Israel hosted a major cyber-war simulation. The CYBER-simulation was held at the Tel Aviv University’s SIMLAB unit. This is the unit’s first simulation.I'd love to sit in on one of these things.
The SIMLAB simulation unit, headed by Dr. Haim Asa, is a part of the Yuval Neeman Workshop for Science, Technology and Defense. The unit was established in order to assist decision makers and recommend foreign and defense policies, with an emphasis on strategy and foreign relations. Top military, defense and academy figures took part in the simulation, divided into groups representing different countries. The simulation scenario was a future war in which CYBER-warfare capabilities played an important part.
The U.S. was represented by General Wesley Clark (retired U.S. Army General and NATO Commander during the war in Kosovo) as the President, Ambassador Zalman Shuval, Erez Kreiler (one of the founders of the Information Security Authority) and others. Israel was represented by Maj. Gen. (Res.) Ami Ayalon, Eitan Ben-Eliahu, Michael Aman, Shlomo Brom and others. Iran was represented by former Mossad chief and CEO of Mer Systems, Shabtai Shavit; Al Qaeda was represented by Prof. Boaz Ganor, executive director of the International Policy Institute for Counter Terrorism at the Inter-Disciplinary Center; Hizballah was represented by Dr. Eitan Azani, ICT deputy executive director; Russia was represented by Dr. Fima Adamski; and China by former Knesset member, Col. (Res.) Doron Avital.
The scenario, created by Dr. Haim Asa, took three months to design and included two stages of escalation. In the opening stage Al Qaeda, mired in the Syrian civil war, tried to incite a war between Hizballah and Israel in order to divert the world’s attention. At a later stage Iran tried to deceive the United States by faking an Israeli attack on its networks. The simulation ended with a Russian presence on Syrian territory in order to protect Assad, effectively dragging Russia into the Middle Eastern conflict, opposing the United States.
A few of the simulation participants summed up the main conclusions:
Dr. Yitzhak Ben-Israel:
- The main problem in the CYBER arena is still one of origins – where did the attack come from? The targeted victim remains unsure and frustrated, also affecting the level of response.
- Decision makers tend to naturally rely on open sources of information, even though some of the reports are wrong or based on disinformation.
- CYBER weapons and their effects are not virtual! They cause very real damage in the very real world.
- The distinction between the civilian and military dimensions in the CYBER arena (even though Ben-Israel dislikes the use of the term dimension as it relates to CYBER) is unclear and very blurred, if it even exists.
- Even though we naturally assume the traditional and CYBER fighting arenas are similar, they require different decision-making processes.
General Wesley Clark:
Dr. Haim Asa:
- The difference between an attacking state or an attacking organization is highly relevant.
- The physical damage caused by a CYBER attack is very real.
- CYBER-prepardeness has to include detection and damage mitigation capabilities.
- Such preparedness has to include intelligence on each enemy’s capabilities – in order to rapidly identify the origins of an attack.
- The level of certainty needed to justify a counter-attack needs to be discussed, whether it’s a traditional or a CYBER-attack. What’s the “smoking gun”, exactly? An IP address in a hostile country?
- More exercises have to be held, and there has to be cooperation between allies. This is problematic due to states being unwilling to share information about their capabilities.
- CYBER-defense is more important than CYBER-attack. An effective defense allows decision makers some breathing room to consider proper offensive responses, while otherwise they might attack blindly out of distress.
- We knew that CYBER “messes things up”, but we didn’t realize how much.
- The main issue of this simulation was “CYBER warfare in an international-regional military campaign.”
- We must be prepared and develop powerful CYBER-identification tools.
- Communications and trust between partners have to be developed. The fact that the U.S. didn’t believe that the Israeli team is the one attacking it made Iran’s gambit pointless.
- International relations play a very important part in the CYBER-arena.
- We have to develop a tool box of technical and strategic abilities, in order to properly handle situations such as those simulated.
Erez Kreiler (founder of the Information Security Authority):
Meni Barzilai (head of information security at HaPoalim Bank):
- The CYBER-world belongs to the young generation.
- Social networks are an information goldmine for intelligence agencies.
A similar cyber-attack war game, this one on banks in the UK, was performed this week. I assume that the SIMLAB exercise was similar. It was described this way:
Hundreds of staff from the UK's financial institutions will take part in a simulated cyberattack today.
The exercise, the details of which have been kept top secret, will be overseen by officials from the Bank of England, Treasury and Financial Conduct Authority, and will be monitored by the Government's cyber agencies.
It will concentrate on how investment banks would cope with a sustained attack on essential shared and company-specific systems, such as clearing and risk management tools.
The cyber war game, called Waking Shark II, will be led by a team from Credit Suisse, who have designed a scenario to be released to the participants in stages, as if the situation is unfolding in real time.
The test will take place in one room, with various companies and organisations sitting on different tables interacting as the situation gathers momentum.
The aim is to help in-house IT security experts and fall-back operations planners to practise making swift decisions and communicate effectively with the regulator and industry partners to contain the problems thrown at them.