If you were one of the 15,000 Israelis whose credit card details were purloined by anti-Israel hacker 0xomar last month, you probably have a new appreciation of the importance of cybersecurity, and you’ve probably installed a new, up-to-date, and more comprehensive anti-virus application to stop hackers before they invade your space. But how would you feel if you were required to install a program on your computer that would allow a special government agency to scan your computer to ensure that there are no security problems?
While there are no plans to implement such a policy anytime soon – as far as anyone knows – questions of that sort are now on the radar of the government of Israel, and last month a new National Cyber Directorate was established, specifically to set national policy on how to deal with protection from cyber attacks, hacks, and online threats. The task force, which began operations last month, is a permanent department in the Prime Minister’s Office and was the brainchild of a panel headed by one of Israel’s top cybersecurity experts, Prof. Yitzchak ben-Yisrael, who also heads Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security.
Considering the nearly daily hack attacks by Iranian and Arab hackers against Israeli systems, a cyber-protection policy certainly sounds like a good idea. So why hasn’t Israel had an official policy-setting unit until now? “Unlike even five years ago, we’re much more dependent on computers today,” ben-Yisrael told The Times of Israel in an exclusive interview. “With dependence comes danger, as we have seen in recent weeks, when banks and credit card companies were hacked.” In fact, just hours before this interview, ben-Yisrael’s own office – which researches cyber-safety – suffered a hack attack itself.
The committee’s job is not necessarily to provide protection to these institutions, or even to government computers; it’s to set policy, recommend legislation, and ensure an overall effort in the public and private sector to enhance cyber-protection. “This is not a government program to encourage people to install anti-virus software,” ben-Yisrael said. “That kind of thing is better done by the private sector. What we want to do is work with the private sector, to guide them on the kinds of products and services needed to ensure that our data remains safe.”
That “guidance” could come in the form of consultations – or of legislation, ben-Yisrael said. “Some policies can only be implemented by legislation. For example, if we want banks to provide a certain level of protection for their customers we are going to have to require them by law to provide it. It’s not certain they will volunteer to do so if it costs them money.”
The same would apply to laws that regulate the privacy of Internet users. “There is a tension between the need for safety and the desire for privacy, and the laws need to be cognizant of both – with the balance weighted on one side or the other, depending on the circumstances,” he said.”
And the “circumstances” in question apply specifically to Israel, ben-Yisrael said. “What works in other places, like the US, wouldn’t necessarily work here, and vice versa.”
Ben-Yisrael understands the outcry among Americans against the Stop Online Piracy Act (SOPA), which many believe would severely limit the freedom of Internet users and expose their identities to authorities (the law gives police and government wide-ranging powers to demand that ISPs hand over records of suspected hackers and individuals who purloin music, videos, photos, etc.). Several weeks ago, sites such as Wikipedia shut down for a day in protest over SOPA.
While not specifically advocating an Israeli SOPA-type law, ben-Yisrael said that privacy issues in Israel were not the same as in the US. “We’re a smaller country and more vulnerable; we don’t have the resources of the United States, and it would take a lot less to inflict major damage on our computer systems than it would on America’s.”
As a result, Israelis may have to put up with a little less privacy if they want to ensure that their banking and other sensitive data remains safe. Is it a fair – or even necessary – trade-off? One thing is for certain: The Knesset debates on privacy (and other) laws the cyber committee proposes are going to be very raucous affairs, considering the conflicted feelings of most people on cyber-privacy – and cyber-safety.