Gartner Blog Network

Lessons from the Israeli CyberFront

by Avivah Litan  |  September 22, 2014  |  3 Comments

I just returned from a week in Israel, which always seems to me to be Ground Zero for CyberSecurity.

Here are some of the takeaways I came back with from my visit:

a) Life goes on – and the security community continues to innovate

I attended and spoke at one of the major Israel cyber-tech events of the year at Tel Aviv University (see You would never know this community had just emerged from a two month long onslaught of Hamas Missile attacks. I realize it’s an entirely different discussion on the political ramifications and issues but from a tech perspective, the resiliency had at least something to do with Iron Dome and the fact that the community didn’t take too many physical hits.

I was fortunate to spend a half hour with the founder of the Iron Dome project, Danny Gold, who described this three year development effort that started after his 2004 idea and difficult yet persistent efforts with the Israeli Ministry of Defense to raise the requisite funds. His contract was finally signed in one lucky week in 2007 and was followed by an intense three year development effort of a project team of 300-400 staff that worked 24/7 and had no other life until they finished the job. The interdisciplinary team was composed of engineers in multiple disciplines, including; software, cybersecurity, mechanical engineering, chemistry, metal logistics, genetic algorithms, aeronautics, neuroscience and more.

The most interesting panel I listened to at the conference was about ‘hacking the brain’ and reading and influencing people’s thoughts. A panel of SMEs involved in this subject concluded that these capabilities would have the most impact on fraud – by enhancing fraudsters’ cognitive abilities, ability to grow limbs and body parts and sequence DNA. Great, just what we need!

b) CyberTerror is alive and well

Maybe I’m naïve, but I was surprised to learn how active cyberterrorists are in attacking Israel’s crticial infrastructure. I’m not sure who backs these cyberterrorists and who writes their code, but some are technically sophisticated enough to create a real nuisance and damaging malware that must be dealt with. These players are not nation states like Iran or Syria, nor are they cybercriminals from Russia out to steal money, hactivists out to make political statements through service disruptions, or Chinese cyberspies out to steal intellectual property. They are their own category – i.e. terrorists using cyberwar techniques to disable civilian operations. I would imagine these terrorists don’t limit their targets to Israel. I just haven’t yet heard about them operating anywhere else.

c) Insiders continue to be some of our worst enemies

I met with a vendor that services most of the largest wireless telcos in the world. This provider has its own security research division that goes into the Dark Web via TOR to look for threats against their clients. What do they find? Lots of customer data and other company secrets (e.g. how to hack a PBX switch or which codes to use for free phone service) for sale on multiple Dark Web forums. And who were they purveyors of such goods? The carriers’ employees themselves. I know this may not sound like news to some of us but I was floored to learn of the extent of this activity.

d) Paranoia about Google and Facebook

OK, paranoia may be an extreme term here but Israel takes these companies seriously when it comes to their users’ abilities to affect national security. A former Israeli government official told me about an academic study (that many others know about) in which a control group of about 700,000 Facebook or Google users were influenced via various messages that influenced users’ behavior in predictable ways. The concern is that only the U.S. government presumably has legal access and influence over these mega U.S. based companies and is therefore at a great advantage from a national security standpoint. (I realize this is a very contentious area).

e) People People People

We all know that people are the weakest link in any security program but I heard a lot more about good old fashioned people screening in Israel than I have heard in any discussions with security folks in other countries. Israelis put a tremendous amount of effort into perpetual screening of their employees and partners etc. and take a risk based approach whereby those with greater privileges are screened more deeply and more often. I realize other countries and players may find such screening offensive to civil rights but it makes perfect security sense to me.

f) Parting thoughts

After speaking at a CISO forum, one of the attendees and I had a good chat afterwards and he summed up good security practices in three bullet points that I will definitely remember:

1. Forget about prevention and focus on rapid detection and containment. Criminals can easily see, figure out and therefore beat the prevention methods we put out there so why waste time on those?

2. Constantly change your environment. The hackers can only succeed if they know how your environment works. If you keep changing it, they can’t penetrate and perpetrate their crimes.

3. Focus on the people. Raise security awareness among employees and make sure you really know who is on your team and in your virtual circles.

Well informed practical advice coming from a practitioner who’s been through more real-world security training than most folks I run into.


Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio

Thoughts on Lessons from the Israeli CyberFront

  1. We are glad you enjoyed your visit and came away with such valuable takeaways. Israeli vendors and endusers are always impressed with your insight on emerging cyber and fraud approaches and especially liked your analysis of the Target Breach. We look forward to having you back again.

  2. The most popular example being the regulatory legislation many states currently face which efforts to cap
    Cash Advances at a maximum of 36% APR which meaning a lender
    could only charge 1.

  3. The largest amount that can be given as a loan depends on their state and other

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.