014.

http://www.haaretz.com/opinion/.premium-1.602413#; Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.”

International Security. Vol. 41, No. 3. 2016/2017, p. 51.

225

Cyber-Offense:

The Israeli experience also shows the world how cyber-weapons can be used as

valuable offensive tools. Israel’s use of cyber-weapons to capture Syrian air defenses is an

example of how nations can use cyber-space to support physical strikes and protect the lives

of soldiers and even civilians. Stuxnet shows that cyber-attacks can be used to create

physical damage and to accomplish military goals that might otherwise be extremely difficult

and dangerous to achieve, and to do it without causing the civilian casualties that would

occur with a kinetic strike. In addition, cyber-attacks can be executed using proxies or

allowing patriotic hackers to operate.820 This allows states to muddy attribution, which can

enable them to escape retribution or attempt to avoid escalation. On the other hand, these

non-state groups are also dangerous to states as they can take actions in support of the state

that states actually oppose. Further, states can and have used them against each other.

Critical Infrastructure:

Protection of critical infrastructure has been a top priority for Israel stretching back

to 2002. Defining what qualifies as critical infrastructure is the first key step, and each

country will do it somewhat differently based on what it values and what its needs are. Most

states will likely end up using similar criteria to what Israel has created, and will include

power, water, hospitals, and some industrial facilities. Establishing agencies to oversee the

protection of critical infrastructure has been valuable for Israel. Israel currently has two

agencies that partially focus on critical infrastructure as part of their duties, Shin Bet and the

820 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 12.

226

NCB. Determining what role the government plays in helping to defend critical

infrastructure will also vary by country. In many nations, critical infrastructure is privately

owned, and in those cases, governments will have different levels of willingness to interfere

with private businesses. Whatever that balance might be, it is clear that protection of critical

infrastructure is a central concern in cyber-space.

Resilience:

Part of why defining critical infrastructure and protecting it is so important is that it

is central to building resilience. Cyber-attacks will eventually succeed in causing damage,

disrupting communications, stealing money or information, blocking access to sites and

services, or causing other problems. Much of that already occurs on a regular basis, one

attack has even already caused physical damage. It is critical that states develop plans for

how to rapidly recover from successful attacks. This is not always difficult, in dealing with

DDoS campaigns, even massive ones, or other access denial actions, resilience can be built

by simply ensuring the state can provide bandwidth to targeted actors, governmental or

private, to handle the additional traffic or by rerouting the attacks to temporary sites

designed to absorb them.821 This will allow the site to quickly come back on-line. More

advanced attacks make building resilience more difficult but it still can be done. These

efforts can include building the ability to operate a system once it is taken off-line, creating

redundant back-up systems, building physical overrides where appropriate, and using

hardware and software created by a range of companies so if one type is attacked another

821 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 11.

227

option is available. Resilience plans should also include ways to deal with any physical

damage that is done by cyber-attacks.

Coordination with Private Sector:

The importance of the private sector in regards to cyber-defense should not be

underestimated. For one, the private sector offers many services that governments can

benefit from. Private security firms create many advanced technologies that governments

can purchase and modify for their needs. In addition, private companies have a strong record

of investigating cyber-attacks, including uncovering attacks as they occur, dissecting cyber-

weapons, and helping to determine attribution. Thus, there is much for governments to gain

from improved cooperation.822 A second reason, as noted in previous chapters, is the

interconnected nature of cyber-space. Much of the hardware and software the government

and military uses is developed in the private sector. Therefore the private sector and

government are vulnerable to many of the same threats. The government and military

generally defend their systems at a higher level than found in the private level, mitigating

some of these dangers for states, but not completely. At the same time, the cyber-systems of

private companies that provide services to the government or military are often directly

linked to the government’s or military’s systems as well. These private networks are often

lack the defensive systems and capabilities the government and military have, making them

easier to attack. As has happened, cyber-attacks on weaker systems can be used to gain

822 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 10.

228

backdoor access to well defended systems.823 State have struggled to figure out how best to

intervene or work with the private sector in this regard.824 Governments could address this

by reaching out to the private sector to create agreements as to minimum levels of defense

that would be required to gain government contracts. There can also be discussion regarding

how the government can best help with this effort. This can be codified though legislation

that regulates how information is protected and shared to encourage the private sector to

play an active role.825

Role of Technology:

The point was stressed repeatedly in this dissertation: technology is not only your

enemy; it can be your friend. Technology is inherently central to defensive and offensive

efforts in cyber-space. Developing the right technology is key. The challenge is that what is

needed is constantly evolving and the range of systems to be protected keeps quickly

growing. Traditional perimeter defenses, including firewalls, access controls, and intrusion

detection and prevention technologies already are proving inadequate to the challenge as

attackers find ways around them.826 Technology needs to be able to deal with threats once

they penetrate defenses. Once discovered, attacks can be diverted to fake ones designed to

contain the attack. Such false sites can even send back false information, thus causing

823 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room. 2014. 824 Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent

Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security. Vol. 1, No 1. 2017, p. 86. 825 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016; Elazari, Keren. “How to Survive Cyberwar.” Scientific American. April 2015, p. 69. 826 Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow. Cyber Denial,

Deception and Counter Deception. Advances in Information Security, Vol. 63 (New York: Springer 2015), p. 1;

Thycotic Black Hat. “Hacker Survey Executive Report.” Thycotic Black Hat. 2015.

229

confusion for the attacker and hopefully make them question the value of attacking and

convincing them they are wasting their time. In fact, defenders can turn a cyber-attack to

their advantage. Once the attack is discovered and isolated, the defender can learn more

about the cyber-weapon and its intent by watching its behavior in the contained

environment. This information can help determine attribution, can provide insights into

how to prevent similar attacks, and can be used to help gather intelligence on the attacker

and its capabilities.827 The preference, as Israel’s is, should be for quality over quantity.828

While many tools will be needed, there is no point in developing a large number of tools that

do not do very much. Cost is an obvious constraint as well. Resources should be targeted to

build the most effective tools to deal with the most pressing threats.829

Hardware, Software, and the Supply Chain:

The hardware and software that actors, from governments, to militaries, to the

private sector, use are frequently off-the-shelf purchases. Often must of it is designed and

built in foreign nations. This creates enormous risks. The companies and nations in which

hardware and software is designed and made may choose to include hidden code that will

allow the device to be hacked later on or may have been created with hidden malware

already pre-loaded.830 For sophisticated attackers, the supply chain opens new doors

through which to launch attacks, and they have done so.831 Improving cyber-security

827 Heckman, Stech, Thomas, Schmoker, and Tsow, Cyber Denial, Deception and Counter Deception, p. 2. 828 Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic

Affairs. Vol. 5, No. 1. 2013, p. 27. 829 Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.”

Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S.

Policy. 2010. http://www.nap.edu/catalog/12997.html, p. 183. 830 Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013, p. 29-30. 831 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 51.

230

therefore requires that nations take the supply chain into account when designing their

defenses. There is no easy fix to this danger. One option to reduce risk is for governments

and the private sector to work together to craft an accreditation system that would aim to

ensure the process of designing and manufacturing hardware and software is transparent so

hidden attacks and vulnerabilities could be caught.832 This proposal should include

verification mechanisms, and would hopefully also create new norms against this type of

malicious behavior. There are downsides, however, to this proposal. Protection of

intellectual property would likely suffer due to increased transparency. The accreditation

system would also likely lead to increased costs as compliance would be an additional

expense for companies. Additionally, it may decrease the pace of innovation as the time it

takes to develop new products would be slowed by the inspections.833

Cyber-Hygiene:

A simple step that can help to reduce vulnerabilities in cyberspace is to improve

“cyber-hygiene.” In essence, this means to teach people how to recognize and avoid tricks

and dangers in cyber-space that open their systems to attack. Attackers often gain access to

systems when an employee clicks on the wrong link, download and open a file they should

not, share their password or too much personal information, respond to a forged email, or

other similar actions. Computer programs that are not updated with the latest patches

represent another vulnerability. Phishing and spear phishing attacks, for example, continue

832 Inserra, David and Steven P. Bucci. “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security,

Prosperity, and Freedom in Cyberspace.” Backgrounder #2880. The Heritage Foundation. March 6, 2014.

http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-

prosperity-and-freedom-in-cyberspace 833 Sofaer, Clark, and Diffie, “Cyber Security and International Agreements.”

231

to be very successful in gaining access to networks and sensitive information around the

world.834 The rate at which people make such errors also appears to increasing.835 Likely in

part due to the fact that more and more people and organizations rely on cyber-space for

their work. More people using cyber-space increases the chances someone will make an

error. Success in launching cyber-attacks often comes, in fact, from the defender’s failures

rather than an attacker’s abilities.836 As noted, for example, during the 2014 conflict in Gaza,

attackers gained access to many Israeli systems through computer programs that were not

updated. Many cyber-attacks on Israel generally, including some of the ones mentioned in

previous chapters, are believed to have succeeded due to human error.837 Iran has learned

this lesson as well, and it has launched successful phishing and spear phishing campaigns

against Israel, the US, and other nations.838

While governments do not bear all the responsibility to protect cyberspace and train

citizens how to deal with threats, there are steps that governments can take to address these

issues, many of which are surprisingly simple. Governments could come to agreements with

companies to require all software and hardware be subject automatic updates when they are

released.839 Attackers have frequently taken advantage of vulnerabilities for which fixes

834 Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124##, p. 6. 835 Thycotic Black Hat, “Hacker Survey Executive Report.” 836 Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International

System. (Oxford: Oxford University Press. 2015), p. 11. 837 Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014.

http://www.haaretz.com/news/world/.premium-1.633845 838 Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” INSS Insight, No.

