National Cyber Directorate personnel spend every waking hour warding off the wide array of cyberattacks launched at Israel on all levels by terrorist groups, hackers, and malicious state actors. NCD chief Yigal Unna: Cyber threats to Israel only expected to grow.
Walking into the Tel Aviv office of Israel National Cyber Directorate Head Yigal Unna, you immediately notice a very specific memento – a weighted plaque with a golden plate that he was awarded by his counterparts in the United Arab Emirates. Unna was part of the historic delegation that traveled to Abu Dhabi last month after the landmark peace deal between Israel and the UAE was announced, and the plaque sheds light on the deep cyber and technological ties between the two countries.
“The potential vis-à-vis the UAE is endless,” he told Israel Hayom. “We have the knowledge, tools, and capabilities that can offer the issues they’re dealing with the best solutions in the world. In terms of cybersecurity, Israel is one of the most protected countries in the world. We want them to be as protected as we are.”
According to Unna, until recently Israeli companies pursued only defense deals in the Persian Gulf. Now that the Abraham Accord is in place, trade can expand to include economic and industrial ventures, as well.
“There are many overtures by Israeli and Gulf companies that want to get started. The cyber sphere connects people and Israel is a powerhouse in this arena – one considerably larger than its physical size or the size of its economy. We have something for every actor in the region, and they all face similar threats as Israel,” he explained.
Israel routinely sustains an incredibly high number of cyberattacks – the price a very technologically advanced country has to pay when it deals with its enemies, be they traditional or amorphous, such as criminal organizations or countries on the other side of the world, like North Korea.
“In terms of cybersecurity, Israel is one of the most protected countries in the world” (Illustration/Getty Images)
Unna, 49, is Israel’s cyber gatekeeper. His agency guards every entity in the public and private sectors – from critical state infrastructure and state-owned corporations to the home computer of the very last member of the public.
A veteran of the intelligence community, Unna has spent most of his professional life in the shadows, making this the first time he has ever given a press interview.
Born in Jerusalem, Unna currently lives in Givatayim. He is married and the father of three teenage sons. He skipped a grade in school and enlisted in the IDF at the age of 17, where he was assigned to Unit 8200, the elite Military Intelligence division responsible for collecting signal intelligence and code decryption. He later underwent training as a cyber-intelligence officer, rising to the rank of captain before leaving the military.
Unna set his sights on becoming a Mossad intelligence agency officer, but the Arabic he studied while in uniform led him to Israel’s internal security service, the Shin Bet, where his experience in cyber operations was put to use by the agency’s operational directorate. He went on to spend his years in the Shin Bet in technology-oriented positions, mostly in the offensive sphere. In 2013, Unna was named head of the agency’s technology division, and in 2018 he was tapped as head of its cyber division.
“It’s the type of job that doesn’t let you sleep at night,” he said. “You can’t revel in yesterday’s achievements because every day brings new battles and the smallest breach can cause significant damage.”
The National Cyber Directorate was effectively established in the 1970s and has undergone several reincarnations since its inception.
Originally, defending the nation’s computer infrastructure was entrusted to a small unit in the Shin Bet, but it wasn’t until 2002 that the government officially asked the agency to protect critical infrastructure, bringing about the formation of the Information Security Directorate.
A few years later, it became clear that the Shin Bet was unable to fully meet the wide range of threats lurking in cyberspace, and that even nonessential state infrastructure faced challenges that must be met.
“It happened when we noticed cyberattacks on states, like Estonia and later in Georgia, and even the mishap that happened to the centrifuges in Iran,” Unna said, referring to the 2007 Stuxnet computer virus that crippled the Islamic republic’s nuclear program in an operation largely attributed to the United States and Israel.
“This process made us acutely aware of the fact that it [cyber] had the potential of becoming a battlefield.”
At that time, then-Prime Minister Benjamin Netanyahu asked Maj. Gen. (ret.) Professor Isaac Ben-Israel, formerly head of the Defense Ministry’s Administration for the Development of Weapons and Technological Infrastructure, to head a project dubbed the “National Cyber Initiative.”
The latter outlined Israel’s cyber-defense doctrine, which led to the inception of the National Cyber Bureau in the Prime Minister’s Office. The NCB was tasked with planning Israel’s cyber strategy. A sister-agency, the National Cyber Security Authority, was tasked with the operational aspects of putting the strategy into action, and three years ago, the two were united under the National Cyber Directorate.
Like the Mossad, Shin Bet and the Atomic Energy Commission, the National Cyber Directorate reports directly to the prime minister. It employs just under 400 people, from National Service recruits to PhDs. Over half of its workforce comprises women, and about two-thirds are in cyber – from programmers and analysts to hackers.
“We don’t target the enemy, we target ourselves, to make sure we are protected. We specialize in defending the ‘blue zone,'” or Israel, he explained.
Q: But in order to protect the ‘blue zone’ you need to be in the enemy’s ‘red zone.’
“Israel should also be in the ‘red zone’ and there are other elements in the defense establishment that do that [mainly Unit 8200, the Shin Bet and the Mossad]. We work together with full cooperation.”
Said cooperation includes knowledge-sharing and if need be, joint operations, with every agency lending its expertise in defense or offence to achieving the objective.
