June 2017  Newsletter no. 2
CyberSpark Newsletter

 

Dear Friends and Members World-Wide,

Welcome again to CyberSpark's e-Newsletter!

This is yet another channel for us to keep you updated as to what is currently happening in the Cyber arena as well as in the Beer Sheva Ecosystem.
This e-Newsletter features columns written by figures from CyberSpark Ecosystem, as well as by colleagues from around the world, involved with CyberSpark in various collaborations.  
 
I would also like to use this opportunity to update you regarding an agreement recently signed at CyberSpark: a Collaboration MoU with the University of New Brunswick, Canada, confirming the research partnership between the two entities, of which the purpose is the creation of greater innovations, economic development & collaboration in the field of cyber research.
 
And last but not least: On October 30, 2017 CyberSpark will hold The 1st Global Workshop on Cyber Security in Future Mobility. This workshop will bring together world renowned experts to discuss the very complex issues of cyber security regarding the automotive field. Save the date!  

Please feel free to contact me with any questions or concerns you may have.

Kind Regards,

Anat Karmona,
Affiliates Club Manager
CyberSpark

 

 

Word of the CEO
 
Dear Partners and Affiliates,
 
Two weeks subsequent to what may be called the May 2017 Ransomware-Attack, affecting about 200,000 computers in 150 countries and no less than 48 hospitals (mostly in the UK), the frequently asked questions have been: was it a surprise? Respectively: could it have been avoided? While the answer to both questions would be probably negative, considering that the hacking motivation is still there and the related tools available on the shelves of the “Dark Markets”, it might be preferable to pose a more relevant question: is there a way to substantially reduce the damage and lower the scale of future attacks?  The answer to this one is unquestionably positive.  

As the attacker/s chose their targets on a global scale, authorities from the affected countries have collaborated to some degree regarding the forensic process, in order to analyze the technical nature of the attack as well as, hopefully, identify the malicious source – be it a state or individuals. Yet that would be far too little and too late, offering insufficient cure to future attacks of the same nature.

Adequately answering the challenging calls for a different approach in terms of global, protective cooperation would be no less than a paradigm shift. A collaboration of Eco-Systemic Campuses (ESC), such as CyberSpark, have lately become worldwide increasingly common, where Academia, Industry, Innovation and Government join forces in order to operate coherently as a coordinated organ against this kind of danger.

Recently, CyberSpark has taken the lead together with similar ESC’s from Germany, Canada and Northern Ireland in establishing a global club-like coalition, of which the goal is to get better prepared for the future cyber challenges threatening our modern living.

More in the Newsletter next September.
 
 
Roni Zehavi,
CEO, CyberSpark

 

 
Yoav Tzruya
 
A typical hi-tech ecosystem consists of various stakeholders, each contributing their expertise to create a vibrant community, with both internal activity and a relationship with the external world.
 
Some of the most obvious constituents include academia – providing in-depth research and training for human capital; the government – aimed at creating infrastructure, facilitating and easing expansion, incentivizing and easing regulatory and bureaucratic bottlenecks; and large corporate, which provides ongoing business infrastructure and serves as a training ground for management. And finally, any ecosystem wouldn't be disruptive without applied innovation, a function typically fulfilled by startups and early-stage investors.
 
Five years ago, Jerusalem Venture Partners (JVP), Israel’s leading VC, decided to expand its winning model and double-up on cyber-security as its next major focus area. In line with JVP founder and current Knesset Member Dr. Erel Margalit's vision of creating seven regions of innovation excellence in Israel, we’ve created JVP Cyber Labs – our early stage investment arm for cyber-security startups— in the burgeoning tech hub of Beersheba. Our unique model incorporates a number of different elements:  a day-in and day-out, hands-on approach with startups, an emphasis on collaboration with strategic partners (e.g., Cisco, GE, Deutsche Telecom, Alibaba, Siemens, Orange and others), partnerships with Ben Gurion University to create companies based on Intellectual Property devised in BGU labs, large seed investments, and emphasis on our pivotal role in the ecosystem. Utilizing this strategy, JVP Cyber Labs has invested in over 10 new cyber-security startups over the last 3.5 years of operation. Tens of millions of dollars have been invested in these unique companies, creating more than 250 new jobs and generating shareholder value in the hundreds of millions of dollars. Teaming up with the best entrepreneurs has yielded disruptive startups such as Morphisec, SDO, Coro.net and others and has resulted in exits such as PayPal's acquisition of CyActive.
 
