The Best in Cyber

- Sponsored Content -

Doron Amir, CEO of Unicorn CyTaka, declares a revenue outlook of $500 million for 2024, explains where we are headed, tells of the collaboration taking place in the spirit of the Abraham Accords and how he is able to marshal the best of the world's minds through a competition offering a prize of $1,000,000: "The integration of AI will lead to cyberattacks of a kind never before seen – ones much deadlier – but will also herald new defensive capabilities" | Written by: Asaf Levanon

After sparking outrage by paraphrasing that time-honored adage – "The best to be Pilots" – and rebranding it, rather, as "The best in Cyber", CyTaka CEO Doron Amir once again revamps a well-worn expression used in the past by the Israeli Mossad, replacing the biblical verse "For by wise council, thou shalt make thy war" with "For by wise council, thou shalt make Cyber".

Amir describes the rationale and business model of CyTaka, which aims to increase the number of cyber personnel of nations friendly to Israel (all we're doing is forming a "Unit 8200" for them to use for civilian purposes) and bolster the collaborations and sharing of information which enables the global creation of a common defense infrastructure to assist in preventing cyber-crimes in the business-civilian world. "I believe in 'For by wise council, thou shalt make Cyber' because in this world we have to be sophisticated, and without wise council you can't produce cyber, which mostly uses manipulative techniques – both human and technical – that allow you to finally achieve your purpose; and this includes taking advantage of technical or human vulnerabilities."

The World Cyber Championships held by CyTaka take place in different parts around the globe. The company attained the impressive feat of being, in the spirit of the Abraham Accords, the first cyber company in the world to be displayed, in a collaboration with the Cyber Security Council of UAE, in a joint projection on the Burj Khalifa. In it's World Cyber Championships, CyTaka invites hackers from all over the world to complete for monetary prizes, including for the grand prize of $1,000,000. The contestants, arriving from various countries around the world, such as from Europe, the United Arab Emirates, India, the U.S. and others, share information and compete as teams or singles against the unique challenges of cyber developed by CyTaka.

CyTaka's World Cyber Championships are known by many, but its business model is no less fascinating, based as it is on the sale of cyber training programs, created during the competitions themselves, among other places. "We don't offer courses on cyber and we're not an employment agency", Amir is quick to emphasize. "That's not what we're needed for, there are enough of those in industry and academia. We're a supplementary product that provides the training tier for cyber challenges of information security personnel. When the student wants to put the knowledge accumulated by them over the course of their studies to good use, enhance their capabilities and amass experience that will allow them to start working in this field – we provide them with dynamic training, updated monthly, on diverse security challenges, and our update engine is created by the cyber competitions we hold."

Amir explains that one of the problems of cyber is its resemblance to the world of medicine: There is a multitude of disciplines and sub-disciplines, and no single 'physician' could possibly be adept in all of them. "That is why our competitions are dedicated to a different security topic every time: drone flight, electric car control systems, sensors, controllers and, of course, AI. This diversity allows us to introduce even ten different vectors into a single exercise. A controller made by an elevator company or a sensor for an electric car that provides indications about the car's brakes seemingly have nothing to do with maritime cyber, satellite cyber, communications and internet cyber; but ultimately, everything has to do with everything. Many of the challenges are ones we find (and buy) on the darknet and then reverse-engineer them for research purposes. After the competitions, we publish the solutions, and cyber personnel can use the information to hone their cyber capabilities."

Selling "8200" to other countries

The price of CyTaka's training programs, which include a unique collection of challenges broken down by various levels and contemporary fields ranges from $5,000 to $10,000 per single trainer's license and includes preparation for professional qualifications, contingent on a minimum of 1,000 licenses. The programs are intended for countries wishing to train their personnel and thereby increase the number of cyber experts in that country. "We are a Software-as-a-Service (SaaS) company and we don't sell our training programs directly to the customer but rather only to countries that are willing to collaborate and promote the field of positive cyber together, providing a response to the security needs of citizens and businesses in cyberspace. I believe that in 2024 we'll cross the target number of 100,000 cyber security experts and developers round the world actively participating in our cyber training program."

