Israel held its annual Cyber Week conference in Tel Aviv this week, welcoming top politicians, public figures, global cyber policymakers from over 80 countries, and executives from cybersecurity startups and multinational companies such as IBM, Checkpoint, and Microsoft.
The event came amid a record funding year for Israeli cybersecurity companies and startups, which raised over $3 billion in just the first half of 2021 (or 41 percent of the global sector investment) as well as a marked increase in cyber threats and attacks across the world, specifically ransomware. One of the biggest publicly acknowledged payouts to hackers in recent years was set at $40 million.
“Today the best bang for your buck is a cyber attack and it’s just going to grow exponentially, and that makes me worried,” said Israeli Prime Minister Naftali Bennett at the event this week, hosted by the Blavatnik Interdisciplinary Cyber Research Center and the Yuval Ne’eman Workshop for Science, Technology and Security at Tel Aviv University.
“As prime minister of Israel, I view this as one of the top threats to Israel’s national security and the world’s security,” he added, calling for more international cooperation and coordinated defenses against cyber threats. “Israel is opening up and announcing a ‘Global Cybernet Shield,’” Bennett said, “using the very same principles of cyber connectivity because if you fight alone you will lose, but if we fight together we will win.”
During his address, Israeli Defense Minister Benny Gantz called for a cyber version of Israel’s famous anti-missile defense system Iron Dome. “Cyber is now a vulnerable space that must be protected like the sea, space, air, and ground,” he said.
“Our enemies know no boundaries – just as they fire rockets at civilians, they aim to harm civilian facilities via cyber space while endangering human lives, added Gantz, calling for a no-tolerance policy when it comes to cyber attacks.
This year, the hybrid in-person-online confab came in the wake of bombshell reporting by 17 media organizations this week that a powerful cyberweapon, Pegasus, developed by Israeli cyber intelligence and surveillance firm NSO Group was used by dozens of governments and government agencies to target journalists, human rights defenders, political dissidents and opponents, business executives, and lawyers. The investigation was based on a list of 50,000 phone numbers leaked to Amnesty International and Paris-based rights group Forbidden Stories, and found that it included people targeted by the governments of Azerbaijan, Bahrain, Mexico, Morocco, Saudi Arabia, Hungary, and India, among others.
Pegasus is a powerful, invasive piece of spyware that can access private data including passwords, web history phone call logs, contact lists, and text messages, and monitor live calls from messaging apps. It can also turn on phone cameras and microphones to track events in the vicinity and use the GPS function to monitor a target’s location and movements. Though NSO claims its software makes the world a safer place “by providing authorized governments with technology that helps them combat terror and crime,” its tools have been linked to a number of high-profile cases including the 2018 murder of Washington Post journalist and Saudi dissident Jamal Khashoggi and the targeting of journalists and dissidents in Mexico and other countries, according to extensive research by Citizen Lab, a research facility at The University of Toronto’s Munk School of Global Affairs.
Pegasus is at the center of a lawsuit filed in 2019 by WhatsApp against NSO.
On Thursday, the Israeli company denied the recent reports that its tools have been used for malicious activity and indicated that it had no knowledge or involvement in compiling the alleged list of 50,000 potential targets. NSO has also maintained that it licenses its software to vetted government clients with approval from the Israeli government, and that the reports were part of efforts “to smear all the Israeli cyber[security] industry.”
But the dust-up has been significant, with France, Germany, the UN and the EU calling for more regulation and tougher government controls of spyware. Some of the countries mentioned in the reports, including Morocco, Mexico and Saudi Arabia also denied using the software.
The Israeli government, meanwhile, has set up a commission headed by the defense establishment to review the allegations of misuse and said there may be “corrections” after the assessment is completed. NSO said it welcomed the inquiry “so that we’d be able to clear our name,” the company’s chief executive Shalev Hulio told Army Radio on Thursday.
At Cyber Week, Gantz addressed the controversy without mentioning NSO by name, telling the audience that Israel complies with international law
“We are aware of recent publications regarding the use of systems developed by certain Israeli cyber companies. Israel, as a liberal western democracy, controls exports of cyber products in accordance with its defense export control law, complying with international export control regimes. As a matter of policy, the State of Israel authorizes the export of cyber products solely to governments, only for lawful use, and exclusively for the purposes of preventing and investigating crime and terrorism. The countries acquiring these systems must abide by their commitments to these requirements,” said the Israeli defense minister.
