December 10, 2018

Israel’s CyberGym leads in protection from cyber attacks

This story orignally appeared on themedialine.org.

Striving to meet the increasingly daunting challenge of protecting the Israel Electric Company's (IEC) national infrastructures from cyber attacks and intrusions numbering in the thousands has spawned the creation of CyberGym, a joint venture between IEC and CyberControl that is already benefiting corporations of all descriptions that rely on electricity and computers.

The proactive CyberGym was established in order to be able to handle the growing number of cyber attacks – some 6000 network events per second and hundreds of attempts to intrude the various electricity systems – that are fended-off every day. Seen as revolutionary in the industry, a staff was assembled to locate and monitor intrusions in the communications systems while a facility was established to practice cyber protection.

“We focus on the human link. We train teams to be ready for an attack and how to deal with it in training sessions tailor-made for each corporation,” said Meirav Peled, CyberGym's director of marketing. “We don't maintain that the attacks will stop, but this way, when they happen, the reaction will be faster and it will reduce losses,” Peled told The Media Line.

[Related: ISIS hacked website of L.A. Jewish rapper]

Israel faces a growing threat to communication infrastructures from cyber-attacks, one that has quickly risen to a national level threat, and is one of the most significant battlefields of today. The establishment of this “cyber-arena” is one of the measures being taken to prevent any damage to strategic foundations resulting from organized attacks by hackers against the national infrastructures.

“The variety of cyber attacks is quite large, from criminal ones leading up to international terrorism,” according to Ofir Hason, CEO of CyberGym. “There are all kinds of Trojan horses and attacks coming from a variety of epicenters. It's a combination of criminal attacks, cyber-crime, cyber terror and politically motivated cyber-attacks as well,” he said.

Most of these attacks target infrastructures based on industrial control systems, as well as computer based systems with large servers and networks. The main targets are usually large businesses and financial corporations that keep critical data on servers and networks such as these. But recently there's been a rise in politically motivated cyber-attacks, with cyber-terrorists attacking infrastructures of national importance, like the IEC, but also banks and food manufacturers.   

This is where CyberGym steps in, teaching companies to understand what they're dealing with and how to react during an attack. The training takes place at the IEC's training facility in the town of Hadera, which mimics elements of a client company's home environment such as its office space, in order to customize the simulations and cater to each company's specific needs.  

The simulations are comprised of three teams: the red team, which attacks; the blue team, which defends; and the white team, the control and crisis management team. Each of these teams practices different scenarios, managing “attacks” in real-time simulations.

Companies both in the private and public sectors, from governments to military and financial institutions, are signing up for training at CyberGym's facility since its launch one-year ago. Attacks that intrude into computers and networks can cause significant damage to these organizations, exposing secret and sensitive information, disrupting operational processes and even possibly damaging public health and security. Some of the industries the company services are airports, roads, power plants, trains, water and energy facilities.

“We work with different sectors of critical infrastructures and financial institutions; critical corporations that need to be protected,” Peled said. Most of their clients have critical data that needs to be safeguarded, but this category isn't just limited to financial institutions and government agencies. Food manufacturers also work with CyberGym to safeguard their data since any change in recipe or ingredients by hackers could lead to poisonings.

A cyber-attack causes a variety of different effects, ranging from damaging expensive equipment and depriving a company of their ability to deliver their services, to loss of human life. Infected systems can cause malfunctions in equipment, which in turn can damage not only the machinery or devices, but also anyone standing around it at the time. And just like hacks into food manufacturers can lead to public health issues, hacking into hospitals or healthcare databases can lead to dangerous mix-ups of medicines and even blood-types.

Although cyber-security training is not a new industry, CyberGym is the only company providing real-time simulations and live training in attack situations. Since opening its training center a year ago, CyberGym has been fully booked. Hason told The Media Line that the company is currently in the middle of expanding into Europe and working with countries that have a holistic, or multi-dimensional, approach to cyber security.   

As CyberGym grows locations, those on-board become active elements in training associated companies. “We're looking to open arenas around the world, to work within other countries but also to interact with each other and work together as well — to attack each other in different languages and different time zones, as a way for teams to learn to always be ready and expect an attack,” Peled explained to The Media Line. 

Recently, CyberGym announced the launch of RoboThreat, a new platform that will manage cyber-attack scenarios specific to industries and tailored to the networks, platforms and operating systems being used by the organization currently training.

“Our attacks have to be modular and elastic, corresponding to the reactions of the blue (defense) team. RoboThreat is changing the way the system reacts to the actions taken,” Hason told The Media Line. “The system is unique; it changes according to the action and adapts to the different situations.”

The cyber-security industry has developed in the last six to eight years as a response to the growing number of people using the cyber-domain as a way to conduct attacks and threaten countries and infrastructures. This threat developed due to the cyber-domain's low entry threshold, creating an easier alternative to physically entering a conflict.

The threat of cyber-attacks doesn't just affect corporations and national infrastructures; individuals are also vulnerable to its dangers, albeit on a different scale.

“A good example is the recent ransom attacks that were aimed at personal computers and the laptops of individuals in C-level positions,” Hason said. “The computers were 'taken hostage' in order to collect a ransom from people in high-level positions,” he said, adding that threats on individuals run on a much larger scale and have more issues that could potentially arise.     

At the 3rd International Homeland Security Conference in Tel Aviv, where security companies from around the world were present and showcasing their products and services, a former chief of Israel's foreign intelligence agency, Mossad, Maj. Gen (Ret.) Danny Yatom, said that cyber terrorism is a major homeland security concern, explaining that attacks on companies and organizations vital to a country's infrastructure could cause serious damage, since by turning off the electricity, they would essentially be turning off all life.

“Cyber security is not just an issue for IT people,” said Peter Andres, Vice President of Corporate Security at the Lufthansa Group. “We have to understand what the threat is and we have to put effort and brain into the concept before we make technology to fight it.”