The Network Security Trident – Going Beyond Compliance

First and foremost, I am not a big fan of “compliance.”  I say that with some reluctance because there are certainly some positive aspects of the notion.  The PCI/DSS standard provides an effective and comprehensive framework that organizations can use to help shape network security strategy.  Unfortunately, there is an overwhelmingly negative aspect of compliance that may actually drive organizations to a type of mediocrity which inevitably results in a higher level of risk.  This may seem a little counter-intuitive, but stay with me while I offer a brief analogy that may clarify my point.

When I was in the Navy, all military personnel were required to participate in a semi-annual fitness test.  The standards associated with the test were broad in that it wasn’t very challenging to meet the minimum standard, but it was exceptionally difficult to score the maximum on the test.  Not surprisingly, those Sailors who worked to achieve the best score were much more physically fit than those Sailors who strove for the minimum score.  Those who were content with doing just enough to get by weren’t necessarily bad Sailors.  But those Sailors who strove to maximize their performance on the test were usually above average performers overall.  The parallel here is that organizations must move beyond merely compliance to ensure they are cyber secure.

But moving beyond compliance to achieve true security excellence can be intimidating and overwhelming.  That being said, I have found that if a complex process can be distilled down to a few basic components, it becomes considerably less onerous.  To move beyond compliance and move towards being truly secure, I would focus on improving the following areas:

  • Technology
  • Experts
  • Behavior

Think of these as the points of the Network Security Trident:

Network Security Trident


I view technology in two contexts; prevention and detection.  Those organizations that rely on prevention alone (which would meet most compliance requirements) are bound to suffer the same fate as Target, Home Depot, and the long list of other companies that fail to adhere to Cyber Security Rule #1: You will be hacked.

Accepting this idea should drive companies to find and deploy hack detection capabilities.  This is particularly true for Retailers as Black Friday, Cyber Monday, Chanukah, and Christmas shopping are right around the corner.  The idea is to minimize the time between compromise and detection which will in turn mitigate the amount of time a hacker has to find and steal customer data.


Most businesses solve the human part of the resource problem by leveraging IT Staff to perform security functions. This approach is problematic for two reasons.

First, Information Technology is NOT Security.  The skill set of a true Cyber Security Expert is complimentary, but fundamentally different from the skill set of an IT Professional.  The best Cyber Security Experts have experience in defeating network security measures – they know how to hack, which makes them exceptionally well qualified to find hackers on a network.

Secondly, the primary function of IT Staff is network operations.  Adding security responsibilities to the workload of an IT Professional will inevitably result in reduced efficiency in both network operations and/or network security.

But the truth is that finding the Cyber Security Experts that I just mentioned is extremely difficult, and paying for them is even more challenging.   The good news is that some security companies can provide businesses with viable Cyber Expert outsourcing solutions.   I caution companies that choose to rely on technology solutions alone to address detection.  While it’s true that machine intelligence is effective at catching the majority of threats, there are a small percentage of sophisticated attackers that avoid detection by purely technological solutions and can only be detected by humans with the right skills.  Remember, it only takes one successful hacker to cause a world of trouble for a company.


User behavior is the last, and arguably the most critical leg of the Network Security Trident.  One user mistake, or one user who fails to follow established policy, can cause that world of trouble that I just talked about.  It doesn’t matter if a company has deployed the most advanced technology operated by the most highly skilled cyber security experts; one user action can have a catastrophic impact on a business.  So every organization that wants to be serious about security needs to follow two simple rules:

  1. Train your people
  2. Enforce policy

There’s a saying in the Navy of “everyone is a Safety Officer”   which I extend to the private sector as “Everyone is a Cyber Security Officer.”  That means that every employee should have some basic understanding of information security principles and best practices.  For the administrative assistant being a Cyber Security Officer might mean understanding what a secure password looks like.  For a network Administrator being a Cyber Security Officer might mean understanding that surfing the internet while logged on as an Administrator is dangerous; a compromise could result in root level access to the network for a hacker.   Every member of an organization plays a role in securing the retailer’s network and protecting sensitive information.