Does a Cyber training program have to be adjusted to the purchasing country?

"Cyber is such a sensitive subject that each transaction requires regulation complying with that country's restrictions and directives," clarifies Doron Amir, "as to the required adjustment, some countries even avoid using the term "cyber" at all, preferring such titles as 'defense' or 'security'. Then there are those that ask us to take certain subjects out of the program, such as certain communications protocols or components that the country in question fears would fall into the wrong hands. They have these concerns despite the fact that all of our cyber challenges are based on knowledge easily accessible in civilian life that is neither military nor confidential. On our part, the important thing is that the training programs reach the end users and provide young people and students with an opportunity to enter the cyber industry and work their way up in it. Each country has such an interest because cyber boosts employment numbers, offers high salaries and, naturally, provides the tools to defend against attacks and reduce the costs of cyber damages detrimental to the economy, not to mention the value of reducing a certain percentage of cyber-crimes committed in the world."

How are cyber challenges created?

"In addition to our special team that is composed of cyber experts and creative cyber security professionals, we also use the darknet - the internet that isn't accessible to ordinary browsing. On the darknet you can find new malware that no one knows yet – so a defense against this is still not published. This kind of information is sensitive and important, and if we can get our hands on it – which we often do – then we can conduct a process of predicting the danger that's currently out and about in the black market, but tomorrow can break free, spread out and hurt a lot of people. We work with manipulation and social engineering tactic That's a good way of helping to deal with the global arm's race of the cyber world, where on the one hand hackers are getting better and better and on the other, cyber personnel are developing defenses."

In practice, you also use hackers who have crossed the lines and turned from attackers to defenders.

"That's true, and these people aren't easy to find and employ. Fortunately, the cyber competitions we hold around the world draw cyber experts to us that are otherwise very hard to reach at all. They mostly operate on the darknet, on private and anonymous networks, and they use nonstandard communication protocols. These people don't work by the book and you can't simply reach out to them online – they might think you're an undercover agent out to get them. When we hold a World Cyber Championship and offer $1,000,000 as the 1st-place prize, they come to us, wanting to use their knowledge and skills amassed over their years of activity. We let them participate in the competition and have a shot at cracking our unique cyber challenges, and in return they're given an opportunity to enter the industry respectably and make money legally by doing what they do best – hack."

Does the fact that you're holding the cyber competitions as a live event provide any advantage?

"The competitions are effectively the primary driving force that gives CyTaka access to hackers and other cyber experts. It's a capability that can't be duplicated by being executed remotely and digitally – and that is also why many digital training and teaching platforms failed in this field. In the past, everyone who produced simulations or remote access to cyber challenges couldn't attract real hackers because of the anonymity barrier. I myself had an idea in the past that had a very different approach, of generating willingness to share information by way of a video game engine; but reality turned out to be the opposite – that without live competitions and meeting the people you have no chance of obtaining critical information. Hackers don't trust these platforms and don't contact them – and therefore can't be recruited. The odds of them divulging an authentic detail to such an entity digitally is nil. When they come to our competitions, visit, look around, feel around – that's when they feel safer. No one knows who they are until the moment they decide to associate with us, to voluntarily provide their information and prove that they're genuine hackers. That is why I see the World Cyber Championship and the competitions we hold in un orchestrated fashion as the breakthrough that has introduced something new to the industry."

And is that enough to make them want to work with you?

"In actual fact, many of them want to be on the legal side of things rather than on the criminal side that puts their freedom on the line. In the legal world they can do the same work, except on the defense side, and know for sure that no one is going to arrest them."

By way of an example, Amir lists Kevin Mitnick, one of the world's most famous hackers, who passed away this July. Mitnick was wanted by the FBI after having hacked the networks of large technology companies. In the early 2000's he crossed the lines and started operating on the "clean" side of the field, even publishing books on the hacking techniques he used.

