Prague picked as first expansion site for Israeli anti-hacking experts

Photo: Czech Television

The Czech Republic has been chosen as the first location outside Israel for anti-hacker company CyberGym to set up its operations. The firm was founded on the experience of Israel’s biggest power company to fend off thousands of hacking attacks a day aimed at shutting down its power plants and the know-how army and intelligence experts. CyberGym’s vice-president Gilad Yoshi and the chief executive of its Czech operation, Tomáš Přibyl, came into the studio to talk about the expansion. I asked Mr. Yoshi first of all about how CyberGym was created.

Photo: Czech Television
“The company was established in 2013 by Mr. [Ofir] Hason who was the head of the energy sector in NISA in Israel, NISA is the equivalent of the NSA in Israel. They had the idea of establishing CyberGym as a hands on training facility to train the employees of the organisation against cyber attacks.”

And how much were cyber attacks a problem at that time for the electricity company in Israel?

“Israel Electric Corporation was facing between 20,000 and 25,000 cyber attacks a day. We were facing these attacks from all over the world but mostly from Iran, Syria, China, and Russia. It’s a challenge, of course, to protect such a facility. And the attacks were not just on the traditional IT infrastructure but also on the heavy machinery and the turbines, which can create a lot of damage. And this is why Israel Electric Corporation joined the activities of CyberGym.”

And how was it set up initially? Was it a small group at first and were they specially trained or had the got experience with the electricity company and tackling these attacks? How did it get started?

“All the employees of CyberGym are veterans of the Israel Defence Force and other intelligence institutes in Israel with a lot of experience in the offensive and defensive and with a lot of capabilities in the cyber domain and of course with the support, the experience, and help of Israel Electric Corporation with protecting such a facility, we created CyberGym. The idea of CyberGym is to train the employees of critical infrastructure around the world, not only in Israel, and to provide them with the knowledge and the know-how that we have in Israel.”

Does this work…I suppose the electricity works fairly well in Israel, but have there been incidents where they have got through the defences at all?

“In cyber warfare you don’t see anything, nothing is visible. So when you realise there is an attack, it is too late.”

“We did not face any critical incidents at Israel Electric Corporation, but, yes, we are facing a lot of very heavy and sophisticated attacks against the facility of Israel Electric Corporation, some of them at a very high level that could create a lot of damages not just in term of money but also by shutting off all the electricity and by that all the country. And that is why it is so important to protect such facilities. These days we are seeing the same action of such activists, of such organisations, of terror, from all over the world against the other side of the world. So the Russians are against the Americans and we are seeing it today with ISIS against Turkey. Just a few weeks ago they shut off the electric company in Antalya and it was close to a short cut all over Turkey for more than 12 hours.“

When did the gym concept start offering this know-how, training, to people outside the electric company and Israel?

“At the end of 2013 we started to approach companies all over the world and up to now we have trained more than 80 different companies from all over the world. And since our arena in Israel is already at overcapacity, we decided to establish another training facility out of Israel. For that we looked for a potential partner who knew the business and knew about security and most of all had the people, had the capabilities to provide such a kind of high level training.”

Know the enemy

Maybe you could describe what the training actually is because if I understand correctly you try to recreate an attack and then the company’s employees try to defend against it…it is basically a simulation exercise or series of simulations…

Photo: European Commission
“Yes, it is even more than a simulation. It is actually an emulation. What we are actually doing first is targeting the threats of the organisation, who is the enemy of that organisation. The fact that you are talking with a bank as a potential client in Europe and a bank in Asia does not mean that they have the same potential enemies. And in order first to fight against something or someone, you need to know who is the enemy. So what we are doing is to try to understand the threats to this organisation. By knowing the threats to the organisation we are building a real facility, with a real technological environment in our arena and we are allowing the employees of the company who come to train in the Cyber Gym to face real cyber attacks, which are relevant to their threats, and to train on them real equipment similar to what they have at their home company. This is another level of reality which is a very unique approach. There is no such facility in the world, this is the first such facility in Europe outside of Israel and it is a very unique way to train employees against cyber attacks, not just by simulation, not just by presentation but by emulation in a real scenario.

