Israel Finds It Has Numerous Cyber Vulnerabilities

The Israelis government’s cyber units must have clear legal framework to govern their cyber operations, said Israel’s State Comptroller Joseph Shapira in his annual report on Monday 6th May.

In a report covering the time period from July 2017 to July 2018, including both the activities of the Israel National Cyber Directorate (INCD) and the Shin Bet’s (Israel National Security Agency) oversight of the country’s cyber coverage, the report found wide-ranging vulnerabilities.

The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report. It also said that this was especially true in the private sector where, absent a law, it is much less clear what authority and restrictions the government can use and impose.

For example, cases could arise where a private sector company’s negligence endangers the country indirectly and the INCD would be unsure how far it can go to fix the vulnerable area or to compel the company to do so.

A proposed bill to comprehensively address cybersecurity was put on the Knesset’s agenda in 2018 before it dissolved, but intense debates over striking the balance between national security and privacy rights prevented it from moving forward.

The comptroller did not appear to suggest a specific solution for getting that bill or a similar one through the Knesset. 

Where the private sector and government cyber officials have worked together, the report found that the government was overly generic in its approach. Shapira wrote that different sectors face different quality and quantity of cyber threats and that this is being ignored, which he said wastes resources and fails to protect vulnerable entities.

Besides the more standard private sector, many special entities in critical infrastructure sectors (collectivley referred to by the acronym TAMAK), electricity, water and a few dozen others, are not updating their electronic systems to reflect ongoing cybersecurity standards.

These standards, noted the comptroller, require constantly evolving and integrating new solutions to plug new security loopholes, as new software and applications are distributed commercially. More specifically, the report said that the Shin Bet  security agency had carried out review of cybersecurity for one TAMAK entity A in 2016 and that to date, the entity still has not solved the identified shortcomings.

 Entity A and the names of other entities remain classified due to national security concerns.

In addition, the report said that another TAMAK entity B has failed to integrate a specific solution to a cybersecurity gap that was pointed out to it. Furthermore, TAMAK entity C has not established a proper disaster recovery system.

Besides the TAMAK sector, the comptroller wrote that many government ministries and quasi government entities have failed to appoint a cybersecurity chief who is the point person for defending their systems and managing hacking episodes. Shapira said that many of them have failed to adopt a systematic cyber policy of any kind to address the myriad cyber threats they face.

Jerusalem Post

You Might Also Read:

Cybersecurity In Israel:

 

 

« Social Media Is The New Gutenberg
Israel Hits Back At Hamas Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Hack in the Box Security Conference (HitBSecConf)

Hack in the Box Security Conference (HitBSecConf)

HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events feature two days of training and a two-day multi-track conference

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.