A one-on-one  with Brig. Gen. (Res.), Eli Ben-Meir, who served as head of the research department of the Israel Defense Forces' Military Intelligence Directorate and serves as a Senior Fellow at the International Institute for Counter-Terrorism (ICT).
The changing phenomenon of war and investment in the cyber arena are steering the world into a new era in which war is not necessarily waged on a battlefield and does not even require a direct assault on human life. This issue came to the fore in a variety of methods ranging from influencing elections, attacking critical infrastructure, disrupting day-to-day life, and neutralizing military capabilities. How has the cyber dimension influenced the phenomenon of war between countries? And what are the security challenges facing countries in the coming years?
Eli Ben-Meir: Three central processes exist today that influence the security challenges in the coming years. First, the era of war has changed. There is a noticeable transition from large wars to incidents of escalation that are shorter but very intensive and of increasing frequency. Second, fast technological developments serve as a security challenge especially in light of the quick response to those technologies that is developed by the enemy. Third, a new dimension of combat has developed – namely, the cyber dimension in which the issue of borders has almost no significance. The cyber dimension brings with it significant challenges in and of itself. The basic, but most significant, challenge today is that it is a new dimension and states are less experienced and skilled in dealing with it. In addition, the rules of war do not refer to these issues, there are no clear definitions and the rules of the game are unknown. The challenge of accessibility. The accessibility that exists in this dimension enables any person or group to operate on the Internet and even to execute cyber-attacks. The challenge of goals. The enemy’s goals are very diverse and include not only using military force, but also impacting existing infrastructure as well as civil, private and corporate security, and actively influencing election systems as seemingly reflected in the US elections. The challenge of response. The response to the launch of a Hamas rocket into Israel is currently known in advance. In contrast, the response to the online theft of information by Hamas is not clear at all. What is the response? What are the rules of the game? When IDF soldiers’ cell phones are hacked, for example, is it permissible to respond with an air strike? In other words, is the response to be carried out only in the cyber realm? Or is it possible to break logic and respond in another dimension? The challenge of the attacker’s identity. The anonymity enabled by the cyber realm sometimes creates a situation in which the attacker’s identity is unknown.
As briefly noted above, states are not the only players operating in the cyber dimension. More and more non-state players, individual or organized, are operating in this space in both criminal and terrorism-related channels. Despite attempts that are being made in the framework of international law to reduce the gaps in the cyber realm, it is apparent that the gap has further to close. What are the challenges stemming from this? How should security agencies cope with the issues of cyber-terrorism and cyber-crime? And is there a political solution?
Eli Ben-Meir: The issue of the non-state player is just one example of the problems that exist in international law in the cyber field since countries themselves have difficulty understanding the issues related to this dimension. Despite attempts to create expertise, there is great mistrust between countries and a gap in the understanding of what the capabilities are. The difficulty is mainly reflected in the non-western world that perceives any attempt at regulation in the cyber realm as an attempt to influence internal procedures and expand Western hegemony. Moreover, countries are even exploiting the gap that exists in regulation of the cyber realm and “privatizing” attacks to seemingly non-governmental institutions when, in fact, countries are the ones behind these attacks.
In order to cope with cyber threats, both at the state and international level, a toolbox must be assembled to provide a response to attacks, including cyber defense, legislation, standardization, regulation and international cooperation mechanisms.
Various technologies are popping up today in the field of data mining, big data, etc. To what extent is this channel able to assist the various security agencies in coping with terrorist and criminal activity on the Internet?
Eli Ben-Meir: The current contemplation of a solution for coping with cyber threats is at the tactical level through the eyes of technology alone. Nonetheless, the correct and recommended way is to first examine all dimensions of the problem and then derive tactical-technological solutions. In protecting the trees instead of the forest, even if every tree is itself protected, the forest as a whole is not. In other words, technology is an important tool for dealing [with the phenomenon] and is essentially the main tool but in order for it to be the right technology, the situation must be analyzed starting at the strategic level.
Even if a solution is found for coping with the phenomenon of terrorist and criminal activity in the visible realm, the challenge of the darknet still stands apart. In recent years, it has become the black market of the Internet for the sale of drugs, weapons and more. In effect, dialogue and trade take place there hidden from the eyes of the security elements, be it crime or terrorism. This is a challenge that will only grow stronger even if sanctions are successfully imposed on social media and Internet providers. What are the tools at the disposal of security agencies to cope with this phenomenon? And what are the challenges?
Eli Ben-Meir: The darknet is not much different than the rest of the cyber dimension since today there are technologies that create access to information on this network and security systems operate there accordingly. Nevertheless, we must work to increase regulation and enforcement on the darknet in order to create a sense of persecution and exposure to terrorist/criminal organizations, similar to the efforts being made today against social networks. Enforcement activity on the darknet is part of the toolbox and overall strategy for coping with the challenges in cyber space.
In the cyber era, there is more and more information visible to intelligence agencies. They derive the same information from the various uses made of the Internet by terrorist organizations, including discourse on social networks, recruitment activity on the network, fundraising campaigns, and more. From here arises the intelligence dilemma of whether to track terrorist activity or to block it.
Eli Ben-Meir: As long as intelligence is used in order to influence what is happening and not only to describe it, the greater the chance that the enemy will understand that you have access to him and he will take steps to move to other channels. Therefore, there has always been tension between collection and evaluation, and operations. This issue exists at all levels of intelligence, SIGINT, HUMINT and the cyber arena. In order to cope with the intelligence dilemma, we need to be alert and to learn to understand when access is about to be exposed. At the same time, we need to try and locate the next platform to which the enemy will move and already plan a coping strategy. One positive note – the enemy will always need to communicate and, therefore they cannot avoid using the Internet and the cyber connection.
 The interview was conducted by Danielle Haberfeld, Researcher, International Institute for Counter-Terrorism (ICT)