Israel’s Prime Minister is expected to make a decision on the cyber-defense issue this week after procrastinating for months.
The Shin Bet security service and National Cyber Bureau have been waging a months-long battle over authority for protecting Israel’s economy and civilian institutions against cyber attacks.
Prime Minister Benjamin Netanyahu has taken on the cyber issue as a personal project — the bureau is part of the Prime Minister’s Office, and he has defined cyber attacks as one of the four main threats to Israel. But he has held up the final decision over responsibilities for nearly a year.
This week, after receiving five different opinion papers on the topic, he is expected to issue a decision.
Five people very involved in the issue, all of them former and current senior government officials, characterize the turf war as a war filled with passion, mudslinging, interests and politicking, all of under the radar of defense officials. In the balance is not only prestige and influence on such an important security issue, but also fat budgets.
The seeds of this battle were sown when in May 2011 Netanyahu announced the agency’s establishment. Three months later the cabinet passed a resolution accepting the recommendations of a team appointed by Netanyahu and headed by Prof. Yitzhak Ben-Israel, a former general considered one of Israel’s top experts in the field.
According to the cabinet resolution, which Ben-Israel wrote, the bureau will be an advisory body, without intelligence or operational capabilities, that will deal with issues of legislation, regulation and police. It will coordinate joint activities among academia, industry, the defense establishment and other public organizations, in order to turn Israel into one of the world’s top five centers in cyber-doings.
Since its establishment, the organization has made significant progress toward these goals.
But the cabinet resolution did not specify the borders of jurisdiction between the National Cyber Bureau and the Shin Bet, which traditionally was in charge of protecting state agencies and critical infrastructure such as electricity, water and financial institutions from hackers and computer attacks.
About a year ago an attempt was made to settle these issues. Senior officials noted the need to determine who would be responsible for protecting large private companies such as pharmaceutical firm Teva, food conglomerate Osem and El Al Israeli airlines. Because these firms are not defined as critical civilian industries, they are not under Shin Bet protection, but damage to them could severely hurt the Israeli economy.
NCB director Eviatar Matania and his staff are behind calls for additional circles of protection. In a position paper submitted to Netanyahu, they recommended establishing a new state security agency under the NCB’s aegis that would put up “virtual walls” to protect hundreds of thousands of agencies and companies that don’t currently benefit from government protection from cyber warfare. The NCB argued that the proposed organization was necessary to avoid a situation in which the Shin Bet was involved in the computer systems of civilian firms.
The Shin Bet opposed the idea, and in a position paper of its own explained to Netanyahu that fighting cyber attacks required not only virtual walls but also measures such as those used to prevent terror attacks. The security service argued that action against hackers should be taken in the early organization and planning stages, rather than waiting for an attack and hoping that the security measures were strong enough.
Last year, after receiving both position papers, Netanyahu instructed then-National Security Adviser Yaakov Amidror to draw up a recommendation. Amidror, who was nearing the end of his term, advised Netanyahu to adopt the NCB’s position and set up a new state agency to counter computer attacks.
Netanyahu failed to make a decision then, and soon later asked Amidror’s successor, deputy Mossad chief Yossi Cohen, for yet another opinion. Submitted a few months later, it was the polar opposite of his predecessor’s and called for adopting the Shin Bet recommendations in full; that is, to put the cyber-war resources into the Shin Bet rather than creating a new sub-agency.
Netanyahu still did not make a decision and commissioned another opinion paper from Ben-Israel. The engineer of the NCB appointed a special team to revisit the issue, with representatives from all relevant institutions, which after a few months recommended adopting the NCB’s position and creating a new agency under its aegis.
During Netanyahu’s long months of dithering, both the NCB and the Shin Bet have tried to create as many facts on the ground as possible. The NCB began setting up a “national monitoring center” against cyber attacks that would operate separately from the Shin Bet’s cyber unit.
The Shin Bet, for its part, decided to expand its activities and spending in the field, and in visits by Netanyahu in recent months the agency emphasized its successes in heading off cyber attacks.
“The absence of a decision creates tension and friction, as a result of which things are treated less effectively,” said Gabi Siboni, director of the Cyber Warfare Program at the Institute for National Security Studies.
A discussion on the issue at the Prime Minister’s office, originally scheduled for late July and postponed due to the war in the Gaza Strip, is slated for this week. Both Cohen and Ben-Israel will present their opinions.
In a statement, the Prime Minister’s Office said the cabinet has been dealing with the issue for a long time and that significant progress has been made under the prime minister’s leadership.
View original HAARETZ publication at: http://www.haaretz.com/news/diplomacy-defense/1.615637