We continue to look for new opportunities, aiming at three new companies every year. Some of our key areas of interest are cloud security (e.g., serverless and SDx security), privacy, security automation and more.
 
At JVP, "double bottom line" activities, contributing both to the “greater good” of the ecosystem as well as to the success of our funds, is part of our DNA. That is why we are proud to be one of the founding members of CyberSpark (together with EMC, BGU and Lockheed Martin/Leidos), which continues to play a key role in developing the ecosystem further, paving the way for new stakeholders to play a role in what is turning out to be the most vibrant cyber-security ecosystem in the world.
 
 
Yoav Tzruya is a partner at JVP and the Head of JVP Labs.  http://www.jvpvc.com/cyberlabs

 

 

Can You Fix Your Mobile Phone with a Hammer?
 
Doron Stern, Adv.

The answer is obviously "No", although I am sometimes tempted to try - especially when unidentified messages land on my screen, cover my apps, or fill my inbox.

This is probably as much as most of us know when it comes to addressing and preparing for cyber-attacks, cyber-threats, cyber abuse, cyber blackmailing and the like. The only thing we know to do, is to hit the mobile with a hammer. Alternatively we could throw it into the bathtub, but then they started making those water proof models and I am afraid mine is one of those. So we'll stick with the hammer.

The recent May 13, 2017 mega cyber-attack, (which will go down in history as the minor lame cyber-attack that preceded the real major cyber-attacks to follow), revealed that the state of the nation is no different. The attack was designed to interfere with computers that lack basic defense. The users who were infected may as well have adopted the hammer as their best and most available tool.

So let us unite for a moment of exposure. Let's admit that we do not have a clue how to defend ourselves from the espionage, theft, malware, ransomware, abuse and all other common crimes and threats that are committed daily "out there" in cyber space.

What Emanuel Macron experienced three days ahead of the French elections, and what probably caused Hillary Clinton her presidency, with all the assistance they had,  is something that we are currently, as a society, totally exposed to.

The only reason some of us have not been personally hit so far (or are not yet aware they were hit) is probably a matter of statistics. Given the endless capability of machines to multiply any cyber-attack by gross numbers, these statistics are sure to close in soon.

So, to add to the gloom, let me add another angle of helplessness that has to do with my professional field - the legal tools against cyber-crimes.

Finding cyber criminals is hard. They hide behind unidentified electronic addresses, transmit their crimes through numerous other unidentified servers, and in the end, when one would be able to trace their origins to Russia, China or Ashdod, it would be extremely difficult to tie the machine to a person, and to prove that he or she used it to commit that crime.

What's more, many if not most cyber-crimes are cross border. As such, the law enforcement authorities of the victims would need the assistance of the law enforcement authorities of the offenders. And as their identities and locations are not verified until the end of an investigation, it would all be subject to the goodwill and discretion of the "hosting" state before such investigation can take place.  In some cases, when the two states are not parties to international treaties on legal assistance – it may even be legally impossible.

Add another layer. In order for the crime to be regarded as a crime, it needs to have an extra territorial affect in the criminal code of the "hosting" state.  The law in the country of the offender's residence needs to designate the crime as a crime even if it were to be committed by a subject of such country abroad.  Many countries are not quick to apply such extra territoriality on many crimes in their criminal codes.

Now add more. Convicting an offender in cyber-crime cases is hard because the rules of evidence are old. In fact they are ages behind. There are no fingerprints, no witnesses, no confessions. There are only electronic records that a judge needs to be walked through and that require, by rules of evidence, review by an expert witness.  For every expert there will be a counter expert. Reasonable doubts can be easily applied to expert opinions. There are numerous obstacles applying existing rules of evidence to cyber-crimes.

I could go on and on about the obstacles involved in trying to apply existing legal and law enforcement systems to deal with this ultra-modern species of crime - the Cyber-crime.

So what to do?
 
One solution was mentioned earlier in this article. The Hammer.  

Another solution would be to spend billions and billions in building cyber protections against cyber threats. This does not sound very efficient, but it is what civilization is currently doing. As was mentioned in an earlier article, the vulnerability of civilization created a huge industry which is doing its best to provide some protection against cyber-threats and cyber-crimes. As most nations neglected to address this task, it was left to the private sector to provide the costly solutions to those who could afford it.

Reshaping criminal legal tools would have been an option, but I am afraid that would take much too long to achieve. Changing basic rights in order to address new forms of crime would run against constitutional and basic human rights. Such changes are slow and gradual, for good reason. "Hard cases make bad law," is a phrase in common law that is a moto to all jurists. Until such changes are implemented, many, many victims will fall prey to cyber-crimes.

A better solution would be to work together - many nations together. Share information. Share solutions. Convene an international front against cyber-crimes. Apply new rules of conduct by users worldwide. Create international security standards that would be adopted universally. Introduce conventions and treaties for international assistance regarding these crimes that are so international, or "non-national" in their nature.

New approaches should include focus on prevention, not on catching or punishing the criminals. Shut down suspected sites. Expose identities of abusers and offenders. Use the capabilities at the disposal of any nation to attack the attackers, not only to defend against the attackers.

More focus should be placed, not on trying to catch them, but on trying to impair their unacceptable freedom to operate, and their incredible misuse of technology and privacy to cheat, defraud, abuse and hurt each one of us.

Finally, when we do get our hands on them after a lengthy legal procedure, and having proven beyond all reasonable doubt that they actually are the criminals who perpetrated the crime – then we can use the hammer again… just kidding off course! The best punishment for them would be to sentence them to life without web access.
 

Doron Stern, Adv. is a founding Partner at Tulchinsky, Stern, Marciano, Cohen, Levitski & Co, a law firm specializing in High tech and Cyber, located in Tel Aviv, Jerusalem and most recently Beer Sheva. http://www.tslaw.co.il/en/

 

 

Intellectual Property and Cyber
 
Dr. Kfir Luzzatto

Recent years have seen Israel develop into a significant cyber powerhouse by international standards, while hundreds of entrepreneurs, inventors, and developers are actively building a diverse range of cyber solutions. Viable cyber security tools are indeed valuable assets, and many developers find themselves seeking to protect their inventions with a patent. While this instinct is undoubtedly a good one, it may not always be the right one, given the pace of the software industry and the short shelf life of tech solutions in general and cyber solutions in particular. As far as longevity is concerned, inventions that form the basis for future development will win out in the long haul.

Appropriately enough, one of the factors which concern those seeking patent protection for their cyber-related inventions are cyber-attacks themselves, since patent applications must, by definition, lay open the details of their developments. There are several ways to approach this issue, but the resolution of early-stage dilemmas starts with identifying the right invention for the right problem, or cyber challenge, and choosing the optimal format for its presentation.

Like with so many Israeli innovations, the U.S. is the primary market for blue and white cyber innovation. In order to receive a software patent in the U.S. (cyber solutions are uniformly software and software-based), the invention must meet the requirements of the Supreme Court ruling Alice Corp. Rty. Ltd. v. CLS Bank Int'l, 134 S. Ct. 2347 (2014) (known by its shorthand "Alice").

"Alice" resulted in two different stages of assessment for software
and software-based inventions on U.S. soil:

1) The first asks if the issue is directed to an abstract idea. Abstract ideas are not patentable, so the Registrar must decide whether the claims render the issue patent eligible.

2) The second tier of evaluation entails an analysis of the “inventive concept” (common to all patents) to ensure that the patent amounts to “significantly more” than an abstract idea.

In order to present a successful case, the applicant must illustrate how the proposed solution solves an existing problem in a computer system. Israeli inventors sometimes seek to submit a general patent application with the intention of developing the theory further in the future (which more often than not, turns out to be a synonym for "never"). Not surprisingly, abstractions and generalizations in the present, with promises for development down the road, are a recipe for failure. This technique doesn't yield real intellectual property worth anything more than the paper it's written on. Cutting corners always comes with a price.
 
The development of patent-protected security solutions requires focus, attention to detail, and a genuine solution to a specific problem that steers clear of the theoretical, despite the misinformed perception that general claims lead to broader protections.

