Comptroller: Gov’t cannot properly defend country without a cyber law

The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report.

By
May 7, 2019 01:10
2 minute read.
Network defender at the US Air Force Space Command Network Operations & Security Center.

Cyber warfare 370. (photo credit: Rick Wilking/Reuters)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

 In order to defend the country, the government’s cyber units must have a cyber law to govern their operations, said State Comptroller Joseph Shapira in his annual report on Monday.


In a report covering the time period from July 2017 to July 2018, including both the activities of the Israel National Cyber Directorate (INCD) and the Shin Bet’s (Israel Security Agency) oversight of the country’s cyber coverage, the report found wide-ranging vulnerabilities.
The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report.


It said that this was especially true in the private sector where, absent a law, it is much less clear what authority and restrictions the government can use and impose. For example, cases could arise where a private sector company’s negligence endangers the country indirectly and the INCD would be unsure how far it can go to fix the vulnerable area or to compel the company to do so.


A proposed bill to comprehensively address cybersecurity was put on the Knesset’s agenda in 2018 before it dissolved, but intense debates over striking the balance between national security and privacy rights prevented it from moving forward.


The comptroller did not appear to suggest a specific solution for getting that bill or a similar one through the Knesset.


Where the private sector and government cyber officials have worked together, the report found that the government was overly generic in its approach.


Shapira wrote that different sectors face different quality and quantity of cyber threats and that this is being ignored, which he said wastes resources and fails to protect vulnerable entities.
 
Besides the more standard private sector, many special entities in critical infrastructure sectors (TAMAK) – electricity, water and a few dozen others – are not updating their electronic systems to reflect ongoing cybersecurity standards. These standards, noted the comptroller, require constantly evolving and integrating new solutions to plug new security loopholes, as new software and applications are distributed commercially.


More specifically, the report said that the Shin Bet did a review of cybersecurity for TAMAK entity A in 2016 and, to date, the entity still has not solved the identified shortcomings.


Entity A and the names of other entities remain classified due to national security concerns.


In addition, the report said that TAMAK entity B has failed to integrate a specific solution to a cybersecurity gap that was pointed out to it.


Furthermore, TAMAK entity C has not established a proper disaster recovery system.


Besides the TAMAK sector, the comptroller wrote that many government ministries and quasi government entities have failed to appoint a cybersecurity chief who is the point person for defending their systems and managing hacking episodes.


Also, Shapira said that many of them have failed to adopt a systematic cyber policy of any kind to address the myriad cyber threats they face.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Prime Minister Benjamin Netanyahu and his wife, Sara Netanyahu, at the Jerusalem Theater
June 24, 2019
Liberman accuses Netanyahu of covert deal with Arab parties

By JEREMY SHARON

Cookie Settings