Special Knesset Committee on Cyber Security Chair: Ben Dinovelli

asdf Special Knesset Committee on Cyber Security Chair: Ben Dinovelli Xx1

Contents Chair s Letter.....3 Introduction........4 Current Situation....... 4 Organizational Body: The Knesset....5 History of Cyber Security......6 History of Israel and Iran.......7 Israeli Cyber Policy... 9 Positions...11 Topic A: Identification and Response..........16 Types of Attacks......16 Previous Known Incidents... 17 Attribution...........18 Response......19 Topic B: Protection and Civil Liberties...21 Privacy.....21 Desalination......22 Bibliography.....24 2

Chair s Letter Dear Delegates, Welcome to PMUNC 2015 and the Special Knesset Committee on Cyber Security! My name is Benjamin Dinovelli, and I am excited to be your chair at this year s conference. A little about myself, I hail from the great (but small) state of Connecticut. I am a senior at Princeton University, pursuing a degree at the Woodrow Wilson School with a special focus on technology policy. On campus, I work as an editor for the campus newspaper, The Daily Princetonian, lead the illustrious Princeton Tower Club s intramural sports team to victory, and debate with the Princeton Debate Panel. Our committee will have the exciting opportunity to explore a relatively new policy area: cyber security mitigation. Cyber security is increasingly becoming a major national security threat. As discovered last June, Chinese hackers had access to the U.S. Office of Personnel Management (OPM) s network, siphoning off thousands of files, including SF- 86 forms that contain extremely sensitive and personal federal employee data. The Internet is a powerful tool. Although it provides numerous benefits, these same capabilities can cause great harm. For the past several years, the focus has been on preventing cyber attacks. However, it is now clear that the question of cyber security can no longer be if, but rather when. In October 2012, former Defense Secretary Leon Panetta warned of future cyber attacks being as destructive as the terrorist attack on 9/11. Such a scenario can no longer be ignored. Our panel will address cyber security in a post cyber attack world. Delegates will take on the perspective of the Israeli Knesset, responding to a major cyber attack that has been traced back to computers from inside Iran. This committee will have to address attribution and response. Does a cyber attack constitute an act of war? What restraints should be placed on cyber attacks? These are some of the questions delegates will have to answer. The Knesset will also have to figure out how to prepare itself moving forward. What steps must be taken to protect the Israeli government and, more importantly, the Israeli people? The Internet has been heralded as a wild west with limited regulation or control. To protect itself from potential vulnerabilities, what protections, if any, should the Israeli government place to patch up potential vulnerabilities? I am excited to see what you guys will come up with. Short- term sacrifices may have long- term implications. Fundamental values will conflict. Your actions today will shape the Internet of the future. Best regards, Benjamin Dinovelli 3

Introduction Current Situation The Year is 2018. Tensions between Israel and Iran have continued to escalate. After the relaxation of sanctions reached through the Iran nuclear deal of 2015, Iran s economy experienced dramatic growth. With Iran s gradual reintroduction to the international community and its improving economy, Israel has increasingly perceived Iran as a greater existential threat. 1 Increased attacks from Hezbollah and Hamas in Israel only fueled this sentiment. While Tehran claimed no responsibility, many experts believe that the Khomeini sanctioned such attacks in order to appease hardliners of the Iranian right. 2 Physically separated from Iran and unable to attack without risking the ire of the international community, Israel has turned to cyber provocation. What initially started as network interference and data theft has resulted in an all out cyber war. Leaders in neither nation want to risk the possible escalation of a physical conflict. However, continued small- scale cyber attacks have so far caused billions of dollars in damage to Israeli and Iranian infrastructure and become a source of increased tension in both countries. Last summer, in 2017, Iran conducted a massive cyber attack on Jerusalem s water system. Israel heavily relies on several desalination plants to meet 80 percent of domestic water use to complement fresh water obtained from the Sea of Galilee. 3 A cyber attack caused the desalination plants to malfunction, introducing unpurified salt water into Israeli water systems. To prevent the system from being corrupted with undrinkable water, Israel temporarily shut down its plants, imposing strict restrictions on water use during the hottest time of the year. The Israeli people are upset and demand a response. Now, the Prime Minister has called the Knesset into a special session to discuss both how it will address this most recent provocation and how it will set cyber security policy for the future. Do cyber attacks constitute acts of war? Where is the line drawn between public security and privacy? These are the questions that the Knesset of 2018 must answer. 1 http://www.theatlantic.com/international/archive/2015/02/on- existential- threats/385638/ 2 http://www.brookings.edu/research/testimony/2015/07/09- pollack- iran- nuclear- agreement 3 http://www.mcclatchydc.com/news/nation- world/national/article24765472.html 4

Organizational Body: the Knesset You are a member of the Knesset. The Knesset is Israel s parliament, the legislative branch of the Israeli government that proposes, passes, and enacts laws and is located in Jerusalem. Knesset members are not directly elected. Instead, it is a parliamentary system where parties are allocated seats based on how they perform in a nationwide election. 4 Voters cast a ballot for a specific party. Based on the percentage of votes a party receives, that party receives a specific amount of the 120 available seats in the Knesset (as long as they achieve at least 3.25 percent of the popular vote). Because of this system, the Knesset consists of multiple political parties that cover a wide range of interests. If one party does not win the majority of the votes, and, thus, a majority of the seats (61 seats), the party that receives the most votes has the right to form a coalition. A coalition is an agreement among several parties to reach that 61- seat threshold. 5 As a result, even a ruling coalition may consist of different ideological beliefs depending on the issue. Organizationally, the Knesset is divided into committees. Each committee has the authority to propose legislation in its particular area. Special committees may be created to address specific issues that are relevant to the time period. In 2015, the Knesset had three special committees for Drug Abuse, Rights of the Child, and Foreign Workers. 6 Each delegate will be assigned to a political party to represent in the Knesset. General views of the party on each topic will be specified further below. Certain parties will have stronger sentiments about certain industries or certain practices. Values and interests, even in the same party, may conflict. 4 http://www.ynetnews.com/articles/0,7340,l- 4623499,00.html 5 http://www.nytimes.com/live/israel- elections- vote- results/in- israel- there- are- different- ways- to- count- to- 61/ 6 http://www.knesset.gov.il/description/eng/eng_work_vaada.htm 5

