Israel’s Cyber ​​Winter Is Here, But Lack of Regulation Continues: Analysis

Cyber ​​winter is already on its way to Israel and no one seems to care in any way.

Something strange has happened regarding the reactions to the latest Black Shadow attack on Israeli companies: this time the Internet company Cyberserve, which includes Atraf, the Kavim and Dan bus companies, and the Pegasus travel reservation company.
The hack of the giant insurance company Shirbit in December 2020 attracted a lot of attention and concern.

In contrast, the subsequent hacking of Israel Aerospace Industries, the Israeli call center Voicenter, the Ministry of Defense and now Cyberserve, appears to be receiving much less significant reactions from the government and Israel’s National Cyber ​​Directorate (INCD) and cyber experts. usually.

Even more importantly, officials and experts seem almost completely disinterested in how or why the hack was successful and, as will be discussed later, there is still zero formal regulation (there is significant ad hoc government intervention) regarding the hacking. obligations of companies).

People pose in front of a screen displaying the word ‘cyber’ in binary code, in this illustration taken in Zenica on December 27, 2014. Photo taken on December 27, 2014. (Credit: REUTERS / DADO RUVIC / PHOTO OF FILE)

On the contrary, those who speak seem to be completely focused on the message of getting other companies and individuals to better protect themselves and spread awareness of the constant cyber threat that modern people face.

The only recent exception was the cyberattack on the Hillel Yaffe Medical Center in Holon, which actually concerned officials and experts quite a bit and could have led to a recent counterattack.

Why do officials and experts say that how and why the hack happened is less important?

First of all, when a major hack is revealed, there is a certain amount of leaked information and damage that is irreversible.

But there are some more selfish reasons.

The companies that are supposed to protect their customer data, and the officials and experts who are supposed to help companies do so, do not want to draw attention to their flaws.

Some of the hacks have been carried out by nation-states or sponsored by nation-states such as Iran.

But some are simply criminals or amateur anti-Israel ideologues, and it is shameful for companies to admit that they did not do their homework, and for experts to admit that they failed to get companies to do their homework.

In some cases, the INCD may have warned about the specific vulnerability that led to the hacking months or a year or more earlier, but the warning was ignored or placed on a long-term timeline, sort of like the 2030 and prevention targets. 2050. climate change.

A more generous explanation for the current messages is that the INCD and experts want to encourage companies to come forward early when they are hacked so that the attack does not spread.

To do this, they want companies to receive as little blame and shame as possible.

They also don’t want companies to pay money to ransomware hackers.

Yet another reason is the contrast to the reaction to the attack on the Hillel Yaffe Medical Center and the first major cyberattack reported on Israel’s water infrastructure in April 2020.

At this point, the INCD and other experts are far more concerned about attacks on infrastructure than they are about leaked information and damage to people’s privacy.

This same reason also makes the Israeli image visa to see Iran and cyber wars look much better.

Iran or its sponsors are likely to have been behind some, but not all, of the aforementioned attacks.

But none of them, other than Hillel Yaffe, who at the end of the day is not comparable to Israel’s largest and best-protected medical centers in Jerusalem and Tel Aviv, caused physical damage to the physical world.

By contrast, Israeli attacks on Iran in the past, according to the Islamic Republic and foreign reports, blew up nuclear centrifuges in 2009-2010 and paralyzed large ports in May 2020.

There is an ongoing debate over whether Israel or some other hacker brought down Iran’s train system in July and its electronic systems for around 4,300 service stations nationwide last week, but these were also examples of major damage to Tehran. in the physical world.

Therefore, there may be many selfish reasons for certain companies and experts to downplay the severity of the current wave of cyberattacks in Israel, but at the same time, Jerusalem is overtaking and outwitting Tehran in the cyber realm in a very substantial way.

As long as the cyber elite of the Jewish state can avoid major physical harm and can cause physical harm to the Islamic Republic when they want to send a message, they will consider it a victory and see that the situation is going their way.

One last scary element in this whole combination is that Israel’s cyber legislation, which has been crafted and debated behind the scenes for several years, is still stagnant.

Until June, this could be attributed to the broader stagnation of the Likud-Blue and White government and the four rounds of elections.

But four and a half months after the new government took office, the INCD is still hopeful that the Knesset will adopt the legislation and has not been promised a specific date.

Until the legislation is passed, as many other countries have in recent years, there will remain a certain subjective vacuum on how to respond even to massive cyberattacks.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *