TEL AVIV—When Israeli Prime Minister Benjamin Netanyahu took the stage at Tel Aviv University’s eighth annual Cyber Week last Wednesday, many of the cybersecurity professionals and entrepreneurs in the audience likely expected him to eloquently speak about today’s perfect storm of privacy and security challenges, from supply chain and infrastructure vulnerabilities to threats from other nations.
Fewer attendees, perhaps, expected him to reference the Hollywood action movies of Jean-Claude van Damme, who happened to be sitting in the front row for the highest-profile speech of Israel’s largest cybersecurity conference.
“Cybersecurity is a true blood sport,” Netanyahu quipped.
He went on to say “Israel receives 20 percent of the total global private investment in cybersecurity,” placing the country in the upper echelon of global cyberpowers. And he attributed that success to changes it started making five years ago.
In 2013, more than a decade after deciding to direct its Shin Bet security agency to protect critical infrastructure computer systems, Israel created a consolidated campus for cybersecurity in the desert city of Be’ersheba. There it placed Israeli military, academic, and business cybersecurity teams within 200 meters of one another.
And by 2016, the country reorganized its cybersecurity defenses under the Israel National Cyber Directorate, which reports directly to the prime minister’s office. (Just before Netanyahu took the stage, Yigal Unna, the director general of the INCD, announced that the government will create a “cybershield” to protect private and state organizations from malware and hacking.)
Contrast that with the United States, which President Trump believes is better off without a cybersecurity policy expert in the White House.
Israel’s devotion to cybersecurity appears to have paid off—at least financially. Private investments in Israeli cybersecurity companies, which often come from members of its elite military cybersecurity division Unit 8200, have exploded. Private funding last year reached $815 million, $265 million more than in 2015. Over the same period, Israel’s support of cybersecurity businesses grew from 300 companies to 420 companies, and exports of its cybersecurity services grew from $3 billion to $3.8 billion.
Israel’s unique politics, geography, and economics have played major roles in its transformation into a cybersecurity industry power player, according to an Israeli cybersecurity official whose name and title the INCD requested we not publish.
“The scale here is not the same as in the U.S. or U.K. That makes it easier and more logical to consolidate and be more efficient in using our resources, which are limited,” says the official of her country, home to about 8.5 million people living in a space about the size of Fiji.
“Each country needs to form a strategy, and then create the organization to support this strategy,” she says. “Is the nation under threat? What are those threats? Israel is constantly under threat. So cooperation and reacting fast are very important.”
A hacker’s goals also dictate how targets as large as a country or as small as a private company should build their defenses, she says. Stopping hackers who want to steal money, intellectual property, or personal information is not the same as stopping hackers who want to cripple or destroy critical infrastructure—or lives.
“Every country needs to check what their nation’s interest is, and what they’re trying to mitigate,” she says. How it organizes its cybersecurity apparatus “is only a means to an end.”
They also need to take a close look in the mirror, she says. While countries may share the goal of preventing a wide range of computer and network attacks, they invariably have diverse sets of available resources, from human to economic, that play key roles in determining how to plan cyberdefenses.
Be’ersheba’s emphasis on cybersecurity, along with the speed at which it has developed, have made observers very excited, says Lior Tabansky, author of Cybersecurity in Israel and head of research development at the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University.
“It is clear that if you co-locate people from different sectors, it is strongly correlated with success,” he says, noting that Israel already had a similar cross-sector investment of academia, business creation, and government agencies in Tel Aviv, alongside separate successful efforts in northern Virginia, East London, Berlin, and elsewhere.
But there’s no guaranteed winning formula for international cybersecurity prowess, he cautions. And success itself is subjective.
“These processes take decades. You can try to measure that success now, but it’s too early to say,” Tabansky says. “It’s less a security and defense issue, and more about developing national capabilities and regional socioeconomic benefits.”
Seeing returns on investments in cybersecurity also doesn’t necessarily translate to deterring attackers.
Noted Israeli hacker Ilan Graicer, who took the Cyber Week stage the day after Netanyahu, told the crowd that he is not convinced that Israel’s economic investment in the development of cybersecurity companies would do anything but create corporate profits.
Cyberattacks are growing in number, he said, and they’re often succeeding with old attack methodologies that nobody has figured out how to stop.
“Cybersecurity is shit, and we should stop spending money on it,” he said.