History of Cyber Security In 1969, the Advanced Research Projects Agency created ARPANET, the precursor to the modern- day Internet. 7 When ARPANET and later the Internet were implemented, few conceived that it would become as imperative to society as it is today. At the time, the Internet served to exchange information among and between government and academic institutions. However, in the mid- 1990s, the Internet gained a commercial element. 8 By September 1995, 97 percent of the Internet was commercial, supporting businesses in a wide range of industries. In 1995, only 14 percent of Americans consistently used the Internet. Today, the Internet is a key fixture of society with 87 percent of the population having access to the Internet. 9 Despite its inception in the late 1960s, the Internet s destructive capacity would not be realized until almost two decades later. In 1988, Robert Morris Jr., a Cornell graduate student, created a program to measure the size of the Internet. When released, it caused computers to crash, spreading rapidly throughout the web. 10 Causing hundreds of thousands in damage, the Morris worm, named after its creator, demonstrated the potential economic damage the Internet could impose. The late 1990s and early 2000s saw the rise of multiple cyber attacks, normally conducted by rogue individual actors. 11 In 2007, the world experienced the first state actor use of the Internet as a tool of aggression when it appeared that Russia used the Internet to shut down Estonia s government and banks after a dispute over a World War II memorial (see Topic A, Previous Known Incidents for more details). The world was shocked again in 2010 when it was 7 http://www.nsf.gov/od/lpa/news/03/fsnsf_internet.htm 8 Ibid. 9 http://www.pewinternet.org/data- trend/internet- use/internet- use- over- time/ 10 http://groups.csail.mit.edu/mac/classes/6.805/articles/morris- worm.html 11 http://content.time.com/time/nation/article/0,8599,1902073,00.html 6

discovered that Iranian centrifuges physically malfunctioned due to a virus, most likely launched by the United States and Israel. The 2010s also saw the nature of cyber attacks change. Large- scale attacks were implemented against major businesses and financial groups. In February 2015, Anthem, the second largest healthcare insurer in the United States was subject to a cyber attack where hackers obtained data on tens of millions of customers and employees. 12 A major attack shortly afterwards on SONY introduced questions on whether attacks on private actors required government intervention, especially when some of these private companies held data that affected millions of citizens. As the Internet is becoming more essential, not only for users but also for companies that are now using the Internet for new features (i.e., the Internet of Things) and for their own internal use (i.e., online infrastructure grids), policy makers are now concerned about the impact and amount of damage cyber attacks can reap on a country. History of Israel and Iran Israel currently perceives Iran as an existential threat to its sovereignty. It was revealed in the summer of 2015 by the former Israeli Defense Minister Ehud Barak that Israel drew up plans to attack Iran in 2010, 2011, and 2012. 13 After the announcement of an international deal in 2015 between Iran and six major world powers (China, France, Russia, the United Kingdom, the United States, and Germany), Israeli Prime Minister Benjamin Netanyahu strongly opposed the deal. Fearing that it would only move Iran closer to a nuclear weapon, Netanyahu labeled the deal a historic mistake. 14 This tension has not always been the case historically. The tumultuous relationship between Israel and Iran is reflected in Iran s several differing governments in the past half- century. Under the American- friendly Pahlavi dynasty, Iran maintained close ties with Israel since Israel s inception as a formal state in 1948 until the 1979 revolution. 12 http://www.bloomberg.com/news/articles/2015-02- 05/anthem- hacked- in- sophisticated- attack- exposing- customer- data 13 http://www.cnn.com/2015/08/22/middleeast/israel- plan- iran- military- target- strike/ 14 http://www.nytimes.com/2015/07/15/world/middleeast/iran- nuclear- deal- israel.html 7

At first, after the revolution, it appeared that relations might normalize. During the 1980s, Israel continued to provide weaponry to Iran, fueled both by Iran s need to defend itself against the more immediate threat of Iraq and potentially the Soviet Union. 15 However, after Iran and Iraq reached a ceasefire in 1988 and the Soviet Union fell in 1991, Iran no longer faced any direct regional opposition. (Map of the region. Orange depicts Israel; Green depicts Iran) The lack of an immediate geopolitical threat allowed Iran to turn towards empowering other Shiite groups in the region in order to strengthen its own geopolitical influence. When Israel entered Lebanon to defeat the PLO in 1982, Iran moved troops into the region to deter further Israeli action. Throughout the last quarter century, Iran has continued to train and provide weapons to Shiite militias, resulting in a proxy war that has lasted until the present day. A 34- day conflict between Israel and Hezbollah in 2006, in which Iran provided military support, only reinforced this perception. To this day, Iran and Israel maintain poor relations. Aggressive rhetoric under the former Iranian President Mahmoud Ahmadinejad and Iran s pursuit to build a nuclear weapon transformed Iran from a rival to an existential threat. Prime Minister Benjamin Netanyahu s opposition to the 2015 Iranian deal only cements these current tensions. 15 http://iranprimer.usip.org/resource/iran- and- israel 8

