Meet Israel’s cybersecurity gatekeeper

BY YOAV LIMOR, Israel Hayom via JNS.org

Walking into the Tel Aviv office of Israel National Cyber Directorate head Yigal Unna, you immediately notice a very specific memento—a very weighty plaque he was awarded by his counterparts in the United Arab Emirates. Unna was part of the historic delegation that traveled to Abu Dhabi last month after the landmark peace deal between Israel and the UAE was announced, and the plaque sheds light on the deep cyber and technological ties between the two countries.

“The potential vis-à-vis the UAE is endless,” he told Israel Hayom. “We have the knowledge, tools and capabilities that can offer the issues they’re dealing with the best solutions in the world. In terms of cybersecurity, Israel is one of the most protected countries in the world. We want them to be as protected as we are,” he said. 

According to Unna, until now Israeli companies pursued only defense deals in the Gulf. Now that the Abraham Accords are in place, trade can expand to include economic and industrial ventures.

“There are many overtures by Israeli and Gulf companies that want to get started. The cyber sphere connects people and Israel is a powerhouse in this arena—one considerably larger than its physical size or the size of its economy. We have something for every actor in the region, and they all face similar threats as Israel,” he said. 

For Israel, a high volume of cyberattacks is a matter of routine. This is the price highly technologically advanced countries must pay when dealing with their enemies, be they traditional or more amorphous, such as criminal organizations or countries on the other side of the world, like North Korea.

Unna, 49, is Israel’s cyber gatekeeper and his agency guards every entity in the public and private sector—from critical state infrastructure and state-owned corporations to every last member of the public.

A veteran of the intelligence community, Unna has spent most of his professional life in the shadows; this is the first time he has ever given a press interview.

Born in Jerusalem, Unna currently lives in Givatayim. He is married and the father of three teenage sons. He skipped a grade in school and enlisted in the Israel Defense Forces at the age of 17, where he was assigned to Unit 8200, Military Intelligence’s elite division, which is responsible for collecting signals intelligence and code decryption. He later underwent officer training as a cyber-intelligence officer, rising to the rank of captain before leaving the military. 

Unna had his eye on becoming a Mossad officer, but the Arabic he studied while in uniform led him to Israel’s domestic security service, the Israel Security Agency (Shin Bet), where his experience in the cyber sphere was put to use in the agency’s operational directorate. He went on to spend his years in the Shin Bet in technology-oriented positions, mostly in the offensive sphere. In 2013, Unna was named head of the agency’s technology division, and in 2018 was tapped as head of its cyber division.

“It’s the type of role that doesn’t let you sleep at night,” he said. “You can’t revel in yesterday’s achievements because every day brings new battles and the smallest breach can cause significant damage.”

The National Cyber Directorate was effectively established in the 1970s, and has undergone several reincarnations since its inception.

Originally, defending the nation’s computer infrastructure was entrusted to a small unit in the Shin Bet, but it wasn’t until 2002 that the government officially asked the agency to protect critical infrastructure, bringing about the formation of the Information Security Directorate.

A few years later, it became clear that the Shin Bet was unable to fully meet the wide range of threats lurking in the cyber sphere, and that even non-essential state infrastructure faces challenges that must be met.

“It happened when we noticed cyberattacks on states, like Estonia and later in Georgia, and even the mishap that happened to the centrifuges in Iran,” said Unna, referring to the 2007 Stuxnet computer virus attack that crippled the Islamic republic’s nuclear program in an operation largely attributed to the United States and Israel.

“This process made us acutely aware of the fact that it [cyber] had the potential of becoming a battlefield.”

Then-Prime Minister Benjamin Netanyahu asked IDF Maj. Gen. (ret.) Professor Isaac Ben-Israel, formerly head of the Defense Ministry’s Administration for the Development of Weapons and Technological Infrastructure, to head the “National Cyber Initiative.” 

The latter outlined Israel’s cyber-defense doctrine, which led to the inception of the National Cyber Bureau in the Prime Minister’s Office, the task of which was to plan Israel’s cyber strategy. A sister agency, the National Cyber Security Authority, was tasked with the operational aspects of putting the strategy into action, and three years ago, the two were united under the National Cyber Directorate.

Like the Mossad, Shin Bet and the Atomic Energy Commission, the National Cyber Directorate reports directly to the prime minister. It employs just under 400 people, from National Service recruits to PhDs. Over half of its workforce comprises women, and about two-thirds are in cyber.

“We don’t target the enemy, we target ourselves, to make sure we are protected. We specialize in defending the ‘blue zone,’” or Israel, Unna explained.

Q: But in order to protect the “blue zone” you need to be in the enemy’s “red zone.”

A: Israel should also be in the “red zone” and there are other elements in the defense establishment that do that [mainly Unit 8200, the Shin Bet and the Mossad]. We work together with full cooperation.”

Q: How good are Israel’s enemies?

A: Every actor in this theater has to be treated with respect because in cyber, even a small “David” can surprise you, and we really don’t want to be the “Goliath” on the other end of the attack. Someone without the backing of a major power could come up and inflict serious damage.

Q: Do you recognize such potential in our adversaries?

A: The cyber arms race exists all over the world, and certainly in our region.

Q: Does the average Israeli need to be concerned?

A: You can’t stop technology, but you have to be aware of dangers. The average Israeli doesn’t know how dominant this threat is, how present it is everywhere. Like they say on [the hit TV show] Game of Thrones, “Winter is Coming,” and cyberattacks on Israel are only expected to become stronger. This is likely to reach massive proportions—that’s something that has become evident since the onset of the coronavirus outbreak because everyone is working from home using digital platforms.

The National Cyber Directorate has two homes: it is headquartered in Tel Aviv but its war room—from where every cyberattack against Israel is monitored—is in Beersheva.

Unna oversees four departments. The first deals with the daily protection of Israel’s critical infrastructure and directs nonessential bodies, such as commercial banks and insurance companies, with regard to their protection via directives that come down through the relevant government ministries. Its Beersheba operational response center also addresses concerns relevant to every Israeli.

Data published here for the first time show that in the first half of 2020, the NCD’s response center received 7,164 reports concerning cyberattacks of various levels.

The second department deals with early detection of ongoing cyberattacks, repairing breaches and, if need be, damage control. The third deals with both proprietary and acquired technology, and the fourth deals with the cyber ecosystem—strategy, external relations and promoting Israeli cyber exports.

“Many countries are not willing to deal with the Israeli industry sans state backing. I’m authorized by the government to provide this backing,” he explained. “Since I took office, we have already signed 15 such agreements, with India and many other countries, including some that do not maintain official ties with Israel.

“The cyber defense field has opened many doors for Israel around the world. In Chad, for example, the very inception of ties with them—the fundamental of peace—was through cyber. The first [Israeli] delegation there included one of our guys, who was there to help them conduct a national risk assessment.

“In South America, for example, we have an agreement with the Development Bank of Latin America. They currently have two cyber experts—bank employees, Spanish-speaking Israelis—who were appointed on our recommendation. Their job is to promote and improve cyber defenses in 22 countries in South and Central America.”

The National Cyber Directorate has operational cooperation agreements with 90 countries, with future deals in the works.

“It’s an information exchange that operates around the clock,” Unna said. “If something happens in South America at night—say, for example, an attack on a bank there—they report it to me immediately and by morning we are ready to go with all the information necessary to protect our banks.”

Cyber experts tend to rank Israel among the top five cyber superpowers in the world, alongside the United States, China, Russia and the United Kingdom. According to Unna, a cyber superpower “is a country that has world-class abilities and force that stands up to other absolute powers.”

The list of the “hottest” cyber companies comprises 150 firms, of which 113 are American, 18 are Israeli and seven British, he said, “and that’s without counting 10 other Israeli companies that are registered in the United States for tax purposes.”

Asked how he explained this, Unna said, “Israel relies much more than other countries on information and information technologies due to the lack of other resources. There is tremendous power here. When you add defense aspects to that and the fact that we are more threatened than others and are therefore required to defend ourselves, along with the Israeli character, which is inherently less restrained—the result is a cyber ‘cake’ to be proud of.”

NCD data shows that in the first half of 2020, the Israeli cyber industry, despite the global coronavirus pandemic, raised $1.2 billion in 43 transactions. This period also saw the birth of two Israeli “unicorns”—an industry term for companies valued at more than $1 billion—namely SentinelOne and Snyk.

Overall, between 20 and 25 percent of all cyber “unicorns” are Israeli.

According to Unna, about 29 percent of the world’s cyber investments are made in Israel. There are currently 540 cyber firms in Israel, compared to 250 companies 10 years ago. Israeli exports in the field of cyber defense stood at $6.5 billion in 2019—a 600 percent increase since 2011.

It is estimated that along with the cyber-offense field, Israel’s exports of cyber technologies amount to some $10 billion a year—more than all classic defense exports combined.

All these things combined, Unna says, “are the making of a superpower.”

This article first appeared in Israel Hayom.