561. 2014 839 Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in

International Relations.” International Studies Review. Vol. 15, No. 1. 2013; GReAT and Ido Naor. “ATMZombie:

Banking Trojan in Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016.

https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/

232

exist. Requiring the updates will greatly reduce that risk.840 Mandatory training regarding

best practices to avoid making mistakes in cyber-space can be a way to reduce the risk of

human error. Similarly, staff must be trained to understand the importance and meaning

of different security warnings computers provide and not to ignore them or downplay their

significance.841 It is also valuable to teach personnel the dangers of sharing too much

information on-line, as attackers can use that information to attempt to hack passwords or

trick employees into disclosing information they should not.842 This is an important risk

factor as people are often more willing to share information on-line or on social networking

sites than they would in real life.843 Private organizations that work with the government

and are connected to its networks and services could be required to develop better account

management policies and to ensure that their employees receive training equivalent to what

government employees are required to have. Taking these steps should generally be fairly

inexpensive. Human error will always exist, but decreasing the odds such mistakes occur

will be a valuable step in reducing the risk of cyber-attacks, particularly from non-state

actors or states will less advanced capabilities which rely on such vulnerabilities.844

840 Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute

InfoSec Reading Room. 2014, p. 13. 841 Clark, “Control Point Analysis,” p. 8. 842 Radichel, “Case Study,” p. 12, 18. 843 Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy.”

4th International Conference on Cyber Conflict, eds. C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE

Publications, Tallinn, Estonia. 2012, p. 206. 844 Nye, “Deterrence and Dissuasion in Cyberspace,” p. 51; Radichel, “Case Study;” Valeriano and Maness, Cyber

War Versus Cyber Realities, p. 185; Siboni and Sivan-Sevilla, “Israeli Cyberspace Regulation,” p. 84-85; Office of

the President. “Cyberspace Policy Review.” Office of the American President. 2011.

https://www.state.gov/documents/organization/255732.pdf; The Torrenzano Group. “General Michael V. Hayden on

Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24, 2016. www.torrenzano.com, all

quotes from Hayden unless noted; Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts,

Causes, and Assessment.” International Security. Vol 41, No 3. 2016/2017, p. 88.

233

Coordination and Organization of Government Agencies:

Israel has reorganized existing bodies and created new agencies to attempt to ensure

that all cyber-threats, and opportunities, are addressed. The ability to defend against attacks

is at its highest when government agencies are able to quickly communicate with each other

and share relevant information. On the offensive side, sophisticated cyber-attacks are

difficult to launch, but the burden can be eased if agencies consider the use of such weapons

as part of their operative plans.845 On offense and defense, when agencies can work together

they can more easily share expertise and develop new technologies and strategies. The

creation of the NCB and a national CERT, as well as the reorganization of responsibilities

within the IDF in 2017, represent major steps forward in these regards, but there is more

Israel can do. Currently, there is no single agency responsible for overseeing all of Israel’s

national cyber-defense. This has led to turf battles and missed opportunities on offense and

defense. A single agency responsible for overseeing all national cyber-defense would

address this issue and help ensure that information was shared and acted upon by all other

agencies.846 Israel appeared it was going to address this with the creation of the unified

Cyber Command, but, as was discussed in chapter 2, that effort ended in failure.

International Cooperation, International Law, and Norm Building:

Cyber-space is global, and countries cannot truly succeed in handling the threats and

opportunities it poses on their own. Israel, for example, has worked closely with the US,

845 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 10, 12. 846 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 80.

234

including on defenses and cyber-weapons such as Flame and Stuxnet. This collaboration has

been highly beneficial for both parties. Israel has continued to expand the number of nations

it cooperates with as the examples of the World Bank meeting and India demonstrate. It is

not just in the bilateral sphere that Israel has engaged, Israel has engaged in multilateral

efforts, including at the UN. Clear norms do not yet appear to have emerged in cyber-space,

but it seems likely that efforts are underway to create them. While international law’s

applicability remains unclear, Israel’s actions show that it seems to have paid attention to its

restrictions when launching attacks. These developments are encouraging and important

for boosting cyber-security. Improved relations with other nations provides countries with

additional intelligence, technology, and insight into current and future threats.847 Bilateral

and multilateral agreements and the creation of generally accepted norms can help increase

the odds that malicious actors in cyber-space will pay a penalty for their attacks.

Keep the Internet Open and Easy to Access:

Free exchange of knowledge and ideas is key to the ability to innovate. Some nations

have tried to place restrictions on what their citizens can do in cyber-space. The idea is to

reengineer the cyber-realm to favor security over ease of access and freedom of use.848 This

is a mistake, and Israel’s example shows that this is not really necessary to do in order to

gain a high level of security. Heavy restrictions on the flow of ideas will end up harming a

nation’s ability to develop new technology in the long run as such work relies on the broader

847 India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber

Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-

trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf, p. 34. 848 Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs,

2010, p. 17.

235

community of cyber-specialists. Israel has, instead, embraced an open vision of the cyber-

realm, even with the dangers it poses. This has allowed Israel to gain the benefits the cyber-

realm offers, which in turn has helped it develop the technology and skills needed to defend

against the dangers that openness poses.

Physical Threat to Cyber-Space:

Israel has taken steps to address another underappreciated threat to its cyber-

security. For years, Israel had just one major physical cable connecting its cyber-realm to

the rest of the world. This meant that any damage to that cable would severely impact Israel’s

ability at the private and governmental levels to access cyber-space. While satellite systems

existed to help provide a backup, and more has been built, they would not be adequate to

meet the demand should the cable fail. Israel responded by building an additional cable to

address this issue, but there is more that can be done in this regard. Israel can increase naval

surveillance of the cable as well as develop rapid repair capabilities in case damage occurs

or there is an attack on the cables.

Cyber as Another Option on the World Stage:

There are numerous scholars who argue that major war between powerful nations is

increasingly unlikely, but that instead, countries will promote their values, ideas, self-

interests, and even military goals through other means.849 Small scale violence, proxy wars,

sanctions, and conflicts over values in international settings have all become new tools of

849 Mueller, John. “Is War Still Becoming Obsolete?” Presentation, 1991 Annual Meeting of the American Political

Science Association. 2012, p. 3.

236

conflict between states. Cyber-space may be emerging as another tool in that arsenal. Israel

and the US’s use of Stuxnet to attempt to achieve a military goal is an example of this. Short

of physical destruction, Israel has been using cyber-space to promote its interests more

broadly, as seen in its attempts to pioneer the use cyber-diplomacy as a counter to its

enemies’ efforts to isolate it. The range of uses cyber-attacks might serve is not yet clear, but

it is possible that they could be used as retaliation or punishment (as Iran appears to have

done on numerous occasions) or even to try to convince other states to change policies (as

Russia likely attempted to do to Estonia in 2007).

As cyber-weapons become more advanced, the ability to use them to obtain

retribution increases, as does the possibility that they could be used to compel other states

to change policies. The use of cyber-attacks for these purposes will be most effective if their

use is as part of a broader comprehensive strategy against an opponent that includes

traditional military and diplomatic efforts.850 The possibility that states might already be

using cyber-space for such purposes means that it is important that states discuss norms

regarding such behavior. International law and norms limit when physical violence can be

used in situations short of war, creating similar rules for cyber-space would be worthwhile.

States have so far avoided openly claiming that they have used cyber-space to punish another

nation out of fear of condemnation or of setting a new norm of behavior that would allow

other states to use cyber-space for similar reasons. These concerns might be a bit overblown

however. That Israel and the US were behind Stuxnet is well known, and its use did not usher

in a new age of cyber-warfare. Targeted uses in other circumstances are unlikely to lead to

850 Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies,

Memorandum 153. 2016, p. 12.

237

a different outcome. Cyber-attacks can, as discussed, be highly targeted weapons. In some

cases, this might even allow a state to target specific networks or systems to punish another

state without harming civilians more broadly.

It is admittedly not possible at this time for the US, Russia, China, Israel, or other

major cyber-powers to change each other’s policies solely though cyber-actions as defenses

and counter-attack abilities are too powerful, but highly capable countries might be able to

use cyber-space to do so against less capable states. This might actually end up being a

positive development should it be shown in practice that cyber-attacks can compel less

capable states to change policies. It would show powerful nations that there is another way

to achieve policy goals outside of sanctions and bloodshed, and this may further decrease the

odds of wars breaking out. This is still a problematic outcome, of course, but far superior to

the loss of life.851

851 For more see: Cohen, Matthew S. “The US Response to North Korea - The Cyber Option.” E-International

relations (online). August 7, 2017. http://www.e-ir.info/2017/08/07/the-us-response-to-north-korea-the-cyber-

option/

238

References: Ablon, Lillian, Martin C. Libicki, and Andrea A. Golay. “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar.” RAND Corporation, 2014. http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf Abu Amer, Adnan. “Hamas’ Cyber Battalions Take on Israel.” Al-Monitor. July 29, 2015. http://www.al-monitor.com/pulse/originals/2015/07/palestine-israel-internet-cyber-war-hacking.html#ixzz4Fd6XrhvZ Adams, James. “Virtual Defense.” Foreign Affairs. May-June 2001. Adamsky, Dmitry (Dima) “The Israeli Odyssey Toward its National Cyber Security Strategy.” The Washington Quarterly. Vol 40, No 2. 2017. AFP. “Israeli TV Hacked with ‘Divine Retribution’ Message.” The Times of Israel. November 30, 2016. http://www.timesofisrael.com/israeli-tv-hacked-with-divine-retribution-message/ Ahronheim, Anna. “Cyber Attack Aimed at Over 120 Israeli Targets Thwarted.” Jerusalem Post. April 26, 2017. http://www.jpost.com/Israel-News/Israel-thwarts-cyber-attacks-aimed-at-over-120-targets-489010 Aizescu, Sivan. “Israeli Banks Seek to Set up Joint Cybersecurity Center.” Haaretz. May 26, 2014. http://www.haaretz.com/business/.premium-1.592767 AnonWatcher. “Beware: Israeli Malware Trojan Trap Set to Bait #OpIsrael Anonymous Campaigners.” Anonhq.com. April 6, 2017. http://anonhq.com/beware-israeli-malware-trojan-trap-set-to-bait-opisrael-anonymous-campaigners/ Apfel, Alexander J. “‘Anonymous’ Hackers Attacks on Israel More Hype than Harm.” YNetNews.com. April 7, 2016. http://www.ynetnews.com/articles/0,7340,L-4788745,00.html Applegate, Scott D. “The Principle of Maneuver in Cyber Operations.” 4th International Conference on Cyber Conflict. C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) NATO CCD COE Publications, Tallinn, 2012. Arutz Sheva “Report: Bank of Israel Raises Cyber Defenses.” Arutz Sheva. February 17, 2012. http://www.israelnationalnews.com/News/Flash.aspx/232390#.U8VI7fldVqU Associated Press. “In Israel, Teaching Kids Cyber Skills is a National Mission.” YNetNews. February 4, 2017. http://www.ynetnews.com/articles/0,7340,L-4917408,00.html

