Inside the IDF's Cyber Training Center Where Defenders Face Live Attacks

At an IDF cyber training facility, soldiers simulate real-time attacks on isolated networks to prepare cyber defenders for live incidents. In one exercise described to Calcalist, a red-team attacker, Staff Sgt. Y', was shown having already penetrated a network, escalated privileges, exploited vulnerabilities and taken full control after starting from access in another network. Y' said defenders were now containing the event and working to restore the network to full operation.

The modest site, which includes offices, an auditorium and a drill room, is run as a practical combat training ground for cyber units. Its commander, Capt. N', said the center runs periodic exercises so the IDF stays constantly ready for cyber events. He compared the goal to infantry training, saying, "Hard in training, easy in battle," and added that the center tries to increase friction so troops are as prepared as possible when a real incident arrives.

Training scenarios are built by the soldiers who serve there, and the same personnel also play the hackers. Exercises can last one day or many days, and can focus on a defender's role, command-and-control, or the behavior of a commander brought into the incident. After each drill, the teams hold lessons-learned meetings and produce reports on what to improve. Depending on the drill, participants may be told the exact type of attack or only given clues to identify it.

Capt. N' said the cyber fight is very similar to live combat because, unlike laser training on the ground, it happens in code, and trainees can later face the same-looking attacks at their bases and command rooms. He said that since October 7, the IDF has suffered seven times more cyber attacks than before, but has had zero breaches into IDF systems. He credited the center in part for that, while saying the team also tries to anticipate attacks not yet seen.

The unit recruits soldiers who have completed the IDF Computer Professions School's cyber defender course, and no prior cyber or programming background is required. N' said he looks for curiosity, creativity, teaching ability, professionalism and strong communication skills. He added that after five years in the team, a soldier can leave as a senior-level professional in the civilian market, and former commanders can move into management roles in high-tech or defense industries. The center also prides itself on a mostly female workforce, with roughly half the last course and eight women and six men on the current team. Staff Sgt. Y', who had no computer background before enlistment, said she had studied medicine and biology in high school and had initially been accepted to a medical reserve track before being directed to a preparatory program.

The training center also works with foreign militaries. Maj. B', head of international relations in the C4I and Cyber Defense Directorate, said joint drills are a central milestone, that many partner countries come to train there, and that the center's unique value lies in its platform, technology, instructors and operational experience. He said the IDF also trains abroad and has held exercises with the United States and many other countries.