The story behind the uncovering of the Pegasus spyware scandal
Read more 
Necessity, culture, and the shaping of Israel’s cyber capabilities
ETH Zurich Senior Researcher Lennart Maschmeyer critically examines 'Israel and the Cyber Threat' by Charles D. Freilich, Matthew S. Cohen, and Gabi Siboni
This image was created with the assistance of DALL·E 2
In October, Hamas, the Palestinian organisation that governs the Gaza Strip, invaded Israel. The invasion is the latest illustration of Israel’s perilous geographic position and its enduring insecurity. Surrounded by hostile neighbours, it faces a wide range of threats both above and below the threshold of armed aggression.
Evidence suggests that the invasion was accompanied by a wave of cyber operations by Hamas and allied hacking groups—foremost from Iran but also Russia. These involved simple DDoS attacks, more advanced attempts to sabotage critical infrastructure, and information operations. Some alleged attacks, including one on Israel’s power grid, have since turned out to be false. Nonetheless, the large number of operations and the wide range of actors targeting Israel, both from the region and beyond, reflect Israel’s prominent role in cyber conflict. Over the past decades, it has been at the forefront of cyber conflict, both on the offensive and defensive sides.
‘Israel and the Cyber Threat’
In light of these events, the new book ‘Israel and the Cyber Threat’ by Charles D. Freilich, Matthew S. Cohen, and Gabi Siboni is both timely and important. The field of cyber conflict studies is notoriously lacking in empirical evidence and often involves grand speculation. However, Freilich, Cohen, and Siboni offer a refreshing counterpoint with an in-depth analysis of the evolution of Israel’s cyber strategy and capabilities. They also examine Israel’s role in and response to cyber conflict within its historical and regional contexts. Finally, the authors offer a comprehensive set of policy recommendations derived from this analysis.
The resulting book is well-researched, rich in detail, and easy to read.
The book’s main argument is that Israel has become one of the world’s leading cyber powers due to a combination of sheer necessity and strategic culture. Many other works on cyber conflict tend to give too much weight to technological advancements in determining political outcomes. In contrast, this analysis examines the political factors and decision-making processes that have shaped Israel’s approach to the opportunities and the challenges resulting from technological change.
The authors argue that Israel prioritised developing a robust strategy and advanced capabilities because its security environment made it necessary. It is surrounded by hostile states with far greater populations, stronger economies, larger territories, significantly greater conventional military capabilities—and, more recently, growing cyber capabilities. The second factor shaping Israel’s approach, according to the authors, is its unique strategic culture. It combines a sense of perennial insecurity with the idealism of the Zionist dream, facilitating the emphasis on technology. This argument is both plausible and persuasive; it aligns with the authors’ examination of Israel’s historical trajectory.
Wider ambitions
Yet the book’s ambitions extend beyond Israel itself. It aims to address broader questions about the role of information technology in shaping power politics and conflict. On one hand, this aspiration is commendable as it situates the case study within a wider context, drawing lessons about cyber conflict in general. On the other hand, however, the scale of this ambition widens the ‘attack surface’, a term popular in cybersecurity, which invites potential criticism from multiple angles.
For example, the authors link their argument to International Relations literature, seeking to test hypotheses derived from Realist and Constructivist theories. These theories encompass the two key elements of the authors’ main argument: the role of material factors (the security environment) and ideational factors (strategic culture). Systematic research with clear methodologies and hypotheses testing is always welcome, but the book’s scope leaves insufficient space to develop and assess the theoretical argument.
This raises the question: if material factors best explain Israel’s strategy and capability development, does that mean strategic culture is less relevant? Or are both factors equally important? In the latter case, there is a significant problem since Realism and Constructivism rest on fundamentally different assumptions about the driving forces of international politics. Moreover, the authors do not offer alternative explanations for their observations. While reading the otherwise well-developed analysis, one cannot help but wonder how things would look if Israel’s strategic culture had been different—and how we would know the difference.
Conversely, the perception of a significant and growing cyber threat is not unique to Israel; it is becoming a universal phenomenon. Comparing Israel to other countries would have helped establish the extent to which its distinct strategic culture has shaped a distinct path. These issues are not fatal given the strength of the analysis itself, but they are unfortunate given the scholarly ambition of the manuscript.
The nature of conflict
The book’s key weakness lies in the underlying assumption that the nature of conflict is changing. However, the authors are arguably less at fault since their engagement with the wider literature on cyber conflict reflects its pathologies.