239

Aucsmith, David, “War in Cyberspace: A Theory of War in the Cyber Domain.” Cyberbelli.com. May-June 2012. Australian Government. “Cyber Security Strategy.” Commonwealth of Australia. 2009. https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Documents/AG%20Cyber%20Security%20Strategy%20-%20for%20website.pdf Avissar, Irit. “BoI Tells Banks to Appoint Cyber Officers.” Globes. July 21, 2014. http://www.globes.co.il/en/article-boi-tells-banks-to-appoint-cyber-officers-1000957071 Balousha, Hazem and William Booth. “Israel Retaliates for Gaza Rocket Fire with Airstrikes; Hamas Hacks Israeli TV.” Washington Post. March 13, 2016. https://www.washingtonpost.com/world/israel-retaliates-for-gaza-rocket-fire-with-air-strikes-hamas-hacks-israel-tv/2016/03/13/0214541e-f9ee-48e0-8402-39fc4838b65c_story.html?utm_term=.fffab43baf9d Bamford, James. “NSA Snooping was Only the Beginning. Meet the Spy Chief Leading Us into Cyberwar.” Wired.com. June 12, 2013. https://www.wired.com/2013/06/general-keith-alexander-cyberwar/ Baram, Gil. “Influence of the Development of Cybernetic Warfare Technology on Changes in the Israeli Force Structure.” Military and Strategy. Vol. 5, No 1. 2013. Baram, Gil. “Israeli Defense in the Age of Cyber War.” Middle East Quarterly. Winter 2017. Baram, Gil. “The Effect of Cyberwar Technologies on Force Buildup: The Israeli Case.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Barzashka, Ivanka. “Are Cyber-Weapons Effective?” The RUSI Journal. Vol. 158, No. 2. 2013. BDS. “Attacks on BDS Websites Smack of Israel’s Despair at its Growing Isolation.” BDS Movement. June 2, 2016. https://bdsmovement.net/news/attacks-bds-websites-smack-israel%E2%80%99s-despair-its-growing-isolation Bejtlich, Richard. “Review of Martin Libicki’s Cyberdeterrence and Cyberwar.” TaoSecurity. November 25, 2009. http://taosecurity.blogspot.com/2009/11/review-of-martin-libickis.html Belk, Robert and Matthew Noyes. “On the Use of Offensive Cyber Capabilities.” Completion requirement for Master in Public Policy at Harvard Kennedy School of Government, Advisers Joseph Nye and Monica Toft. March 20, 2012. Ben-David, Alon. “Playing Defense.” Aviation Week and Space Technology. Volume 173. 2011.

240

Ben-Horin, Yoav and Barry Posin. Israel’s Strategic Doctrine. (Rand Corporation: Santa Monica, CA 1981). Ben-Yishai, Ron. “IDF’s Cyber Defense Easily Breached.” YNetNews. March 23, 2016. http://www.ynetnews.com/articles/0,7340,L-4782445,00.html Benari, Elad. “Hackers Take Over Israeli Television.” Arutz Sheva 7. November 30, 2016. http://www.israelnationalnews.com/News/News.aspx/221025 Benoliel, Daniel. “Towards a Cybersecurity Policy Model: Israel National Cyber Bureau Case Study.” North Carolina Journal of Law and Technology. Vol. 16, No. 3. 2015. Bergman, Ronen. “Shin Bet Allows Sneak Peek at New Cyber Warfare Unit.” Ynetnews. December 12, 2012. http://www.ynetnews.com/articles/0,7340,L-4322499,00.html Berman, Lazar. “Knesset Stymies Major Cyber Attack.” The Times of Israel. July 14, 2013. http://www.timesofisrael.com/knesset-stymies-major-cyber-attack/ Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors.” International Law Studies. Vol 89. 2013. Bob, Yonah Jeremy. “Analysis: Are US, Israel Winning or Losing Newest Cyber Battles.” Jerusalem Post. April 28, 2016. http://www.jpost.com/Israel-News/Analysis-Are-US-Israel-winning-or-losing-newest-cyber-battles-452589 Bob, Yonah Jeremy. “Islamic Jihad Cyber Terrorist Indicted for Hacking IDF Drones Over Gaza.” Jerusalem Post. March 23, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Islamic-Jihad-cyber-terrorist-indicted-for-hacking-IDF-drones-over-Gaza-448936 Bob, Yonah Jeremy. “Rule of Law: Obama, Israel and Cyber Warfare.” Jerusalem Post. March 22, 2013. http://www.jpost.com/Features/Front-Lines/The-cyber-partys-over-307367 Bob, Yonah Jeremy. “US Deputy of Homeland Security: US-Israel to Sign Automated Cyber Information Sharing Agreement.” Jerusalem Post. June 20, 2016. http://www.jpost.com/Israel-News/Politics-And-Diplomacy/US-Deputy-of-Homeland-Security-US-Israel-to-sign-automated-cyber-information-sharing-agreement-457261 Bronk, Christopher and Eneken Tikk-Ringas. “The Cyber Attack on Saudi Aramco.” Survival. Vol. 55, No. 2. 2013. Brown, Cameron S. and David Friedman “A Cyber Warfare Convention? Lessons from the Conventions on Chemical and Biological Weapons.” In Arms Control and National Security - New Horizons, eds. Emily B. Landau and Anat Kurz, Memorandum No. 135, Tel Aviv - Institute for National Security Studies. 2014.

241

Brunner, Jordan. “Iran Has Built an Army of Cyber-Proxies.” The Tower. August 2015. http://www.thetower.org/article/iran-has-built-an-army-of-cyber-proxies/ Bussolati, Nicolo. “The Rise of Non-State Actors in Cyberwarfare.” Cyberwar: Law and Ethics for Virtual Conflicts, ed. Jens David Ohlin, Kevin Govern, and Claire Finkelstein. (Oxford University Press: New York. 2015). Buzan, Barry. “The Timeless Wisdom of Realism.” In International Theory: Positivism and Beyond, edited by Steve Smith, Ken Booth, and Marysia Zalewski. (New York: Cambridge University Press 1996). Cahanin, Steven E. “Principles of War for Cyberspace.” Air War College, Air University, 2011. Carr, Jeffrey. Inside Cyber Warfare. (Cambridge: O’Reilly, 2012). Cartwright, James E. “Joint Terminology for Cyberspace Operations.” Department of Defense, Washington, DC. November 2010. http://www.nsci-va.org/CyberReferenceLib/2010-11-Joint%20Terminology%20for%20Cyberspace%20Operations.pdf Case Bryant, Christa. “Israel Accelerates Cybersecurity Know-How as Early as 10th Grade.” The Christian Science Monitor. June 9, 2013. https://www.csmonitor.com/World/Middle-East/2013/0609/Israel-accelerates-cybersecurity-know-how-as-early-as-10th-grade Check Point. “Volatile Cedar Threat Intelligence and Research.” Check Point. March 20, 2015. https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf Cherry, Steven. “Terror Goes Online.” IEEE Spectrum Vol 42, No 1. 2015. Choucri, Nazli. Cyberpolitics and International Relations. (The MIT Press: Cambridge, MA: 2012). Choucri, Nazli, Stuart Madnick, and Jeremy Ferwerda. “Institutional Foundations for Cyber Security: Current Responses and New Challenges (Revised).” Information Technology for Development. 2013. Cilluffo, Frank J., Sharon L. Cardash, and George C. Salmoiraghi, “A Blueprint for Cyber Deterrence: Building Stability through Strength.” Institute for National Security Studies, Military and Strategic Affairs. Vol. 4, No. 3. December 2012. Clark, David. “Control Point Analysis.” MIT CSAIL. September 10, 2012. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2032124## Clarke, Richard A. and Robert K. Knake. Cyber War: The Next Threat to National Security and What to do About It. (Ecco: HarperCollins Publishers, 2012).

242

Cohen, Daniel and Danielle Levin. “Cyber Infiltration During Operation Protective Edge.” Forbes.com. August 12, 2014. https://www.forbes.com/sites/realspin/2014/08/12/cyber-infiltration-during-operation-protective-edge/#757dbe0d3fbc Cohen, Daniel and Danielle Levin. “Operation Protective Edge: The Cyber Defense.” In The Lessons of Operation Protective Edge, eds. Anat Kurz and Sholmo Brom. (Institute for National Security Studies 2014). Cohen, Daniel and Aviv Rotbart. “The Proliferation of Weapons in Cyberspace.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Cohen, Gili. “IDF Doubled its Defenses against Cyber Attacks.” Haaretz (Hebrew). January 9, 2013. http://haaretz.ubik.net/news/politics/1.1902961 Cohen, Gili. “Islamic Jihad Hacker Accused of Accessing Israeli Drone Communications.” Haaretz. March 23, 2016. http://www.haaretz.com/israel-news/.premium-1.710589 Cohen, Matthew S. “The US Response to North Korea - The Cyber Option.” E-International relations (online). August 7, 2017. http://www.e-ir.info/2017/08/07/the-us-response-to-north-korea-the-cyber-option/ Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “Israel and Cyberspace: Unique Threat and Response.” International Studies Perspectives. Volume 17. 2016. Cohen, Matthew S. and Charles D. Freilich. “The Delegitimization of Israel: Diplomatic Warfare, Sanctions and Lawfare.” Israel Journal of Foreign Affairs. Vol. IX, No. 1. 2015. Cohen, Matthew S. and Charles D. Freilich. “War by Other Means: Modeling the Delegitimization Campaign against Israel.” Israel Affairs. Vol. 24, No. 1. 2018. Cohen, Matthew S., Charles D. Freilich, and Gabi Siboni. “‘Four Big ‘Ds’ and a Little ‘r’: A New Model for Cyber Defense.” Cyber, Intelligence, and Security. Vol. 1, No. 1. 2017. Cohen, Sagi. “Iran Hackers Carrying Out Cyber Attacks Against Israeli Targets, Report Claims.” YNetNews. June 15, 2015. http://www.ynetnews.com/articles/0,7340,L-4668686,00.html Cooper, Jeffrey. “A New Framework for Cyber Deterrence.” In Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World, ed. Derek S. Reveron. (Georgetown University Press, 2012). Correlates of War Project. (http://www.correlatesofwar.org)

