US and Israeli agencies use new deal to defend against cyberattacks
The US and Israeli governments have shared key details of unrelated cyberattacks on their infrastructure – one from suspected pro-Russian hackers and the other from potential Iranian hackers – as part of increased efforts in recent months to bolster security. cyber defense between the two allies, a senior US Treasury official told CNN.
The intelligence-sharing, made possible by a finalized agreement the Treasury Department will announce on Thursday, underscores the value both governments place on leveraging data collected by their private sectors to guard against a range of hacking threats from governments and cybercriminals.
It also shows that despite the revelation in February that Israeli-made spyware was used against US diplomats, Jerusalem and Washington are still in sync on some cybersecurity issues.
One of the hacking incidents, which had not been previously reported, involved hackers unsuccessfully trying to overwhelm US Treasury Department computer servers and take them offline in February and March, around the when Russia was waging war in Ukraine and the United States was imposing sanctions. the Kremlin, according to Todd Conklin, deputy treasury assistant for cybersecurity and critical infrastructure protection.
The malicious cyberactivity — known as a distributed denial-of-service (DDoS) attack — didn’t impact Treasury operations, Conklin said, but was significant enough that U.S. officials passed on reports. detailed information about this to their Israeli counterparts so that they can check their systems. the threat. Officials have not identified the culprit, but Conklin said he suspects Russia-sympathetic hackers were responsible.
In another incident, the Israeli government was hit in March by a DDoS attack that temporarily took some government websites offline, a hack that some Israeli news reports said originated in Iran.
The Israelis shared technical information about the attack with the US Treasury, Conklin said, which passed it on to US financial firms that are no strangers to Iranian attempts to disrupt their systems.
The two hacking incidents are examples of how the new agreement to quickly exchange threat data is meant to work in practice, according to Conklin. There are other ways the two governments share cyber threat data, including between defense and homeland security agencies.
But the new agreement means that Israeli Finance Ministry and US Treasury officials will have a formal way – rather than an ad hoc agreement that relies on personal relationships – to quickly share hacking threats against their respective financial sectors. The deal could also lead to more cyberattack exercises involving major US financial firms and their Israeli counterparts, Conklin said.
“Israel has a very strong public-private partnership in this space,” Conklin told CNN. “So they have access to a lot more real-time vulnerability data that impacts… not just government systems, but their broader private sector as well.”
The United States and Israel have a long and complicated history of collaboration in cyberspace that has at times been reinforced — and tested — by their common enemy in Iran. US and Israeli agents were allegedly behind an operation in 2009 and 2010 to hack into sensitive computer systems and destroy uranium enrichment centrifuges at an Iranian nuclear facility.
The United States is currently seeking to revive the 2015 deal with Iran to set limits on Tehran’s nuclear program in return for sanctions relief. Iranian hacking operations sometimes fluctuate in response to geopolitical events, analysts say. There have been no public reports of a change in Iranian cyber activity around the latest nuclear deal negotiations.
The new agreement with Israel, however, “would provide us with an opportunity as an early warning-type mechanism” if there were new Iranian hacking activity aimed at the United States or Israel, Conklin said.