Comptroller: State failed to protect security, economic interests from cyberattacks

Engleman criticized the police cyber unit for only spending a small number of days, usually up to 10 days and at maximum still only one month, investigating these cases.

 State Comptroller Matanyahu Englman (photo credit: MARC ISRAEL SELLEM)
State Comptroller Matanyahu Englman
(photo credit: MARC ISRAEL SELLEM)

The state has failed to protect its security and economic interests from wide-ranging cyberattacks, State Comptroller Matanyahu Englman said Tuesday in his annual report.

Focusing mainly on the 2018-2020 period, he said the Israel Police National Cyber Unit had closed 36,009 cases without almost any investigation. That represented 25% of its cases. Of the remaining cases, 75% of them were closed on the basis of an inability to find or identify the suspected hacker, the report said.

Englman criticized the police cyber unit for spending a small number of days investigating the cases, usually up to 10 days and at most one month.

There was inadequate staff, resources and technological equipment for properly pursuing the full range of cybercrime, which is harming Israel’s security and economic interests as well as small businesses and citizens, the report said.

In 2019, 84% of people who complained to the police about cybercrime were unsatisfied with the handling of their case, it said.

State Comptroller Matanyahu Englmann attends a press conference to announce the opening of an investigationn into Israel's Mount Meron disaster, at the State Comptroller offices in Jerusalem, May 3, 2021.  (credit: OLIVIER FITOUSSI/FLASH90)State Comptroller Matanyahu Englmann attends a press conference to announce the opening of an investigationn into Israel's Mount Meron disaster, at the State Comptroller offices in Jerusalem, May 3, 2021. (credit: OLIVIER FITOUSSI/FLASH90)

In 2020, 51% of persons participating in a survey said if they were hacked by criminal actors, they would either report the hacking to non-police cyber officials or would not report it.

The report criticized both the state and the police for failing to have a clear strategy and methodology for handling escalating cybercrime.

In 2020, there was a 150% increase in ransomware cyberattacks worldwide, which caused losses of $20 billion, including hundreds of millions of shekels in Israel, the report said.

On a related point, while Englman said the police cooperate with Israel’s other security agencies, including the Mossad, the Shin Bet (Israel Security Agency) and the Cyber Authority, he criticized the lack of a formal basis for these interactions.

Next, the report warned that although there has been high cooperation from social-media giants such as Meta for removing problematic terrorist or antisemitic posts since 2019 and somewhat before, a formal law is needed to dictate exactly when law enforcement can compel online companies to remove posts.

Englman also said the High Court of Justice had strongly recommended the passing of such a law in April 2021.

Regarding problematic online posts against judges, the courts had asked for 97 posts against judges to be removed in 2016, the report said.

However, by 2019, the court only requested three posts to be removed. Furthermore, in 2020, the courts did not request any posts against judges to be removed.

The report said it was important to develop a more formal legal structure for removing posts against judges.

Besides all of the above-mentioned issues related to protecting against hacking and problematic social-media posts, Englman warned that the police must not violate civil liberties and privacy rights as they try to protect the state and its citizens from cybercrime.

Following the Pegasus spying scandal that erupted after a number of reports in the Calcalist newspaper (at least some of which were true), both the state and the state comptroller committed to investigating whether the police cyber unit has abused its power and violated privacy rights while trying to combat cybercrime.