243

Crosston, Matthew. “Duqu’s Dilemma: The Ambiguity Assertion and the Futility of Sanitized Cyberwar.” Military and Strategic Affairs. Vol. 5, No. 1. 2013. Currier, Cora and Henrik Moltke. “Spies in the Sky.” The Intercept. January 28, 2016. https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/ “CyberKnight.” 2016. http://cyberknight.co.il/ “CyberKnight.” “Israel: Knights of the Cyber Table.” i-HLS. June 20, 2014. http://i-hls.com/2014/06/israel-knights-cyber-table/ Dagoni, Ran. “Amos Yadlin: Cyber-Defense Includes Cyber Attack.” Globes-Israel Business Arena. April 29, 2015. http://www.globes.co.il/en/article-amos-yadlin-cyber-defenses-must-include-attack-1001031900 Dagoni, Ran. “US Congress Approves Israel Cyber Cooperation.” Globes. November 30, 2016. http://www.globes.co.il/en/article-us-congress-approves-israel-cyber-cooperation-1001163968 Demchak, Chris C. Wars of Disruption and Resilience. (University of Georgia Press. 2011). Demchak, Chris C. “Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber Infrastructure (GSCI).” Journal of Comparative Policy Analysis. Vol. 14, No. 3. 2012. https://citizenlab.org/cybernorms2012/Demchak2012.pdf Demchak, Chris C. and Peter Dombrowski. “Rise of a Cybered Westphalian Age.” Strategic Studies Quarterly. 2011. http://www.au.af.mil/au/ssq/2011/spring/demchak-dombrowski.pdf DeNardis, Laura. The Global War for Internet Governance. (Yale University Press, New Haven, CT. 2014.) Department of Defense. “The DoD Cyber Strategy.” United States of America. April 2015. http://www.defense.gov/home/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf Deibert, Ronald J. and Rafal Rohozinsk. “Risking Security: Policies and Paradoxes of Cyberspace Security.” International Political Sociology. Vol. 4, No. 1. 2010. Digital Shadows. “OpIsrael Hacktivists Targeted by Unknown Threat Actor.” Digital Shadows. March 30, 2017. https://www.digitalshadows.com/blog-and-research/opisrael-hacktivists-targeted-by-unknown-threat-actor/ Drmola, Jakub. “Looking for Insurgency in Cyberspace.” Central European Journal of International and Security Studies. Vol. 4. 2014.

244

Druckman, Yaron, Saul Sa’arhaas, and AP. “Apple Boosts iPhone Security after Mideast Spyware Discovery.” YNetNews. August 26, 2016. http://www.ynetnews.com/articles/0,7340,L-4846422,00.html Dvorin, Tova. “Secret Shin Bet Unit at the Front Lines of Israel’s Cyber-War.” Arutz Sheva. April 25, 2014. http://www.israelnationalnews.com/News/News.aspx/179925#.U7b-P_ldVqU Efrati, Rami and Lior Yafe. “The Challenges and Opportunities of National Cyber Defense.” Israel Defense. August 11, 2012. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/41557 Egozi, Arie. “The Secret Cyber War.” Military Technology. Vol. 35. 2011. Eichensher, Kristen E. “Cyberwar & International Law Step Zero.” Texas International Law Journal. Vol 50, No 2. 2015. Eichner, Itamar. “A Look at the Shin Bet’s Cyber Unit.” YNetNews. January 18, 2017. http://www.ynetnews.com/articles/0,7340,L-4909435,00.html Eichner, Itamar. “BDS: Israel Responsible for Cyber Attacks.” YNetNews. June 5, 2016. http://www.ynetnews.com/articles/0,7340,L-4812027,00.html Eisenstadt, Michael and David Pollock. “Asset Test: How the United States Benefits from Its Alliance with Israel.” Washington Institute for Near East Policy, Strategic Reports 7. 2012. Elazari, Keren. “How to Survive Cyberwar.” Scientific American. April 2015. Elis, Niv. “Gaza Hackers Launch Porn-Based Cyber Attacks on Israel.” Jerusalem Post, February 17, 2015. http://www.jpost.com/Arab-Israeli-Conflict/Gaza-launched-porn-based-cyber-attacks-on-Israel-391330 Elis, Niv. “Multinationals Invest in Teaching Israeli Kids to Code.” Jerusalem Post. October 28, 2015. http://www.jpost.com/Business-and-Innovation/Health-and-Science/Multinationals-invest-in-teaching-Israeli-kids-to-code-430250 Eom, Jung-Ho, Nam-Uk Kim, Sung-Hwan Kim, and Tai-Myoung Chung. “Cyber Military Strategy for Cyberspace Superiority in Cyber Warfare.” 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). June 26-28, 2012. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6246114 Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts, Trends and Implications for Israel,” Institute for National Security Studies, (Hebrew) Memorandum 179, Institute for National Security Studies. June 2011.

245

Even, Shmuel and David Siman-Tov. “Cyber Warfare: Concepts and Strategic Trends.” Institute for National Security Studies. Memorandum 117. May 2012. European Union. “National Cyber Security Strategies in the World.” European Union Agency for Network and Information Security. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy.” 4th International Conference on Cyber Conflict, eds. C. Czosseck, R. Ottis, K. Ziolkowski: NATO CCD COE Publications, Tallinn, Estonia. 2012. Farwell, James P. and Rafal Rohozinski. “Stuxnet and the Future of Cyber War.” Survival. Vol. 53, No. 1. 2011. Finnemore, Martha. National Interests in International Society. (Cornell University Press, 1996) Finnemore, Martha and Duncan B. Hollis. “Constructing Norms for Global Cybersecurity.” The American Journal of International Law. Vol 110, No 3. 2016. Finnemore, Martha and Kathryn Sikkink. “Taking Stock: The Constructivist Research Program in International Relations and Comparative Politics.” Annual Review of Political Science. Vol 4. 2001. Fulghum, David. “Bombing Iran.” Aviation Week and Space Technology. Vol. 174. 2012. Garcia, Denise. Disarmament Diplomacy and Human Security: Regimes, Norms and Moral Progress in International Relations. (New York: Routledge, 2011). Garcia, Denise. “Killer Robots: Why the US Should Lead the Ban.” Global Policy. Vol 6, No 1. 2015. Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security. Vol 38, No 2. 2013. Gartzke, Erik, and Jon Lindsay. “Cross-Domain Deterrence: Strategy in an Era of Complexity.” International Studies Association Meeting. July 2014. https://quote.ucsd.edu/deterrence/files/2014/12/EGLindsay_CDDOverview_20140715.pdf Geuss, Raymond. Politics and the Imagination. (Princeton, NJ: Princeton University Press, 2010)

246

Ghermezian, Shiryn. “Israeli Hackers Strike Back at Anonymous OpIsrael, Expose Participants with Their Own Webcams (PHOTOS).” Algemeiner. April 10, 2014. http://www.algemeiner.com/2014/04/10/israeli-hackers-strike-back-at-anonymous-opisrael-expose-participants-with-their-own-webcams-photos/# Gibbs, Samuel. “Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue.” The Guardian. June 11, 2015. https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks Gilpin, Robert. The Political Economy of International Relations. (Princeton University Press, 1987) Ginsburg, Mitch. “The Double-Edged Sword of Cyber Warfare.” The Times of Israel. June 24, 2015. http://www.timesofisrael.com/the-double-edged-sword-of-cyber-warfare/ Goldman, Adam and Eric Schmitt. “One by One, ISIS Social Media Experts are Killed as Result of F.B.I. Program.” New York Times. November 24, 2016. http://www.nytimes.com/2016/11/24/world/middleeast/isis-recruiters-social-media.html?_r=2 Grauman, Brigid. “Cyber-security: The vexed question of global rules.” Security and Defense Agenda. With the support of McAfee. 2012. Gray, Colin S., “Making Strategic Sense of Cyber Power: Why the Sky Is Not Falling.” Strategic Studies Institute and U.S. Army War College Press. April 2013. GReAT and Ido Naor. “ATMZombie: Banking Trojan in Israeli Waters.” Kaspersky Labs, SecureList. February 29, 2016. https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/ Group of Governmental Experts. “Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.” United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, A/70/174. July 22, 2015. Gupta, Shishir. “India, Israel to Enlarge Web of Ties, Institutionalise (sic) Cyber Security Dialogue.” Hindustan Times. May 21, 2017. http://www.hindustantimes.com/india-news/india-israel-set-to-enlarge-web-of-ties/story-zE5EZAxjGDTvRXmHMXwWEO.html Hamodia Staff. “Israel, Japan Increase Cyber, Economic Cooperation.” Hamodia. May 11, 2017. http://hamodia.com/2017/05/11/israel-japan-increase-cyber-economic-cooperation/

