Gil Baram, Ph.D.
glbaram@gmail.com
Research scholar
University of California, Berkeley
Year of PhD: 2021
Country: Israel
About Me:
I am a research scholar at the Center for Long-Term Cybersecurity and the Berkeley Risk and Security Lab (joint appointment) University of California Berkeley. I am also a senior adjunct research fellow at the Centre of Excellence for National Security (CENS) at Nanyang Technological University, Singapore (NTU).
Previously I was a Fulbright Cybersecurity postdoctoral fellow at the Center for International Security and Cooperation (CISAC) at Stanford University.
I completed my doctoral studies within the excellence program of the School of Political Science, Government and International Relations at Tel Aviv University, and I hold M.A. (magna cum laude) in Security Studies from Tel Aviv University.My research focuses on governmental decision-making during cyberattacks and strategic attribution-related policy. I work at the intersection of Cyber and International Relations, examining under what circumstances governments choose public disclosure of attacks or secrecy. Within my doctoral research, I developed a pioneering analytical model that allows decision-makers to predict their adversary’s response, supported by an original coded database of cyberattacks.My research interests encompass various aspects of cyber warfare and covert actions, including the impact of technology on national security, cyber and national security, the role of Intelligence agencies in cyberattacks, cyber threats to space systems, and how states act during cyberconflict.In addition to academic research, I serve as a consultant to governments, corporations and international organizations. I also give specialized knowledge-based talks and presentations on strategic cyber issues to agencies, companies, groups and individuals, customized from field levels up to the top echelon.Previously, I served as the Head of the Cyber & Space research group at the Yuval Ne’eman Workshop for Science, Technology and Security, and research fellow at the Blavatnik Interdisciplinary Cyber Research Center (ICRC), both at Tel Aviv University.
I also held cyber intelligence positions within Israel’s National Information Security Authority.
Research Interests
Conflict Processes & War
Foreign Policy
Research Methods & Research Design
Middle East & North African Politics
Cybersecurity
International Cooperation
Science & Technology
My Research:
My current research agenda focuses on national decision-making process during cyber conflict. I explore the reasons why – despite the fact that cyber attacks are covert actions in nature, and therefore can be hidden or denied – in many cases countries choose to reveal the attack and “go public” about it. In this project I'm is developing a new conceptual-theoretical framework and is examining it by combining qualitative and quantitative research methods.
Publications:
Journal Articles:
Why is Israel world-renowned as the ‘start-up nation’ and a leading source of technological innovation? While existing scholarship focuses on the importance of skill development during Israel Defense Forces (IDF) service, we argue that the key role of the Academic Reserve has been overlooked. Established in the 1950s as part of David Ben-Gurion’s vision for a scientifically and technologically advanced defense force, the Academic Reserve is a special program in which the IDF sends selected high school graduates to earn academic degrees before they complete an extended term of military service. After finishing their service, most participants go on to contribute to Israel’s successful high-tech industry. By focusing on the role of the Academic Reserve, we provide a broader understanding of Israel’s ongoing technological success.
In the past few years, there has been growing recognition of the importance of international cooperation concerning cyberwarfare norms. To this end, a number of international forums have been established, but as of now, they have had limited success. We recognize three major challenges to the success of these forums: (1) the problem of trust, (2) varying threat perceptions, and (3) different definitions of state sovereignty. We analyze the existing disagreements between the U.S., Russia, and China, and show how a “bottom-up” solution like the Global Commission on the Stability of Cyberspace can facilitate reaching an agreement despite these differences.
