March 2017  Newsletter no. 1
CyberSpark Newsletter


Dear Friends and Members World-Wide,
I am happy to announce the launch of the CyberSpark e-Newsletter that you will receive each quarter in the foreseeable future. This is yet another channel for us to keep you updated as to what is currently happening in the Cyber arena as well as in the Beer Sheva Ecosystem. The e-Newsletter will feature columns to be written by our content experts on various subjects within the Cyber world.  
I would like to welcome our newest member of the Affiliates Club, the German based iABG. I encourage you to visit their website and explore opportunities for potential
I would also like to take this opportunity to update you regarding three agreements recently signed at CyberSpark:
- Masstech (Massachusetts) and CyberSpark Cyber Security Agreement
- MoU between BGU, CyberSpark and the State of Rhode Island
- A Collaboration MOU with Ludwig Bolkow Campus, Munich.

Last December CyberSpark held the 1st Global Workshop on Cyber Security in the Future of Healthcare. This very successful workshop brought together world renowned experts to discuss the very complex issues of cyber security regarding the medical profession and potential solutions.  A similar workshop is in the works for the automotive industry, scheduled for next June.  More information will be sent as we near the event.
Please feel free to contact me with any questions or concerns you may have.

Anat Karmona,
Affiliates Club Manager



Word of the CEO
Dear Partners and Affiliates,

This is, undoubtedly, an exciting period for CyberSpark, the Cyber ecosystem in Be’er Sheva.
So much has been happening simultaneously, including the addition of start-ups and initiatives such as:
Source of Defense of JVP, the IAI cyber activity establishment, the Israeli national CERT that has successfully begun it’s full operation following a unique partnership between Dell-EMC and IBM (the perfect COOPETITION model….) as well as the major growth of the cyber activity volume in Dell-EMC. The Doing and Being have reached a new dimension altogether.
I would like to announce the launch of a new project, chartered with significantly improving cyber security at Soroka Hospital. This project will position Soroka as a leading medical center in terms of cyber protection, and turn it into a Beta site for innovation, advanced technology and solutions. The project will be a joint venture of Soroka, Clalit Health Services, the Be’er-Sheva municipality, BGU and the Israel National Cyber Bureau. This project will leverage the CyberSpark experience in a way that will ramp-up the greater ecosystem, while attracting a wide array of innovation, not only regarding the cyber security realm, but also several domains related to the future Healthcare Digital City.
Roni Zehavi,
CEO, CyberSpark



Who is guarding the Guards in Cyber Security?