Israeli Cyber Policy The continued regional tension between Israel and Iran has colored Israel s cyber policy. In 1997, Israel launched the Tehila Project (Government Infrastructure for the Internet Age Israel s e- Gov Project), aiming to ensure secure connections between government networks to protect communication and the exchange of confidential materials. 16 The program quickly grew. As the Internet became more prominent, the Israeli government felt the need to create additional programs to address different cyber threats. Five years later, Israel created the National Information Security Authority to protect computerized infrastructure to avoid legal conflicts between military and domestic protection. 17 In 2010, due to different organizations competing for jurisdiction and authority, Israel created a committee with the goal of updating its national cyber policy. The committee produced a document called the National Cybersecurity Initiative, which listed seven areas for Israel to focus on, including education, knowledge of infrastructure, plan for emergencies, and upgrading technical and legislative defense measures. In 2011, Government resolution 3611 was passed, implementing several of the recommendations made by the 2010 committee. The main change was the creation of the National Cyber Bureau, part of the Prime Minister s office, allocating the organization a budget of approximately $500 million per year. In 2014, the Israeli government decided to create the National Cybersecurity Authority, in addition to the already existing National Cyber Bureau and IDF Cyber Forces, to focus exclusively on the risk of cyber attacks on the private sector and markets. 18 Throughout, Israeli national intelligence, Shin Bet, has also had a unit designated for cyber warfare that was only discovered publicly in 2014. 19 Israel has several organizations that are responsible for either cyber security or warfare. The main ones are listed below: 16http://www.pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Pages/Bac kground.aspx 17 http://sectech.tau.ac.il/sites/default/files/publications/article_3_12_- _chaire_cyberdefense.pdf 18 http://www.algemeiner.com/2015/06/23/netanyahu- details- israeli- cyber- defense- strategy- efforts- to- consolidate- cybersecurity- programs/# 19 http://www.israelnationalnews.com/news/news.aspx/179925#.vd0ebdnviko 9

National Information Security Authority (NISA) The Authority is the cyber warfare arm of Shin Bet, Israel s security agency. 20 The NISA plays an advisory role, supervising the Bank of Israel, the Israel Securities Authority, the Israel Electric Corporation, Israel Railways and other corporations that manage Israel s infrastructure. The NISA is the main body for cyber defense. National Cyber Bureau The Bureau is part of the Prime Minister s office, created in 2011. 21 Working on a more strategic level, the Bureau helps the Prime Minister set national cyber policy. In specific, the Bureau is responsible for advancing defense and building national strength in the cyber field, building up Israel s lead in the cyber field, and advancing processes that support the first two tasks. IDF Cyber Forces The IDF Cyber Forces is Israel s digital army, fighting the fifth realm of warfare (in addition to land, sea, air and space). 22 Unlike other organizations that are focused on using cyberspace to obtain intelligence or provide defense, the IDF focuses on offense. Unit 8200 within the IDF is well known for its intelligence gathering capabilities. National Cybersecurity Authority In the past, Israel focused primarily on national security threats. The National Cybersecurity Authority was established in 2014 to protect civilian cyberspace and Israeli markets. Serving in a defensive capacity, the National Cybersecurity Authority directly addresses the non- physical threat of foreign forces on private citizens through cyberspace. 20 http://www.ynetnews.com/articles/0,7340,l- 4176543,00.html 21 http://www.sectech.tau.ac.il/cyberconference/index.php/israeli- national- cyber- bureau 22 http://www.haaretz.com/news/diplomacy- defense/idf- forms- new- force- to- combat- cyber- warfare.premium- 1.506979 10

Positions Positions for both topics are based on the current make- up of the Knesset in Delegates will be assigned a political party to represent, rather than a specific Knesset member. In the section below, there are sections on each party and their platforms as a basis for identifying positions on these issues that will be debated in this committee. Anat Berko (Likud) Berko rose to prominence in the Israeli and the international stage not as a politician, but as a terrorism expert. She specializes in suicide bombers, but her general knowledge of terrorism will help the Knesset evaluate the chances of Iran allying with terrorists to launch cyber attacks. 23 She greatly admires the current Prime Minister, Benjamin Netanyahu, and often agrees with his stances on issues. 24 But she seems to take a more moderate stance on Iran, seeming unsure whether military strikes would solve the nuclear Iran problem. 25 The Likud party, overall, believes that active anti- terror activities [ ] do constitute a substantial intrusion on the lives of those being monitored. The level of monitoring should be based on the magnitude of terrorist attacks currently occurring in Israel, with more restrictions during heighten times of national security. This level of security should be regularly reviewed, preferably reviewed on an annual basis by the legislature and with judicial oversight. Isaac Herzog (Zionist Union) Isaac Herzog currently serves as the opposition leader in the Knesset. Herzog was considered weak on national security issues during the 2015 Knesset election. His political motivation is to move the country leftward, while working towards a two- state solution. The Zionist Union platform talks about strengthening and building up the IDF, while also acknowledging the need to wisely and responsibly balance it with the other needs of Israeli society. 23 http://www.bicom.org.uk/analysis- article/24799/ 24 http://www.timesofisrael.com/after- seeing- hamas- up- close- a- netanyahu- clone- aims- for- the- knesset 25https://www.washingtonpost.com/opinions/if- israel- bombed- iran- what- would- life- in- tel- aviv- be- like/2012/09/21/7f86e55e- 776a- 11e1-883d- f22537a8ca20_story.html 11