As technologies continue to progress and our dependency on systems susceptible to attacks increases, the importance of the cyber industry will evolve in a symbiotic relationship with these changes. As in other fields, developers should build the defense of their assets brick by brick, and as time passes, these assets will acquire value both for their developers as well as for us – the consumers who benefit from products that keep us safe in the new world being forged.
 
 
Dr. Kfir Luzzatto is the President of The Luzzatto Group.

 

Artificial Intelligence Meets Cyber Security
 
Adv. Oleg Brodt
 

At last, Artificial Intelligence technology is everywhere

For many years, the information technology industry suffered from the infamous "Productivity Paradox". In a nutshell, this paradox referred to the indifference in the productivity curve (or even a decline), despite the introduction of information technology solutions into the workplace and the huge investments associated with it. Over the years, scholars proposed various explanations of this paradox, such as poor employee training, esoteric applications within the general production context, and slow hardware. However, the fact remained that all explanations were dealing with the general incompetence of IT to promote productivity. Additionally, while we saw significant and steady progress in hardware development -  computer hardware became increasingly faster and better - it seemed that software progress was insignificant and severely lagging behind.

All of that has changed in the last several years with the introduction of Big Data systems and AI tools. These were used to make sense of the enormous amounts of digital data that corporations began processing and archiving, and they had an enormous impact on the way information systems contributed to business. Being able to discover "hidden" patterns in endless pools of data, revolutionizes the way corporations understand their competitive environment, including competitors, production lines, employees, customers and suppliers. In the rapidly unfolding age of modern information systems, data has become the new oil quickly processed by AI tools in the hope of gaining valuable business insights on the fly.
   
AI, Machine Learning and Deep Learning
 
Since today, not a single day goes by without AI starring as the tech buzzword in countless tech blogs, news articles, TV shows and publications, many non-tech-minded folks may mistakenly take it as a new technology. Actually, Machine Learning, a popular sub-branch of modern AI, was first introduced in the late 50's of the previous century by academic researchers in the field of computer science.

The basic premise of Machine Learning is the ability of a machine to learn by itself without external programming intervention. Such learning abilities will allow the machine to develop new functionalities, as well as constantly improve its functioning, without these improvements being explicitly (and externally) programmed in.

One may believe that the intention of such learning capabilities of a machine is to accelerate the building of the machine's functionalities, or merely to improve them. In fact, the ability to learn introduces a vast majority of new functions previously impossible to assign to a machine.

As an illustration, imagine a programmer given the task of writing a software that functions as a simple calculator able to add up two numbers provided by the user. Since the programmer knows how arithmetic works, he will write down its logic, line after line, into the software, for example by: (1) prompting the user to enter the numbers; (2) adding them together; and (3) displaying the result. Now imagine the same programmer, given the task of writing a program to recognize handwriting. Since the programmer himself has no idea how his brain recognizes the different letters of handwriting (not to mention the diversity and variety of samples and languages our brain is capable of interpreting), he will be helpless in explaining handwriting recognition logic with a line-by-line set of commands to the machine. Luckily, machine learning comes to the rescue.

By using AI tools such as Machine Learning and Deep Learning, new domains such as image recognition, voice recognition and autonomous driving, to name just a few, are now accessible to programmers. For example, by providing the computer with many sample pictures of different cars, the computer can learn the mutual patterns shared across all such pictures, create a new "car recognition algorithm", which cannot be programmed by a human coder, and begin "recognizing" that a previously unseen picture features a car.

Similarly, a human being is unable to write a program which will tell the car how to drive in an autonomous fashion, since it is impossible to encompass within the code every possible route and circumstance, explaining to the car (hard-coding) in advance how to drive for every possible combination of any source point and destination point, taking into consideration any possible future obstacles, traffic, congestion, weather and other road conditions along the route. However, using AI tools, it is now possible to record the way human drivers drive in various scenarios, learn the mutual driving patterns, and create an AI algorithm imitating such behavior.  
   
Machine Learning Meets Cyber Security
 
 Within the Cyber Security community, the rise of Artificial Intelligence was received with mixed emotions. While proponents of AI advocated intelligent, self-adapting defense systems, the opponents feared that AI would be used by hackers and cyber crooks in a new generation of AI powered cyber-attacks. The recent DARPA Cyber Challenge illustrates both sides. During the competition, the teams were requested to create in parallel, a software that would be able to both hijack the digital flag from the computer of opponent teams, as well as defend its own flag from being hacked by other teams. The software was required to complete these tasks without external intervention – that is, it was to be powered by AI modules which replaced human operators during the tournament.