By Adv. Doron Stern
One of the immediate thrills of being involved in a cyber security project is the sensation that one is taking part in something of great importance, a global effort to protect against illegal, or at least semi legal activity.We are playing policemen, soldiers or spies, in a virtual world in which there are "bad guys", while we are the "good guys". It is indeed more fun to join the police for a while, without having to do long shifts and drink lousy coffee in paper cups or even join the secret service, without the risk of being stabbed in a dark alley.
After so many years of working for no good cause, we suddenly take part in something of more significance and adventure, than simply working on an advanced software, a more advanced algorithm, or a better looking application. 
But, may I ask, by what right have we taken upon ourselves this task? Who looked into our credentials, or at least our skills, before commissioning us to chase the bad guys and prevent their malicious intentions? Who assured our clients, our vulnerable customers, that we are the right team to handle their problems and protect them? The sad truth is that no one did. 
The cyber security industry came about, and is mushrooming, due to the negligence and helplessness of the state regarding the protection of its citizens against this new kind of crimes – the cybercrimes. These are essentially no different than old-fashioned crimes. They are still motivated by the same good old greed and malice. They aim to steal, intimidate, blackmail, and defraud us. The people behind the virtual, virtuoso bad guys – are ordinary criminals, such that states are commissioned to chase, a task, in which our tax money is supposed to be invested for achieving. 
Yet governments simply gave in. They admitted that they are not capable of handling these crimes and sent us to help ourselves. And we did. Indeed, we did. An entire industry came about, almost overnight, to provide private protection against these risks. Tens of Billions have been invested by the private sector, and a partial solution is there to be provided. Being so far behind those private police forces, states are not providing such services to their citizens, and are actually coming to learn from the industry. With the exception of state cyber security risks, states seem to have given in to the challenge, which modern crime has placed against them.
Since this situation is not likely to change in the near future, states still can and should do something: monitor the providers of cyber security services. Right now, the situation is absurd: neither a license, nor credentials, nor even a "Know Your Supplier" procedure are required for a person or an entity in order to sell cyber security services.
Regulation of the cyber security sector is NOT a good idea. An integral part of the solution to cyber security threats is speed. Should the industry be regulated, the "bad guys" would have a ball. Slowly moving, heavily regulated cyber security providers would pace down the fight against cyber-crime. The industry would be slowed down to the tempo of governments and become less effective. 
Another possibility, which one may suggest, is that states require the industry to share with them the information and the threats, which are handled by private providers of cyber security services. This is actually not such a bad idea. Cyber-crimes are crimes, and as such, should be reported to the police. Accessibility of information to the state regarding cyber crimes within its territory (even if it doesn't do anything with it), would be a healthy thing. It may even encourage it, once it has realized their magnitude - to finally address the problem. 
And one more proposal: let governments require cyber security companies to meet certain industry-, transparency- and good record standards. This may reduce the real threat of cyber security providers becoming a cyber security problem. This could happen soon, by "bad guys" disguised as cyber security providers, or by employees working for such providers – moving to the dark side.
States still have an important role to play, and the industry would only benefit by keeping customers' confidence high.

Doron Stern of Tulchinsky Stern Marciano Cohen Levitski & Co. is an attorney,  specializing in Cyber Security and High Tech corporate and financing.


The Cyber Workforce of Tomorrow
By Sol Fayerman-Hansen
Traditionally, Be'er-Sheva was seen as a poor and underinvested city, a place to stop on one's way down to Eilat, or to visit family members living there during the holidays. But a lot has changed over the last few years, and much of that has to do with major government decisions naming Be'er-Sheva the capital of cyber industries for the State of Israel.
The city now boasts one of the most advanced hi-tech parks in the country with the names of multinational companies, Israeli start-ups and other advanced industries hanging from the sides of the newly established office space of the Gav Yam Hi-Tech Park, founded a few years ago. There are now 1,800 employees at the Park with over 80% coming from the Negev region (local), but with aspirations to grow to over 20,000 when all is said and done, the question of where the next generation of cyber experts will come from needs to be answered?
Israel has already thought about this question and seems to have come up with a solution. "Teach them when they are young." The Prime Minister's office recently named the Cyber Education Center (CEC, now National Cyber Education Center) as the official provider of cyber and advanced technologies-learning for the State. A joint program of the Rashi Foundation, the Ministry of Defense and the Israeli Cyber Bureau, the CEC operates programs like – Magshimim, Gvahim, Nitzanim, PixelZ and the Cyber Elite, which impact the lives of thousands of Israeli youth and adults from ages of elementary school and reaching all the way to higher education.
The city of Be'er-Sheva was the founding place of this program, even though it has grown exponentially and currently includes over 30 cyber learning centers across the country. Starting off with exposure and motivation activities, and moving into advanced cyber training, preparing them for a cyber military service. The participants have a much better chance of reaching the elite cyber, intelligence and technology units in the IDF, if they have one of the aforementioned programs on their 'resume'. How much better? Well, over 85% of the graduates are recruited for these units and once complete their service in these units, they are snatched up by the hi-tech industry for their career.
The next generation of hi-tech and cyber leaders will come from Israel's southern cities, as was envisioned by the first Prime Minister of Israel, David Ben Gurion, with Be'er-Sheva as the epicenter for cyber education and cyber industries. The city is now unrecognizable and is Israel's fourth Metropolis, serving over 600,000 people daily, but this is only the tip of the iceberg. Education has always been the key, but the CEC has made incredibly difficult content accessible, interesting and relevant, while teaching children about the ethics necessary so they will be positive leaders of advanced industries in the future.
Sol Fayerman-Hansen is a Director of Partnerships, Beit Yatziv, Beer-Sheva 