The core assumption of ‘Israel and the Cyber Threat’ is that conventional military threats are being superseded by novel technological threats like cyber operations. As the authors state, “in a world increasingly averse to physical and especially lethal damage, the cyber realm has demonstrated heretofore unprecedented capabilities to cause severe effects without harm to physical property or loss of life”. The authors argue that even if cyber operations have not changed the nature of warfare, they have fundamentally altered the nature of state power, statecraft, and military might. Consequently, they stress the urgent need for significantly increased investment into cyber capabilities, arguing that current financing is dwarfed by investments in countering other threats—foremost, terrorism.
Recent developments have shattered the prevailing beliefs about a growing aversion to physical and lethal damage. Russia’s invasion of Ukraine last year and Hamas’ surprise attack on Israel last month all but ended expectations about a revolution in conflict short of war. Instead, these events demonstrated that low-tech methods can still be effective in catching technologically advanced forces off guard and underlines the existential threat posed by terrorism.
In the case of the Hamas attack, armed terrorists crossed the border on foot or using makeshift motorised paragliders, stunning the high-tech Israeli Defense Forces and Intelligence Services. The effects of the reported cyber operations accompanying this invasion absolutely pale in comparison to the damage and suffering caused by Hamas fighters. While hackers claimed to have taken down Israel’s power grid, missile defence system, and a rocket alert app, the only confirmed impacts were temporary outages of several dozen websites belonging to news outlets and government agencies.
These events illustrate the potential danger of making assumptions about changes in the nature of conflict and power politics. Cybersecurity scholars and practitioners widely embrace these assumptions, but there is little empirical testing to support them. Ideally, we would live in a world where states are increasingly averse to inflicting physical and lethal damage, using cyber capabilities to achieve outcomes that previously required violence. As a private citizen, I would be thrilled if these assumptions turned out to be correct. However, as a scholar, I cannot ignore the lack of concrete evidence supporting them—even before the recent instances of lethal violence against Ukraine and Israel.
Tech or traditional intelligence?
In this light, Israel’s large investment into countering terrorism over cyber threats was clearly a prudent course of action. Hard questions remain, however, concerning its emphasis on technology, which the authors have linked to Israel’s distinct strategic culture. Some argue that Israel’s “fetish” for technology is the main reason it failed to anticipate the Hamas incursion and may even hinder its Sword of Iron operation in the Gaza Strip.
Yet this conclusion goes too far. There are clear indications that Israel’s focus on technology contributed to a major intelligence failure in not foreseeing the invasion, allowing Hamas to achieve almost complete strategic surprise. As Freilich, Cohen, and Sibon underline in their analysis, Israel has increasingly relied on and expanded its cyber espionage capabilities instead of traditional means of intelligence collection. By avoiding communications technology in preparing its invasion, Hamas was able to ‘go dark’ and avoid detection by Israel’s intelligence services. It is plausible that a greater emphasis on human intelligence, such as spies and defectors, would have yielded better results.
However, concluding that Israel’s focus on high-tech is thus a failed strategy is both premature and counterproductive. Rather than making sweeping conclusions about the impact of technology on power politics and conflicts in general, or whether it is either the source of strategic advantage or disadvantage, it is important to consider the role of technology in specific contexts—geographic, political, historical, cultural, and so on. Just as there are signs that Israel’s prioritisation of technology led to failures, there are also clear signs of success. For example, the Iron Dome missile defence system minimised the damage caused by Hamas missile attacks. Israel’s advanced cyber defences probably mitigated the impact of hostile cyber operations. Hackers did attempt to disrupt its power grid and other critical infrastructure—but either failed to do so or were stopped by effective network defenders.
Enriching the field
‘Israel and the Cyber Threat’ excels in tracing Israel’s adoption of information technology as it builds the capabilities to navigate the opportunities and challenges that arise from this new, high-tech environment. This kind of empirical work is exactly what the field urgently needs. The authors, leveraging their extensive expertise and access, contribute a rich and compelling analysis. The book falls short in some aspects, but the authors are not entirely to blame. The shortcomings are more a reflection of the state of the field of cyber conflict studies, where most work continues to be speculative and theoretical. Few are willing to jump into the fray and do the hard work of building systematic case studies. I commend Freilich, Cohen, and Siboni for enriching the field with their commitment.
