The Knesset’s Foreign Affairs and Defense Committee approved a bill to bring the country’s various cyber defense groups under one umbrella on Monday, the committee announced.
The bill will return to the plenary for a second and third reading later this week, where it will likely pass, before it is signed into law, the chairman of the committee, Likud MK Avi Dichter, told reporters Monday.
“I’m not exaggerating if I say that the central threat of the beginning of the 21st century is the cyber threat,” he said.
To address that threat, the committee’s cyber-defense subcommittee has worked since July 2015 to craft a comprehensive and streamlined proposal to address the country’s preparedness toward hacks and other digital attacks.
“During the last year, we spent dozens of hours with each body to hear how they work and how they think our preparedness should be,” Dichter said in the Knesset on Monday.
One of the subcommittee’s main findings was the need for one responsible body — the National Cyber Authority — to oversee both civilian and military networks. For example, the authority would monitor the cyber defenses of the IDF and the Mossad, as well as the Electric Company and the Water Authority.
This National Cyber Authority will be responsible for the nation’s networks and overall security against cyberthreats. However, it will not necessarily act as a shield for hacks and attacks of private citizens.
Committee member Omer Barlev, a Labor MK, cited the recent hack of the US Democratic National Committee, in which the political group’s emails were accessed — allegedly by Russia — and distributed, as an example of a cyberattack the authority would not necessarily protect against.
“It depends on which political party was affected. If it was Labor, then probably not,” Barlev said with a laugh.
“But really it depends on how classified the information is,” he said. “There’s a list of specific groups the authority protects, which doesn’t include political parties.”
While the committee said that something along the lines of the DNC hack would not fall under the purview of the National Cyber Authority, some American analysts have categorized the allegedly Russian operation as a full-scale attack on the United States itself, not on a political party, as it represented an attempt by one country to muddle the affairs of another.
“This is not a Democrat or a Republican issue, this is a national security and a democracy — with a big D — issue,” Peter W. Singer, a senior fellow at the New America Foundation, told Reuters’s War College podcast this week.
To explain the exact nature of the kinds of attacks the authority will try to prevent, Foreign Affairs and Defense Committee member MK Ofer Shelah mentioned the Russian cyberattacks against Georgia, which kicked off a six-day war between the former Soviet republic and Russia in August 2008.
Throughout the short conflict, Russian hackers brought down some of the country’s network infrastructure and also attacked and defaced government websites as a form of psychological warfare.
“That war started in the cyber realm, not with something physical,” Shelah said. “If you wanted to you could see it as a weapon of mass-destruction.”
The cyber-defense subcommittee presented its findings in a report released Monday, in both classified and unclassified form, dealing specifically with the “division of responsibilities and authorities” in that area.
Shelah and the other members of the cyber-defense subcommittee met with representatives from the Israel Defense Forces, Shin Bet security service, Mossad, Israel Police and Foreign Ministry.
“There was no single body that had the exclusive ability to deal with the challenge [of cyberattacks] and commit itself to true cooperation between the different groups,” the subcommittee said in a statement.
The subcommittee determined that an umbrella organization was necessary due to the fact that it discovered during the course of its investigation “disputes and even clashes between the different bodies.”
This National Cyber Authority is meant to prevent such conflicts; however, the decision to have the civilian, governmental authority responsible for both civilian and military networks rankled some members of the subcommittee, including its new chairperson, Likud MK Anat Berko.
“Something that definitely bothers me is that it is a non-defense agency,” Berko told reporters. “That means it’s breached in terms of security. There will be academics and completely civilian bodies, along with sources and information from the defense agencies. We can’t have a leak of intelligence information and work methods.”
The National Cyber Authority was created in February 2015 and brought into operation two months later, but did not officially receive any powers or responsibility under Israeli law, an issue that the bill will address.
The legislation will amend an existing law — the “Regulation of Public Security Bodies” — to formally allow the prime minister to appoint a head of the National Cyber Authority who will serve as the “authorized officer” for issues concerning cyber defense. Under a temporary order in place until 2018, Baruch Carmeli has been named head of the National Cyber Authority.
This proposed law is only one of a series of actions the government will take to formalize and create the country’s digital defenses. However, members of the subcommittee noted the future is still unclear for cyber defense, as the field and the threats presented by it are rapidly evolving and changing.
“Things are changing at tremendous speed,” Shelah said. “And we will have to change while on the move.”
Dichter, who presented the subcommittee’s report, took pride in the fact that the issue of cyber defense was being addressed proactively rather than reactively. Unlike “Iron Dome or the different Patriots” — Israel’s missile defense batteries — “which were created in response to rockets being fired at Israel,” Dichter said, the decision to address digital threats preceded the attacks.