The importance of cybersecurity in war has been made clear following various attacks against Israel seen a year after Hamas’ October 7 attack.
If once concern was focused on hackers attempting to breach IDF servers, the cybersecurity landscape has now expanded to include various threats: from influence operations and data theft to kinetic cyberattacks and targeting financial resources.
Every digital target has become fair game, including e-commerce sites, online services, GPS services, dating apps and even SMS messages. Every digital layer is leveraged by hostile actors, turning it into another battlefield.
Someone has to pay the price
The issue of this in the cyber domain is that someone has to bear the cost as there aren’t enough protective measures for everyone. "The average citizen and small businesses are left with the least protection," says Refael Franco, former deputy head of Israel's National Cyber Directorate and co-founder and CEO of Code Blue, a company specializing in cyber crisis management.
According to him, this is one of today’s main challenges. While Israel is a cybersecurity powerhouse, its focus is mainly on critical infrastructure — the military, security services or companies that can afford to pay. But any other small business can forget about robust protection. You’ll have it, but it will come at a high cost.
And while small business owners may think they’re not an "attractive" target for attackers, they are in reality. Shutting down the websites of dozens or even hundreds of small businesses doesn’t just disrupt their operations but also affects the economy and ultimately the function of daily life. This is one of terrorism’s declared goals.
National infrastructure secure, hospitals vulnerable
The attackers have no intention of stopping, with most attacks naturally aimed at Israel’s infrastructure. These targets can include energy companies (like the Israel Electric Corporation), transportation systems and even food manufacturers, which are considered vital to Israel's national resilience. Food retailers, on the other hand, aren’t classified as critical infrastructure, nor are hospitals.
"Israel is at the forefront in terms of critical infrastructure," says Lior Ateret, Director of GE Vernova's Cybersecurity Research Center and one of the world's leading cybersecurity experts in critical infrastructure protection.
"You could say Israel's approach has significantly strengthened the Energy and Infrastructure Ministry. Just look at how the National Cyber Directorate and the monitoring center in Be'er Sheva, which oversees all of Israel's power plants simultaneously, operate to see how it's an overwhelming success. This level of coordination doesn’t exist elsewhere,” he explained.
However, while there’s consensus regarding the energy infrastructure’s strong protection, most experts give a very poor rating when it comes to protecting the healthcare sector. Whether it’s hospitals, private clinics or health maintenance organizations, their networks remain far too easy to breach and cause damage.
The past year (and the years preceding it) has been full of incidents affecting hospitals and various healthcare centers across the country, including two attacks that targeted hospitals during the current war.
"If we compare the existing protection of energy infrastructure, we can’t say the same about hospitals. We’ve experienced several significant incidents that were 'failures' that should never have occurred in hospital systems," Ateret added.
Israelis are the most exposed to danger
The situation is quite different when it comes to the average Israeli. We experience the cyber battlefield firsthand whenever a malicious message lands in our inbox—whether it’s a simple scare tactic or one that impersonates a legitimate body but contains a link aimed at extracting personal information or attempting to take over our social media accounts.
Some of us have also encountered cases where our personal information, such as photos of ID cards or private documents, has leaked online and circulated in shady forums. Regardless of whether hackers have a direct use for this data, the fear that we suddenly feel exposed remains unchanged. The situation is still bad in this area and the state has no effective way to protect us.
This issue doesn’t end with theft or hacking attempts but can also extend to efforts to recruit agents via social media or attempts to spread disinformation. “There are many agents being activated by Iran, which operates significant and serious networks targeting Israeli citizens. I don’t recall seeing such a high volume of Iranian agents since entering the world of cybersecurity,” said Moshiko (Moshe) Hassan, head of research at Upwind and former senior officer at the IDF's Center of Computing and Information Systems.
Despite this, Hassan added that Israel is at the forefront and far ahead of our direct and indirect enemies in the field when it comes to its operations. The actors working against Israel today focus on Iran, Hezbollah, Hamas and partner organizations from other countries like Turkey and Russia.
According to Hassan, this isn’t a strategic alliance but rather a convergence of interests. The Iranians receive guidance and cyber tools from the Russians but are reluctant to share their more advanced capabilities with Hezbollah or Hamas' cyber units.
This is likely the main reason why most successful attacks on Israeli targets are attributed to the Iranians rather than the other two terror groups. It's rare to see operational success from terrorist organizations against protected state or civilian targets, simply because the resources required for such attacks are still beyond the reach of non-state-backed groups.
Israel's cyber offensive
And what about offensive capabilities? This area is much more ambiguous in terms of specific abilities, but Israel is still considered an adversary whose capabilities one would prefer not to face.
Take, for example, the reported attack on Hezbollah's pagers and communication devices, which, according to foreign sources, was attributed to Israel. The incident is referred to in professional jargon as a "supply chain attack," where the idea is to infiltrate a hardware or software component of a product and implant a "backdoor."
These kinds of attacks are highly dangerous and require extensive logistics to execute successfully. When it involves hardware, it means physically inserting the compromised component before it reaches its intended target. If it's a software component, the challenge is getting it into the system unnoticed.
Either way, the pager attack achieved its intended effect. In addition to causing physical harm to terrorists, it made a clear psychological impact. According to foreign reports, it also revealed some of the technological capabilities developed within the military and security services.
Get the Ynetnews app on your smartphone: