From Iron Dome to Cyber Dome: Defending Israel’s Cyberspace
The cyber-dome also leverages generative AI platforms to filter out genuine threats from a plethora of available threat intelligence.4 Consolidation of strengths and expertise from various agencies augments the efficacy of the initiative. Officials who are involved come from a wide range of agencies and departments within Israel’s security establishment. These individuals are drawn from the Defense Intelligence Unit 8200, J6 Cyber Defense Directorate, and other cyber units of intelligence services.5
The joint coordinated efforts, coupled with AI and secretly built Israel Defense Forces (IDF) platforms are used for threat detection, followed by intelligence sharing with stakeholders. Once the threat intelligence is shared, the Computer Emergency Response Team of Israel (CERT-IL), which is the operational unit of INCD, takes appropriate action.6 The AI-powered systems collect, analyze and interpret data to detect anomalies and alert national systems.
Despite the fact that the project is in its initial phase, the synergy between various agencies and the integration of efforts to tackle emerging threats in cyberspace offers an interesting test case to other countries. The cyber-dome initiative also includes a multinational component, reflecting the global nature of cyberattacks. Given the nature of the conflict in cyberspace the escalation often transcends beyond the primary parties involved, encompassing their allies as well. For instance, nations that are supposedly seen as supporting Israel have faced a rise in cyber incidents since the beginning of the armed conflict.7
Other INCD-led initiatives can potentially complement the cyber-dome initiative, with a particular focus on international cooperation. One such project is ‘Global Cybernet’, which aims to share information about cyber defense between countries.8 Touted as the first network of its kind in the world, it was built to share cyber incidents or any anomaly to respond effectively. Moreover, Israel has also been attempting to gather regional partners to explore concrete defensive solutions to address cyber threats. One such summit mulled over the merits of rapid information sharing and conducting joint cyber investigations to augment the efficacy of responding to cyber threats.9 Furthermore, the participants also contemplated the possibility of developing a joint regional cyber-dome.
Cyber Incidents Targeting Israel
According to INCD’s assessment, Israel has witnessed a surge in cyber incidents against its infrastructure, particularly since the beginning of IDF’s operation in the Gaza Strip.10 Drawing parallels between the techniques, tactics and procedures (TTP) being deployed in the Ukraine–Russia war, the assessment revealed the use of influence operations against Israel by using social media networks. Israeli networks are also facing ransomware threats and increased use of wipers, a class of malware intended to render data inaccessible and unusable.11
The report also uncovered the pattern that threat actors have been using to get unauthorized access to Israeli networks and systems. Threat actors are increasingly employing spraying attacks and distributed denial of service (DDoS) attacks and have also made attempts to breach managed service providers (MSPs), which constitute a critical part of the supply chain. These attacks encompass almost all the essential sectors, including health, academic, energy and transportation sectors, including maritime shipping.
Portnoy also alleged that Iran-affiliated groups are proactively targeting Israeli infrastructure and have also been directing operations against Israel’s key allies.12 A major cyber incident attributed to Iran and Hezbollah was an attempted breach in Ziv Hospital in November 2023.13 Joint investigation by the INCD, IDF and the Israeli Security Agency noted that the attack was orchestrated by the group affiliated with the Iranian Ministry of Intelligence and Hezbollah’s cyber unit.14
Iranian influence operations have evolved through distinct phases since the beginning of Israel–Hamas armed conflict, according to an assessment. In the first phase, Iranian-linked cyber operations appeared reactive following the Hamas terror attack on 7 October 2023.15 During this time, threat actors used pre-existing access and re-used old data for leaks. In the second phase, the Iran-linked group made concerted efforts to disrupt Israeli infrastructure, with dozens of groups involved. In the third phase, these threat actors expanded their operations to target countries like Albania and Bahrain, perceived as supporters of Israel.16
Israel’s Cybersecurity Strategies
In 2017, INCD issued a national cybersecurity strategy with the aim of streamlining national efforts to ensure a stable and secure cyberspace.17 The document put forth a strategy with three distinct operational layers—aggregate cyber robustness, systemic cyber resilience and national cyber defense. The distinct role of private organizations is also envisioned in the document. Given the nature of cyberspace, these layers are conceptualized as mutually dependent and complementing each other.18
The first layer is designed to strengthen the public and private sector’s overall ability to prevent and mitigate cyberattacks to ensure robustness across industries. The second layer is crucial as it charts out a plan to build systematic ability to confront cyberattacks. This layer is event-driven. In times of an unauthorized breach, systemic cyber resilience will ensure that the affected organization continues its operation while mitigating the threat. To facilitate seamless operation in times of crisis, the document encourages information sharing and assisting organizations during cyber incidents. The national cyber defense layer is required against ‘severe threats by determined, resource-rich attackers’ suggestive of state actors or those supported by states. The three-layer approach takes into account the level of risk, the nature of the threat, and the appropriate response.
