Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks
GCHQ needs culture change first
Feature Israel's intelligence agency, Unit 8200, has been a production line for hi-tech startups since the 1980s, a success British politicians are now seeking to emulate. Yet replicating that success in Blighty may be difficult because of cultural and environmental differences that may prove difficult to overcome.
Cabinet Office minister Francis Maude MP recently visited Israel, where, amongst other things, he met some Unit 8200 alumni. Cabinet Office spinners briefed the press soon afterwards about UK hopes of turning GCHQ into an incubator for the next generation of tech entrepreneurs.
Unit 8200 is reportedly staffed by several thousand soldiers, with a listening station in the Negev desert. Its exploits are said to include using a secret kill switch to deactivate Syrian air defences before an Israeli airstrike on a suspected nuclear reactor in September 2007, as well as a key role in developing the Stuxnet worm.
Alumni from Unit 8200 – Israel’s military intelligence unit – have gone on to found Check Point, Palo Alto Networks, and numerous successful security firms. This trend is continuing with the creation of new start-ups such as Cybereason, which aims to proactively detect and terminate malicious hacking operations before they can do any harm and car security start-up Argus Cyber Security, among others.
Cybereason chief exec Lior Div was awarded the prestigious Medal of Honor for his work leading an elite team within Unit 8200 prior to going into business in his own right. His latest start-up, Cybereason is marketing a cloud-based platform that allows enterprises to detect and visualise ongoing hacking and malware-based attacks.
Div left 8200 unit after six years service in 1991, well before the unit became famous for its purported role in putting together the infamous Stuxnet worm, the cyber-munition used to electronically sabotage centrifuges at the centre of Iran's controversial nuclear program.
The former cyberwarrior, who reached the rank of lieutenant whilst serving with the IDF, is reluctant to go into details of his work but it involved hands-on experience in hacking as well as defending against the best hackers across the globe. Div and his team of ex-military intelligence agents have taken their knowledge of how sophisticated hacking operations work and built a new platform that will provide enterprises with an an early-warning system capable of visualising, detecting and shutting down hacking operations.
Div did explain that his work within Unit 8200 involved cracking and reverse-engineering the malware and other hacking operations of adversaries. He is an expert in the fields of hacking operations, forensics, reverse engineering and malware analysis, cryptography and evasion.
"The Unit 8200 culture pushes you to limits," Div told El Reg. "The training lasts seven months and there's a test every week.
"You have to know the material. We weren't just learning software and coding but also hardware and mathematics."
Mandatory military service exists in Israel, with tech units getting the first pick. Maturity and responsibility comes quite early, according to Div.
"The six years I spent there was the equivalent of a PhD or even better because it involved real world experience. I was using the knowledge I gained on a daily basis."
"Within two years I was a lieutenant managing 20 soldiers."
Yoni Heilbronn, VP Marketing at Argus Cyber Security, which specialises in the emerging field of infosec for automobiles, is another Unit 8200 alumnus.
"Experience with technology gained in [military] service is applied in private firms," Heilbronn told El Reg, adding that there are 400 companies in cyber security within Israel alone.
Israeli culture where "necessity is the mother of invention" suits the fast paced world of information security development.
"The country faces multiple threats, some existential," Heilbronn explained. "There's is little time and scarce resources. The country fosters innovative ideas."
This culture of openness for fresh ideas extends to the IDF.
"Within the intel branch soldiers are encouraged to speak their minds and not be dogmatic," said Heilbronn.
Most Israeli conscripts are discharged after a few years, taking this attitude into the private sector. In contrast, GCHQ and NSA tend to work at these organisations as a long term career - so turning GCHQ into a tech incubator will require a radical change in culture.
Former soldiers at Israel’s Intelligence Corps have set up perhaps hundreds of infosec start-ups. In contrast, tech firms hiring ex-NSA or GCHQ staffers remain something of a rarity.
Keren Elazari, an industry analyst with GIGAOM Research who covers cyber security, said there are several reasons that might explain this phenomenon. Amongst these are demographic, social, and cultural factors (such as the zeitgeist of the post-Stuxnet cyber security industry), she explained.
"For the typical bright young Israeli, screening and recruiting for elite technology and intelligence IDF units begins at age 17, sometimes even earlier – and it takes into consideration high school studies like math & computer science," Elazari explained. "When the youngsters reach 18, they are conscripted into service and undergo intense educational courses and on [the] job training - several months at least, for both generic military purposes but also for the professional roles they are assigned to with their elite units. This happens at an age when most Americans attend college, which is a much more 'loose' experience."
Elazari's work keeps her in touch with a lot of security startups in Israel as well as a lot of more established companies from Silicon Valley, allowing her to make these types of demographic comparisons. Going into the military rather than college when they leave home gives Israelis a leg up in gaining real world experience, particularly when it comes to technology.