247

Hathaway, Oona; Rebecca Crootof; Philip Levitz; and Haley Nix. “The Law of Cyber-Attack.” California Law Review. Vol. 100. 2012. Harman, Danna. “Cyber-defenders Warn: Israel Vulnerable to Attack.” Haaretz. December 28, 2014. http://www.haaretz.com/news/world/.premium-1.633845 Healey, Jason. “When ‘Not My Problem’ Isn’t Enough: Political Neutrality and National Responsibility in Cyber Conflict.” The Atlantic Council of the United States Issue Brief. 2012. Heckman, Kristin E, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, and Alexander W. Tsow. Cyber Denial, Deception and Counter Deception. Advances in Information Security. Vol. 63. (New York: Springer 2015). Herr, Trey. “PrEP: A Framework for Malware & Cyber Weapons.” Cyber Security Policy and Research Institute. George Washington University. March 12, 2014. Herzallah, Mohammed J. “Israel Fights Wire with Wire.” Newsweek. July 27, 2009. Herzog, Stephen. “Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses.” Journal of Strategic Security. Vol. 4, No. 2. 2011. Hiner, Jason. “How Israel is Rewriting the Future of Cybersecurity and Creating the Next Silicon Valley.” Tech Republic. 2013. http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/# Hirshoga, Or and Nati Toker. “Cyber Battles against Israel.” The Marker (Hebrew). November 22, 2012. http://www.themarker.com/technation/1.1871058 Honegger, Barbara. “Former Counterterrorism Czar Richard Clarke Calls for New National Cyber Defense Policy to Prevent a Cyber 9/11,” Naval Post-Graduate School. August 30, 2010. https://web.nps.edu/About/News/Former-Counterterrorism-Czar-Richard-Clarke-Calls-for-New-National-Cyber-Defense-Policy-to-Prevent-a-Cyber-9/11-.html Hopf, Ted. “The Promise of Constructivism in International Relations Theory.” International Security. Vol 23, No 1. 1998. Horovitz, David. “US Espionage and Hamas Tunneling Highlight Malaise in Israel’s Defenses.” The Times of Israel. January 31, 2016. http://www.timesofisrael.com/us-espionage-and-hamas-tunneling-highlight-a-malaise-in-israels-defenses/ Huntley, Wade L. “Strategic Implications of Offense and Defense in Cyberwar.” 49th Hawaii International Conference on System Sciences. 2016. Hurwitz, Roger. “The Play of States: Norms and Security in Cyberspace.” American Foreign Policy Interests. Vol 36. 2014.

248

i24 News. “Israel Reorganizing Cyber Warfare Operations.” iI24news.com. June 16, 2015. http://www.i24news.tv/en/news/israel/diplomacy-defense/75069-150616-israel-reorganizing-cyber-warfare-operations IBM. “X-Force Threat Intelligence Index - 2016.” IBM.com. 2016. IISS. The Military Balance 2014. (International Institute for Strategic Studies 2014). India Conference on Cyber Security and Cyber Governance. International Public Private Partnership in Cyber Governance (Panel). Observer Research Foundation and Digital Economy Committee. 2013. http://www.bic-trust.eu/files/2014/04/CYFY-2013-Report-WEB-version-15Apr14.pdf InfoSecurity. “Cyber-Terrorism Shut Down Israel’s Carmel Tunnel.” Infosecurity-Magazine.com. October 28, 2013. https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/ Inserra, David and Steven P. Bucci. “Cyber Supply Chain Security: A Crucial Step Toward U.S. Security, Prosperity, and Freedom in Cyberspace.” Backgrounder #2880. The Heritage Foundation. March 6, 2014. http://www.heritage.org/research/reports/2014/03/cyber-supply-chain-security-a-crucial-step-toward-us-security-prosperity-and-freedom-in-cyberspace INSS. “Global Cyber Bi-Weekly Report - Mar 1, 2016.” Institute for National Security Studies. March 1, 2016. https://www.dcoi-conference.org/single-post/2016/03/01/Global-Cyber-BiWeekly-Report-Mar-1-2016 INSS. “Global Cyber Bi-Weekly Report - Sep 1, 2016.” Institute for National Security Studies. September 2, 2016. https://www.dcoi-conference.org/single-post/2016/09/02/Global-Cyber-Bi-Weekly-Report---Sep-1-2016 Institute for National Security Studies, and the Cyber Security Forum Initiative. “Cyber Intelligence Report—July 15, 2014.” Defense Update. July 15, 2014. http://defense-update.com/20140715_cyber-intelligence-report-july-15-2014.html IsraelDefense. “IDF Scraps Plans for a Unified Cyber Command.” IsraelDefense.com. May 15, 2017. http://www.israeldefense.com/en/node/29613 Israel Advanced Technology Industries. “2016 National Coding Olympics is Underway!” Israel Advanced Technology Industries. November 23, 2015. http://www.iati.co.il/news-item/1856/2016-national-coding-olympics-underway Israel Defense Forces. “This Model City Trains IDF Coders to Stop Devastating Hacks.” Israel Defense Forces. January 2, 2017. https://www.idfblog.com/2017/01/02/model-city-trains-coders-stop-hacks/

249

Israel Government Decision no. 3611 of August 7, 2011. http://www.pmo.gov.il/secretary/govdecisions/2011/pages/des3611.aspx Israel Ministry of Foreign Affairs. “Deputy FM Elkin: Israel’s Cyber Security.” Address to the Seoul Conference on Cyberspace 2013. October 16, 2013. Jerusalem Post. “Netanyahu: We’re Building a Digital Iron Dome.” Jerusalem Post. January 1, 2013. http://www.jpost.com/Diplomacy-and-Politics/Netanyahu-Were-buildinga-digital-Iron-Dome Jerusalem Post Staff. “Israel’s Electrical Grid Attacked in Massive Cyber Attack.” Jerusalem Post. January 26, 2016. http://www.jpost.com/Israel-News/Israels-electrical-grid-attacked-in-massive-cyber-attack-442844 Jerusalem Post Staff and Yaakov Lappin. “Suspected Palestinian Hackers Interrupt TV Broadcast with Ominous Message.” Jerusalem Post. March 11, 2016. http://www.jpost.com/Arab-Israeli-Conflict/Suspected-Palestinian-hackers-interrupt-TV-broadcast-with-ominous-message-447646 Jervis, Robert. “Cooperation Under the Security Dilemma.” World Politics. Vol 30, No 2. 1978. Johnson, Marc C. “The Rising Iranian Cyber Threat.” The Buckley Club. March 23, 2017. https://thebuckleyclub.com/the-rising-iranian-cyber-threat-15028b76e0f9 Joint Advanced Warfighting School. “Nothing New Under the Sun: Benefiting from the Great Lessons of History to Develop a Coherent Cyberspace Deterrence Strategy.” CreateSpace Independent Publishing Platform. April 8, 2014. Junio, Timothy J. “How Probable is Cyber War? Bringing IR Theory Back in to the Cyber Conflict Debate.” Journal of Strategic Studies. Vol. 36, No. 1. 2013. Kapto, Aleksandr S. “Cyberwarfare: Genesis and Doctrinal Outlines.” Herald of the Russian Academy of Sciences. Vol. 83, No. 4. 2013. Katz, Yaakov. “Barak: Israel Seeks to be Global Cyber Leader.” Jerusalem Post. June 6, 2012. http://www.jpost.com/Defense/Barak-Israel-seeks-to-be-global-cyberleader Katz, Yaakob. “Elbit Unveils New Cyber War Simulator.” Jerusalem Post. June 5, 2012. http://www.jpost.com/Defense/Elbit-unveils-new-cyber-war-simulator Katz, Yaakov. “Security and Defense: Israel’s Cyber Ambiguity.” Jerusalem Post. May 31, 2012. http://www.jpost.com/Features/Front-Lines/Security-and-Defense-Israels-Cyber-Ambiguity

250

Katzenstein, Peter J. “Introduction: Alternative Perspectives on National Security.” in The Culture of National Security: Norms and Identity in World Politics, ed. Peter J. Katzenstein. (Columbia University Press: 1996). Keck, Margaret E. and Kathryn Sikkink. Activists beyond Borders: Advocacy Networks in International Politics. (Cornell University Press, 1998). Kello, Lucas. “The Meaning of the Cyber Revolution.” International Security. Vol 38, No 2. 2013. Kenney, Michael. “Cyber-Terrorism in a Post-Stuxnet World.” Orbis. Vol. 59, No. 1. 2015. Keohane, Robert. After Hegemony: Cooperation and Discord in the World Political Economy. (Princeton University Press, 1984). Keohane, Robert and Joseph S. Nye. Power and Interdependence: World Politics in Transition. (Boston: Little, Brown and Company, 1977). Keohane, Robert O. and Lisa L. Martin. “The Promise of Institutionalist Theory.” International Security. Vol 20, No 1. 1995. Kissinger, Henry. World Order. (New York: Penguin Press, 2014). Kihara, Stacy A. “A Rising China: Shifting the Economic Balance of Power Through Cyberspace.” Naval Postgraduate School, Thesis, 2014. Khazan, Olga. “Anonymous Is Hacking Israeli Web Sites.” Washington Post. November 17, 2012. http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/ Kremer, Jan-Frederik and Benedikt Müller. Cyber Space and International Relations: Theory, Prospects and Challenges. (Springer; 2014). Krepinevich, Andrew, “Cyber Warfare: A ‘Nuclear Option?’” Center for Strategic and Budgetary Assessments. 2012. Kugler, Richard L. “Deterrence of Cyber Attacks.” in Cyberpower and National Security, ed. Franklin D. Kramer. (National Defense University Press and Potomac Books, 2009). Kushner, David. “The Real Story of Stuxnet.” IEEE Spectrum. Vol 50, No 3. 2013. Lappin, Yaakov. “Cyber-Terrorism: Defending the Country’s Online Borders.” Jerusalem Post. February 5, 2013. http://www.jpost.com/Features/Front-Lines/Cyber-terrorism-Defending-the-countrys-online-borders

