Israel Finds It Has Numerous Cyber Vulnerabilities

The Israelis government’s cyber units must have clear legal framework to govern their cyber operations, said Israel’s State Comptroller Joseph Shapira in his annual report on Monday 6th May.

In a report covering the time period from July 2017 to July 2018, including both the activities of the Israel National Cyber Directorate (INCD) and the Shin Bet’s (Israel National Security Agency) oversight of the country’s cyber coverage, the report found wide-ranging vulnerabilities.

The absence of a clear law hampers the ability of the INCD and other cyber security officials from protecting vulnerable aspects of the nation’s cybersecurity infrastructure, said the report. It also said that this was especially true in the private sector where, absent a law, it is much less clear what authority and restrictions the government can use and impose.

For example, cases could arise where a private sector company’s negligence endangers the country indirectly and the INCD would be unsure how far it can go to fix the vulnerable area or to compel the company to do so.

A proposed bill to comprehensively address cybersecurity was put on the Knesset’s agenda in 2018 before it dissolved, but intense debates over striking the balance between national security and privacy rights prevented it from moving forward.

The comptroller did not appear to suggest a specific solution for getting that bill or a similar one through the Knesset. 

Where the private sector and government cyber officials have worked together, the report found that the government was overly generic in its approach. Shapira wrote that different sectors face different quality and quantity of cyber threats and that this is being ignored, which he said wastes resources and fails to protect vulnerable entities.

Besides the more standard private sector, many special entities in critical infrastructure sectors (collectivley referred to by the acronym TAMAK), electricity, water and a few dozen others, are not updating their electronic systems to reflect ongoing cybersecurity standards.

These standards, noted the comptroller, require constantly evolving and integrating new solutions to plug new security loopholes, as new software and applications are distributed commercially. More specifically, the report said that the Shin Bet  security agency had carried out review of cybersecurity for one TAMAK entity A in 2016 and that to date, the entity still has not solved the identified shortcomings.

 Entity A and the names of other entities remain classified due to national security concerns.

In addition, the report said that another TAMAK entity B has failed to integrate a specific solution to a cybersecurity gap that was pointed out to it. Furthermore, TAMAK entity C has not established a proper disaster recovery system.

Besides the TAMAK sector, the comptroller wrote that many government ministries and quasi government entities have failed to appoint a cybersecurity chief who is the point person for defending their systems and managing hacking episodes. Shapira said that many of them have failed to adopt a systematic cyber policy of any kind to address the myriad cyber threats they face.

Jerusalem Post

You Might Also Read:

Cybersecurity In Israel:

 

 

« Social Media Is The New Gutenberg
Israel Hits Back At Hamas Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Cybernance

Cybernance

Cybernance provide an enterprise-wide, web-based software solution for managing and mitigating cyber risk based on key compliance frameworks.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Cyborg Security

Cyborg Security

Cyborg Security is a team of threat hunters, threat intelligence analysts, and security researchers from across North America.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.