Israel's Cybersecurity Industry continues to attract investors
By Adv. Oleg Brodt
In recent years, Israel has managed to establish itself as one of the world's major cyber security hubs. After being cherry-picked on a merit basis by the most elite cyber security units for their mandatory military service, a unique group of highly trained cyber security professionals is being formed and it is constantly growing. Subsequent to their service, many of these young veterans, still in their mid-20's, turn to establishing their own ventures, based on the knowledge that they have accumulated throughout their rigorous cyber security training and experience. 
This is the reason why only a few eyebrows were raised once the investments' summary figures for 2016 began to float within the venture capital community. Apparently, roughly 15% of the entire worldwide cyber security venture capital investments were injected into Israeli start-ups, amounting to more than USD 600 Million in more than 70 investment rounds. These numbers reflect a 10% annual increase in funds invested in Israeli cyber start-ups, in spite of the global slowdown in cybersecurity investments. Although Israel's population amounts to only 8 Million people (compared to 320 Million living in the US), Israel stands right behind the US in terms of investment amounts flowing into its cyber security start-ups; reflecting by far the highest amount of global cyber security investments per capita.
Although the amount of investment funds is growing, the number of exits is hitting the breaks, indicating that the Israeli cyber industry is mature enough to postpone "quick wins" for the benefit of substantial growing companies. According to IVC exits report, only 14 cyber security exit transactions were signed in 2016 in Israel (including M&As, IPOs and Buyouts), as opposed to 20 in 2015, bringing down the total exit returns from more than USD 1.2 Billion in 2015 to less than USD 700 Million in 2016. The most significant cyber security exit transaction of 2016 is considered to be the acquisition of CloudLock by Cisco, for almost USD 300 Million.
The reports also indicate that Israel is home to almost 400 cyber security companies, whilst nearly 60 of them were established in 2016. Concurrently, with promulgating Beer-Sheva as the cyber capital of Israel by the Israeli Government, along with substantial governmental tailwind in the form of subsidies flowing into the cybersecurity eco-system in Beer-Sheva, many believe that 2017 will yield even more impressive break-through cyber technologies, investment rounds and exits.

Adv. Oleg Brodt servers as the R&D Director of Deutsche Telekom Innovation Labs, Israel.



From the Research Lab
By Dr. Mordechai Guri
During the recent years I and my cyber-security team are busy researching the so-called air-gap networks. In cyber-security the term 'air-gap' refers to computers which are isolated -- separated both logically and physically from public networks -- ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization's most sensitive and confidential information. Today, many organizations and industries e.g. finance industries, critical infrastructures, military and governmental sectors and others maintain air-gap networks. 
In our new paper, we demonstrate how attackers can steal information from these highly secured air-gap networks; how they can use the small hard-drive (HDD) activity as well as the LED lights that are found on most desktop PC's and laptops. We found that a computer virus can control this small LED, turning it on and off rapidly - thousands of flickers per second – a rate that exceeds the capability of the human visual perception. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
We received such LED signals by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer. Further down you may watch the video, which demonstrates the study.
Our method compared to other LED exfiltration is unique, because it is very covert.  The HDD activity LED routinely flickers frequently, and therefore the user won't be suspicious about changes in its activity.
During the last two years we have conducted additional studies and demonstrated how malware can infiltrate air-gapped computers and transmit their supposedly protected data. Previous studies have already shown that computer speakers and fans, FM waves and heat can also be used to obtain such data.

Dr. Mordechai Guri serves as the Head of R&D at the Cyber-Security Research
Center at Ben Gurion University of the Negev
, and the Chief Scientist at
Morphisec Endpoint Protection Company


Powered by smoove marketing platform