251

Lappin, Yaakov. “IAI Opens Cyber R&D Center in Singapore.” Jerusalem Post. February 13, 2014. http://www.jpost.com/Defense/IAI-opens-cyber-R-and-D-center-in-Singapore-341294. Lappin, Yaakov. “IDF Launches Massive Three-Day Drill, Calls Up Thousands of Reservists.” Jerusalem Post. July 27, 2015. http://www.jpost.com/Israel-News/IDF-calls-up-thousands-of-reservists-in-massive-three-day-drill-410282 Lappin, Yaakov. “Military Affairs: The IDF’s Silent Attack Force.” Jerusalem Post. May 11, 2013. http://www.jpost.com/Features/Front-Lines/Military-Affairs-The-silent-attack-force-312716 Lappin, Yaakov. “Security and Defense: Network IDF.” Jerusalem Post. September 18, 2015. http://www.jpost.com/Israel-News/Security-and-Defense-Network-IDF-416497 Legal Portal for Internet, Cyber and Information Technologies. “Israeli Minister of Justice Calls for Cyber Defense Legislation and Liability on Internet Platform Providers.” Law.Co.Il. June 24, 2016. http://www.law.co.il/en/m/#/news/9308/ Levi, Ram. “The Fifth Fighting Space.” Israel Defense. December 16, 2011. http://www.israeldefense.com/?CategoryID1/4512&ArticleID1/4706 Libicki, Martin C. Conquest in Cyberspace: National Security and Information Warfare. (Cambridge University Press, 2007). Libicki, Martin C. Cyberdeterrence and Cyberwar. (Rand Corporation: Project Air Force, 2009). Lin, Herbert S. “Offensive Cyber Operations and the Use of Force.” Journal of National Security Law and Policy. Vol 4, No. 63. 2010. Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies. Vol. 22. 2013. Lindsay, Jon R and Lucas Kello. “Correspondence: A Cyber Disagreement.” International Security. Vol 39, No 2. 2014. Lorents, Peeter and Rain Ottis. “Knowledge Based Framework for Cyber Weapons and Conflict.” Conference on Cyber Conflict Proceedings 2010, eds. C. Czosseck and K. Podins, CCD COE Publications, Tallinn, Estonia. 2010. Lynn, William J. III. “Defending a New Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs. Vol. 89, No. 5. 2010. Lynn, William. “The Pentagon's Cyberstrategy, One Year Later.” Foreign Affairs. November 12, 2014. http://www.foreignaffairs.com/articles/68305/william-j-lynn-iii/the-pentagons-cyberstrategy-one-year-later

252

MacBride, Elizabeth. “Meet the General Who Positioned Israel To Win In $175 Billion Cybersecurity Market.” Forbes. July 18, 2016. https://www.forbes.com/sites/elizabethmacbride/2016/07/18/five-lessons-on-cybersecurity-from-an-israeli-general/#616d36a74fd1 Maness, Ryan C and Brandon Valeriano. “The Impact of Cyber Conflict on International Interactions.” Armed Forces and Society. Vol 1, No 23. 2015. Mandiant. “M-Trends 2014: Beyond the Breach.” FireEye. 2014. https://www.mandiant.com/resources/mandiant-reports/. Mearsheimer, John J. “Back to the Future.” International Security. Vol 15, No 1. 1990. Mearsheimer, John J. “The False Promise of International Institutions.” International Security. Vol. 19, No. 3. 1994/1995. Mearsheimer, John J. The Tragedy of Great Power Politics. (New York: Norton, 2001). McGraw, Gary. “Cyber War is Inevitable (Unless We Build Security In).” Journal of Strategic Studies. Vol 36, No 1. 2013. McKean, Benjamin L. “What Makes a Utopia Inconvenient? On the Advantages and Disadvantages of a Realist Orientation to Politics.” American Political Science Review. Vol 110. No 4. 2016. Microsoft. “Impersonation.” Microsoft Tech Net. http://technet.microsoft.com/en-us/library/cc961980.aspx Microsoft. “Microsoft Security Intelligence Report: Israel.” Microsoft Corporation. 2016. Miller, Joe. “Israeli Iron Done Firms ‘Infiltrated by Chinese Hackers.’” BBC. July 31, 2014. http://www.bbc.com/news/technology-28583283 Mitzner, Dennis. “Israeli Cybersecurity Prowess on Display in DC and Tel Aviv.” InfoWorld. June 29, 2016. http://www.infoworld.com/article/3088941/security/israeli-cybersecurity-prowess-on-display-in-dc-and-tel-aviv.html Moore, Jack. “Anonymous’s ‘Electronic Holocaust’ Against Israel Falls Flat.” Newsweek.com. April 7, 2015. http://europe.newsweek.com/anonymous-electronic-holocaustagainst-israel-has-limited-success-320176 Morgus, Robert, Isabel Skierka, Mirko Hohmann, and Tim Maurer. “National CSIRTs and Their Role in Computer Security Incident Response.” Global Public Policy Institute and New America. 2015.

253

Mueller, John. “Is War Still Becoming Obsolete?” Presentation, 1991 Annual Meeting of the American Political Science Association. 2012. Mueller, Milton L. Networks and States: The Global Politics of Internet Governance. (Cambridge, Mass: The MIT Press, 2010). Mueller, Milton L., Andreas Schmidt, and Brenden Kuerbis. “Internet Security and Networked Governance in International Relations.” International Studies Review. Vol. 15, No. 1. 2013. Moran, Ned. “A Cyber Early Warning Model.” In Jeffery Carr (Ed.), Inside Cyber Warfare. (Cambridge, UK: O’Reilly 2012).

Morgenthau, Hans J. Politics among Nations: The Struggle for Power and Peace. (New York: Alfred A. Knopf, 1948). Nakashima, Ellen and Ruth Eglash. “Israel Hopes a Cyber-City in the Desert Will Coax Highly Trained, Affluent, Young People Away from Tel Aviv.” Washington Post. May 14, 2016. https://www.washingtonpost.com/news/worldviews/wp/2016/05/14/israel-hopes-a-cyber-city-in-the-desert-will-coax-highly-trained-affluent-young-people-away-from-tel-aviv/?utm_term=.4a10f44101d6 Nakashima, Ellen and William Booth. “How Israel is Turning Part of the Negev Desert into a Cyber-City.” Washington Post. May 14, 2016. https://www.washingtonpost.com/world/national-security/how-israel-is-turning-part-of-the-negev-desert-into-a-cyber-city/2016/05/14/f44ea8e4-0d58-11e6-bfa1-4efa856caf2a_story.html?wpisrc=nl_headlines&wpmm=1 National Cyber Bureau. “Mission of the Bureau.” The National Cyber Bureau—Office of the Israeli Prime Minister. 2014. http://www.pmo.gov.il/english/primeministersoffice/divisionsandauthorities/cyber/pages/default.aspx NATO. “Cyber Security.” NATO. http://www.nato.int/cps/en/natohq/topics_78170.htm Nye, Joseph S. Cyber Power. Harvard Kennedy School, Belfer Center for Science and International Affairs. 2010. Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security. Vol. 41, No. 3. 2016/2017. Nye, Joseph S. “Nuclear Lessons for Cyber Security?” Strategic Studies Quarterly. Vol. 5. 2011. Nye, Joseph S. The Future of Power. (New York: Public Affairs, 2011).

254

O’Connell, Mary Ellen. “21st Century Arms Control Challenges: Drones, Cyber Weapons, Killer Robots, and WMDS.” Washington University Global Studies Law Review. Vol 13, No 515. 2014. Office of the Chief of Staff, IDF. “The IDF Strategy.” Israel Defense Forces. August 2015. http://www.idf.il/SIP_STORAGE/FILES/9/16919.pdf Office of the President. “Cyberspace Policy Review.” Office of the American President. 2009. https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf Office of the President. “Cyberspace Policy Review.” Office of the American President. 2011. https://www.state.gov/documents/organization/255732.pdf Opall-Rome, Barbara. “Israel Confirms It Was Cyber Attack Target.” DefenseNews.com. June 24, 2015. https://www.defensenews.com/2015/06/24/israel-confirms-it-was-cyber-attack-target/ Orpaz, Inbal. “Israel's Army is Starting to Act Like a Startup Company.” Haaretz. May 19, 2015. https://www.haaretz.com/israel-news/business/.premium-israels-army-is-starting-to-act-like-a-startup-company-1.5364013 Orpaz, Inbal. “The Secret to High-tech Success? This Elite Israeli Army Unit.” Haaretz. April 18, 2014. https://www.haaretz.com/.premium-the-armys-employment-agency-1.5245249 Parmenter, Robert C. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber Domain.” School of Advanced Military Studies at the United States Army Command and General Staff College, Fort Leavenworth, KS: US Army Command and General Staff College. May 23, 2013. Pederson, Christian. “Much Ado about Cyber-space: Cyber-terrorism and the Reformation of the Cyber-security.” Pepperdine Policy Review. Vol 7, No 1. 2014. Perlroth, Nicole. “Cyberespionage Attacks Tied to Hackers in Iran.” The New York Times. May 29, 2014. https://bits.blogs.nytimes.com/2014/05/29/cyberespionage-attacks-tied-to-hackers-in-iran/ Pfeffer, Anshel. “Israel Suffered Major Cyber Attack During Gaza Offensive.” Haaretz.com. June 15, 2009. http://www.haaretz.com/news/israel-suffered-massive-cyber-attack-duringgaza-offensive-1.278094 Prime Minister’s Media Adviser. “Cabinet Approves Establishment of National Cyber Authority.” Israel Ministry of Foreign Affairs. February 15, 2015. http://mfa.gov.il/MFA/PressRoom/2015/Pages/Cabinet-approves-establishment-of-National-Cyber-Authority-15-Feb-2015.aspx

