Elevating cyber resilience and tackling government information security challenges

Esti Peshin is VP, General Manager, Cyber Division, Israel Aerospace Industries (IAI). Previously, she served 11 years in the Israeli Defense Forces, in an elite technology unit, where she was Deputy Director.

Peshin recently spoke at Cyber Week 2021 in Tel Aviv, and in this interview with Help Net Security, she discusses national defense and security challenges, as well as developing technologies and systems resilient to cyber attacks.

What were the most important takeaways from your 11 years in the Israeli Defense Forces? How did being part of this elite technology unit shape your vision of cybersecurity protection?

The most important takeaway from the service in the IDF is that nothing is impossible. If there is a need, there is a way. The means will be identified and it just a matter of creativity to find the right way to achieve any goal. This is, in my view, the essence of Israeli entrepreneurship, and one of the reasons the cyber eco-system is striving in Israel.

IAI leverages state-of-the-art technology for national defense and security challenges. Based on the feedback from your clients, which technologies are most in demand today?

We, at IAI, believe that most important and sought technologies are those that help organizations to detect that something bad is happening, at a very early stage. Preferably, even allowing organizations to predict that something bad can happen or is about to happen, and to direct the organization on how to avoid it or mitigate it.

The main problem with most of the common cyber monitoring technologies available today is that they generate large number of alerts without prioritizing them. Therefore technologies that can generate actionable insights are the key to improving cyber resilience.

Therefore, the main solution that is sought by our national level customers is establishing national level cyber security operation centers. These centers, essentially proactively monitor national cyber space in order to perform the following operations:

• Conduct a national level, on going and real time, cyber risk assessment
• Monitor national cyberspace in real time in order to identity cyber attacks or predict attacks based on indicative signals
• Provide effective tools for incident response and cyber forensics
• Allow effective knowledge sharing between the national stakeholders and constituents.

IAI’s CyConcerto platform, incorporating CyScan, for national risk assessment, CyFo, for forensics and incident response and CyShare for knowledge and information sharing, is a leading platform tailored especially for national level end users.

Furthermore and in view of the huge shortage of cyber experts, our end users seek the establishment of Cyber Academies to train cyber experts. The Academies utilize our TAME Range cyber range, which is a state-of-the-art platform for cyber training and simulation.

It is important to mention that establishing national level cyber centers requires a lot of technology and know how and therefore, we tend to perform these projects together with our partners are the Israeli Cyber Companies Consortium, which IAI is leading. A few names worth mentioning are Check Point, CyberArk, Cognyte and Mellanox.

You work with systems that require extensive, proprietary know-how. What are the most notable obstacles to developing technologies and systems resilient to cyber attacks?

We can divide the challenge to two parts. The first challenge is developing a solution that will provide actional insights or an automated operation to reduce the “alert fatigue syndrome” which affects most of today’s security operations centers (SOCs). The second challenge is to recruit, train and maintain cyber professionals, and for that we need to develop and utilize advanced methodologies and technologies.

When discussing national level cyber security operations center, we need to remember that national grade challenges require national grade solutions. These solutions have to incorporate several elements: state of the art technology; effective, field proven methodology; constant innovation, since the cyber domain is constantly evolving; collaboration (and I already elaborated about the Israeli Cyber Companies Consortium) and finally capacity buildup, addressing the human factor – training, certification and awareness.

IAI has ample experience in developing unique state of the art systems, and delivering them to our customers in the framework of national cyber projects. Yes, it’s challenging. However, IAI is up to the challenge, has a stellar track record, and our excellent teams are constantly working toward tackling the new emerging cyber trends.

What national cybersecurity challenges are governments facing in a post-COVID world?

One of the main challenges for governments is to draw the line between the entities and the government responsibility regarding prevention, detection and response to cyber incidents. On one hand, each entity has the responsibility for their systems and customers. However, national cyber resilience consists of the resilience of each and every entity and can be compromised if certain entities will be compromised.

We just witnessed such an incident with Colonial Pipeline.

The way to address this challenge is by adopting national security model that will be able to monitor the entire national cyber eco-system, will be able to assist the entities on ways improving their security posture or security response activities, and will be able to intervene in case of unresolved crisis.

Some further challenges that our national level customers are facing in the post COVID-19 world are the following:

• The skills deficit, essentially, there is a huge global shortage in cyber defenders.
• The necessity of balancing cyber security and business continuity, especially in an era (post COVID-19) where the digital transformation is accelerated. This essentially leads to a paradigm shift from cyber security to cyber resilience.
• The necessity of pursuing a proactive approach, in order to identify subtle and low key attacks on one hand, and the ability to predict sophisticated attacks based on indicative signals on the other hand.

Addressing the modern combat arena challenges requires a shift from platform-centric warfare to a real-time network-centric approach. How is IAI approaching this?

IAI developed the CyConcerto platform which is a modular solution that dramatically improve the capability of governments to build and maintain a cyber security national situational awareness picture, and to assign incident response capabilities, as needed, based on the situational picture and the analysis of the potential impact of an incident and the effectiveness of the entity’s response.

The CyConcerto platform is a multiple pillar modular solution that focus on preserving and augmenting existing investments while improving the detection and response across sectors, geographies and hierarchies.