In mid-May, Israel faced what was believed to be a failed Iranian cyberattack on its civilian water infrastructure.
Unna refused to comment on the identity of the attacker but said the hack caused no damage.
“As far as I’m concerned this crossed a red line in terms of having the gall to target civilian infrastructure, even if the actual attack was a low-level one,” he said.
According to the Washington Post, the immediate response that was attributed to Israel came in the form of cyber retaliation directed at Iran’s Shahid Rajaee Port, leaving operations in one of its most important water passageways in what the report described as “total disarray.”
Unna refuses to comment on the report, saying only that “we are likely to see other red lines crossed, and escalation and attempted cyberattacks by hostile elements, including terrorist groups. That’s one of the issues with this dimension – it has a very low entry threshold. You don’t need an air force or other strategic weapons – you can learn these things online, take talented teens and shape them any way you want.”
Q: How good are Israel’s enemies?
“Every actor in this theater has to be treated with respect because in cyber, even a small ‘David’ can surprise you and we really don’t want to be the ‘Goliath’ on the other end of the attack. Someone without the backing of a major power could come up and inflict serious damage.”
Q: Do you recognize such potential in our adversaries?
“The cyber arms race exists all over the world, and certainly in our region.”
Q: Does the average Israeli need to be concerned?
“You can’t stop technology, but you have to be aware of the dangers,” he said. The average Israeli “doesn’t know how dominant this threat is, how present it is everywhere. Like they say on Game of Thrones – ‘Winter is Coming’ and cyberattacks on Israel are only expected to grow stronger.
“This is likely to reach massive proportions – that’s something that has become evident since the onset of the coronavirus outbreak because everyone is working from home using digital platforms.”
The National Cyber Directorate has two homes: it is headquartered in Tel Aviv but its nerve center – where every cyberattack against Israel is monitored – sits in Beersheba.
“The heart of the Israeli high tech industry remains in the country’s center but I hope that in a few years, after [Unit] 8200 and [the IDF’s] C4I Corps move to southern Israel everything else will follow,” he said.
Unna oversees four departments. The first deals with the daily protection of Israel’s critical infrastructure, as well as directs nonessential bodies with regard to their protection, via directives that come down through the relevant government ministries. Its Beersheba operational response center also addresses concerns relevant to every one of us.
Data published here for the first time show that in the first half of 2020, the NCD’s response center received 7,164 reports concerning cyberattacks of various levels.
The second department deals with early detection of ongoing cyberattacks, repairing breaches and, if need be, damage control. The third deals with both proprietary and acquired technology, and the fourth deals with the cyber ecosystem – strategy, external relations, and promoting Israeli cyber exports.
“Many countries are not willing to deal with the Israeli industry sans state backing. I’m authorized by the government to provide this backing,” he explained. “Since I took office, we have already signed 15 such agreements, with India and many other countries, including some that do not maintain official ties with Israel.
“The cyber defense field has opened many doors for Israel around the world. In Chad, for example, the very inception of ties with them – the fundamental of peace – was through cyber. The first [Israeli] delegation there included one of our guys, who was there to help them conduct a national risk assessment.
“We also have an agreement with the Development Bank of Latin America. They currently have two cyber experts – bank employees, Spanish-speaking Israelis – who were appointed on our recommendation. Their job is to promote and improve cyber defenses in 22 countries in South and Central America.”
The National Cyber Directorate has operational cooperation agreements with 90 countries, with future deals in the works.
“It’s an information exchange that operates around the clock,” Unna said. “If something happens in South America at night – say, for example, an attack on a bank there – they report it to me immediately and by morning we are ready to go with all the information necessary to protect our banks.”
Cyber experts tend to rank Israel among the top-five cyber superpowers in the world, alongside the United States, China, Russia, and the United Kingdom. According to Unna, a cyber superpower “is a country that has world-class abilities and force that stands up to other absolute powers.
“The list of the ‘hottest’ cyber companies comprises 150 firms, of which 113 are American, 18 Israeli, and seven British … and that’s without counting 10 other Israeli companies that are registered in the United States for tax purposes.”
Q: How do you explain that?
“Israel relies much more than other countries on information and information technologies due to the lack of other resources. There is tremendous power here. When you add defense aspects to that and the fact that we are more threatened than others and are therefore required to defend ourselves, along with the Israeli character, which is inherently less restrained – the result is a cyber ‘cake’ to be proud of,” he said.
National Cyber Directorate data shows that in the first half of 2020, the Israeli cyber industry, despite the global coronavirus pandemic, has raised $ 1.2 billion in 43 transactions. This period also saw the birth of two Israeli “unicorns” – an industry term for companies valued at more than $1 billion – namely SentinelOne and Snyk
Overall, between 20 and 25% of all cyber “unicorns” are Israelis.
According to Unna, about 29% of the world’s cyber investments are made in Israel. There are currently 540 cyber firms in Israel, compared to 250 companies 10 years ago. Israeli exports in the field of cyber defense stood at $6.5 billion in 2019 – a 600% increase since 2011.
It is estimated that along with the cyber-offense field, Israel’s exports of cyber technologies amount to some $10 billion a year – more than all classic defense exports combined.
All these things combined, Unna says, “Are the making of a superpower.”