People make mistakes, so we should expect that a user will from time to time expose the company to additional risk of being hacked.  But failure to follow policy is a different story.  Policy missteps are often associated with members of an organization not paying attention to detail, and in more egregious cases policy infractions result from users deliberately ignoring policy. So like the Cyber Security Officer, everyone in an organization has a role to play when it comes to following and enforcing policy.  But it starts at the top.  CEO’s and Management Teams must ensure that policy is reasonable and that it aligns with business functions and objectives, and they must demand policy compliance from their people.  Leaders must hold employees accountable in cases where policy is deliberately ignored.

In closing, The Network Security Trident (Technology, Experts and Behavior) provides a helpful framework which can help companies drive their organizations to achieve network security excellence, moving beyond mere compliance.

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. He personally directed forces conducting cyber operations across the global Navy cyberdomain and oversaw development and implementation of cooperative (Blue Team) and non-cooperative (Red Team) cyber readiness assessments across the Navy cyber infrastructure.

We are our own worst Cyber Enemy: 3 Simple Rules to Avoid Being a Cyber Victim

3 Simple Rules to Avoid Being a Cyber Victim

I think it was Walt Kelly, the famous cartoonist, who said “We have met the enemy and he is us.”  How true that sentiment is when it comes to cyber security, and the Hackers know it.   In spite of the diligent efforts of businesses to secure their networks with the latest and greatest automated technology, employees continue to make mistakes that inevitably lead to successful penetration of their company’s network by hackers.  But all mistakes are not created equally.  

A lot of employees practice poor cyber hygiene and have bad habits when it comes to using the internet.  But to be fair, some fall victim to hackers who use clever tricks to influence bad decisions.  The security industry characterizes these tricks as “social engineering” which is different from what political junkies use to characterize the imposition of social change by a governing authority.  In the cyber security context, social engineering is a non-technical tactic that hackers use to persuade a person to unwittingly reveal information or take an action that gives a hacker access to information.  In the military we call this “influence operations.”

Hackers often use modern phone scams to dupe unsuspecting victims into surrendering their authentication credentials and other valuable information over the phone.  They might send malicious code to a smartphone, also called “smishing”, betting that the victim is unaware of the risks associated with text messages from unfamiliar sources.  They might also revert to the timeless conversational tactics practiced by their analog ancestors, the con artists. But the most prolific form of social engineering is associated with Spear Phishing, a hacker tactic that leverages carefully crafted emails directed at a specific person or group of people.    We’ll talk about Spear Phishing in a little more detail later.

So you may be asking, how do I defend against social engineering?  Well, there are a lot of things we can do but there are three things that everyone can do immediately make ourselves less vulnerable to these types of attacks.  All three are related to email, the most popular attack vector among hackers.

First and foremost, PAY ATTENTION TO YOUR EMAIL! Please excuse my use of capital letters, I’m really not yelling at you as the rules of online etiquette would suggest.  I’m simply emphasizing the absolutely essential need for understanding the risks associated with emails.  Yes, there are inherent risks associated with what should be an incorruptible tool.  It really comes down to three simple rules which will help reduce the likelihood of a successful social engineering attack against you.  Notice I used words like “reduce” and “likelihood?”  That’s my not so subtle disclaimer that nothing we do in the cyber security world is 100% effective.  Stoney’s First Law of Cyber Security clearly states that “it isn’t a question of if your network will be hacked, but when.”  The same principle applies to social engineering.  So here are the rules:

  1. Rule #1:  Think before clicking! Never click on a link embedded in an email regardless of your perceived familiarity with the sender.  If you need to access the web page associated with an embedded hyperlink, copy it and paste it into your browser window.
  2. Rule #2:  Trust your gut!  If you see an email in your queue that appears unfamiliar or suspicious, forward it to your provider, or company spam email account.  Ideally, your company would have a high end email security system (like EdgeWave’s ePrism) to stop the majority of emails as malicious before they get to your inbox.  Remember, Stoney’s First Law says that some malicious emails will get through.
  3. Rule #3:  Do not use “preview” pane in your email program! Hackers figured out a while ago how to execute malicious code when the email in which the code is embedded is opened.  Using the Preview pane could have the same effect as you opening an email.  This effectively eliminates your ability to NOT open suspicious or unfamiliar emails…see Rule #2.