Ayman Odeh (Joint List) Ayman is the current leader of the Joint List. A self- described socialist, his main political focus is on strengthening ties between Jewish and Arab segments of the population. In this sense, Ayman would be opposed to any attempts to segregate or differentiate the population on the basis of ethnic grounds. The Joint List party is a unique coalition of four Arab- majority parties. Formed in 2015, it was the first time that all the major Arab parties ran under one party. As a result, the party hosts a wide array of views from far- left to closer to the center. Yair Lapid (Yesh Atid) Yair Lapid is chairperson of the Yesh Atid party. Lapid served as finance minister under Prime Minister Netanyahu until a dispute over economic issues. Yesh Atid is a centrist, secular political party with a focus on domestic economic reform. Moshe Kahlon (Kulanu) Moshe Kahlon, sworn in during 2015 as Finance Minister, is the leader of the Kulanu party. Kahlon became known for his breakup of the cellphone monopolies. In general, he opposes all monopolies, as a fan of competition in the infrastructure sector. Kahlon fears that regulations will interfere with the market. Kulanu, in general, is a centrist party. The party is generally socially liberal. However, during the 2015 elections, Kahlon adopted a more right- leaning approach to national security issues. Ayelet Shaked (The Jewish Home) Ayelet Shaked is Minister of Justice and a computer engineer, beginning her career first as a software engineer for Texas Instruments. Known for her conservative politics, her focus is on strengthening the Jewish identity of Israel. She proposed a nationality bill that many claimed would disenfranchise Israel s Arab minority. The Supreme Court, known as a large supporter of civil rights, has rejected multiple policies that she has supported. The Jewish Home Party draws a lot of support from Israeli settlers who live in the West Bank. It is viewed as a religious modern party. 12

Aryeh Deri (Shas) Aryeh Deri is Minister of the Economy. He is strongly supported by the military community. However, he is infamous for being convicted of a corruption scandal in the prior decade. The Shas party is comprised of ultra- Orthodox Sephardic Jews, with a large focus on issues of discrimination against that segment of the population. Yaakov Litzman (UTJ) Yaakov Litzman is the leader of the United Torah Judaism party. Yaakov is likely to base his position on religious concerns, more than security or diplomatic ones. The United Torah Judaism party is a combination of two ultra- Orthodox religious parties, opposing the separation of church and state, civil marriage, and businesses being open on the Sabbath. The party promotes the integration of Jewish law into the state. Avigdor Lieberman (Yisrael Beiteinu) Avigdor Lieberman served as Minister of National Infrastructure in 2001-2002 and Minister of Foreign Affairs for most of the last decade. Yisrael Beiteinu is an ultra- nationalist, secularist party whose voters are mainly former immigrants from the Soviet Union. The party is hawkish on foreign policy and security. Zehava Gal- On (Meretz) Gal- On is chairwoman of the liberal Meretz party. The Meretz party focuses on renewing diplomatic discourse, mending relations between state and religion, and the inculcation of liberal values. 26 Its main focus is on a two- state solution. The Meretz party, due to its liberal views, is likely to oppose steps that threaten the civil liberties of the Israeli people, running on protecting civil liberties during the recent election. Additionally, the Committee has special seats for special members, outside of the Knesset, who can provide a broader range of experience, expertise, and perspective on cyber security. These positions are: 26http://www.haaretz.com/opinion/.premium- 1.668319 13

Yoram Cohen (Director, Shin Bet) Yoram Cohen is already overseeing a number of cyber security measures as Director of the Israel Security Agency. Notably, unit S- 74 has countered a number of large- scale cyber attacks against Israel. 27 As a result, Cohen and his agency will likely be in favor of increasing cyber security despite its costs to privacy. Furthermore, his agency views Iran as a huge threat to stability in the Middle East. He has claimed that Iran purposely targeted Israeli scientists and partnered with several terrorist organizations. 28 Cohen has threatened retaliation before, and it is likely he will do so again. 29 Major General Herzl Halevi (Chief of Aman) Major General Halevi heads Israel s Military Intelligence Agency, Aman. While the agency agrees with the PM s opinion that negotiations with Iran would be risky, it also recognizes that diplomacy could bear some fruit. For instance, in the Iran nuclear arms deal, Aman noted that, while the deal was dangerous overall to Israel, the deal had the possibility of bringing more stability to the region. Thus, Halevi and Aman would not rule out increased security and military action, but they would advocate caution rather than impulsive action. 30 Moshe Ya alon (Minister, Ministry of Defense) Ya alon uses his powers as Defense Minister to take immediate, strong- handed action against any and all threats against Israel. This is perhaps due to his career of military service and his membership to the Likud party. 31 Ya alon particularly views Iran as a huge threat to the stability of the Middle East. He views the US deal with Iran as a fatal error and believes that pressuring the regime is the only way to achieve results. 32 And his past history of using force to achieve security leads one to expect Ya alon to favor military or economic action and counter cyber attacks against Iran. 3334 27http://www.israelnationalnews.com/News/News.aspx/179925#.Vfc6951Viko 28http://www.theguardian.com/world/2012/feb/03/iran- israeli- targets- retaliation- scientists 29Ibid. 30 http://www.timesofisrael.com/israels- military- intelligence- sees- some- benefits- more- risks- in- iran- deal/ 31https://en.wikipedia.org/wiki/Moshe_Ya%27alon 32http://www.spiegel.de/international/world/israeli- defense- minister- moshe- yaalon- critizes- iran- deal- a- 1047260.html 33Ibid. 14

Rav Aluf Gadi Eizenkot (Chief of General Staff, IDF) As the leader of the Israeli Defense Force, Eizenkot ultimately answers to the PM. He is tasked with protecting the country and, if the leadership feels that Israel is in danger, he must respond. 35 However, the IDF is also currently combatting delinquency, lack of accountability for decisions, and budget cuts. So, while the IDF will do what it takes to secure the country, it must also be smart about how to manage its material and human resources. 36 Peretz Lavie (President, Israel Institute of Technology [Technion]) Technion has already been preparing for Day Zero the day that hackers are able to infiltrate key infrastructure systems. 37 It recognizes that hackers do not need to be smart, just patient and, so, an attack could come from anywhere. Not to mention that each day the school discovers more back doors and vulnerabilities in vital programs. Technion, therefore, will probably advocate more cyber security measures and countermeasures. 34http://www.algemeiner.com/2015/09/01/israeli- defense- minister- hamas- has- displayed- commitment- to- ceasefire- with- israel/# 35 http://www.israelnationalnews.com/news/news.aspx/197486#.vfdtmz1vikp 36 http://www.haaretz.com/news/diplomacy- defense/.premium- 1.671121 37 http://www.technion.ac.il/en/2012/01/ready- for- day- zero- pioneering- cyber- security/ 15