255

Prime Minister's Office. “Moving the ICT from the Finance Ministry to the Prime Minister's Office.” Prime Minister's Office (Hebrew). 2014. http://www.pmo.gov.il/Secretary/GovDecisions/2014/Pages/dec2099.aspx Prime Minister’s Office. “The “Magshimim Leumit” Program.” Prime Minister’s Office. http://www.pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Documents/Magshimim%20Leumit%20program.pdf Radichel, Teri. “Case Study: Critical Controls that Could Have Prevented Target Breach.” SANS Institute InfoSec Reading Room. 2014. Rana, Waheeda. “Theory of Complex Interdependence: A Comparative Analysis of Realist and Neoliberal Thoughts.” International Journal of Business and Social Science. Vol 6, No. 2. 2015. Ranger, Steve. “The Impossible Task of Counting Up the World's Cyber Armies.” Zdnet.com. May 6, 2015. http://www.zdnet.com/article/counting-up-the-worlds-cyber-armies/ Rapaport, Amir. “ISA in the Cyber Era: An Inside Look.” IsraelDefense.Co.Il. September 5, 2014. http://www.israeldefense.co.il/en/content/isa-cyber-era-inside-look Ratner, Steven R. “International Law: The Trials of Global Norms.” Foreign Policy. No 110. 1998. Rattray, Gregory J. and Jason Healey. “Non -State Actors and Cyber Conflict.” America’s Cyber Future: Security and Prosperity in the Information Age, ed. Kristin M. Lord, Mike McConnell, Peter Schwartz, Richard Fontaine, Travis Sharp, and Will Rogers. Center for a New American Security. June 2011. Ravid, Barak. “Battle Move in Israel’s Turf War: Shin Bet Loses Authority Over ‘Civilian Space.’” Haaretz. September 21, 2014. http://www.haaretz.com/news/national/1.616990 Ravid, Barak. “Israel Vulnerable to Cyberattacks on Civilian Sector, Top-secret Report Says.” Haaretz. November 1, 2016. http://www.haaretz.com/israel-news/1.750360 Ravid, Barak. “Israeli Security Agencies in Turf Battle Over Cyber War: Netanyahu to Decide.” Haaretz. September 14, 2014. http://www.haaretz.com/news/diplomacy-defense/1.615637 Redins, Larisa. “Understanding Cyberterrorism.” RISK Management. 2012. http://rmmagazine.com/2012/10/05/understanding-cyberterrorism/ Repik, Keith A. “Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques.” 2008. No. AFIT/ICW/ENG/08-11. Air Force Institute of Technology. Wright-Patterson Air Force Base, OH.

256

Reuters. “China’s Tech Money Heads for Israel as US Welcome Wanes.” YNetNews. May 11, 2017. http://www.ynetnews.com/articles/0,7340,L-4960618,00.html Reuters. “Iran Ups Cyber Attacks on Israeli Computers: Netanyahu.” Reuters. June 9, 2013. http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609 Reuters. “Israel’s High Tech Boom Threatened by Shallow Labor Pool.” YNetNews. July 5, 2016. http://www.ynetnews.com/articles/0,7340,L-4824677,00.html Richet, Jean-Loup. Cybersecurity Policies and Strategies for Cyberwarfare Prevention. (Information Science Reference, an imprint of IGI Global, 2015). Rid, Thomas. Cyber War Will Not Take Place. (London: C. Hurst and Co, 2013). Rid, Thomas and Benjamin Buchanan. “Attributing Cyber Attacks.” The Journal of Strategic Studies. Vol. 38, No. 1-2. 2015. Rid, Thomas and Peter McBurney. “Cyber-Weapons.” RUSI Journal. Vol. 157, No. 1. 2012. Rosen, Armin. “Israel Faced a Huge Wave of Cyber Attacks During Its War with Hamas — And Iran Could Be The Reason Why.” Business Insider. August 18, 2014. http://www.businessinsider.com/israel-faced-a-wave-of-cyber-attacks-2014-8 Ruble, Kayla. “Syrian Hackers Hijack IDF Twitter Sparking Fears of Nuclear Leak.” Vice.com. July 7, 2014. https://news.vice.com/article/syrian-hackers-hijack-idf-twitter-sparking-fears-of-nuclear-leak Russell, Alison Lawlor. “The Implications of Cyberspace for Navel Strategy and Security.” in Routledge Handbook of Naval Strategy and Security, eds. Joachim Krause and Sebastian Bruns. (New York: Routledge. 2016.) Russon, Mary-Ann. “#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites.” International Business Times. July 18, 2014. http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-down-1000-israeli-government-business-websites-1457269 Sander, David E. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. (New York: Crown, 2012). Sanger, David E. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. (Broadway Books, 2012).

257

Saydjari, O. Sami. “Cyber Defense: Art to Science.” Communications of the Association for Computing Machinery. Vol. 47, No. 3. March 2004. http://www.jpkc.fudan.edu.cn/picture/article/217/23/6e/762567a44cf68799c9d29061e876/332065c5-582d-402e-83b7-3eea2bd7423c.pdf Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed.” Harvard International Law Journal. Vol 54. 2012. Schweitzer, Yoram, Gabi Siboni, and Einav Yogev. “Cyberspace and Terrorist Organizations.” in “Cyberspace and National Security – Selected Articles.” Ed. Gabi Siboni. Institute for National Security Studies. 2013. Scientific American Board of Editors. “Rules for Cyberwar.” Scientific American. June 2016. Segal, Adam. “The Middle East’s Quietly Rising Cyber Super Power.” Defense One. January 27, 2016. http://www.defenseone.com/technology/2016/01/middle-easts-quietly-rising-cyber-super-power/125472/#.Vq1gjEdsNqE.mailto Sen, Ashish Kumar. “Iran’s Growing Cyber Capabilities in a Post-Stuxnet Era.” Atlantic Council. April 10, 2015. http://www.atlanticcouncil.org/blogs/new-atlanticist/iran-s-growing-cyber-capabilities-in-a-post-stuxnet-era Shamah, David. “A Million Hacks a Day, but Israel’s Electric Grid Survives.” The Times of Israel. March 24, 2015. http://www.timesofisrael.com/a-million-hacks-a-day-but-israels-electric-grid-survives/ Shamah, David. “Hackers Threaten ‘Israhell’ Cyber-Attack over Gaza.” The Times of Israel. July 9, 2014. http://www.timesofisrael.com/hackers-threaten-israhell-cyber-attackover-gaza/ Shamah, David. “Israeli Group Posts Photos of Not-So-Anonymous Hackers.” The Times of Israel. April 13, 2014. http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/#ixzz2z9SQBC80 Sheldon, John B., “Deciphering Cyberpower Strategic Purpose in Peace and War.” Strategic Studies Quarterly. Summer 2011. Shemer, Nadav. “Israel Police to Tackle Cyber Crime with New Unit.” The Jerusalem Post. November 13, 2012. Shkedi, Daniel. “The Cybersecurity Sector in Israel (Report).” Embassy of India. Israel. 2015. Siboni, Gabi. “Cyber-tools are No Substitute for Human Intelligence.” Haaretz. July 2, 2014. http://www.haaretz.com/opinion/.premium-1.602413#

258

Siboni, Gabi “Protecting Critical Assets and Infrastructures from Cyber Attacks.” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Siboni, Gabi. “The Impact of Cyberspace on Asymmetric Conflict in the Middle East.” Georgetown Journal of International Affairs. http://journal.georgetown.edu/the-impact-of-cyberspace-on-asymmetric-conflict-in-the-middle-east/ Siboni, Gabi; Daniel Cohen, and Aviv Rotbart. “The Threat of Terrorist Organizations in Cyberspace.” Military and Strategic Affairs. Volume 5, No. 3. 2013. Siboni, Gabi and Ido Sivan-Sevilla. “Israeli Cyberspace Regulation: A Conceptual Framework, Inherent Challenges, and Normative Recommendations.” Cyber, Intelligence, and Security. Vol. 1, No 1. 2017. Siboni, Gabi and Ofer Assaf. “Guidelines for a National Cyber Strategy.” Institute for National Security Studies, Memorandum 153. 2016. Siboni, Gabi and Sam Kronenfeld. “Developments in Iranian Cyber Warfare, 2013-2014,” Institute for National Security Studies Insight No. 536. 2014. Siboni, Gabi and Sami Kronenfeld “Iranian Cyber Espionage: A Troubling New Escalation.” Institute for National Security Studies Insight No. 561. 2014. Siboni, Gabi and Sami Kronenfeld. “Iran and Cyberspace Warfare.” Military and Strategic Affairs. Vol. 4, No. 3. 2012. Siboni, Gabi and Sami Kronenfeld. “The Iranian Cyber Offensive during Operation Protective Edge.” INSS Insight. No. 598. Institute for National Security Studies. August 2014. http://www.inss.org.il/index.aspx?id=4538&articleid=7583 Siers, Rhea. “Israel’s Cyber Capabilities.” The Cipher Brief. December 28, 2015. http://thecipherbrief.com/article/israel%E2%80%99s-cyber-capabilities Silber, Jonathan. “Cyber Vandalism – Not Warfare.” Ynetnews.com. January 26, 2012. http://www.ynetnews.com/articles/0,7340,L-4181069,00.html Silverstein, Richard. “IDF to Double Unit 8200 Cyber War Manpower.” Richardsilverstein.com. October 23, 2012. http://www.richardsilverstein.com/2012/10/23/idf-to-double-unit-8200-cyber-war-manpower/ Singer, P.W. and Allan Friedman. Cybersecurity and Cyberwar. (New York: Oxford University Press, 2014).

