A new report by the Israel’s State Comptroller Yosef Shapira has found that the nation is mostly unprepared to protect its civilian cyberspace in view of the growing intensity of cyber-threats globally.
“The findings of this report suggest that there are gaps between the intensity of the threat to the entire civilian cyberspace and the rate of response in terms of organization and staging of the state’s defense, except for a few areas and sectors such as critical state infrastructure,” the report said.
From September 2013 to July 2015 the State Comptroller’s office held an audit on the country’s preparations for the protection of cyberspace. The team examined a number of issues, including the formulation of a comprehensive defense approach to cyberspace; regulation of responsibility for dealing with the cyber-realm; regulation of the cyber-market; the setting up of bodies and systems for cyber-protection; and the level of protection required.
The team also evaluated the protection of the computer systems that are critical state infrastructure.
The audit was held at the National Cyber Bureau, which was set up in 2011 and is part of the Prime Minister’s Office, and at the Shin Bet security agency and a number of government agencies and other entities.
The National Cyber Bureau was mandated with regulating responsibility for cyberspace and submitting a proposal for a comprehensive defense approach. Its establishment has in fact expanded the government’s cyber-activities, the report said. Even so, the report found “gaps” between the intensity of the threat to the civilian cyberspace and the state’s ability to respond.
The report said the government’s implementation of decisions about the cyber-realm was slow and did not keep up with the rising threat against Israel; decisions regarding where cyber-defense responsibilities lie were “not clear enough”; and there were “significant flaws” in the work of the cyber bureau.
The report recommended that the cyber bureau set up an operational framework with yearly or multi-year milestones and define the scope of the civilian cyber-threat and how to address it.
A steering committee should make sure the Shin Bet’s safety recommendations are implemented for critical national infrastructures and a system for reporting progress to the government is in place, including a set of quantitative measures for progress.
The government should “learn lessons”and “promote the required tasks in the field of cyber security preparedness,” the report said.
Large parts of the report, presented on Tuesday to Knesset Speaker Yuli Edelstein, were not allowed to be published due to confidentiality issues, the comptroller’s office said.