So let’s talk a little more about Spear Phishing.  I’ve always been amazed with the ever evolving cyber security taxonomy.  For the most part, the names we given to hacker tactics and techniques are elegant in their simplicity.  The monikers actually make a lot of sense when you think about them.  Take Phishing and Spear Phishing.  When I think about Phishing, I visualize fishermen casting wide nets intended to catch as many “things” as possible.  Presumably the “things” are fish, but Phishing is indiscriminate so you could catch a old tire or license plate.  On the other hand, Spear Phishing is intended to catch a specific fish, that’s why we use a “spear”…anyway, I digress.  On with our discussion about Spear Phishing.

In my mind, Spear Phishing epitomizes the “targeted attack.”  I say that because in order to execute a Spear Phishing, the hacker needs to do some work.  The hacker actually uses a methodology to shape the attack.  It starts with Reconnaissance.  As a former Naval Officer and war fighter, I have a deep appreciation for how critical reconnaissance is in shaping and executing a successful attack.  When a hacker performs reconnaissance, he will use non-technical and technical methods for gathering as much information about the intended target as possible.  His intention is to piece the information together in order to identify vulnerabilities and determine which vulnerabilities to attack.

I mentioned non-technical and technical reconnaissance.  Non-technical reconnaissance is about gathering publicly available, also called open source, information about a target.  Technical reconnaissance is performed by directing packets at a target, and assessing the replies in order to identify vulnerabilities in the target’s network infrastructure.

Once the Reconnaissance phase is complete the hacker is ready to attack.  He uses information gained through reconnaissance to identify a list of employees at the targeted company.  He crafts an email that spoofs an internal email from a member of the management team to the employees on the list.  The hacker inserts a link that appears to be the address of a website frequently accessed by company employees, and includes a message intended to drive at least one of the email recipients to click.  The hacker makes a subtle change to the website URL hoping that at least one of the victims will fail to notice discrepancy.  The link will connect to a malicious website designed to mimic the real website.  The hacker understands that his chances are very good that at least one of the employees will not follow Rules #1 and #2 by clicking on the email…and the hacker’s bet is a winner!  

One employee clicks on the link and as soon as the malicious website loads on the browser, a malicious script automatically runs, executing exploits of vulnerabilities identified during the Reconnaissance phase.  In a matter of seconds, the hacker has gained access to the employee’s computer establishing a foothold on the company network.  From there the hacker does what hackers do; escalates privileges to the System Administrator level, moves laterally and vertically across the network, looks for and finds valuable data to steal.  Oh by the way…other employees that have their email preview panes enabled, and we know they’re out there, will create additional opportunities for hackers to enter the network…Rule #3!

So there you have it folks.  Three simple rules of email safety that if followed,  will dramatically lower your risk of you and your company becoming cyber victims.  Stay Cyber Safe!

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. He personally directed forces conducting cyber operations across the global Navy cyberdomain and oversaw development and implementation of cooperative (Blue Team) and non-cooperative (Red Team) cyber readiness assessments across the Navy cyber infrastructure.

Network World Names EdgeWave Firewall New Product of The Week

Network World has named the EdgeWave EPIC Next Generation Firewall a member of the “New Products of The Week”


Key features: The EdgeWave EPIC Next Generation Firewall is the industry’s first to combine expert human analysis with machine intelligence delivering to the enterprise an ability to stay ahead of constantly evolving web-based attacks.

Why The USA Hacks

The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.

 Last in a six-part series on the motivations that compel nation-states to hack.

The United States operates in the cyber domain as a national entity for a simple reason — to protect its citizens. Like traditional notions of national defense, cyber operations extend across political, economic and military pillars of national power. But cyber operations are, in a sense, more complex, because they affect the pillars of power more profoundly, due to the speed at which they occur.

Consider how quickly the Allied Forces moved across Europe during World War II following the D-Day invasion on June 6, 1944. Within about a year, the allies coordinated a multi-pronged campaign attacking the German military on the ground, the economy from aerial bombardment of German industry, and politically by strengthening the Allies while simultaneously dismantling the Axis forces. Now consider the speed at which a modern aggressor nation could attack another nation’s military, economy and political establishment through cyber warfare. With the right planning, a well-coordinated cyber campaign could be executed with an immediate impact and with the same devastating effects.