"Most Israelis serve three years,” explains Elazari. “Some stay for more 'professional army' years as they attend officer training as well – which means, by the time they are 21-23 and out of the army, they have very solid experience with very demanding 'real world' situations, towards mission critical goals – working long hours, weekends, etc – and both short term and long term goals can change rapidly pending on their military assignment. This is almost like 'startup bootcamp', if you will.”
"At the same time, around age 22-23, their U.S. hypothetical counterpart might still be in college, struggling to find professional focus, or perhaps still going through the military ranks or 'agency corporate ladder' , trying to fit in as part of the colossus which is the American US-CYBERCOM/NSA complex."
Social factors also come into play, such as the Israeli aptitude for innovation and admiration for those to strike out in business, even if they aren't successful.
“Israelis love to innovate,” said Elazari. “They love to invent new things, and often, because of limited resources and other constraints, they've learned they have to get crafty in order to survive. This is embedded in the Israeli DNA, even outside the technology industry. This also means that choosing a path of entrepreneurship is highly regarded by society – even if you are not a successful entrepreneur."
You need chutzpah for this to work – and Blighty just can't measure up
Examples of previous success act as a template.
"Even if you've started three companies which all went bust after a year or two, you are a 'serial entrepreneur' and command respect from other Israelis. Israelis are not afraid to try, and they possess 'chutzpah'*, audacity, which is a very Israeli resource.
"This isn't to say Americans aren't aggressive in business - just that Israelis, even young, inexperienced in the business world, fresh out of the military, are more likely to go out into the world and try their luck. and the established success stories of big security vendors like Check Point, Imperva, Trusteer and CyberArk, for example, provide inspiration and ample opportunists for those who would like to first cut their teeth in the 'big business world' - often seen as a pit stop on the way to starting their own company," she added.
The cyber security industry has undergone a lot of changes in recent years, many could be traced back to the "summer of Stuxnet" in 2010.
Elazari explained that Stuxnet "really shook up the industry and also created a lot of business opportunities as governments and large organizations around the world scrambled to 'do something about cyber security'".
"In Israel, ever since 2010-2011, the current prime minister (Binyamin Netanyahu) and an entire cadre of industrial development advisers, ministers and organizations, sought to leverage the Israeli advantage in cyber security innovation. The PM speaks about 'turning the startup nation into the cyber nation' in many speeches, and the government has allotted many grants and other development vehicles to promote the local cyber security start up industry," Elazari told El Reg.
This promotion come in the form of grants for universities, R&D programs, the new national cyber bureau and many other initiatives. Multinational companies – such as RSA, Cisco and many more – have opened cyber security 'centres of excellence' in Israel, seeking Israeli talent.
"At the same time, in the US, a lot of the 'cyber’ buzz was generated by the large defense companies like Boeing, Lockheed Martin and Northrup Grumman – all setting up new business lines surrounding generic 'cyber solutions' – whatever that means," Elazari added. "These huge companies that have strong ties have also recruited out of the same pool of potential CYBERCOM/NSA graduates – most of whom are older and perhaps less willing to go for 24 hour-long coding sprees or figuring out new features on the fly. On top of that, I’m not sure there is any comparable government decision in the US to support a budding startup ecosystem, or anything similar to the strong support we experience here in Israel."
The investor's view
Shlomo Kramer founded datacentre security firm Imperva after he co-founded Check Point Software more than 20 years ago. Kramer has participated as an early investor and board member in a number of security and enterprise software companies, including Palo Alto Networks and Trusteer, that trace their origins back to the IDF's Unit 8200. Start-ups such as Cyberreason and Argus are trying to emulate his success.
Kramer told El Reg that over the years he's moved over from an operational role and became more of an investor. He said that state-sponsored hacking and industrial espionage is becoming a driver for growth in the infosec market.
"Nation state involvement is not going to go away and in fact is becoming much more mainstream," Kramer explained. "In some cases there is a cross-pollination between nation states and cybercriminals."
Military doctrine tales about cyber as the fifth realm of conflict alongside land, sea, air and space. It's tempting to think that the internet has become militarised over recent years, with privacy and confidence in e-commerce among the casualties.
Winning the Cold War against the Soviets brought a peace dividend in terms of reduced military spending, at least for a few years. And the space race brought fringe benefits such as non-stick frying pans.
Argus's Heilbronn had no confidence that the seemingly inexorable rise in surveillance technologies would result in benefit for either corporate security or the internet as a whole. The surveillance dividend is "for the state," he told El Reg. ®
* On the rendering of “chutzpah” from Hebrew into English, Vulture Central's backroom gremlins are reminded of an old Jewish joke explaining the concept: A boy murders his parents and then pleads for leniency on the grounds that he is a poor orphan.