Topic A: Identification and Response We see ourselves as a global cyber incubator. Eviatar Matania, head of Israeli Cyber Bureau Due to the continued cyber attacks on Israeli infrastructure, Israel needs to form a unified policy on how to handle current and future incidents. In no particular order, the Special Committee of the Knesset is tasked with: 1. Defining what cyber actions constitute an act of war; 2. Determining how to identify whether another nation state or state actor is responsible; 3. Deciding, if an attack counts as an act of war and the attacker can be identified, how to respond. Answering these questions will play a major role in determining how Israel conducts itself in response to future attacks. What is an Act of War? The United Nations in a 1974 General Assembly Resolution defined aggression as the bombardment by the armed forces of a state against the territory of another state or the use of any weapons by a State against the territory of another State. 38 Can these cyber tools be considered weapons? The Committee must take into account the capabilities of cyber attacks, both potential and realized. In addition, it will be important to consider the target. Types of Attacks It is important to know what kinds of attacks Israeli infrastructure can be subject to. Different types of attacks are more likely to cause physical or economic harm. While some attacks may be more direct, done to cause damage or interfere with a network, others will be subtler, conducted to obtain information. In a similar vein, certain types of attacks are more likely to occur because of human error than because of the architecture of the attacked network. Distributed Denial of Service ( DDOS ) A DDOS attack overwhelms a network with a large volume of requests, causing the network to fail. 39 Normally, one coordinating computer will have several bots (or zombies), other computers under 38 http://www.un- documents.net/a29r3314.htm 39http://www.digitalattackmap.com/understa nding- ddos/ 16

its control, which will all target traffic simultaneously at one target. Phishing A phishing attack aims to obtain data from a user by convincing a target to download malicious software or voluntarily provide login or access information. 40 Phishing attacks occur because of a failure by an end user, who is deceived. Virus A virus is a malicious computer program that attaches itself to other files. 41 It has to be executed to inflict damage. The most common form is through unknown documents or photos that are attached to emails and opened by recipients. Worms A worm is a self- propagating program that inflicts harm on computers. 42 Unlike a virus, an end user does not need to open a file or an attachment. As a result, worms are much more dangerous and much harder to stop once released. Previous Known Incidents It is important to know what these types of attacks are actually capable of. Over the past decade and a half, several nations have used cyberspace to hurt other nations. Some examples include: Stuxnet in Iran In January 2010, the International Atomic Energy Agency noticed that Iranian centrifuges in their Natanz enrichment plant were consistently failing. It was later discovered that the Iranian centrifuges had been infected by the Stuxnet worm, which spread out from the plant and infected computers internationally. 43 Unlike previous attacks that simply caused software issues or led to data loss, the Stuxnet virus was the first reported kinetic attack (a cyber attack that caused physical damage). The Stuxnet virus caused valves in centrifuges to malfunction, leading to increased pressure. It is suspected that the Stuxnet virus was part of Operation Olympic Games, a coordinated effort from the United States and Israel to delay Iran s nuclear program through cyber warfare. 44 40http://www.microsoft.com/security/online - privacy/phishing- symptoms.aspx 41http://www.personal.psu.edu/users/j/m/j ms6423/engproj/types%20of%20attacks.xh tml 42 Ibid. 43http://www.wired.com/2014/11/countdo wn- to- zero- day- stuxnet/ 44 http://www.nytimes.com/interactive/2012 /06/01/world/middleeast/how- a- secret- cyberwar- program- worked.html 17

DDOS Attack in Estonia In 2007, after the Estonian government moved a controversial Soviet World War II memorial, the Bronze Soldier of Tallinn, Estonian government and banking networks experienced a denial of service attack, forcing these institutions to shut down their networks and preventing Estonians from being able to access these services until they were repaired. 45 Estonia s government is unique in that a majority of its government services are hosted online. After the attack, the Estonian government claimed it traced the denial of service attack back to Russia. In response, NATO acknowledged cyber warfare as a possible form of attack, and, in 2012, the EU declared hacking IT systems to be a criminal offense. 46 Operation Aurora in the United States In January 2010, Google publicly announced that they had been subject to a Trojan horse cyber attack originating from China. 47 According to Google, it appeared that the hackers attempted to 45http://www.nbcnews.com/id/31801246/n s/technology_and_science- security/t/look- estonias- cyber- attack/#.vdpyg9nviko 46http://www.europarl.europa.eu/news/en/n ews- room/content/20120326ipr41843/html/ha cking- IT- systems- to- become- a- criminal- offence 47http://googleblog.blogspot.com/2010/01/n ew- approach- to- china.html gain access to Gmail accounts of Chinese human rights activists in the US, Europe and China. After investigation, it appeared that the nature of attack was similar to other attacks conducted by the Chinese government. 48 Shamoon in Saudi Arabia On August 15, 2012, the networks for Saudi Aramco, a Saudi state owned oil company, were attacked by a computer virus. The virus, called Shamoon, erased data on three- quarters of Aramco s corporate PCs. 49 Aramco was forced to shut down its networks and even several months later still experienced technical difficulties. The attack did not cause any loss of life or bodily harm; however, the attack cost millions of dollars to repair. Security experts believe that Iran is responsible for the attack, although it is not fully known. Attribution Determining Motive It may be somewhat difficult for the Knesset to determine with high accuracy what state actor (or non- state actor) committed a cyber attack. 48http://www.symantec.com/content/en/us/ enterprise/media/security_response/whitepa pers/the- elderwood- project.pdf 49http://www.nytimes.com/2012/10/24/bus iness/global/cyberattack- on- saudi- oil- firm- disquiets- us.html?_r=0 18