"A cyber genius ahead of his time. The last contact I had with him was in November 2022," Amir recollects. "He's a good example of the hackers that are today's cyber experts, who are often a combination of a hacker – even one convicted of crimes in the past – and an information security consultant who uses the offensive knowledge he gained for defense purposes. Mitnick underwent this evolution, and in his final years he promoted cyber education initiatives. He was a candidate for handing out a prize at one of CyTaka's cyber championships, but sadly he passed away prematurely. There are other hackers who want to make the transition from the criminal world to the professional and ethical world and harness their skills for combating cybernetic crime."

With such a roster, I'm starting to realize why CyTaka doesn't flaunt its employees on LinkedIn.

"When people ask me why we're so secretive, I answer that that's the way it is when you're surrounded by the best of cybers' minds. Also, since cracking a cyber challenge we created could net the cracker a prize of up to $1,000,000, compartmentalization and secrecy are vital. Many cyber attackers would love to get their hands on a challenge that could win them a $1,000,000 prize. Accordingly, the way we engineer the challenge is by having several different teams from different areas create it, so that until it's presented at the championship, no one – including me – is familiar with it in full. That is the only way to neutralize threats of extortion and information theft/leaking. People can attempt to squeeze and more to get $1,000,000."

Cyber is reminiscent of the world of modern medicine: a virus and the immune system working against it

Since 'The Best in Cyber' advertising campaign when even the IDF Chief of Army made a reference to, are you still making similar campaigns?

'The Best in Cyber' advertising campaign caused heated debate, despite the fact that we meant well and never wanted to provoke anyone. All we did was open a door to high-tech and, naturally, to cyber for everyone, including combat and combat-support soldiers, in addition to excellent cyber personnel. That was how fighter pilots' recruitment worked at the time and that's how we recruited people for cyber; but, as they say, every dark cloud has a silver lining. The latest employee recruitment campaign we did, which was also included displaying the slogan "You are the Best" and "If you are a Genius, join to us" on Azrieli Towers in Tel Aviv, was beneficial for everyone, which means everyone's good, and the geniuses among them are of course always welcome to send us their CV at any time."

How actually serious is the cyber threat today?

"We are currently in the midst of an incident that attracts government, military and business entities, with breaches and incursions that we hear about from time to time. We've all seen on the news headlines how critical infrastructures are being attacked, even disabled, and how critical data is being stolen. It's no longer a matter for privileged intelligence reports. These are damages that could lead to fatalities and even impact elections and governments. An attack on the health system, for instance, could create panic in addition to the technical damages, and an attack on industrial control systems (ICS) could create simulated cyberattacks, not just in the aspect of the cost of the damage. Also, our light rail has just been inaugurated and is already a prime target for a cyberattack with potential casualties being higher than what we know compared to terrorist attacks targeting public transportation."

How much time would it take to train cyber personnel to help deal with the challenge?

"Training good and professional cyber personnel is not a short process. Our full training program takes two years, and this is without accounting for the background required for undergoing it – which is at least three years of academic studies in the field. This means a minimum of at least five years, and even that depends on the quality of the students and the frequency of the sessions. There are concentrated programs directed at more designated populations, such as the training programs offered by the IDF military's Unit 8200, which trains soldiers effectively and quickly, but that's no great feat since their inductees are the best and the brightest. It's a lot easier to train geniuses and the gifted. What's reassuring in this field is that there is greater and greater involvement by women, so that the cyber field can nowadays certainly be defined as multi-gender."

Maybe AI would be of help?

"The integration of AI has indeed significantly empowered cyber, on the defensive side as well but even more dramatically on the offensive side. If in the past an attacking hacker would have used certain software tools to amplify the damage he can do – AI software will allow him to be even more deadly. He could act not as a single hacker but as a thousand. AI will allow him to write malware and even machine-produced malware that's interconnected and synchronized, including capabilities of informed decision-making according to the dynamic of the attacked target – thereby amplifying the malware's ability to spread and also extending its lifetime prior to the exposure. I know we are currently facing cyberattacks that are much more complex and much deadlier, but sadly, it's only after they break out that we'll be able to tell where they came from and to fix it."

Sounds rather alarming. Is there anything we can do about this, any way to prepare for it in advance?

