Skip links

ICT Spotlight: Ron Shamir, Former Head of the Technology Division, Israel Security Agency (ISA)

Ron began his career at the Israel Security Agency (ISA) in 1991 as a software developer, where he learned about the ability of information systems to serve as a central factor in gathering and processing information, and converting it from information stored in the systems into intelligence used to thwart attacks. In 1997, he was appointed head of the software development division at the ISA and between 2003-2006, served as head of the cyber department. In 2006 Ron was appointed as head of the  department – a position in held until 2009. In this framework, he was responsible for building work plans and determining development methodology.

In 2009, he began serving as head of the technology division of the Shin Bet. In this framework, he also served as a member of the organization’s senior management and was a partner in the organization’s strategic decision-making until 2013 when he retired from the organization.


According to Ron, the term cyber, from a narrow approach, refers to attacking computers on the one hand and protecting them on the other. Computers are found in practically every device today.

Cyber-attacks are common in the world because, unlike conventional weapons, which are difficult to compile, the cyber weapon is simple, available and cheap. It is possible to purchase tools online that are not very sophisticated, so there is no need to engage in developing tools. Many times, attackers use tools that are used by state organizations, and that have subsequently been studied and their code has become common knowledge. In this way, tools were passed on to hackers and organizations who used them for their own purposes.

One of the areas that are not sufficiently protected today from cyber-attacks are hospitals. The direct implication of this may be harm to human life. In recent years, we have seen attacks aimed at stealing medical records as well as ransom attacks. Even more dangerous is an attack on medical devices at a hospital, such as an MRI machine or a respirator, where the result may be harm to human life. Although the State of Israel has established a body responsible for protecting critical infrastructures in the country from cyber-attacks, hospitals are not defined as critical infrastructure and do not receive government assistance to protect them from cyber-attacks. The government must provide a solution to this lacuna as soon as possible.

Another significant cyber threat that has begun to garner attention is the defense of the “Internet of Things” (IoT). Many household products can be connected to the Internet, such as a boiler thermostat, air conditioner, lighting control system, electric shutters, security cameras and more. Therefore, such household products include a communication component and a processor that can be a target for attack. Since these are relatively cheap products for which consumers will not be willing to pay much, manufacturers will often select cheap security solutions over more expensive and secure solutions. In addition, because software updates cannot be made for these products, discovered security breaches are not corrected. Therefore, these products are susceptible to a cyber-attack and may also serve as a “gateway” to a cyber-attack against the home network.

According to Ron, this market failure can only be handled through regulation – a security standard to be required of all Internet-connected devices.

Ron is currently conducting research with Eli Bachar, the former legal advisor to the Shin Bet, on the threats posed by cyberspace to democracies in general and to Israeli democracy in particular. The research indicates that that there are countries that carry out influence campaigns using cyber tools in order to influence democracies in the world. The Russians, for example, conducted an influence campaign for the election of Trump, according to the indictment filed by Special Prosecutor Mueller. The purpose of such an operation can be to impact on the outcome of the elections, namely, which candidate will be elected, but it can also be to weaken democracy by creating a lack of confidence in the election results or rifts in the social fabric. This weakening of democracy may serve as an asset that the attacking country can use in the future. Social networks provide platforms that help to do this effectively. The “work tools” on social network, such as “trolls” (paid writers with a wide variety of identities who are behind many of the talkbacks) or “bots” (which are actually software running a computer that produces posts and talkbacks, and echoes messages in order to generate buzz and influence public opinion). Facebook and Twitter recently announced that there are thousands of fictitious accounts on their social networks and that they are working to remove them. In order to curb an influence campaign, it is necessary to understand, first and foremost, the challenge they are facing. It is necessary to define who is responsible and what the work processes are, and the research also deals with this. Dealing with social networks is a big challenge. On the one hand, we do not want to limit freedom of speech and social networks are the best expression of this freedom. On the other hand, democracies must defend themselves against the influence campaigns of other countries, most of which are non-democratic. An effective and controlled complex mechanism of checks and balances must, therefore, be created.

Click Here to view Article File