In spite of the insight into NSA operations provided to us by Edward Snowden, I am steadfast in my belief that U.S. cyber operations are focused solely on national defense and that those operations do not include the exploitation of information for economic or financial gain. Moreover, the U.S. government imposes strict limits on cyber espionage through statutes and regulations, and holds agencies accountable for violations of those statutes and regulations through comprehensive political oversight.

Flag Map by Lokal_Profil via Wiki-media Commons

This is not to say that there isn’t potential for abuse of power of agencies in the cyber national defense community and the political establishment. That potential certainly exists and could manifest itself, should the wrong people ascend to leadership roles in government at the wrong time. For skeptical readers, I can only emphasize that my assessment is based upon personal observations made during my recent tenure in the Department of Defense cyber community. For this discussion, I’ll focus on the three organizations that contribute to the national security effort by confronting threats from aggressor nations: CIA, NSA, and United States Cyber Command.


CIA Mission Statement
Preempt threats and further US national security objectives by collecting intelligence that matters, producing objective all-source analysis, conducting effective covert action as directed by the President, and safeguarding the secrets that help keep our nation safe.

Cyber operations in a nation-state context map directly to every aspect of the CIA mission statement. By collecting intelligence and producing analytical reports, the CIA plays an important role in building the threat picture for the intelligence community. But CIA cyber operations are bounded by the guidelines of Executive Order 12333 and Title 50 of the U.S. Code. EO 12333 restricts CIA operations involving U.S. citizens in the United States, and Title 50 refers to intelligence agencies, intelligence activities, and covert operations. Because CIA operations are clandestine, there isn’t a broad body of knowledge available to the public that demonstrates how the agency operates in the cyber domain. But most recently, we did learn that the CIA was allegedly involved in Operation Olympic Games, a cyber campaign directed at denying Iran nuclear weapons capability.


NSA Mission Statement
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.

Although the reputation of the NSA, courtesy of Snowden, has been tarnished both inside and outside of the U.S., it’s important to realize that this agency has a long and storied history of protecting the United States from the full spectrum of adversaries, by leveraging superior technology throughout the electromagnetic spectrum. Prior to the age of cyber, NSA operated in the spectrum to collect and analyze signals intelligence across the globe. Although information related to NSA operations is limited, because of security concerns, many operations find their way to the media, but the stories are often based more upon speculation than hard facts.

Clearly written in the NSA mission statement is the task of enabling computer network operations, implying both offensive and defensive capability. From a practical standpoint, the NSA is the functional leader of U.S. computer network ops across government, including the Department of Defense. There is a deep symbiotic relationship between NSA and the uniformed services, particularly the Navy. That link was formalized through CSS, the component of NSA responsible for providing cryptologic support to the Armed Services.

Like the CIA, NSA operations are highly classified, and when aspects of an operation end up in the public forum, they are typically subjected to a tremendous amount of speculation. The end result is usually an interesting story loosely based upon opinion. But some accounts of NSA operations are compelling and simply make sense. Ronald Reagan’s decision to launch air strikes against Libya (Operation Eldorado Canyon) following the 1986 German disco bombing which, unfortunately, took the lives of at least two U.S servicemen, was believed to be based upon critical signals intelligence provided by NSA.


United States Cyber Command (USCC) Mission Statement
USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

In the information age, military operations are completely dependent upon information systems for myriad reasons, ranging from command and control of operational forces in the battle space, to weapons systems, to everyday business of running the Navy, Army, Air Force, and Marine Corps. That dependence was the motivation behind the establishment of the United States Cyber Command in 2009.

As Director of NSA, General Keith Alexander was the driving force behind the creation of an organization dedicated to supporting U.S. combatant commanders in the field. General Alexander knew that the U.S. military needed a unified force of cyber operators, which could operate with the warfighters in the uniformed services, as well as with agencies like NSA. The connection already existed from an administrative standpoint, but there was no operational link with NSA. The distinction between operations and administration is significant because the U.S. government, particularly DoD, correctly views cyber space as another warfighting domain, akin to air, land, and sea. The bond between NSA and USCC was solidified with the dual responsibility of the Director NSA and Commander USCC.

