The strands of Israel's cyber-security apparatus are to be consolidated under one roof, according to the country's parliament, the Knesset.
Specifically citing the recent hack on the Democratic National Committee, members of the Knesset foreign affairs and defense subcommittee on cyber-security made the proposals on Monday.
The recommendation of the subcommittee, laid out in a bill that is expected to pass a final reading this week, will ensure that matters of cyber-security will be put under the control of the National Cyber Authority (NCA). Under these recommendations, the NCA will protect classified information and critical civilian infrastructure.
There are, however, caveats. In national states of emergency, the country's internal security service, Shin Bet, will take over that role. Knesset members and political parties will only fall under the NCA's protection if information is considered classified.
Special counsel Roy Keidar of Israeli law firm Yigal Arnon & Co told SCMagazineUK.com that this bill has been a long time in the making, but “it comes in a record-breaking month of cyber-attacks raging all over the world, with aggregate damages totaling in hundreds of millions of dollars. While some attacks received wide media coverage, like the recent Bitfinex $72 million breach, many others were not even heard of among the public.
“Realising the potential of cyber-related damages to the economy writ large, the new bill signifies Israel's emerging holistic approach, understanding that the cyber protection of national interests is not enough. The new bill attempts to provide the regulator with more tools in order to better work with private businesses, academia, nonprofits and others to enhance cyber-security when challenges are constantly growing.”
This change, should it be enacted, will require Israel's cyber-defence organs “to develop more comprehensive policies, coupled with legal and operational tools, in a variety of fields. One such field, for instance, invokes the challenge of formulating appropriate guidelines to small and medium size enterprises (SMEs), which so far have received scant attention by the authorities, yet, at the same time, experienced ever-increasing malice by cyber-attackers.
“Unlike government facilities and large companies providing critical services, the SMEs are often struggling to afford the high costs associated with comprehensive cyber protection, while [being] perceived as easy prey to hackers and cyber-criminals. This, for instance, requires an entirely different 'toolbox' than was available to regulators so far. Fortunately, the recent bill is an important step forward.”
Ewan Lawson, a senior fellow for military influence at the Royal United Services Institute (RUSI) told SC that the UK might benefit from a similar move. “From a UK perspective, I would argue that the fragmentation of cyber-security across so many HMG departments is probably unhelpful.”
However, added Lawson, “On balance I would be reluctant to support bringing it all together under one roof.”Lawson expressed concern that the National Cyber Security Centre, an organisation formed for a similar function, “is already being discussed as the answer to all of the UK's problems in cyber-security. I guess the critical question is what would be the range of authorities of such a national authority.”