"Yes. While the integration of AI will lead to cyberattacks of a kind never before seen – ones much deadlier – it will also herald new defensive capabilities. AI would have an immense effect on the defense aspect as well. This already brings us to a "war of the machines", waged between a machine trained to detect any offensive capability and an offensive machine that learns the defense's secrets and tries to get around them. I believe cyber will remain a hot topic for years to come, since the field, in and of itself, poses a quantum leap that will engage the world of technology on unprecedented levels."

So are we destined to wage a cyber war for all eternity?

"In my estimate, this race will change tracks when more tangible elements of quantum computing are introduced into the mix. That will be the point where both worlds, of attack and of defense, are fundamentally transformed. When will we finally be able to rest easy? When quantum computers become a thing. Countries will have quantum computing, will treat it like they treat a nuclear weapon and will protect it accordingly. But until quantum computing emerges, there will be no tie-breaker."

Enriching and refining the world of cyber

The insight of the key role of AI in the cyber arena has led CyTaka to integrate more AI elements in its coming competitions, among them the next World Cyber Championship. Competitors will have to crack more sophisticated challenges on their way to the $1,000,000 prize. Amir foresees that the integration of this innovative technology will significantly raise the entry bar.

"In the past, we had about 1,000 candidates passing the bar in each competition. After the multiple screenings, we got to the ten leading candidates fighting for the $1,000,000 – both among themselves and against our master computer that sent them automatic scripts and known cyber methodology to make the challenge more difficult. Now that we have added the AI algorithms to the existing gauntlet, it's much more difficult. Instead of facing ten or a hundred hackers, it's like battling a thousand of them."

What if no one proves up to the challenge?

"The competitions aren't just for testing cyber personnel's capabilities and handing them a medal and a check at the end. The goal is to enrich and refine the world of cyber. These competitions are where hackers from all countries get to meet one another, even people from countries that don't have diplomatic relations with Israel such as Pakistan, Tunisia and Iraq and even from Iran. When these people get together, they try to get a grasp of the cyber conflict taking place around the world. This can result in a large network of people who work to expose vulnerabilities for purposes of developing a defense, rather than using those vulnerabilities for attacking and causing negative impact, and that is effectively the goal. There's no digital platform that can compete with the physical contact taking place in the outside world. That is why I always say 'it's all about people', with all due respect to the digital systems and even to AI."

With this kind of cyber expertise, why doesn't CyTaka sell cyber defense tools to the market?

"We're not here to sell offensive or defensive components, and we are definitely not NSO style. We assist with cyber education to help citizens who are experiencing an infringement of their privacy and security in cyberspace. Citizens and business owners haven't gone into cyber; it just reached them under the auspices of progress and has caught the vast majority of them unprepared and unprotected. We'd like to facilitate the victory of man over machine, not to sell defensive or offensive tools to customers. All of our development work is carried out for research and training purposes.

After you were chosen for 'Man of the Year' and now one of the 'Most Impactful people in Israel', how is the feeling ?

All our achievements actually belong to the vision I represent and the people who support us since the get-go: government personnel, military personnel, intelligence chiefs and elected officials, including the cyber experts and the information security community. That is why I always say: It's all about people. Without our partners to this project, it would have been nothing but a vision."

Doron Amir – CEO of CyTaka

Previous positions: CEO of cyber companies, VP of Technologies at International companies.

Hobbies: Diving, motorcycles and sports cars.

Motto to live by: "When you have to shoot, shoot; don't talk."

A personal dream he'd like to make come true: "Hold a cyber competition on the moon with Elon Musk."

"Our competitions are where hackers from all countries get to meet one another, even people from countries that don't have diplomatic relations with Israel such as Pakistan, Tunisia and Iraq and even from Iran. When these people get together, they try to get a grasp of the cyber conflict taking place around the world, to enrich and refine the world of cyber. This can result in a large network of people who work to expose vulnerabilities for purposes of developing a defense, rather than using those vulnerabilities for attacking and causing negative impact."

- Sponsored Content -