For some years, including those in which he held top positions in the Shin Bet, he was simply known as “Y”. With the start of 2022, Yigal Unna celebrated his fourth year as Director-General of Israel’s National Cyber Directorate.
CTech, the English-language section of the Israeli tech and business newspaper Calcalist, called him “the man leading Israel’s cyberwars.” He is also a leading figure in the cyber “ecosystem” – a popular definition in the Israeli IT world – of the Jewish state.
Recently Mr Unna attended a conference in Bari, in Apulia, organised by the University of Bari Aldo Moro and Israel’s Jerusalem Institute for Strategy and Security. His Italian counterpart, Professor Roberto Baldoni, Director-General of the National Cybersecurity Agency (NCA), which, like the Israeli structure, reports directly to the head of the government, took the stage right before him.
Director Unna, the economies of Italy and Israel are often described as complementary. How would you define the relationship between the two countries in the cyber arena?
When I got to this position in 2018 I already had excellent relations with my counterparts in Italy – although I must say that we didn’t find any relevant counterpart until recently, due to the lack of an Agency like ours in Italy. I looked forward to it because we have a similar state of mind when it comes to national security, technology and partnerships. Thus, during my short visit to Bari, it was fantastic to talk with professor Baldoni, who chairs the new NCA, and see that we are on the same page.
In the current geopolitical context, characterised by the technological confrontation between the United States and China, how can two countries like Israel and Italy, whose main allies are the US, work to secure their infrastructures?
We both have good economic and trade relations, and we want even more, with everyone, including with a giant like China. We do realise the tensions at play in the current world. And that brings even more incentives for smaller countries to come together and work together, more closely. Here’s a relevant example I usually give behind closed doors, too. In the world of commercial aviation, after Boeing cemented the strongest position decades ago, Europe came forward with Airbus and brought more than one country together; now it’s almost a duopoly. Perhaps that’s a good model for handling 5G and other things: more transparency, more partnerships, and therefore fewer suspicions.
Under the Biden administration, the US seem to have woken up. Examples include the Counter Ransomware Initiative and the Summit for Democracy. Is it still possible to speak of a united Western world in the cyber arena?
Oh yes, absolutely. I think it’s inevitable. All the bad guys work from other countries – and our cyber-agencies are not law enforcement. The Counter Ransomware Initiative, for example, tried to close the gaps between nations; it’s all about speed and connectivity. We need 24/7 partnerships. It’s a matter of all democratic countries. Information sharing, working together regardless of borders: this is the new model for fighting this pandemic. And that’s why we have a Global Cyber Cabinet, a club of heads of cyber-agencies that we want Italy to join, led by Israel, with countries such as the US, Germany, Japan, United Kingdom, the United Arab Emirates…
The UAE’s involvement is one of the results of the Abraham Accords, isn’t it?
I was in the historic direct flight between Israel and the United Arab Emirates in August 2020. It was the first time a cyber official joined this kind of mission to establish formal relations. This symbolises how cyber operations are now part of all the essentials, and connect countries. We have a fantastic friendship, face the same threats, unfortunately, and we have to work together.
Threats such as Iran?
Yes, for instance. But there are also matters of innovation linked to everyday life. It’s a friendship, not just a partnership.
Some industry experts have described Log4Shell as the cyber apocalypse. How serious is this vulnerability?
In 32 years in this sector, I have heard of apocalypses, catastrophes and doomsdays too many times. Log4Shell is one of the most severe vulnerabilities ever discovered, but unfortunately it’s not the most severe and neither it will be the last one. We, the human factor, are the weakest link in cybersecurity. The main job of our agencies is to be the first to detect and the fastest to close those vulnerabilities.
Picture: Twitter profile of the Israel National Cyber Directorate