The cyber army that General Alexander envisioned is taking the form of a Cyber National Mission Force of roughly 6,000 military personnel. The force, which will be distributed across 133 teams and is on track to be fully functional by 2016, will focus on three areas: providing support to combatant commanders across the globe, defense of the DoD information network, and protection of the nation’s critical infrastructure and key resources.


Why we hack
When we look at all of the nations which we have discussed in this series, it isn’t surprising that the common answer to the question of “Why They Hack” is national defense. But to assume that national defense has the same meaning to different governments is overly simplistic. While we understand, intuitively, what a literal defense of a nation commonly means, the behavior of some nations in the name of national defense is difficult to explain.

We see China and Russia engaging in exploitation of intellectual property for economic and financial gain. We see Iran and China conducting cyber operations in an effort to expand their spheres of influence. We see North Korea lashing out in an effort to demonstrate its relevance in the geo-political community. Finally we see Israel and the United States conducting cyber operations to protect their national security.

Does this mean that the United States and Israel maintain higher ethical standards of cyber conduct? I believe the United States does, but I admit that the point is arguable. We know that the United States has made mistakes; the Snowden data suggests that it did. But in the end, US cyber operations are bounded by laws, regulations, and accountability, and that’s the only way to maintain order in an environment rooted in disorder.

More on this topic:

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. He personally directed forces conducting cyber operations across the global Navy cyberdomain and oversaw development and implementation of cooperative (Blue Team) and non-cooperative (Red Team) cyber readiness assessments across the Navy cyber infrastructure.

Why Israel Hacks

Israel’s tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.

Fifth in a series on the motivations that compel nation-states to hack.

Israel’s intelligence corps, Unit 8200, has rapidly grown into one of the world’s most formidable cyber counter-terrorism organizations. The elite group employs Israel’s best and brightest to combat existential threats to its national security in the cyber domain. The number of nations and terror groups that threaten Israel is considerable, and the significance of the threat varies from political posturing, to a credible threat of harm to Israel as a nation and their people.

To understand how Israel has found itself in an adversarial relationship with most of its neighbors, it is useful to review the evolution of Israel as a nation. Admittedly, the history of modern Israel and its relationship with the Arab world is exceptionally complex. With that, the following is a brief summary intended to provide some historical context; it is not in any way intended to be comprehensive. I don’t usually include disclaimers in my blogs, but given the complexity of the issue, I want to set the right expectations.

A brief history
Beginning with the Zionist movement toward the end of the 19th Century, European Jews began migrating to Palestine in response to a growing tide of anti-Semitism. A number of events occurred in the first half of the 20th Century that would keep the growing Jewish community in Palestine on course toward achieving an independent Jewish State. The carefully crafted language of the Balfour Declaration of 1917 endorsed the creation of a Jewish “Homeland” in Palestine. The British Mandate for Palestine, authorized by the League of Nations in 1922, provided guidance for the establishment of a Jewish “Homeland” in Palestine.

The massive migration of Jews leaving Europe following World War II stemmed from suffering years of brutality at the hands of Nazi Germany and decades of enduring systemic patterns of anti-Semitism across Europe. These events contributed to a growing distrust of Zionists, and the nations that supported them, among Palestinian Arabs. The escalating tension between the two groups reached a tipping point with the end of the British Mandate in May of 1948, followed immediately by the Zionists declaring an independent Jewish State, Israel.

Although Jews and Palestinian Arabs had been actively engaging in hostilities during the period leading up to May 1948, the declaration triggered a broader conflict, with Egypt, Syria, and Jordan joining forces with Palestinian Arabs against the newly formed nation of Israel. The ensuing “War of Independence,” or “al-Nakbah” (“the Catastrophe”) as it was referred to by Palestinian Arabs, lasted just nine months, ending in armistice and with Israel intact territorially. Interestingly, land originally identified by UN Charter as territory designated for an Arab State, was divided among the three Arab nation signatories of the armistice, but it did not include the Palestinian Arabs.

Enmity between Palestinian Arabs and surrounding Arab nations continued to grow through the decades following the War of Independence, as the two sides fought for territory during the 1967 and 1973 Wars. But the fight was not contested in a geopolitical vacuum. Before the establishment of the State of Israel, the world’s super powers, and their associated allies, began to polarize into pro-Israeli and pro-Palestinian partnerships. The U.S. and its allies were generally allied with Israel. To counter U.S. influence in the region, Russia gravitated toward Arab nations that held anti-Israeli positions.