On the one hand, the Knesset could use motive. For instance, it is well known that Israel and Iran see each other as regional threats. If an attack is traced back to Iran, one might think that the Iranian government condoned such an attack, especially if the attack is complex or conducted on a mass scale. However, malicious parties are also aware of these tensions. Other nations or non- state actors could take advantage of this information, re- routing an attack through another nation, such as Iran to make Iran look culpable. Finding Patterns The Knesset can rely on the types or patterns of attack, in addition to geographic information, to try to determine which state actor was behind an attack. Based on the level of complexity, scope and target, it may be possible to have a better assumption of the attacker. Response There are several ways that Israel can respond if Iran and other actors continue to rely on cyber tactics. Depending on the motives of the party that you represent, the Knesset must consider whether they believe that certain methods are more likely to reduce or escalate conflict. Increasing Proactive Cyber Attacks Similar to the Stuxnet virus, cyber attacks of the future could be used to inflict real and physical harm. Such attacks are advantageous both in that they are remote, risking fewer lives in the process, and in that they are harder to attribute, making it less likely that a conflict may escalate since it will be harder to clearly identify that Israel is directly responsible. However, policy makers should be wary that such attacks might transcend current hesitations. If people are being physically hurt by such attacks, other nations may be more likely to respond with cyber attacks that are of similar magnitude. Alternatively, other state- level actors may simply respond physically, seeing it as a straight provocation of war. Using Attacks as Preventative Measure Offensive cyber attacks are similar to nuclear weapons in that they are seen as un- useable. Instead of using attacks proactively, attacks could simply be used as a matter of last resort. Stuxnet may be more closely regarded as a preventative measure, used to prevent an escalation of conflict with the creation of an Iranian nuclear weapon. While it is less likely that such a move could cause an escalation, there are still plenty of legal questions that 19

surround such attacks. Following the UN s 1974 definition, such attacks would very likely classify as moves of aggression. Members who are strict interpreters of international law may still see such actions as unjustifiable. Focusing on Solely Defense Capabilities Instead of attacking, it may be better to simply focus the Israeli government s efforts on building stronger protection. The difficulty in such a stance is that it is almost impossible to predict what kind of attack will be launched in the future. While certain more obvious steps can be taken, it is no guarantee against Israel being subject to attack in the future. Responding with Physical Attacks Regardless of prior incidents, members of the Knesset may view cyberspace as inappropriate for combat. Rather than wasting efforts with cyber attacks, the Knesset may find that it is more efficient simply to rely on conventional physical means to deter future cyber attacks. 20

Topic B: Protection and Civil Liberties You can t ignore security for the sake of maximum protection of privacy, certainly in a country like Israel, and expose us to every whim of a terrorist. But the other extreme of security above all isn t good, and doesn t suit a democracy and the business environment. Professor Isaac Ben- Israel, Tel Aviv University Even with strong deterrence, it is inevitable that Israel will be subject to a cyber attack in the future. When that happens, it is imperative for Israel to have a strong cyber defense in place. In doing so, the Knesset must address: 1. Balancing the privacy of its citizens on an individual basis with the ability of Israel to properly defend itself; 2. Determining where privacy law should be determined (e.g. Basic Law, statutory law, or through judicial decisions); 3. Regulating private companies (in this case water desalination plants), whose operations have a larger public impact. Privacy Members of the Knesset must determine what level of privacy, as a society, Israel should have. Should the status quo be maintained, strengthened, or restricted? Currently, Israel uses a private affairs standard to determine what falls under privacy law. Should this definition be modified at all? Primary Legal Framework In Israel, privacy is enshrined as a basic right both in Basic Law, through the Basic Law: Dignity and Liberty, and in statutory law, through the Privacy Protection Law, 5741-1981. 50 According to the Basic Law, privacy is defined as: 1. All persons have the right to privacy and to intimacy; 2. There shall be no entry into the private premises of a person who has not consented thereto; 3. No search shall be conducted on the private premises of a person, nor in the body or personal effects; 4. There shall be no violation of the confidentiality of conversation, or of the writings or records of a person; 50 http://www.loc.gov/law/help/online- privacy- law/israel.php 21

However, like all Basic Laws, they must [comport with the] values of the State of Israel, [be] enacted for a proper purpose, and [be enacted] to an extent no greater than is required. Statutory law has also been passed to extend privacy protections. Privacy Protection Law, 5741-1981, applies the Basic Law to online databases as well. However, there are exceptions. Criminal Procedure Law, 5768-2007, allows the disclosure of protected private online information where it is needed to save or protect a life, investigate or prevent offenses, or contribute to the indictment of offenders or to lawful confiscation of property. 51 Scope Privacy applies to anything considered private affairs. The term private affairs is considered dynamic, depending on specific time, place, and society. 52 In terms of telecommunications, pieces of information that currently fall under private affairs include: Telephone numbers from and to whom conversations were made; The time of dialing or receiving; Identity of user based on IP address. 51 http://www.loc.gov/law/help/online- privacy- law/israel.php 52Ibid. Desalination Water, an already scarce resource, is even scarcer in the Middle East. Rainfall is only common in the winter, requiring vast efforts to preserve water during the rest of the year. The lack of water poses the potential to cause major domestic unrest and can lead to conflicts between neighboring countries. Israel s dependence on water is only fueled by recent memory. From 2005 to 2009, Israel was in one of the worst droughts in its modern history. Its two main water sources, ground water and the Sea of Galilee, were bone dry. And even if rain did finally come, the 0.75 billion gallons of water available in Israel would have been unable to provide the 515 billion gallons used by Israel each year. 5354 This demand was projected to increase over time, making the need for a reliable water source even more pressing. As a result, Israel has turned to desalination to prevent future potential water shortages. As of today, Israel uses 9 desalination and purification plants across the country to supply the nation s water. In 2014, desalination plants were responsible for 35 percent of Israel s 53http://www.forbes.com/sites/stratfor/201 3/12/26/israels- water- challenge/ 54http://www.nytimes.com/2015/05/30/wo rld/middleeast/water- revolution- in- israel- overcomes- any- threat- of- drought.html?_r=0 22

