Israel Finds It Has Numerous Cyber Vulnerabilities

Uploaded on 2019-05-17 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The Israelis government’s cyber units must have clear legal framework to govern their cyber operations, said Israel’s State Comptroller Joseph Shapira in his annual report on Monday 6th May.

In a report covering the time period from July 2017 to July 2018, including both the activities of the Israel National Cyber Directorate (INCD) and the Shin Bet’s (Israel National Security Agency) oversight of the country’s cyber coverage, the report found wide-ranging vulnerabilities.

The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report. It also said that this was especially true in the private sector where, absent a law, it is much less clear what authority and restrictions the government can use and impose.

For example, cases could arise where a private sector company’s negligence endangers the country indirectly and the INCD would be unsure how far it can go to fix the vulnerable area or to compel the company to do so.

A proposed bill to comprehensively address cybersecurity was put on the Knesset’s agenda in 2018 before it dissolved, but intense debates over striking the balance between national security and privacy rights prevented it from moving forward.

The comptroller did not appear to suggest a specific solution for getting that bill or a similar one through the Knesset. 

Where the private sector and government cyber officials have worked together, the report found that the government was overly generic in its approach. Shapira wrote that different sectors face different quality and quantity of cyber threats and that this is being ignored, which he said wastes resources and fails to protect vulnerable entities.

Besides the more standard private sector, many special entities in critical infrastructure sectors (collectivley referred to by the acronym TAMAK), electricity, water and a few dozen others, are not updating their electronic systems to reflect ongoing cybersecurity standards.

These standards, noted the comptroller, require constantly evolving and integrating new solutions to plug new security loopholes, as new software and applications are distributed commercially. More specifically, the report said that the Shin Bet  security agency had carried out review of cybersecurity for one TAMAK entity A in 2016 and that to date, the entity still has not solved the identified shortcomings.

 Entity A and the names of other entities remain classified due to national security concerns.

In addition, the report said that another TAMAK entity B has failed to integrate a specific solution to a cybersecurity gap that was pointed out to it. Furthermore, TAMAK entity C has not established a proper disaster recovery system.

Besides the TAMAK sector, the comptroller wrote that many government ministries and quasi government entities have failed to appoint a cybersecurity chief who is the point person for defending their systems and managing hacking episodes. Shapira said that many of them have failed to adopt a systematic cyber policy of any kind to address the myriad cyber threats they face.

Jerusalem Post

You Might Also Read:

Cybersecurity In Israel:

 

 

« Social Media Is The New Gutenberg
Israel Hits Back At Hamas Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.