Anonymity is considered to be a key characteristic of cyber conflict. Indeed, existing accounts in the literature focus on the advantages of the non-disclosure of cyber attacks. Such focus inspires the expectation that countries would opt to maintain covertness. This hypothesis is rejected in an empirical investigation we conducted on victims’ strategies during cyber conflict: in numerous cases, victim states choose to publicly reveal the fact that they had been attacked. These counterintuitive findings are important empirically, but even more so theoretically. They motivate an investigation into the decision to forsake covertness. What does actually motivate states to move into the international arena and publicly expose a cyber attack? The goal of this paper is to understand why and under which geopolitical circumstances countries choose to give up the advantages of anonymity. Whether they wish to Name and Shame opponents for ignoring international norms or whether they try to avoid public humiliation, victims of cyber attacks occasionally reveal the fact that they had been attacked. There is tension between such motivations and the will to protect intelligence sources and the incentives to prevent escalation if an attack is revealed, even more so if the attacker is exposed. Indeed, we find that sunk costs, counterescalation risks and the need to signal resolve—while critical in motivating victims to keep cyber attacks secret—may not suffice under such specific circumstances. By focusing on the victim’s side, we draw inspiration from data on real-world cyber attacks in order to place cyber operations in the larger context of secrecy and covert actions in the international arena. In so doing, the aim is to advance the use of empirical data for understanding the dynamics of cyber conflict and the decision-making process of states operating in this increasingly complex domain.
The paper reviews the main strategic trends in cyber policy and security in recent years, pointing out the emergence of a new ‘cyber escalation cycle’: while states are investing significant resources to improve their offensive cyber capabilities, these capabilities are subsequently being stolen, publicised and used by hostile countries to launch devastating cyberattacks. This has led governments to pursue legislation to control incoming technology, changing the technological relations between countries. Given the development of enhanced cyber capabilities and the effectiveness of the attacks, we believe that leakage followed by immediate use of the leaked offensive cyber weapons against rival countries will only increase, making this issue even more contentious.
From the early days of statehood, technology occupied a prominent place in Israel’s national security concept as it sought to establish a qualitative edge over its vastly more populated and better endowed Arab adversaries. In the past few years, a new technological challenge, that of cyber warfare, has grown to the point of becoming among the most critical threats to Israel’s vital infrastructures in both the civil and the military-security sectors. Energy, water, communications and traffic networks, and an economy that relies heavily on computers must be viewed as being at risk. To respond to the new, evolving threats, Jerusalem must revise certain aspects of its security concept so as to ensure cyber superiority as an inseparable part of its national defense capabilities.
This article addresses the principal events of 2014 in the field of space activities, and extrapolates from them the primary trends that can be identified in governmental space activities. In 2014, global space activities centered on two vectors. The first was geopolitical, and the second relates to the matrix between increasing commercial space activities and traditional governmental space activities. In light of these two vectors, the article outlines and analyzes trends of space exploration, human spaceflights, industry and technology, cooperation versus self-reliance, and space security and sustainability. It also reviews the space activities of the leading space-faring nations.
The growing use of information technology, monitoring, and control through computerized control systems, together with the increasing dependence of the free market on products and services supplied through infrastructure (for example, electric power), have increased interdependency between infrastructures. Consequently, an attack on critical infrastructure is liable to have a decisive effect on the functioning of other infrastructures. The interdependence between infrastructures requires those involved in planning a cyber-attack as well as those involved in defending from such attacks to adjust to this reality and prepare accordingly. The article describes the existing models for analyzing interdependence between infrastructures, proposes an analytical framework for describing the interdependence and examines the possibilities at the United States’ disposal should it decide to engage in a cyber-attack.
In September 2014, hackers from China broke into the U.S. National Oceanic and Atmospheric Administration (NOAA) network in an attempt to disrupt data related to disaster planning, aviation, and much more coming from U.S. satellites. This breach was the latest in a series of cyberattacks on space systems, exposing the Achilles’ heel of such technology: the vulnerability of its computers and the information it creates and transmits. Cyberattacks, which are on the rise in every industry, pose particularly significant threats to space systems as they are used so ubiquitously in corporate and military operations, making them increasingly attractive targets for hackers.