Israel – a cybersecurity superpower
Israel’s unique cybersecurity ecosystem is made up of big cyber companies, global multinational firms with Israeli R&D arms, new startups, army training, and government support for both private and public endeavors. Together, these components have created an effective, sought-after community that is bringing much-needed cybersecurity solutions to market.
“Israel has become a hub for excellence in cybersecurity and we are seeing huge investments in Israeli cyber companies,” says cybersecurity expert and entrepreneur Menny Barzilay.
“Israel has to be good at cybersecurity because we have very smart enemies; we are in a constant state of conflict and naturally have a security orientation. We have to be creative and innovate in this space,” Barzilay tells NoCamels on the sidelines of the Cyber Week event where he served as panel moderator and speaker.
Sign up for our free weekly newsletterSubscribe
He says the overarching theme at the event this year has been the role of cybersecurity companies in enabling businesses to continue operating remotely, safely and securely, as the COVID-19 pandemic hit every aspect of our lives.
From safe remote access, security management, cloud management and so on, cybersecurity companies have been “innovation enablers,” allowing companies and employees to deal effectively with the challenges brought on by the pandemic.
Naama Ben Dov, an associate at Israeli investment firm YL Ventures, expresses a similar sentiment. When we look at the cybersecurity market as a whole, she tells NoCamels, the coronavirus pandemic accelerated solutions “because everything was remote, everything went online; and therefore all the threats of online presence became much more emphasized and much more prioritized.”
“So you see a lot more companies bringing in budgets, bringing in board-level attention to cybersecurity technologies, products, and methodologies, to contend with this new threat which has come to the fore even more strongly during [the pandemic] and remote work,” she says.
The cybersecurity industry will continue to attract massive funds, Barzilay predicts, because it is part all of sectors. “When you look at AVs [autonomous vehicles], robotics, AI, medical tech, biotech, etc – we need more cybersecurity solutions to sustain the use of these technologies,” he tells NoCamels.
And Israel will continue to lead in this sector, in part because of its compulsory military service, government support, and strong collaboration between academia and industry, Barzilay explains.
“Everyone goes to the IDF, and when they leave they already have 3-4 years experience as part of a huge defense operation, they are mature but they still very young and they are free to do whatever they want,” he says.
“You get tons and tons of people enlisting to cybersecurity-related roles at the age of 18, making Israeli a hotbed for very young talent in the cybersecurity domain,” concurs Ben Dov.
There’s also something to be said about the Israeli mentality of taking risks, making mistakes, doing away with social hierarchies, and going directly to the source. And it applies to every domain.
“It’s not just really cybersecurity,” says Ben Dov. It’s a culture of “being very scrappy, doing a lot with very little resources, being able to have the chutzpah essence, not necessarily…listening to authority. I think that’s a lot of what makes entrepreneurs good. Because if entrepreneurs don’t dream big, and if entrepreneurs listen to voices saying they can’t do this or that, these are barriers; if people listen to the barriers, they will never take risks and they will never dream big and become entrepreneurs. So that’s a lot of inherently what Israelis have, what the Israeli character and mentality has, which enables Israel to become a hotbed for entrepreneurship as a whole.”
Offensive and defensive cybersecurity
Despite the positive news coming out of Cyber Week, the NSO scandal still hung over the industry as a whole, raising ethical and legal questions.
Amir Einav, Chief Revenue Officer (CRO) at IoT and automotive cybersecurity company Karamba, tells NoCamels that offensive cybersecurity companies like NSO have legitimate businesses. “They sell weapons, next-generation weapons for next-generation wars. The equivalent is companies like IAI [Israel Aerospace Industries] and Elbit developing missiles and guns and so on,” Einav says.
“Is it legal? Is it moral? Everyone has their own decision to make here. But it is a business. A government-regulated business subject to export laws,” he says.
Barzilay says Israel needs offensive cybersecurity solutions. “They are an important aspect of cybersecurity and Israel must continue investing in these types of technologies. All countries do or they will get left behind.”
But controls must be in place to make sure “people don’t use such tech in the wrong way,” he adds.
Matthew Youkilis contributed to this report.