As Israel's Cyber Security Week kicked off, SC Media UK's Tony Morbin met up with Professor Isaac Ben-Israel, director at the Cyber Security Research Centre (Yuval Ne'eman Workshop for Science, Technology and security), Tel Aviv University, Israel, one of the drivers behind the country's lead in cyber-security.
It was back in 1999 that Ben-Israel sent a letter to the then Prime Minister of Israel warning of the dangers of potential cyber-offensive warfare against Israel as the only country in the region with a sufficiently developed computer infrastructure to make it vulnerable to such an attack. Some 36 different sectors, including Power, Water and Banking were listed as critical infrastructure that could be vulnerable to attack. Then when the letter was dug out and referred to by a later Prime Minister, Healthcare was added to the list - though today, at a presentation 'Cyber Cure', on the cyber risk to healthcare at Tel Aviv University, Ben-Israel told delegates, "There is not even one aspect of our lives that can't be threatened by cyber-attack."
Today the global private sector sales of cyber-security products and services - hence excluding government and defence sector - is estimated at US$ 80 billion per year. Israel's private sector exports account for eight to ten percent of that market by sales. And 18 percent of global investment into cyber-technology is going to Israel. Six years back it was six times smaller.
He told SC Media UK: "In cyber-technology one generation is just one year - so to ask what are the largest threats we face in the future is impossible to answer because it will be a new generation of threats. For humans with a 30 year generation you can say what may happen over the next five years - but no one can predict what we will face in cyber in five years. So when I drew up a list of Critical National Infrastructure threats in a letter to the Prime Minister in 1999, and again in 2010, it did not include the Health Sector.
"Ordinarily you would consider what are the coming threats and what can you do to offset the impact, but you can't do that if you can't see what they are, and you can't in cyber as development is running too fast.
"Instead we need to build an ecosystem of highly educated, knowledgeable people who understand the threat and have enough knowledge to identify the new threat when it appears, and enough technology options to be able to take the appropriate ideas to tackle it. There are three elements to this:
"Education - building the human capital required
"Start-ups: having an environment where there are enough ideas around.
"Coordinating organisations: you need the right organisations in place to be able to combine each of the elements needed with the others to provide a coordinated response.
"In 2011 the Israeli governement resolved to build an appropriate ecosystem. Israel is still the only country where we teach cyber security in high schools and every university in Israel has academic cyber research. In 2011 Oxford University in the UK was the only one in the world to have a dedicated cyber research department. At that time it was almost all done by practitioners, whether commercial or government - but you need academic research if you are trying to tackle fundamental questions.
"Now we have 1,200 cyber security start ups in Israel every year. 1,000 will fail each year. And many of the remaining 200 may fail the next year. But it is done intentionally so that the ideas are there.
"Yes, some of the ideas could potentially be used against us - but we can't stop selling cars or knives because someone may use them against us. When it comes to military weapons (guns, missiles etc) we have mechanisms in place - where governments limit exports by issuing licences. Large companies know who to approach, how to modify their offering, but start-ups don't have that knowledge, so we need to come up with different mechanisms to stop the exporting of technology that may fall into the wrong hands and be used against us. In six years (of Israel cyber security week) there has only been one occasion where there might have been a breach."