This report surveys the principal space events of 2013 and analyzes the central trends that can be discerned in government space activities in nations around the world. The article refers to cooperation between countries, to trends in space security, and reviews the space policies and activities of the leading nations as well as emerging ones. The proportion of government funds has declined in recent years; at the same time, space is one of the fields in which commercial endeavors are closely tied with government activities, and is strongly affected by the dynamics and politics between nations. The international community is struggling over the nature of activities in space, world leadership, and what should be permitted and what should be prohibited. Alongside this struggle for control and influence, many nations have come to understand that challenges and threats exist which require cooperation to address adequately. The concern is that, in the absence of appropriate action, use of space will be denied to all. The principal challenge facing the international community is to find a way to surmount obstacles to cooperation. Accordingly, follow-up and analysis of the interests, goals, and conflicts between the nations that are formulating the priorities and making the decisions about space are essential for understanding the direction in which developments in space are headed. They are also indispensable in creating a sustainable space industry.
The past decade has witnessed rapid developments in computers and information technology, leading to far reaching changes in almost all areas of life, including the military and defense spheres. Many changes have occurred in the nature of warfare and the design of military forces, owing, among other things, to developments in strategic thinking and the formulation of military doctrines that are tailored to a changing reality. In the 1990s, attempts to assess the consequences of the transition to the information age for defense endeavors led to the emergence of the notion of a “revolution in military affairs–RMA.” This notion was conceived as a result of new technological innovations that improved the quality and availability of intelligence, the flow of information, and the precision of weapons. In the ensuing years, especially in the 21st century, advanced technologies for cyber warfare were developed, changing the face of the battlefield and the pattern of modern military action. The cyber technology used in warfare affects the way the latter is conducted. A country possessing this technology enjoys battlefield superiority, high quality and comprehensive intelligence, a precise and rapid attack capability, the ability to protect essential infrastructures, enhanced command and control capabilities, and so on. These capabilities contribute to a nation’s power, and strengthen its national security. Cyber warfare technologies have the potential for enormous advantages, along with new and unfamiliar risks. Given the sweeping innovation in this field, the understanding of its nature and consequences has only begun.
Book Chapters:
‘Cyberwarfare’is a disputed term, but a common understanding is that it ‘involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks’(Rand, nd). The Stuxnet malware that damaged the uranium enrichment centrifuges in Iran in 2010 was the first time the world witnessed that states can damage critical physical infrastructures by using cyber means (Farwell and Rohozinski, 2011; Lindsay, 2013; Zetter, 2015). Widely believed to have been developed by the United States and Israel, Stuxnet was designed to sabotage Iran’s nuclear program. Its stealthy propagation and ability to remain undetected made it a ground-breaking ‘cyber weapon’, marking a turning point in the era of state-sponsored cyberwarfare and raising concerns about the implications for global …
Other:
In late April, Israeli media reported on a possible cyberattack on several water and sewage treatment facilities around the country. Israel’s national water agency initially spoke of a technical malfunction, but later acknowledged it was a cyberstrike. According to Israeli officials, the event caused no damage other than limited disruptions in local water distribution systems. At the time, the reports went all but unnoticed amid the flood of pandemic-related media coverage. Israeli media later blamed Iran for the cyberattack, which had been routed through U.S. and European servers. Iran has denied involvement.A closer look suggests that
On October 19, the U.S. Department of Justice unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign. According to the indictment, the officers, who are believed to be members of Unit 74455 of the Russian Main Intelligence Directorate (GRU), were responsible for some of the most high profile cyberattacks of the last few years, including the devastating NotPetya worm in 2017 that cost $10 billion in damages, the targeting of the French presidential election in 2018, the hacking of the 2018 Winter Olympics in South Korea, interfering with electric grid in Ukraine in 2016, and others.
In mid-January and early February, Iran attempted two satellite launches intended for environmental monitoring purposes. The Payam (Message) and Doosti (Friendship) ascended aboard Iranian-made satellite launch vehicles (SLVs). Both launches failed to place the satellites into orbit. The United States nevertheless protested the space launches—mostly because the SLVs used the same base technology as multistage intercontinental ballistic missiles (ICBMs).
Almost exactly a year ago, North Korea and Russia reused a vulnerability stolen from the U.S. government to conduct the WannaCry and NotPetya ransomware attacks. Is the theft and reuse of vulnerabilities likely to be the norm?
Media Appearances:
TV Appearances:
Cyberattacks Spike Amid Coronavirus Pandemic
Other:
Cyber Capabilities and National Power: A Net Assessment