Israel Finds It Has Numerous Cyber Vulnerabilities

Uploaded on 2019-05-17 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The Israelis government’s cyber units must have clear legal framework to govern their cyber operations, said Israel’s State Comptroller Joseph Shapira in his annual report on Monday 6th May.

In a report covering the time period from July 2017 to July 2018, including both the activities of the Israel National Cyber Directorate (INCD) and the Shin Bet’s (Israel National Security Agency) oversight of the country’s cyber coverage, the report found wide-ranging vulnerabilities.

The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report. It also said that this was especially true in the private sector where, absent a law, it is much less clear what authority and restrictions the government can use and impose.

For example, cases could arise where a private sector company’s negligence endangers the country indirectly and the INCD would be unsure how far it can go to fix the vulnerable area or to compel the company to do so.

A proposed bill to comprehensively address cybersecurity was put on the Knesset’s agenda in 2018 before it dissolved, but intense debates over striking the balance between national security and privacy rights prevented it from moving forward.

The comptroller did not appear to suggest a specific solution for getting that bill or a similar one through the Knesset. 

Where the private sector and government cyber officials have worked together, the report found that the government was overly generic in its approach. Shapira wrote that different sectors face different quality and quantity of cyber threats and that this is being ignored, which he said wastes resources and fails to protect vulnerable entities.

Besides the more standard private sector, many special entities in critical infrastructure sectors (collectivley referred to by the acronym TAMAK), electricity, water and a few dozen others, are not updating their electronic systems to reflect ongoing cybersecurity standards.

These standards, noted the comptroller, require constantly evolving and integrating new solutions to plug new security loopholes, as new software and applications are distributed commercially. More specifically, the report said that the Shin Bet  security agency had carried out review of cybersecurity for one TAMAK entity A in 2016 and that to date, the entity still has not solved the identified shortcomings.

 Entity A and the names of other entities remain classified due to national security concerns.

In addition, the report said that another TAMAK entity B has failed to integrate a specific solution to a cybersecurity gap that was pointed out to it. Furthermore, TAMAK entity C has not established a proper disaster recovery system.

Besides the TAMAK sector, the comptroller wrote that many government ministries and quasi government entities have failed to appoint a cybersecurity chief who is the point person for defending their systems and managing hacking episodes. Shapira said that many of them have failed to adopt a systematic cyber policy of any kind to address the myriad cyber threats they face.

Jerusalem Post

You Might Also Read:

Cybersecurity In Israel:

 

 

« Social Media Is The New Gutenberg
Israel Hits Back At Hamas Cyber Attackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.