A new report by State Comptroller Yosef Shapira has found that the nation’s police force is woefully unprepared to fight sophisticated cybercriminals, works in an “inefficient,” decentralized manner, and is lacking the budget it requires to obtain up-to-date technologies and qualified manpower.
“The findings of this report show a significant gap in the ability to cope with technologically complex cybercrime,” the report said. If the police continues to operate as is, its inadequacy to meet the challenges of the rising sophistication of cybercrime will loom even larger, the report said.
The report defines cybercriminals as those who use technology to perperate crimes. These crimes include thwarting hacking and illegal entry of data centers, changing online data, online fraud, and theft of intellectual property or virtual identities. Hate crimes, pornography and terror are also included in the definition.
These crimes can can cause direct damage — as money or confidential information are stolen — or indirect damage, as companies and entities whose defenses are penetrated could lose their credit rating or customers because of the security breach, the report said.
The State Comptroller’s office studied how well the police force addressed sophisticated cybercrime activities in the period between March and August 2016, looking at the organizational structure of its cyber activities, its budgets and the number of expert workers allocated to the sector.
Even if most cybercrime incidents remain unreported, the report said, in 2015 some 230,000 people were hit by cybercriminals, and the number of cybercrime cases dealt with by the police in 2015 almost doubled compared with 2013. Cybercriminal activity accounted for just 9 percent of total reports to the police, compared to 45% for violence. According to data from Israel’s Central Statistics Bureau, 90% of those who complained to the police about cybercriminal activity were unsatisfied by police action on the matter.
Decentralized, separate chains of command
Shapira’s report found that the Israel Police deals with cybercrime in a decentralized manner according to an organizational structure set up in 2000 and still in place today. Under this structure, its various cyber units operate separately and are subject to different chains of command.
The cybercrime unit headquarters — whose role it was to build the police’s cyber structure — “did not position itself as a central and accepted entity” for the sharing of knowledge vis-a-vis the various cyber units of the police, causing the units to work disconnectedly and independently from each other.
There are no formal work processes in place, and cooperation between the various cyber departments and the cyber headquarters is “inefficient,” the report charged. The cyber units work separately from the other investigative units, and no information is transferred between them in a continuous and regular manner.
This decentralized structure “cannot give an appropriate response to the challenges the police force is required to address,” the report said. The police’s modus operandi “requires repair,” as it was set up in accordance with the criminal and technological challenges of the year 2000, and has not been adjusted to “the special characteristics of the sophisticated cyber technologies of recent years.”
Cyber systems must be centralized and need “to include a central unit that concentrates all the activities in this sector,” the report said.
The cases were also dealt with according to the location in which the incident occurred and where the case was filed. In one instance, the report said, in 2015 an operation was carried out against suspected pedophiles who lived in various addresses around the country. This required regional cooperation, which didn’t happen, the report said.
The report also found that the police force finds it hard to recruit and keep expert workers for its cyber units, losing out to both other public sector institutions and the private sector due to low salaries. While in 2013-2015 the number of cybercrime cases doubled, the police budget for cyber preparedness was cut by a third in 2016, leading to a shortage of both technology and resources. An initiative to significantly raise salaries for police experts has stalled, the report said.
Shapira recommends that the police force and the Public Security Ministry “immediately” look into the possibility of setting up one centralized cyber unit, which will consolidate all of the activities relating to sophisticated cybercrime, and ensuring its preparedness matches the latest research and expertise available globally. The report calls for more money for equipment and recruitment, and says the National Cyber Authority, the police, the Finance Ministry and the Public Security Ministry must work together to address the full potential of the police.
Shapira calls for the report’s recommendations to be implemented “immediately” and “without delay” so as to adapt the cyber preparedness of Israel’s Police to the “advanced technologies and challenges it faces in coming years.”
In reaction, the Israel Police said the force was adopting the report’s conclusions, and under chief Roni Alsheich, police work was being adapted to the new challenges.
As part of its changes, the force has decided to set up a cyber and technological HQ as one professional entity, it said.
Many of the flaws mentioned in the report concerned old programs that are not relevant anymore, the police said, while the rest were being addressed. During 2016 steps were taken with regard to manpower, processes and training, to empower existing systems and creating new ones, the police also noted.
In November, the state comptroller found that Israel was unprepared for the civilian cyberthreat.