Israeli cyber czar warns of more attacks from Iran

Directorate chief says ‘cyber winter is coming’.


People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica (photo credit: DADO RUVIC/REUTERS)

People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica (photo credit: DADO RUVIC/REUTERS)

A cyber winter is coming and it will be faster than suspected, Israel’s cyber czar warned on Wednesday, a week after Iran tried hacking Israel’s water system.

In a recorded speech for a Cybertech conference event slated for Thursday and obtained by The Jerusalem Post, National Cyber Directorate chief Yigal Unna provided striking new details about the Islamic Republic’s hack and how Israel blocked it.

Unna neither confirmed nor denied that Israel launched a counter cyberattack against Iran’s Shahid Rajaee port on May 9, but, in unusually open remarks for a senior defense official, he strongly implied that Iran should be wary of attempting future attacks against Israeli civilian infrastructure.

“We will remember this last month, May 2020, as a changing point in the history of modern cyberwarfare… What we faced here in Israel… the attempted attack, synchronized and organized attack,” targeting civilian water infrastructure, “if it had been successful… we would now be facing in the middle of the corona crisis, a very big damage to the civilian population, a lack of water,” Unna said.

Further, he noted that when various chemicals are mixed with water in the wrong proportions – which could happen due to a hack – it “can be harmful and disastrous.”

While Unna tiptoed around the issue of attributing the attack to Iran at an official level, he noted Fox News’s accusation against Iran and made it clear Israel was hacked by an enemy nation-state and not mere cyber criminals.

“It is not a gang… they gain nothing from it, no ransomware… it was specifically and very directly aiming to cause damage in the real life in the real arena through controllers, through SCADA [Supervisory Control And Data Acquisition, a computer system for gathering and analyzing real time data] through ICS [Industrial Control Systems] controllers, something that could have caused a lot of damage,” he explained.

Elaborating, he said, “this is the first time we can see something like that aiming to cause damage to real life, not to IT [Information Technology], not to data, which is pretty serious by itself in the modern world…part of some attack over Israel, over the national security of Israel, not to gain any financial benefit.”

Next, he said, “I’m saying… because it wasn’t one or two controllers. It was a… wide spectrum of attacks aiming specifically at energy and watering, and the only reason it failed was… our efforts, the INCD preparedness, the risk management that” the agency performs.

However, Unna was not ready to just pat his unit on the back, saying, “if we will stand still, we will lose the next attack… we had some countermeasures, so the attack happened, but the damage was prevented and that’s our goal and that’s our mission.”

On the horizon, “we are now in the middle of preparing for the next phase to come because it will come eventually. Now… we managed to mitigate it and overcome it, but I’m afraid it’s only the sign of the first major attack of a new era, of humanitarian targets.”

He mentioned a wide range of recent cyberattacks against medical centers and systems in the Czech Republic and other countries during the corona crisis, adding, “if we thought there were some rules of engagement or some lines that shouldn’t be crossed… well all the laws are crossed.”

“The cyber winter is coming and coming faster than even I suspected… we need to stand together against the next attacks… the level of attacks will probably get more sophisticated and deadlier.”

Continuing, he said, “The Washington Post attributed as a counterattack… against Iran that was blamed by Fox News as being behind the attack – attacking the port in Iran. Well… maybe and maybe not, but it seems like there are some new rules of engagement, rules of war in the cyber warfare.”

Unna stated, “it can be cyber against cyber… or kinetic counter to cyber… and everything will mix to a full scale of combat.”

He cautioned, “we need to reconsider what is really critical and what are really the main crown jewels of the cyber… space in each country… which needs to be taken full care of… and to manage the risk with all of the rest, which are less critical.”

“Water can cause a cascade or domino effect… as well as transportation like a seaport on the other side,” in another obvious reference to Iran.

The cyber chief said that four years ago the INCD was focused on protecting 30-40 entities, but that now INCD is “dealing with hundreds… we need to even broaden and get a new approach of how to defend everything.”

Content retrieved from: