Cyber Warfare Training for Israeli Companies
This post is also available in: 
עברית (Hebrew)
Cyber warfare training: Good guys and bad guys duke it out in the Israeli cyber arena
11:00 a.m: The boiler cools down. There no steam, electricity production stops.
11:30 a.m: A loud alarm can be heard. In the courtyard two hoses begin spewing massive amounts of water
12:00 a.m: Electricity production stops.
12:30 p.m: Blue leader calls for an immediate gathering. A decision is made to “buy” protection software.
1:00 p.m: All building doors are suddenly locked.
What is this? A cyber attack on the Electric Corporation facilities? Yes, but only a drill. This simulated attack took place last week in an very unlikely place – the main training facility for the EC is located in what was once an 18th century farm, surrounded by ancient eucalyptus trees, gardens and lawns.
Cyber Gym, in cooperation with EC, operates a unique cyber warfare arena. The facility offers courses for IT personnel from various local and global organizations – from simple one-day classes to 14-day courses. Company motto is “expect the unexpected.”
Last week a group of cyber security personnel came to train here, from companies such as Paz, Tnuva, Teva, Ishkar – in addition to the Israeli Navy and Air Force. Trainees wear blue badges, while instructors and “hackers” wear red badges. Management wears white badges.
The manager Alon Hazai, from Cyber Gym’s parent company Cyber Control, explains the rules of the game: Red initiates cyber attacks against blue, whose job is to keep electricity production running smoothly. Blue can “buy” various protection software, “paying” a fine for every minute of halted production. If the defenders detect an intrusion, however, they receive a bonus.
Before the simulation began participants were given a background lecture. According to Dr. Boaz Ganor, head of the International Policy Institute for Counter-Terrorism (ICT), 2.4 billion people have internet access and 1.5 billion have smartphones. “We’re always online,” said Ganor. “Terrorist organizations have advanced. The younger generations are connected to the internet, 20-year-olds have an understanding of cyber warfare and terrorism. Al Qaeda has shown increased cyber activity, for example. Authorities today differentiate between cyber terrorism, cyber espionage and cyber crime.” Cyber Control CEO Ofir Hason explained that “response times in the cyber arena are almost non-existent. You don’t have any time to react. Here at the cyber arena we’re trying to buy you that time.”
iHLS – Israel Homeland Security
Blue team is busy studying the power production processes and subsystems, while red team members plan their daily attack. The reds sit hunched up in front of their computers, hoods pulled over their heads: They’re planning various infiltration scenarios, including breaking into systems; installing malware; initiating physical alarms and equipment failure in order to halt power production; and locking access doors. They’ll do everything to attack every asset the defenders have, forcing them to minimize damages and renew production.
Gilad Yoshi, Cyber Gym VP and Director of Marketing and Business Development: “In the training arena we simulate attacks in the most realistic way we can. We give trainees all the tools they need to defend against attacks and contain them. If you know there’s an attack you can minimize the damage for you and your clients. If you don’t know you’re under attack your situation is far worse. As we keep saying, the damage caused by a real cyber attack can be very extensive.”
The game goes on: Blues detect an intrusion attempt into the power conduction system. They enable defense programs and contain the damage. Energy production is renewed, but then, suddenly, the main power board shuts down. That’s fixed as well when water begins spilling outside and disrupts work.
This goes on for a few hours, a sort of cyber ping-pong, mind games between attacker and defender, good guys and bad guys. All the participants, white badge, blue or red, are taking this very seriously. Every one of them, back at their organizations, will be in charge of stopping real cyber attacks.
After the simulation ends there’s an extensive, almost military-like, review and debriefing. Cyber Gym management concludes: “The event was successful, the group handled matters well. We managed to get our message across. We applaud the smooth cooperation between people from various organizations, military and civilian, who never met until today but functioned well as a team.”