To complement the national cybersecurity strategy and to address the global aspect of cyber threats, the INCD issued the Israel International Cyber Strategy in 2021.19 The international strategy outlines the need for collective resilient efforts through information sharing, securing the global supply chain, and financially incentivizing security in organizations. The document also summarized Israel’s position in global cybersecurity discourse.
The cyber-dome initiative fundamentally constitutes an active defense encompassing enhanced detection, investigation and mitigation of threats along with the expansion of existing information-sharing mechanisms. The coordinated detection and response efforts involving all agencies, including the IDF, underscore the importance of collaborative action in an interconnected domain. The centralized, real-time and AI-enabled system proactively protecting Israeli cyberspace is an extension of its national and international cybersecurity strategy.
Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.
1. “Head of the Israel National Cyber Directorate Gaby Portnoy at the Cybertech Conference: The Intensity of Cyber Attacks has Increased Threefold During the War”, Israel National Cyber Directorate (INCD), 10 April 2024.
2. “As Iranian Hackers Grow More Skilled, Israel Builds ‘Cyber Dome’ to Protect Itself”, The Times of Israel (TOI), 3 May 2024.
3. “Gaby Portnoy, Director General of Israel National Cyber Directorate at CyberWeek: We are Promoting a National Cyber-Dome”, INCD, 28 June 2022.
4. “AI-Powered Israeli ‘Cyber Dome’ Defense Operation Comes to Life”, Dark Reading, 19 October 2023.
5. Namrata Biji Ahuja, “How Israel is Planning for Hybrid Wars of the Future with Cyber Dome”, The Week, 15 October 2023.
6. Ibid.
7. “Nations, including India, Supporting Israel Face Uptick in Hacking Activities”, The Statesman,1 November 2023.
8. “Global Cybernet”, INCD, 26 July 2021.
9. “The First Regional Cyber Summit: Israel, Morocco, Bahrain and the United Arab Emirates Gather in a first of its kind Meeting”, INCD, 14 December 2022.
10. “‘Iron Swords’ War in Cyber Sphere: Insights, Recommendations and Mitigations”, INCD, 7 January 2024.
11. Ibid.
12. “Iran is Cyber-Attacking its Allies”, INCD, 25 June 2024.
13. “Iran and Hezbollah Behind an Attempted Cyber Attack on an Israeli Hospital”, INCD, 18 December 2023.
14. Ibid.
15. Clint Watts, “Iran Accelerates Cyber Ops Against Israel from Chaotic Start”, Microsoft, 6 February 2024.
16. Ibid.
17. “Israel National Cyber Security Strategy In Brief”, INCD, September 2017.
18. Charles D. Freilich, Matthew S. Cohen and Gabi Siboni, Israel and the Cyber Threat: How the Startup Nation Became a Global Cyber Power, Oxford University Press (Kindle Edition).
19. “Israel International Cyber Strategy: International Engagement for Global Resilience”, INCD, July 2021.
Rohit Kumar Sharma is Research Analyst at the Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA), New Delhi. This article was originally published by Institute for Defense Studies and Analyses.