water supply and projected to increase to 40 percent the next year. 55 In addition to desalinization, these plants also purify and recycle wastewater to be reused in agriculture. Mekorot, Israel s National Water Company, manages these plants and all other national water infrastructure, operating a nationwide water supply network. Meanwhile, private corporations maintain local water infrastructure. All of this is overseen by the Water Authority, which is responsible for the administration, operation and development of the Israeli water economy, including the preservation and restoration of natural water resources, the development of new water resources, and the oversight of water consumers and producers. 56 subject to cyber attack through other means, such as the Stuxnet virus, which entered the network at Natanz through a USB flash drive. External protections may not be adequate enough. The Knesset may also focus on indirect factors that impact the network, including employee technology use or physical overdrives or participation requirements, preventing commands from being done solely through a computer command. Role of the Internet It is known that the Sorek plant, one of the major desalination plants, is not connected to the Internet but rather relies on a private intranet server. It is unclear what level of protection other plants currently have in place. Even plants that are not connected to the wider web, in theory, could still be 55 http://news.yahoo.com/israel- solves- water- woes- desalination- 053359192.html 56http://energy.gov.il/English/Subjects/wate r/pages/aboutwater.aspx 23

Bibliography "A Beginner's Guide to Israel's Elections." Ynet. Yedioth Internet., 5 Feb Web. 14 Sept. "A Look at Estonia s Cyber Attack in 2007." MSNBC. Associated Press, 08 July 2009. Web. 14 Sept. Ahren, Raphael. "After Sitting with Terrorists, a Netanyahu Stalwart Seeks a Knesset Seat." The Times of Israel. The Times of Israel, 11 Mar. Web. 14 Sept. "Anat Benko." Wikipedia. Wikimedia "Aryeh Deri." Wikipedia. Wikimedia "Avigdor Lieberman." Wikipedia. Wikimedia Foundation, n.d. Web. 14 Sept. "Ayelet Shaked." Wikipedia. Wikimedia "Ayman Odeh." Wikipedia. Wikimedia "Background for the Establishment of the Bureau." Prime Minister's Office. N.p.,The State of Israel. Web. Bergman, Ronen, and Holger Stark. "Israeli Defense Minister: 'We Can in No Way Tolerate an Iran with Nuclear Weapons'" Spiegel Online International. Der Spiegel, 7 Aug. Web. 14 Sept. Berko, Anat. "If Israel Bombed Iran, What Would Life in Tel Aviv Be Like?" The Washington Post. The Washington Post, 21 Sept. 2012. Web. 14 Sept. Brumfield, Ben. "Report: Israeli Leaders Planned Attack on Iran Military. CNN. Cable News Network, 22 Aug. 2015, Web. 14 Sept. Cohen, Gili. "IDF Forms New Force to Combat Cyber Warfare - Diplomacy and Defense." Haaretz.com. Haaretz Daily Newspaper Ltd., 4 Mar. 2013. Web. 14 Sept. Daoud, David. "Israeli Defense Minister: Hamas Has Displayed Commitment to Ceasefire With Israel." The Algemeiner. The Algemeiner, 1 Sept. Web. 14 Sept. "Digital Attack Map." What Is a DDoS Attack? -. Google Ideas & Arbor Networks Inc., 2013. Web. 14 Sept. Drummond, David. "A New Approach to China." Official Google Blog. Google, 12 Jan. 2010. Web. 14 Sept. 24

Dvorin, Tova. "Secret Shin Bet Unit at The Front Lines of Israel's Cyber- War." Arutz Sheva. Arutz Sheva, 25 Feb. 2014. Web. 14 Sept. European Parliament. Justice and Home Affairs. Hacking IT Systems to Become a Criminal Offence. European Parliament. European Parliament, 27 Mar. 2012. Web. 14 Sept. Fallows, James. "On 'Existential' Threats." The Atlantic. Atlantic Media Company, 19 Feb. Web. 14 Sept. Federman, Josef. "Israel Solves Water Woes with Desalination." Yahoo! News. Associated Press, 30 May 2014. Web. 14 Sept. General Assembly resolution 29/86, Definition of Aggression, A/RES/29/3314 (14 December 1974), available from http://www.un- documents.net/a29r3314.htm Greenberg, Joel. "Israel No Longer Worried about Its Water Supply, Thanks to Desalination Plants." McClatchyDC. McClatchy Washington Bureau., 20 Mar. 2014, Web. 14 Sept. Greene, Toby. "Likud Candidate Anat Berko Interviewed by Toby Greene."BICOM. BICOM, 13 Mar. Web. 14 Sept. "Gilad Erdan." Wikipedia. Wikimedia Harrison, Crayton. "Anthem Hacked in 'Sophisticated' Attack on Customer Data." Bloomberg.com. Bloomberg, 4 Feb. 2015, Web. 14 Sept. Hart, David. "NSF - OLPA - Fact Sheet: A Brief History of NSF and the Internet." NSF - OLPA - Fact Sheet: A Brief History of NSF and the Internet. NSF Office of Legislative and Public Affairs, National Science Foundation, Web. 14 Sept. "Herzl Levi." Wikipedia. Wikimedia "How to Recognize Phishing Email Messages, Links, or Phone Calls." Safety and Security Center: What Is Phishing. Microsoft, 2014. Web. 14 Sept. "Internet Use Over Time." Pew Research Center Internet Science Tech. Pew Research Center, 02 Jan. 2014. Web. 14 Sept. "Israel's Water Economy." Israel's Water Economy. Ministry of National 25