“And it is not just employees who are working in traditional IT security, but also with a perspective on business continuity, perspective of marketing, the perspective of physical security and other aspects. So in the end we are the organisation with a full scale training and not just training individuals but training the organisation as a unit.”

And this is ongoing training, I presume, because the threat changes over time?

“Yes, the first training is five days long in the arena. Then every six months we are providing knowledge maintenance to our clients, to our potential clients here in Europe as well, and in that way they can keep of their employees’ knowledge.”

In most conventional warfare, it is often said that the attacker has an advantage because they come up with something new and then the defense has to respond. That is how warfare has been for thousands of years. How is it in cyber warfare?

“The attackers are getting better and better. If you compare them and what they were doing last year and what they are doing this year, it is totally different at the highest level.”

“It is even more complicated. You compare it to the real battlefield, but in the real battlefield you can see the tanks, the planes, and the soldiers. In cyber warfare you don’t see anything, nothing is visible. So when you realise there is an attack, it is too late. And now you need to mitigate, you need to contain, to handle the attack. These are exactly the tools that we are providing to our clients. Not only to protect, but more important, how to contain an attack. What are the procedures you need to take and action to reduce the damages. Reducing the damage of the attack will cause you to lose less money. Secondly, it will help with the business continuity or the organisation, which is very important, and reputation.

“We can see this in the case study of the Sony attack. They had the best technology but they did not have the proper knowledge how to handle this attack. And for more than three weeks they were totally lost in the dark. We are giving our clients the possibility to manage the attack in a better way and in the end to control it. You will not beat the hackers, they are terrorists. You cannot beat the terror but you can manage it in a better way and this is exactly the tools we are providing.”

Coming back to the actual companies who employ your services, can you say who they are?

“We have a lot of clients from different sectors, from the industrial sector, from the automobile sector, from the energy sector, an, of course, from the finance sector; insurance companies, banks, and credit card companies. And we also have governments, some from Europe. Most of them do not allow us to mention their names, but the government of Spain allow us to use them as a reference and the government of Lithuania as well. And one of the biggest banks in Portugal, Millenium Bank, which also has branches in Poland, is a client as well and allows us to use them as a reference.”

Government attacks

Speaking more generally, are the hacker attacks greater and more damaging than before?

“All these sectors, the banks etc, are investing a lot of money on technology and now they will invest a lot more money to train their employees to be ready and try and contain these sort of cyber attacks. The attackers are getting better and better. If you compare them and what they were doing last year and what they are doing this year, it is totally different at the highest level. Most of them are sponsored by governments. We have the tracks of the Iranian government. We have the tracks of the Syrian electronic army, which are doing very well and generating very sophisticated and high level attacks.”

Moving over to the Czech Republic, the obvious question is why was the decision made to set up the first outpost outside Israel in the Czech Republic?

Photo: Czech Television
“I think the reason is that the threats that we are facing right now are increasing. That is why we decided to establish an arena here in the Czech Republic. We bought the license from the Israeli partner and all the know-how is being transferred to the Czech Republic and this is a good opportunity for us to serve our clients here in Europe and to help them counter the most sophisticated cyber attacks. This is our goal right now.”

One of the reasons if I understand correctly is the high level of IT expertise in the country?

“Yes, we have quite a long history in the IT security business because we made a partnership with the Corpus Solutions company, which was started in 1992, so more than 15 or 16 years in cyber security. So this is a good chance to offer such high professional services to the clients.”

And when do you actually start in the Czech Republic and what sort of customers do you actually have?

“The arena will be completed by February 2016, so from that time we will offer our services to clients. Our clients will be, as Gilad said, big banks, those with critical infrastructures, for example, power grids, power plants, telco operators also. Now there is the process of transferring of all know-how which is necessary for such training.”

And will these be just Czech companies or will there be other companies from neighbouring countries such as Germany, Poland, Western Europe?

“We bought the license for the Czech Republic, for Slovakia, for Germany, for Poland, for Hungary, and the surrounding countries and we can also sell to other countries in Europe depending on how we agree with Israel.”