Israeli CyberGym Comes to Prague

[Peter Lemkin]

CyberGym has all kinds of intelligence/military connections. I wonder aloud if they are really only white-hat-hackers, or are also doing cyberhacking into other entities. I doubt they'd say. Probably, they do both.

Prague picked as first expansion site for Israeli anti-hacking experts

30-09-2015 14:36 | Chris Johnstone

The Czech Republic has been chosen as the first location outside Israel foranti-hacker company CyberGym to set up its operations. The firm was foundedon the experience of Israel's biggest power company to fend off thousandsof hacking attacks a day aimed at shutting down its power plants and theknow-how army and intelligence experts. CyberGym's vice-president GiladYoshi and the chief executive of its Czech operation, Tomáš Přibyl, cameinto the studio to talk about the expansion. I asked Mr. Yoshi first of allabout how CyberGym was created.


Download: MP3


Photo: Czech Television"The company was established in 2013 by Mr. [Ofir] Hason who was the headof the energy sector in NISA in Israel, NISA is the equivalent of the NSAin Israel. They had the idea of establishing CyberGym as a hands ontraining facility to train the employees of the organisation against cyberattacks."
And how much were cyber attacks a problem at that time for the electricitycompany in Israel?
"Israel Electric Corporation was facing between 20,000 and 25,000 cyberattacks a day. We were facing these attacks from all over the world butmostly from Iran, Syria, China, and Russia. It's a challenge, of course,to protect such a facility. And the attacks were not just on thetraditional IT infrastructure but also on the heavy machinery and theturbines, which can create a lot of damage. And this is why Israel ElectricCorporation joined the activities of CyberGym."
And how was it set up initially? Was it a small group at first and werethey specially trained or had the got experience with the electricitycompany and tackling these attacks? How did it get started?
"All the employees of CyberGym are veterans of the Israel Defence Forceand other intelligence institutes in Israel with a lot of experience in theoffensive and defensive and with a lot of capabilities in the cyber domainand of course with the support, the experience, and help of Israel ElectricCorporation with protecting such a facility, we created CyberGym. The ideaof CyberGym is to train the employees of critical infrastructure around theworld, not only in Israel, and to provide them with the knowledge and theknow-how that we have in Israel."
Does this work…I suppose the electricity works fairly well in Israel,but have there been incidents where they have got through the defences atall?

"In cyber warfare you don't see anything, nothing is visible. So whenyou realise there is an attack, it is too late."

"We did not face any critical incidents at Israel Electric Corporation,but, yes, we are facing a lot of very heavy and sophisticated attacksagainst the facility of Israel Electric Corporation, some of them at a veryhigh level that could create a lot of damages not just in term of money butalso by shutting off all the electricity and by that all the country. Andthat is why it is so important to protect such facilities. These days weare seeing the same action of such activists, of such organisations, ofterror, from all over the world against the other side of the world. So theRussians are against the Americans and we are seeing it today with ISISagainst Turkey. Just a few weeks ago they shut off the electric company inAntalya and it was close to a short cut all over Turkey for more than 12hours."
When did the gym concept start offering this know-how, training, to peopleoutside the electric company and Israel?
"At the end of 2013 we started to approach companies all over the worldand up to now we have trained more than 80 different companies from allover the world. And since our arena in Israel is already at overcapacity,we decided to establish another training facility out of Israel. For thatwe looked for a potential partner who knew the business and knew aboutsecurity and most of all had the people, had the capabilities to providesuch a kind of high level training."

Know the enemy

Maybe you could describe what the training actually is because if Iunderstand correctly you try to recreate an attack and then the company'semployees try to defend against it…it is basically a simulation exerciseor series of simulations…
Photo: European Commission"Yes, it is even more than a simulation. It is actually an emulation.What we are actually doing first is targeting the threats of theorganisation, who is the enemy of that organisation. The fact that you aretalking with a bank as a potential client in Europe and a bank in Asia doesnot mean that they have the same potential enemies. And in order first tofight against something or someone, you need to know who is the enemy. Sowhat we are doing is to try to understand the threats to this organisation.By knowing the threats to the organisation we are building a real facility,with a real technological environment in our arena and we are allowing theemployees of the company who come to train in the Cyber Gym to face realcyber attacks, which are relevant to their threats, and to train on themreal equipment similar to what they have at their home company. This isanother level of reality which is a very unique approach. There is no suchfacility in the world, this is the first such facility in Europe outside ofIsrael and it is a very unique way to train employees against cyberattacks, not just by simulation, not just by presentation but by emulationin a real scenario.
"And it is not just employees who are working in traditional ITsecurity, but also with a perspective on business continuity, perspectiveof marketing, the perspective of physical security and other aspects. So inthe end we are the organisation with a full scale training and not justtraining individuals but training the organisation as a unit."
And this is ongoing training, I presume, because the threat changes overtime?
"Yes, the first training is five days long in the arena. Then every sixmonths we are providing knowledge maintenance to our clients, to ourpotential clients here in Europe as well, and in that way they can keep oftheir employees' knowledge."
In most conventional warfare, it is often said that the attacker has anadvantage because they come up with something new and then the defense hasto respond. That is how warfare has been for thousands of years. How is itin cyber warfare?

"The attackers are getting better and better. If you compare them andwhat they were doing last year and what they are doing this year, it istotally different at the highest level."

"It is even more complicated. You compare it to the real battlefield,but in the real battlefield you can see the tanks, the planes, and thesoldiers. In cyber warfare you don't see anything, nothing is visible. Sowhen you realise there is an attack, it is too late. And now you need tomitigate, you need to contain, to handle the attack. These are exactly thetools that we are providing to our clients. Not only to protect, but moreimportant, how to contain an attack. What are the procedures you need totake and action to reduce the damages. Reducing the damage of the attackwill cause you to lose less money. Secondly, it will help with the businesscontinuity or the organisation, which is very important, and reputation.
"We can see this in the case study of the Sony attack. They had the besttechnology but they did not have the proper knowledge how to handle thisattack. And for more than three weeks they were totally lost in the dark.We are giving our clients the possibility to manage the attack in a betterway and in the end to control it. You will not beat the hackers, they areterrorists. You cannot beat the terror but you can manage it in a betterway and this is exactly the tools we are providing."
Coming back to the actual companies who employ your services, can you saywho they are?
"We have a lot of clients from different sectors, from the industrialsector, from the automobile sector, from the energy sector, an, of course,from the finance sector; insurance companies, banks, and credit cardcompanies. And we also have governments, some from Europe. Most of them donot allow us to mention their names, but the government of Spain allow usto use them as a reference and the government of Lithuania as well. And oneof the biggest banks in Portugal, Millenium Bank, which also has branchesin Poland, is a client as well and allows us to use them as a reference."

Government attacks

Speaking more generally, are the hacker attacks greater and more damagingthan before?
"All these sectors, the banks etc, are investing a lot of money ontechnology and now they will invest a lot more money to train theiremployees to be ready and try and contain these sort of cyber attacks. Theattackers are getting better and better. If you compare them and what theywere doing last year and what they are doing this year, it is totallydifferent at the highest level. Most of them are sponsored by governments.We have the tracks of the Iranian government. We have the tracks of theSyrian electronic army, which are doing very well and generating verysophisticated and high level attacks."
Moving over to the Czech Republic, the obvious question is why was thedecision made to set up the first outpost outside Israel in the CzechRepublic?
Photo: Czech Television"I think the reason is that the threats that we are facing right now areincreasing. That is why we decided to establish an arena here in the CzechRepublic. We bought the license from the Israeli partner and all theknow-how is being transferred to the Czech Republic and this is a goodopportunity for us to serve our clients here in Europe and to help themcounter the most sophisticated cyber attacks. This is our goal rightnow."
One of the reasons if I understand correctly is the high level of ITexpertise in the country?
"Yes, we have quite a long history in the IT security business becausewe made a partnership with the Corpus Solutions company, which was startedin 1992, so more than 15 or 16 years in cyber security. So this is a goodchance to offer such high professional services to the clients."
And when do you actually start in the Czech Republic and what sort ofcustomers do you actually have?
"The arena will be completed by February 2016, so from that time we willoffer our services to clients. Our clients will be, as Gilad said, bigbanks, those with critical infrastructures, for example, power grids, powerplants, telco operators also. Now there is the process of transferring ofall know-how which is necessary for such training."
And will these be just Czech companies or will there be other companiesfrom neighbouring countries such as Germany, Poland, Western Europe?
"We bought the license for the Czech Republic, for Slovakia, forGermany, for Poland, for Hungary, and the surrounding countries and we canalso sell to other countries in Europe depending on how we agree withIsrael."


[video=vimeo;87696038]https://vimeo.com/87696038[/video]