The cyber threat posed by Israel’s enemies to the country’s critical infrastructure and other key targets is high, and Israeli authorities are working closely with defense companies to build up cutting-edge defenses.

In recent years, Rafael Advanced Defense Systems has won major cyber-defense contracts totaling tens of millions of dollars in Israel and abroad. The company has become a significant cyber player over the past seven years. Clients now include Israel Railways, the Bank of Israel’s National Credit Registry and Israel’s Computer Emergency Response Team center, known as CERT (a civilian center that deals with cyber challenges), in Beersheva.

Israel’s rail network is considered critical infrastructure, and Rafael has constructed a Cyber Security Operations Center (CSOS) for Israel Railways to help the organization deal with the more than 10 million monthly cyber-attack attempts aimed at gathering critical intelligence and other forms of hacking against the train’s subsystems.

Rafael also built defenses for Argentina’s Defense Ministry and military ahead of preparations for the G20 summit held last year in that country.

“The things we do are certainly challenging and innovative,” Michael Arov, cyber-technology product-line manager at Rafael, told JNS. “The Israel Railways project is one of them.”

Arov, who is responsible for all of the company’s cyber activities, said trains are becoming more computerized, which means that the cyber “attack surface” rail networks present to those with hostile intentions is also increasing.

“Israel Railways is considered critical infrastructure because of the damage that can be caused [to the country through it]. Our first goal is to safeguard human lives and create a situation in which it will be hard—in the cyber world, we don’t say ‘impossible’ because nothing is impossible—but to make it very hard to harm lives,” said Arov.

Preventing catastrophic scenarios like collisions and derailments is a top priority, he added.

In order to achieve this, “one has to understand first what the cyber situation is, in all of the subsystems,” said Arov. “A train network is a system of systems. There are lots of subsystems, and they all have to be in tune with one another. If not, the entire system goes out of sync.”

The critical control panels, the power supply, the train doors and most importantly the signaling system all require close monitoring and defense.

“The real-time signal system is what decides which train, with which driver, is where and on what track. This is the holy grail of every attacker. It is the most critical system for train safety,” said Arov.

The train system’s Cyber Security Operations Center (CSOC) provides a constant overview and will sound a real-time alert when something suspicious takes place.

The CSOC draws attention to problems as they are detected. Operators can then manage the risks—like deciding whether or not to halt train traffic or avoid using a certain part of the track.

“In the end, the solution is stable, holistic and does not harm functionality,” said Arov. “We understand we have to support the main process and not disrupt the train’s functions.”

‘Privacy is a central issue’

When it came to setting up a defense program for the Bank of Israel’s National Credit Registry, Rafael faced a different set of demands. Unlike the country’s rail system, cyber attacks on the registry were not potentially life-threatening, according to Arov, but could still cause significant damage to the country.

The registry contains plenty of sensitive data in one location, and Rafael had to devise a way that allowed non-governmental organizations, like credit bureaus, to access the figures without leaks.

“We built a system that intimately supervises what information is being accessed, grants authorizations, conducts checks and monitors all connections between the computer system and the business-transactions world,” said Arov. “This was a different kind of problem that required a different solution from the train network.”

Yet here, too, Rafael built a CSOC that creates a single picture of all cyber activities and provides real-time alerts.

“Privacy is a very central issue in this kind of project. There is data here that would be very interesting to others. Even registry employees cannot access restricted data without triggering an alert. Privacy is severely enforced here,” he added.

In recent years, Israeli authorities have created more order in terms of defining their jurisdiction in the sensitive world of cyber defense, after years of uncertainty.

The Israel National Cyber Directorate is responsible for policy on defending core national infrastructure. The Shin Bet domestic-intelligence agency plays a central role in national cyber defenses, too.

Ultimately, Arov said, despite the appearance of so many companies and so much investment into cyber defense, the threat is here to stay.

“Our sense is that products are not the ‘be all and end all’ in this world. Even if you have a really good lock on your door at home, it doesn’t mean that someone can’t breach it. The solution has to be comprehensive. One also has to deal with windows, and intruders can come in through the ceiling and walls. Locks are great, they are part of the solution, but they’re not enough,” he argued. “It is important to understand the big picture. In the end, cyber defense is not a one-off event.”

Pro-Israel Journalism
Done Right

JNS works around the clock to provide high-quality, pro-Israel content. We’ve taken numerous steps to improve the quality, quantity, and distribution of our content for even greater impact. We intend to keep on growing, and to do that we need your help.

Please help us take pro-Israel journalism to the next level with a tax-deductible sponsorship, either on a one-time or recurring monthly basis. Jewish News Syndicate is a 501(c)3 not-for-profit organization.