Israel becomes first nation to cyber regulate hazardous materials industry

Hazardous materials can apply to everything from facilities for water treatment, to airports, to seaports, to pharmaceutical companies, to hospitals, to swimming pools to even wineries.

By YONAH JEREMY BOB
Facility holding hazardous materials, illustrative (photo credit: Wikimedia Commons)
Facility holding hazardous materials, illustrative
(photo credit: Wikimedia Commons)
Israel has become the first nation in the world to implement cyber regulations of the hazardous-materials industry, Environment Ministry cyber director Yossi Shavit told The Jerusalem Post last Thursday.
The regulations only recently went into effect. Shavit presented aspects of it at last week’s Cybertech conference in Tel Aviv, but he gave the Post a fuller picture of the issue.
In an age when people are starting to be more conscious of how vulnerable elections can be to cyberattacks, much of the public is still ignorant of the mayhem that could be caused from a successful cyberattack on a facility holding hazardous materials.
Shavit said his ministry supervises 4,262 facilities in Israel.
Hazardous materials can be found in water-treatment facilities, airports, seaports, pharmaceutical companies, hospitals, swimming pools and wineries, among other places.
Regulations divide these facilities into three categories of license renewals, based on the facilities’ proximity to public areas and the level of danger presented by the quality and quantity of the hazardous materials, Shavit said.
The most dangerous materials are in category A and have a license renewal review every year.
Some category A facilities – there are 382 in Israel – may need to implement a checklist of up to 92 cyber controls to comply with licensing requirements.
Category B facilities, of which there are 555, renew their licenses every two years and may have fewer cyber controls to comply with. Category C facilities, of which there are 3,325, renew their licenses every three years.
At this stage, Shavit said the Environment Ministry is focused on supervising implementation of the regulations with several dozen category A facilities, but over time it plans to carefully address the others.
According to the cyber director, the story starts in 2015 with two governmental decisions directing all ministries to address any cyber vulnerabilities that they and the markets they supervise might have.
“Every regulator was directed to use his own regulatory activities and experts” to address these issues, Shavit said.
For the Environment Ministry, part of this review included “all the hazardous-materials facilities,” he said.
Shavit said the two major actions he undertook were to develop and issue regulations and to formulate a methodology “to estimate the level of danger for different hazardous materials.”
Most advanced nations have cyber regulations for all of their various kinds of infrastructure, including energy and water facilities, but nothing tailored to cope with the unique dangers and aspects of hazardous materials.
Shavit said he started to present his ideas to other countries at an October 2018 conference in Europe and at a November 2018 conference in Singapore. “There was a lot of enthusiasm and interest,” he said.
The OECD has requested that the new regulations be translated into English so that other countries might be able to adopt all or part of them, Shavit said.
He said he does not know exactly when the translating will happen, due to budget issues relating to the absence of a permanent government. But once a budget for the translation is approved, it could be concluded quickly, he said.
By “performing reviews of dangerous issues and addressing vulnerabilities, you increase the resilience to cyber attacks to much higher levels,” Shavit said. “There is no way to prevent everything, but you can reduce risks as much as possible.”
He credited the Israel National Cyber Directorate (INCD) with providing guidance and support in its role as the central director of government ministries’ drive to make themselves “cyber ready.”
Along with INCD, the Environment Ministry has been providing courses for some time for industry experts to be able to know how to help their businesses comply with the new regulations so that there are no sudden shocks.
Shavit joined the ministry three years ago to help bring it into the new cyber age after working in the cyber world.
The ministry has definitely been supportive, because “without its support, in cyber, it would be very hard” to achieve goals set down by the cabinet, he said.