The U.S.-Israeli alliance, which includes an estimated as $121 billion in military and economic aid since World War II, is the foundation for anti-American sentiment throughout the Middle East and the Muslim world. Animosity toward both countries is still pervasive in region, but some Arab/Muslim nations have at times taken a more conciliatory tone toward Israel, examples of which include the Camp David Peace Accords between Israel and Egypt in 1979, and the Israel-Jordan Peace Treaty in 1994. Not so with Iran.

Enter Iran
Since the Islamic Revolution in 1979, Iran has expanded its sphere of influence in the Middle East. Today, Iran has sent a clear and unambiguous message to the global community that it wants to dominate the geo-political landscape in the region. (See Why Iran Hacks.) To do that, Iran has waged a campaign against Western influences and continues to destabilize pro-U.S. Arab nations either directly or through surrogates. Most alarming is Iran’s clearly stated intent to wipe Israel, the only non-Islamic state and sole democracy in the region, from the face of the Earth.


Israel has demonstrated a willingness to assert its national power against hostile nations or terrorist organizations on a number of occasions. The Israeli military launched incursions into Lebanon in 1982 and 2006 to squelch terrorist activity and most recently launched attacks against terrorist sanctuaries in the Gaza Strip in response to terrorist rocket attacks and kidnapping of Israeli citizens. But more relevant to the current geo-political discussion, Israel has demonstrated a steadfast resolve against nations that threaten its right to exist with nuclear weapons. In 1981, the Israeli Air Force launched a daring attack against Iraq, destroying a nuclear production facility.

Israel’s resolve to deny nuclear weapons capability to aggressor nations has since extended into the cyber domain. In 2008, faced with an imminent threat of a nuclear-armed Iran, Israel allegedly participated in a cyber-attack (Stuxnet) against Iran, destroying the programmable logic controllers associated with centrifuges used to produce weapons-grade uranium. The attack was a part of a broader strategy intended to disrupt Iranian nuclear weapons production, started during the most recent Bush Administration and carried on by the Obama Administration. These attacks, coupled with Iranian attacks against Israel have resulted in a sort of a quasi/cyber war between Israel and Iran.

The cyber battleground
Iran is alleged to have launched a number of cyber-attacks against Israel, including attacks against the Tel Aviv Stock Exchange, El Al Airlines, First International Bank of Israel marketing websites, and attacks against the Otzar Hahayal and Massad Banks. In January 2009, Israel’s internet infrastructure was attacked by at least 5 million computers in response to its military offensive in the Gaza Strip. The attack is believed to have been launched by hackers in Russia and sponsored by Hamas or Hezbollah, both Islamist terrorist organizations known to be heavily influenced by Iran. In 2012, Hamas called upon Palestinian software developers around the globe to attack websites in Israel. During that time there were reports of 44 million attacks intended to disable Israeli websites. Most recently, Israel encountered roughly 900,000 cyber-attacks per day during the 2014 Gaza campaign, an increase of almost 90 percent when compared to normal cyber activity.

Israel’s tenuous position in the world drives its leaders to stay ahead of its cyber adversaries. In September 2014, Prime Minister Benjamin Netanyahu extended the breadth of cyber defense beyond national defense organizations by establishing a national authority for operative cyber defense. This new authority will have all of the responsibility required to defend the civilian sector from cyber threats and will operate alongside the Israel National Cyber Bureau which is charged with national cyber defense. Notably, the U.S. has a similar construct in the US with NSA/US Cyber Command, Department of Homeland Security, the FBI and other government agencies, but our system may be less cohesive based upon the number of agencies involved in the effort.

With Israel Prime Minister Netanyahu’s upcoming address to the U.S. Congress, we will likely hear him frame the Iranian nuclear threat to the U.S. through the prism of the Israeli experience. He will make it clear that Israel will not wait until Iran has a nuclear weapon before acting to counter the threat. We can assume that cyber operations will continue to be a fundamental part of any campaign intended to deny Iran with nuclear weapons production capability. It will be interesting to see if the campaign is confined to the cyber domain, or if it will expand to include kinetic operations.