Infrastructures, Energy and Water Resources, n.d. Web. 14 Sept. "Isaac Herzog." Wikipedia. Wikimedia James, Randy. "Cybercrime." Time. Time Inc., 01 June 2009. Web. 14 Sept. Kehoe, Brendan. "The Robert Morris Internet Worm." The Robert Morris Internet Worm. N.p., Massachusetts Institute of Technology. Web. 14 Sept. Kershner, Isabel. "Aided by the Sea, Israel Overcomes an Old Foe: Drought." The New York Times. The New York Times, 29 May Web. 14 Sept. Kershner, Isabel. "Iran Deal Denounced by Netanyahu as Historic Mistake." The New York Times. The New York Times, 14 July Web. 14 Sept. "Knesset Committees." The Knesset at Work. Knesset.gov, The State of Israel, Web. Levush, Ruth. "Online Privacy Law: Israel." Library of Congress. Library of Congress, June 2012. Web. 14 Sept. "Moshe Kahlon." Wikipedia. Wikimedia "Moshe Ya'alon." Wikipedia. Wikimedia "National Cyber Bureau." 4th Annual International Cybersecurity Conference. International Cybersecurity Conference, 14 Sept. 2014. Web. 14 Sept. O'Gorman, Gavin, and Geoff McDonald. The Elderwood Project. N.p.: n.p., n.d. The Elderwood Project. Symantec, 6 Sept. 2012. Web. 14 Sept. Oren, Amir. "Israeli Army Chief Eisenkot: Iran Isn't the Main Threat to Israel - Diplomacy and Defense." Haaretz.com. Haaretz Daily Newspaper Ltd., 15 Aug. Web. 14 Sept. "Peretz Lavie." Wikipedia. Wikimedia Perlroth, Nicole. "In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back." The New York Times. The New York Times, 23 Oct. 2012. Web. 14 Sept. Pollack, Kenneth. "Regional Implications of a Nuclear Agreement with Iran." The Brookings Institution. 26

The Brookings Institute, 09 July Web. 14 Sept. "Rav Aluf Gadi Eizenkot." Wikipedia. Wikimedia Foundation, n.d. Web. 14 Sept. "Ready for Day Zero Pioneering Cyber Security." About: Technion. Technion Israel Institute of Technology, 29 Jan. 2012. Web. 14 Sept. Rudoren, Jodi. "In Israel, There Are Different Ways to Count to 61." The New York Times. N.p., 17 Mar. Web. Sanger, David. "How a Secret Cyberwar Program Worked." The New York Times. The New York Times, 31 May 2012. Web. 14 Sept. Sherwood, Harriet. "Iran 'trying to Attack Israeli Targets in Retaliation for Scientists' Deaths'" The Guardian. Guardian News and Media Ltd., 3 Feb. 2012. Web. 14 Sept. Sherman, Eliezer. "Netanyahu Details Israeli Cyber Defense Strategy, Efforts to Consolidate Cybersecurity Programs." The Algemeiner. The Algemeiner, 23 June Web. 14 Sept. Shilon, Avi. "Why Meretz Leader Zehava Galon Is Right - Opinion." Haaretz.com. Haaretz Daily Newspaper Ltd., 29 July Web. 14 Sept. Simon, Steven. "The Iran Primer." Iran and Israel. The Iran Primer, United States Institute of Peace. Web. 14 Sept. Stratfor. "Israel's Water Challenge." Forbes. Forbes Magazine, 26 Dec. 2013. Web. 14 Sept. Tabansky, Lior. "Cyberdefense Policy of Israel: Evolving Threats and Responses." Chaire De Cyberdefense Et Cybersecurite 3.12 (2013): n. pag. Cyberdefense Policy of Israel: Evolving Threats and Responses. Yuval Ne eman Workshop for Science, Technology and Security, Jan. 2013. Web. 14 Sept. "Tamir Pardo." Wikipedia. Wikimedia Times of Israel Staff. "Israel s Military Intelligence Sees Some Benefits, More Risks, in Iran Deal." The Times of Israel. The Times of Israel, 17 Aug. Web. 14 Sept. "Types of Attacks." Cyber Security: Types of Attacks. Pennsylvania State University, 14 Mar. 2013. Web. 14 Sept. 2015 27

"Yaakov Litzman." Wikipedia. Wikimedia "Yair Lapid." Wikipedia. Wikimedia Yashar, Ari. "IDF Appoints Special Team to Plan Strike on Iran." Arutz Sheva, Arutz Sheva. 30 June Web. 14 Sept. "Yoram Cohen." Wikipedia. Wikimedia "Zehava Galon." Wikipedia. Wikimedia Zetter, Kim. "An Unprecedented Look at Stuxnet, the World s First Digital Weapon." Wired.com. Conde Nast Digital, 3 Nov. 2014. Web. 14 Sept. Zitun, Yoav. "'Cyber Attacks Didn't Harm Vital Systems'" Ynet. Yedoith Internet, 16 Jan. 2012. Web. 14 Sept. 28