259

Sklerov, Matthew J. “Responding to International Cyber Attacks as Acts of War.” in Inside Cyber Warfare, ed. Jeffery Carr. (Cambridge: O’Reilly, 2012). Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Concepts, Causes, and Assessment.” International Security. Vol 41, No 3. 2016/2017. Smith, Daniel. “OpIsrael.” Radware Blog. April 25, 2017. https://blog.radware.com/security/2017/04/opisrael-2017/ Sofaer, Abraham D; David Clark; and Whitfield Diffie. “Cyber Security and International Agreements.” Proceedings of a Workshop on Deterring Cyber-Attacks: Informing Strategies and Developing Options for U.S. Policy. 2010. http://www.nap.edu/catalog/12997.html Soffer, Ari. “Security Services ‘Foiled Massive Cyber-Attack on Israel.’” Arutz Sheva. August 28, 2014. http://www.israelnationalnews.com/News/News.aspx/184518#.UACmNm7Wg. Sones, Mordechai. “Annual Anonymous Cyber Attack against Israel April 7.” Israel National News. March 26, 2017. http://www.israelnationalnews.com/News/News.aspx/227281 Spacewatch. “Iranian-Linked ‘OilRig’ Hacker Group Accused of Cyber Espionage Operation Against Israel.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/iranian-linked-oilrig-hacker-group-accused-cyber-espionage-operation-israel/ Spacewatch. “Israel Defence Forces Will Not Create a Cyber Command, but Will Strengthen Military Cyber Defences.” Spacewatch Middle East. May 2017. https://spacewatchme.com/2017/05/israel-defence-forces-will-not-create-cyber-command-will-strengthen-military-cyber-defences/ Springsteen, Bruce. “Badlands.” Darkness at the Edge of Town. 1978. Steinherz, Tal. “Israeli Innovation in Cyber-Technology.” Presentation to the Herzliya Conference, Herzliya, Israel. June 9, 2014. Stone, John. “Cyber War Will Take Place!” Journal of Strategic Studies. Vol 36, No 1. 2013. Subcommittee on Emergency Preparedness, Response, and Communications and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. “Cyber Incident Response: Bridging the Gap Between Cybersecurity and Emergency Management.” Committee on Homeland Security, House of Representatives. Serial No. 113-39. October 30, 2013. Suciu, Peter. “Why Israel Dominates in Cyber Security.” Fortune. September 1, 2015. http://fortune.com/2015/09/01/why-israel-dominates-in-cyber-security/

260

Supervisor of Banks. “On Cyber Defense Management.” Proper Conduct of Banking Business Directive—361—Israeli Government. 2015. http://www.bankisrael.gov.il/en/BankingSupervision/SupervisorsDirectives/ProperConductOfBankingBusinessRegulations/361_et.pdf Tabansky, Libor “Critical Infrastructure Protection against Cyber Threats.” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Tabansky, Libor. “Cybercrime: A National Security Issue?” in “Cyberspace and National Security – Selected Articles,” ed. Gabi Siboni. Institute for National Security Studies. 2013. Tabansky, Lior and Isaac Ben Israel. Cybersecurity in Israel. Springer Briefs in Cybersecurity. (London: Springer, 2015). Tal, Israel. National Security: The Israeli Experience. (Westport, CT: Praeger, 2000). Tallinn Manual on the International Law Applicable to Cyber Warfare. Edited by Michael N. Schmitt. (New York: Cambridge University Press, 2013). Tannenwald, Nina. The Nuclear Taboo: The United States and the Non-Use of Nuclear Weapons Since 1945 (Cambridge Studies in International Relations). (Cambridge University Press 2008). Tech2. “Israel Thwarts Major Cyberattack on Hospitals: National Cyber Defence Authority.” Tech2.com. June 29, 2017. http://tech.firstpost.com/author/tech2-news-staff TheMarker. “Cyberattacks on Israel Rose Exponentially in Past Four Years.” Haaretz. June 16, 2016. http://www.haaretz.com/israel-news/business/1.725277 The Economist. “A is for Algorithm.” The Economist. April 26, 2014. The Economist. “Cyber-Boom or Cyber-Bubble.” The Economist. August 1, 2015. The Torrenzano Group. “General Michael V. Hayden on Cyber Security & Protecting the Nation.” The Torrenzano Group. December 24, 2016. www.torrenzano.com The Tower Staff. “U.S., Israel Sign Cybersecurity Intelligence-Sharing Agreement.” The Tower. June 22, 2016. http://www.thetower.org/3545oc-u-s-israel-sign-cybersecurity-intelligence-sharing-agreement/ Theohary, Catherine, and John Rollins. “Cyberwarfare and Cyberterrorism: In Brief.” Congressional Research Service 2015. Thycotic Black Hat. “Hacker Survey Executive Report.” Thycotic Black Hat. 2015.

261

Times of Israel. “Rocket Siren Sounds across Country in Ongoing Drill.” Times of Israel. June 2, 2015. http://www.timesofisrael.com/rocket-sirens-sound-across-country-in-civil-defense-drill/ Times of Israel Staff. “NSA Chief ‘Makes Secret Israel Trip to Talk Iran, Hezbollah Cyber-Warfare.’” Times of Israel. March 28, 2016. http://www.timesofisrael.com/nsa-chief-makes-secret-israel-trip-to-talk-iran-hezbollah-cyber-warfare/ TOI Staff. “Next 9/11 Will be Caused by Hackers, Not Suicide Bombers, Cyber Expert Warns.” Times of Israel. April 15, 2015. http://www.timesofisrael.com/hackers-will-cause-next-911-cyber-expert-warns/ TOI Staff and AP. “Israel Reportedly Thwarts Cyber Attack from China.” Times of Israel. October 28, 2013. http://www.timesofisrael.com/israel-reportedly-thwarts-cyber-attack-from-china/ Uchill, Joe. “Israel Cyber Head: US-Backed Cyber Norms Too Broad.” The Hill. September 13, 2016. http://thehill.com/policy/cybersecurity/295651-israel-cyber-head-us-supported-cyber-norms-too-broad United Press International. “Unit 8200 and Israel’s High-tech Whiz Kids.” June 4, 2012. http://www.upi.com/Business_News/Security-Industry/2012/06/04/Unit-8200-and-Israels-high-tech-whiz-kids/UPI-43661338833765/ United States Army Command and General Staff College. “The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for Cyber Domain.” CreateSpace Independent Publishing Platform. (March 28, 2014). Uniyal, Vijeta. “US, Israel Sign Cyber Defense Agreement.” Legal Insurrection. June 23, 2016. http://legalinsurrection.com/2016/06/us-israel-sign-cyber-defense-agreement/ Valeriano, Brandon and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International System. (Oxford: Oxford University Press. 2015). Valeriano, Brandon and Ryan Maness. “Persistent Enemies and Cyberwar.” In Cyberspace and National Security. Ed. Derek S. Reveron. (Georgetown University Press: Washington D.C. 2012). Villeneuve, Nart, Thoufique Haq, and Ned Moran. “Operation Molerats: Middle East Cyber Attacks Using Poison Ivy.” FireEye. August 23, 2013. https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html

262

Vincent, James. “Schematics from Israel’s Iron Dome Missile Shield ‘Hacked’ by Chinese, Says Report.” The Independent, July 29, 2014. http://www.independent.co.uk/lifestyle/gadgets-and-tech/israels-iron-dome-missile-shield-hacked-by-chinese-military-hackers-says-report-9635619.html. Walt, Stephen. “The Enduring Relevance of the Realist Tradition.” In Political Science: State of the Discipline III, eds. Ira Katznelson and Helen Milner. (New York: W.W. Norton and Co., 2002). Waltz, Kenneth N. Man, the State, and War. (New York: Columbia University Press, 1954). Waltz, Kenneth N. Theory of International Politics. (McGraw-Hill, 1979). Weimann, Gabriel. “Cyberterrorism: The Sum of All Fears?” Studies in Conflict and Terrorism. Vol 28. 2005. Weinstock, Dan and Elran, Meir. “Securing the Electrical System in Israel: Proposing a Grand Strategy.” Institute for National Security Studies, Memorandum 165. June 2017. Wendt, Alexander. “Anarchy is what States Make of it: The Social Construction of Power Politics.” International Organization. Vol. 36, No. 2. 1992. Wendt, Alexander. Social Theory of International Politics. (Cambridge University Press, 1999). Winer, Stuart. “Iranians Launched Cyber-Attack on Israel During Gaza Op.” The Times of Israel. August 17, 2014. http://www.timesofisrael.com/iranian-cyber-attackon-israel-during-gaza-op/ World Bank. “Israel Shares Cybersecurity Expertise with World Bank Client Countries.” The World Bank. June 22, 2016. http://www.worldbank.org/en/news/feature/2016/06/22/israel-shares-cybersecurity-expertise-with-world-bank-client-countries Wulman Israel. “IDF Unveils New Cyber Defense HQ.” YNetNews. June 24, 2016. http://www.ynetnews.com/articles/0,7340,L-4820035,00.html YNetNews. “IDF says ‘Defined Essence of Cyber Warfare.’” Ynetnews. June 4, 2012. http://www.ynetnews.com/articles/0,7340,L-4238156,00.htm YNetNews. “SOCOM, Israeli Start-Ups, Tampa Jewish Community Team Up.” YNetNews. August 30, 2016. http://www.ynetnews.com/articles/0,7340,L-4848048,00.html Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. (New York: Crown. 2014).

263

Zetter, Kim. “Feds Say that Banned Researcher Commandeered a Plane.” Wired.com. May 15, 2015. https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ Zetter, Kim. “‘Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” WIRED. May 28, 2012. http://www.wired.com/2012/05/flame/ Zippori, Michal. “Hackers Attack Two IsrZivaeli Websites.” CNN. January 26, 2012. http://www.cnn.com/2012/01/16/world/meast/israel-hacking-attack/ Zittrain, Jonathan. The Future of the Internet -- And How to Stop It. (Yale University Press & Penguin UK, 2008). Zitun, Yoav. “From Gaza With Love: Hamas Hacks IDF Soldiers’ Cell Phones.” NYetNews. January 11, 2017. http://www.ynetnews.com/articles/0,7340,L-4906289,00.html Zitun, Yoav. “IDF Training to Defend Against Cyber Attacks on Vital Infrastructure.” YNetNews. February 17, 2016. http://www.ynetnews.com/articles/0,7340,L-4767429,00.html Zitun, Yoav. “NCC Holds First Cyber Terror Drill.” YNetNews. January 25, 2012. https://www.ynetnews.com/articles/0,7340,L-4180485,00.html Zitun, Yoav. “The IDF Prepares for Cyber-Battles.” YNetNews. September 2, 2015. http://www.ynetnews.com/articles/0,7340,L-4696003,00.html Zitun, Yoav. “Training Israel’s Cyber Warriors.” YNetNews. July 24, 2015. http://www.ynetnews.com/articles/0,7340,L-4683636,00.html Ziv, Amitai. “Theft, Business Espionage, and War: Cyber Threats are Good News for High Tech.” The Marker (Hebrew). September 14, 2014. http://www.themarker.com/technation/1.2432479 Zrahia, Aviram. “A Multidisciplinary Analysis of Cyber Information Sharing.” Military and Strategic Affairs. Vol. 6, No. 3. December 2014.