Ben's Book of the Month: Israel and the Cyber Threat: How the Startup Nation Became a Global Cyber Power


Posted on by Ben Rothke

Last month, CNN reported that JPMorgan Chase said it had seen a sizable increase in attempts by hackers each day to infiltrate its systems over the previous year, highlighting the escalating cybersecurity challenges the bank and other Wall Street firms are facing.

JPMorgan Chase, the largest US bank by assets, invests $15 billion annually and employs over 62,000 technologists to help fortify its defense against cybercrimes. They have more engineers than Google or Amazon because they have to. Attackers get smarter, savvier, quicker, more devious, and more mischievous. Firms have to defend against that or suffer the consequences.

With nearly $4 trillion in assets, JPMorgan Chase makes Fort Knox and its $300 billion worth of gold seem like petty cash. And in finance, there is no bigger target than JPMorgan Chase.

Another entity that is a huge target is the state of Israel. For the first 50 years or so of its existence, Israel had to contend with enemies on its borders. In the Internet era, its enemies have become worldwide. To deal with that threat, Israel needed to develop a cybersecurity strategy quickly.

In Israel and the Cyber Threat: How the Startup Nation Became a Global Cyber Power (Oxford University Press), authors Charles Freilich, Matthew Cohen, and Gabi Siboni have written a detailed and fascinating narrative of how Israel quickly became a leader in the world of computer security.

Richard Stiennon, Chief Research Analyst at IT-Harvest has been calculating the number of worldwide information security vendors. The amazing thing is that while the United States was as expected at the top, Israel has more security companies than the following five countries combined. One has to ask how it is that Israel has more security firms than the UK, Canada, India, Germany, and France combined? The question is even more compelling given that Israel has a population of under 10 million; while those five countries have roughly 1.5 billion inhabitants.

Much of the reason Freilich, Cohen, and Siboni conclude is that Israel saw cyber defense as critical to the country's future. The government took a top-down approach and followed up with significant budgets and funds. Contrast that with President Biden, who announced a national cybersecurity strategy in March 2023, but still needs to follow through with funds to do that for the private sector.

Another factor Israel uses, in fact, according to Nadav Zafrir, managing partner at Team8, a venture group, is that the Israeli military has the ability to look at people while they are in high school. This, in turn, gives the Israeli high-tech sector a tremendous pipeline in developing the brightest minds in the country.

The authors have deep, direct experience in the Israeli national security establishment and give the reader a firsthand account of how Israel accomplished their goals. The threats Israel faces are also threats that Western governments and firms face. It’s important to understand how Israel has dealt with these threats to create countermeasures to deal with them.  

The authors come to the same conclusion as Dan Senor and Saul Singer did in Startup Nation, where they write that Israeli culture had much to do with Israel's ability to go from cybersecurity zero to security hero in a few years. 

Part of that culture is manifest in the Israeli military where junior soldiers are encouraged to confront senior ranking officers if they feel something could be done more safely or efficiently. A private in the Israeli Defense Forces is encouraged to engage and challenge a major general. Conduct that is encouraged in Israel, could result in a court martial in the US military.

The book contains four parts. It starts with a general cybersecurity history and provides a comprehensive look at what Israel has done. Part four is the heart of the book, where the authors present the primary conclusions derived from the Israeli experience in creating a cyber defense program. This includes 14 findings and seven conclusions that are specific to Israel.

This is an extremely dense and tactical reference. The authors have interviewed those from the top echelons of the Israeli military, government, and intelligence services, and provided the reader with heretofore unavailable information.

When it comes to information security, Israel is a global superpower. Getting there didn't happen overnight. The authors do a superb job of detailing how Israel got there and how they have maintained that lead. Whether other countries can duplicate what Israel has, is questionable, given Israel's unique integration between civil, academic, and military.

But even though other countries may have yet to be able to duplicate everything Israel has, a considerable amount can be learned. And the authors do a wonderful job of detailing that in this invaluable book. For those looking for a detailed strategic and pragmatic approach to cybersecurity, this is their book.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Hackers & Threats

Advanced Threat Protection policy management governance risk & compliance technology sovereignty standards & frameworks operational technology (OT Security) risk & vulnerability assessment platform integrity software integrity

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs