The world’s second-largest cybersecurity cluster is Israel, with 12 percent of the 500 largest global cybersecurity firms, after 32 percent in San Francisco metropolitan area. A vibrant innovation ecosystem boasts dozens of large companies, 470 active cybersecurity start-ups, the most venture capital per capita, and a strong talent pool. Already in 2014, Israel’s civilian cybersecurity exports were three times higher than the target the United Kingdom set for 2016.
Isolating a cybersecurity category serves investment analysts, but in reality, digital businesses embed cybersecurity. Since a typical Israeli start-up ends up acquired by an American firm or going public on the Nasdaq, Israeli-made innovation is even more prominent. Google and Microsoft were the most active corporate buyers of Israeli companies since 2014, acquiring ten and eight companies, respectively. Consider hardware: Apple, Broadcom, Qualcomm, Nvidia design their chips in Israel; Google and Amazon follow suit. Intel has been designing CPUs and other chips in Israel for decades.
Israel’s tech sector specializes in high-end innovative research and development for the global digital economy: Israeli scientists and experts work in Israel, but their employers, partners, target markets, and investors are foreign. One would be hard-pressed to name a multinational corporation that does not have an R&D lab in Israel. Israel has attracted one-fifth of global private cybersecurity investment since 2019.
Offensive Cyber-Effects and Intelligence Operations
What is cyber good for other than for geeks and financiers? The reputable International Institute for Strategic Studies (IISS) ranks Israel in Tier Two—states with world-leading strengths in some of the seven categories—alongside China, Russia, the UK, and France. Israel is particularly strong in civilian cybersecurity, core cyber-intelligence capability, the development and use of sophisticated offensive cyber capability.
Israel has carried out elaborate cyber-effects campaigns for the prime strategic goal: countering Iran’s multifaceted threat and obstructing its nuclear program. Already fifteen years ago, Israel bet on sophisticated precision-targeted malware to speed up and slowed down motors rotating thousands of centrifuges at the Natanz nuclear plant. Stuxnet stealthily caused seemingly random mechanical failures of Iranian centrifuges, disrupting the uranium enrichment and sowing toxic insecurity within the Ayatollah’s regime. This remains the most audacious and impactful cyber-effects campaign to date. In 2020, a cyber attack sabotaged shipping and cargo handling operations in a major Iranian port: possibly a swift retaliation for an attempt by Iran to sabotage rural water facilities in Israel. And considering the high rate and precision of Israeli airstrikes against hundreds of Iranian targets in the Middle East, cyber capabilities create intelligence dominance.
Policy and Organization
Israel has set up a national Critical Infrastructure Protection (CIP) arrangement, with the state taking a large portion of the “shared responsibility” seventeen years ago. This headstart results in lasting maturity. As the discovery of Stuxnet in 2010 propelled cybersecurity to the top of policy agenda worldwide, Prime Minister Benjamin Netanyahu ordered a task force to formulate a national cyber strategy. Professor Maj.-Gen. (ret.) Isaac Ben Israel launched the National Cyber Initiative in 2010 with the vision: ”To preserve Israel’s standing in the world as a center for information-technology development, to provide it with superpower capabilities in cyberspace, to ensure its financial and national resilience as a democratic, knowledge-based and open society.” The task force sought and identified cyber opportunities, not just risks. Its recommendations, adopted in the 2011 Government Resolution No. 3611 “Advancing National Cyberspace Capabilities,” are the national strategy. Aiming well beyond CIP, the government set up a new, civilian, governmental cybersecurity organization: the Israeli National Cyber Directorate (INCD). Unlike cybersecurity agencies elsewhere, it has no law-enforcement or intelligence mission. This deliberate design is intended to reduce the tensions between basic freedoms and security, to much resentment of the defense establishment. The Snowden leaks from 2013, revealing numerous global surveillance programs, had reinforced the case for a strictly civilian cybersecurity agency. In nine years, INCD’s responsibilities for civilian cybersecurity grew from policy and capability building to information sharing, daily cyber defense operations by Computer Emergency Response Team (CERT-IL), and CIP.
Both successes and failures on Israel’s cybersecurity journey demonstrate sustained innovation. The bold policy bets that lay less-tangible foundations offer useful lessons for the developed world.
Lior Tabansky, Ph.D., is Head of Research Development at the Blavatnik Interdisciplinary Cyber Research Center, at Tel Aviv University (TAU).