In a 2009 book on Israel’s startup culture, Unit 8200, the country’s cyber intelligence unit, was likened to the Ivy League institutions in the US from which tech companies sought out top talent.
Amir Ofek, a former Unit 8200 captain and CEO of cyber security startup CyberInt, should know. After all, over half of his employees hail from the elite Israel Defense Forces (IDF) unit, which is known to have a vigorous selection process.
“I would select a Unit 8200 graduate any day over anybody else, because I know I’m getting a trained and skilled person who will be effective from day two of the job,” he told Computer Weekly.
“I know he will understand cyber space and how hackers think, and he’ll be able to continue his career from the IDF to the civilian world,” he added.
The fact that Unit 8200 has a startup, entrepreneurial culture helps to ease that transition too. Ofek said the unit offers a “non-military-like” environment, where officers are expected to swim in difficult waters early on and face challenges head-on in an innovative way.
“There’s an entrepreneurial spirit and people are given a free hand to tackle issues and ideas,” he said.
Gathering cyber intelligence
One of the critical skills that former Unit 8200 officers can bring to their employers is their ability to gather intelligence that is relevant to organisations.
Ofek said generic cyber security reports and trends are nothing more than good reading material in the media, and what matters most is contextual intelligence, such as whether the next ransomware attack will target specific organisations or governments.
“The intelligence that Unit 8200 deals with is not generic,” he said. “To have relevant intelligence, you need to be able to fetch the right information in the context that matters to you.”
In March 2017, Singapore’s Ministry of Defence said it would set up the Defence Cyber Organisation (DCO), a new cyber command to oversee policies, train cyber units to monitor and defend military networks from threats, as well as assess vulnerabilities and detect attempted intrusions and breaches.
When fully staffed, the DCO is expected to have 2,600 soldiers, supported by scientists and engineers in Singapore’s Defence Science and Technology Agency.
Read more about cyber security in Singapore
- Many of Singapore’s medium-sized and large organisations do not have a dedicated security budget or teams to respond to cyber threats.
- Only 20% of chief information security officers in Singapore and Australia say their organisations can prevent data breaches, according to a survey.
- The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research.
- Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme.
A new cyber vocation will also be created so that the Singapore Armed Forces can tap the full-time national servicemen under Singapore’s existing national conscription programme to defend military networks and systems.
The servicemen, to be deployed in August 2017, will also support the Cyber Security Agency of Singapore in protecting critical information infrastructures.
Ofek said Singapore’s plan to deploy conscripted servicemen is similar to what Israel has been doing, noting that military operations have an advantage in grooming and tapping cyber security talent to fend off cyber threats at a lower cost than in the private sector.
“But it doesn’t stop there. You will also need to build cyber security awareness and train cyber security professionals outside the military,” he said, adding that this could be done by simulating cyber attacks and the actions needed in response to those attacks.
Detecting targeted threats
Ofek said in Israel, whose population is about the same size as Singapore’s, the government knows it cannot protect every organisation from cyber attacks because it is not sustainable. Instead, what it has done is to encourage enterprises to undergo cyber security training and put in place threat detection capabilities.
“Some industries, such as financial services, which are regulated are better protected than others,” he said. “We’ve worked with the central bank of Israel as a consultant to come up with directives on IT risk management and procedures that will help banks detect threats early.”
Ofek stressed the need to detect targeted threats to minimise inconvenience to users. In airport security checks, for example, he said Israel addresses targeted threats by profiling travellers rather than imposing more and more security measures.
“Israelis have a practical way of thinking,” he said. “We want to address targeted threats and don’t want to impose an overload of security when it’s not needed. So, whenever there’s a targeted threat at the airport, you’ll immediately see a change in behaviour and controls.”