It seems that we are expected to witness a quick adaptation of AI tools into Cyber Security, similar to its adoption in other applications of the digital world such as Autonomous Vehicles, Image and Voice Recognition, Data Mining, Recommendation Systems, and Predictive and Behavioral Analysis.  This amalgamation of AI tools and approaches into the Cyber Security space will be both in terms of attackers and defenders in the very near future, whilst the first wave of AI based defense tools (e.g. AI powered antiviruses, anomaly detection tools, next generation AI firewalls, etc.) has already hit the market. Analyzing cyber trends, it seems that such tools are merely the beginning of the AI cyber era.      
     
Adversarial Artificial Intelligence
 
One of the research branches being investigated in recent years by Telekom Innovation Labs at Ben Gurion University and the University's Cyber Security Research Center, is Adversarial Artificial Intelligence. If we take seriously the notion that machines are able to learn, then hackers will be keen to teach target machines to behave in a manner that benefits the hackers. Imagine an AI based anomaly detection engine, which measures the network activity of a target organization, and learns what constitutes an anomaly in a given network. Following the learning phase, once an anomaly is detected, the network administrator will be alerted that the organization might be under attack. Now imagine an attacker, exploiting the fact that the system is teachable, teaches it that his intended activities are not deemed an anomaly. In such a case, the attacker will gain access to the organization, since the AI system will be confident that his malicious activities are within the "normal" behavior range of the network, making the administrator blind to the attack.
 
 Although this example is only a naïve demonstration of a much more complex domain, it sheds some light on the futuristic cyber battle field that we are beginning to experience. As a real-life anecdote, please be reminded of the Tai Chat Bot, which was introduced to the world by Microsoft in 2016, and was able to improve its chatting algorithm by learning from engagement with real users. Powered by AI, the chat bot was initially very friendly and polite when answering the Internet users who chatted with him. After less than 24 hours, Microsoft took the bot down following its learning a lexicon of racist, rude, and hurtful expressions, which it immediately began using during the chats.  
 

Adv. Oleg Brodt is the R&D Director of Deutsche Telekom Innovation Labs, Israel

 

CSIT-Nucleating a cyber security ecosystem in Belfast
 
David Crozier
 
The Centre for Secure Information Technologies (CSIT), a recipient of a The Queen’s Anniversary Prize for Higher and Further Education in 2015 for its impact, was established as the UK’s national Innovation & Knowledge Centre (IKC) for cyber security in 2009 with funding from the Engineering and Physical Sciences Research Council (EPSRC) and InnovateUK with additional support from Invest Northern Ireland.

Accredited as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR) by GCHQ, it is based at Queen’s University Belfast’s ECIT Global Research Institute and offers doctoral training and post-doctoral research programmes in cyber security, contract R&D to the security and defence sectors as well as delivering CSIT Labs, the world’s first cyber security incubator programme to provide free engineering resource to cohort companies. Its core research themes are device authentication, secure ubiquitous networking, and security analytics and event management.

CSIT works with many high profile industry partners to shape and direct its research agenda so that it has strong commercial and societal impact. These partners include defence primes such as BAE Systems and Thales, technology companies such as Infosys and Camlin as well as financial services and insurance firms such as Allstate, Equiniti and Direct Line Group. The Centre typically spins out two new cyber security ventures per year such as Titan IC, Sirona Technologies and Liopa and it has helped grow the Belfast Cyber Security ecosystem to over 1,200 people.

All of this knowledge and expertise has been channelled into CSIT’s in demand MSc Applied Cyber Security which is also certified by GCHQ.  This innovative programme is at the forefront of technical advances in cutting-edge technologies such as cryptography, computer forensics, malware and intelligent information systems. This is an applied course, very industry-focused, to prepare students for a technical leadership role. Its block-mode timetable is ideally suited for anyone in full-time employment who wants to enhance their career prospects through part-time study.
 
 
David Crozier is the Head of Strategic Partnerships & Engagement
Centre for Secure Information Technologies (CSIT) & ECIT Institute
Queens University, Belfast. http://www.ecit.qub.ac.uk/

 

 

Powered by smoove marketing platform