Tehilla Shwartz posts by this contributorA cyberattack has the power to paralyze cellular communications; alter or erase information in computerized systems; prevent access to computer servers; and directly harm a country’s economy and security by attacking its electricity networks or banking system.
The necessity is clear for any country, but especially Israel with its unique security considerations, to maintain a cyber defense system.
The creation of the unified Israel National Cyber Directorate (INCD), which includes the Israel Cyber Event Readiness Team (CERT-IL), side by side with other security agencies such as the Israeli NSA and Mossad within the Prime Minister’s Office, addresses this need.
To this end, the recent publishing of the first draft of a cyber law for Israel, designed to provide a legal framework for the activities of Israel’s cyber defense system, is welcomed.
Part of the reason for this is that it is difficult at present to assess what cyberattacks could look like in the future, but another part is what seems to be a somewhat hidden policy of the government to use technology in order to increase their control over citizens’ activities.
According to the draft, the INCD, a division within the Prime Minister’s Office, will be able to routinely collect data from internet and cellular providers, government ministries, local authorities and government corporations in order to identify and thwart cyberattacks in real time.
Yet the definition of “security relevant data” remains ambiguous, and is certainly much broader than the definitions laid out in IOC (Cyber Threat Indicator) in the American Cybersecurity Information Sharing Act (CISA) passed in 2015.
For the State to have access to such far-reaching information constitutes a real threat to citizens’ privacy and human rights on a larger scale.
In addition, should the drafted bill pass, INCD will have access to computers and the authority to collect and process information, all in the name of identifying cybersecurity infiltrators.
This bill endows the INCD with supreme regulatory powers that supersede those of the police, the Privacy Protection Authorities and others.
Moreover, the draft makes scant mention of oversight bodies to regulate the use of such broad powers, and grants the head of INCD the power to maintain a veil of secrecy when attacks are being discovered.
The law states that one of its primary goals is to “advance Israel as a global leader in the field of cyber security.”
Yet let us not forget that in a small country like Israel, driven by creativity, independence and thinking out-of-the-box, we would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.
Done Katch’ng up but want to read more? Read more here.