The conversation with Sandra Joyce, vice president at Google Cloud and head of Mandiant Intelligence at Google, takes place two hours after the release of the report by the Israeli cybersecurity giant Check Point that revealed that the amount of Iranian cyber attacks against Israel has doubled since October 7.
Joyce’s job is to assess the risks and threats in the world of cyber and information security in order to know which threats Israel needs to watch out for. According to Joyce, the challenge is not only dealing with the direct consequences of the cyber attacks, but also with the attacks’ ability to undermine public trust in the country and the attempt to dismantle social cohesion through fake accounts on social networks.
Do we have reason to fear the increase in Iranian attacks since October 7?
“Even before October 7, Iran acted extensively against Israel in the cyber field, as well as against other countries. We also saw attacks by Hamas. So even before the war, for years, there was a challenging environment in terms of cybersecurity in Israel. On the other hand, another thing we saw that was interesting is that after October 7, many groups from Iran carried out relatively simple attacks and actions, such as defacement of a website for a limited period, and then claim that they were able to gain access to databases and data and publicize the damage in a much more significant way than what actually happened. There is a sort of “information operation”, part of which is also directed at Israel. I think this is the interesting area – this intersection between the goals and capabilities of cyber attacks and the information operation.”
In other words, the importance is not only in the consequences of the cyber attack – but also how it is perceived by the public.
“Right. In the end, many cyber attacks are actually psychological warfare. It is also a very economical way to produce an effect of an attack. If an organization does not have many means to carry out significant cyber attacks, the ability to say that you are doing more, which is based only on a partial truth and not the whole picture, increases the impact of the attack.”
In recent weeks in Israel, there has been a significant concern among the public about a significant “outage” scenario – that is, long periods of time in which electricity will not be provided to the public. This is usually about physical damage to the facilities, but is there also a fear that facilities could be damaged by cyber attacks?
“Of course. There have been quite a few cases of damage to electrical infrastructure. Specifically, if you look at what Russia is doing in Ukraine, they blacked out Kyiv in 2015 and 2016, and continue to do so occasionally. Iran has shown both willingness and capabilities to carry out devastating cyber attacks, having done these kinds of attacks before. The question of whether they can do it, especially on a large scale, is another matter. Most of the time, electricity grids are built in a decentralized manner, making it difficult to create widespread damage at the national level. This strategy aims at creating fear. One way to think about it is that when an actor wants to undermine a government and erode public trust in it, turning off the lights is one of the tools they can use. Therefore, the psychological impact acts as a force that amplifies the effects of cyber attacks.”
How do you see the Israeli cyber defense capabilities? Both at the military and governmental level and in the tech industry. Is Israel prepared to face these challenges?
“I think Israel has the reputation of having a significant cyber defense capability. I think Israel has proven time and time again that it has good cyber defense capabilities.”
And how would you define the level of Hamas cyber attacks?
“I would characterize the Hamas attacks on the cyber front as low-level and not particularly successful. On the other hand, it is difficult to measure the effect they created, mainly because it is difficult to quantify the psychological impact. In terms of funding, the attacks are not at a high level. As I said, they conduct small intrusions to destroy websites but then claim to have done much more.”
In 2019, you claimed that the main threat in the field is the cooperation between Russia and Iran. It seems that today the elephant in the room in terms of cyber defense in the West is actually China.
“Any combination between Russia, China, North Korea and Iran is dangerous and a threat. The question of who is the more central threat depends on the identity of who is attacked. In any case, in recent years we have seen significant and rapid organization in China and the development of a tremendous cyber capability. We know from public reports that they penetrated a government organization and we see that these are also attacks using techniques that are very difficult to detect, techniques that use the original operating system. So that it will look like just legitimate orders that are difficult to detect. The Chinese are getting better at what they do, and so are we.”
The conversation with Sandra takes place against the backdrop of the launch of new products from Google’s cloud division. In previous years, Google’s conference focused on developing various cloud infrastructures, but this year the main focus was on artificial intelligence. Google emphasized its significant investment and direction with AI by launching a range of new products and chips. Among other announcements, the company introduced Google Videos, integrated with Google Workspace (Google’s equivalent of Microsoft’s Office software), which allows for easy video editing. Google also revealed new developments in hardware, including an expanded collaboration with Nvidia to create new, more efficient chips designed to handle the substantial computing power required by AI.
However, the use of AI tools may also pose a danger to those defending against cyber attacks. According to Joyce, “When I asked my team about AI use by our adversaries, they looked at real consequences rather than doomsday scenarios. What they observed is the use of AI to create deep fakes, which are high-level and convincing but can often be detected. They also noted underground efforts to create so-called jailbreak chatbots. These activities are not very sophisticated or reliable at this point.”
Joyce further qualifies her statement, “It’s not that AI is not a threat, but that we have an opportunity to build a formidable and strong defense. For example, my team uses AI to detect malware faster, improving productivity. Tasks that used to take us hours now take much less time.”