Critical Infrastructure Protection: Evolution of Israeli Policy

Critical Infrastructure Protection: Evolution of Israeli Policy

L. Tabansky (Yuval Ne'eman Workshop for Science, Technology and Security, Tel Aviv University, Tel Aviv, Israel)
Copyright: © 2013 |Pages: 8
DOI: 10.4018/ijcwt.2013070106
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cyber Warfare holds a grave hazard of striking national infrastructure while circumventing traditional defense systems. This article examines the evolution of Critical Infrastructure Protection (CIP) policy in Israel and analyses its performance. Israel has developed a unique legal and regulatory model for critical infrastructure protection, which was implemented in late 2002. Recently, a comprehensive review of cyber security posture has been conducted, and significant policy changes are in progress. The Israeli approach to CIP and beyond, fostering cooperation between public, security, academic and private sectors, appears to be successful. This study of the evolution of Israeli Critical Infrastructure Protection policy may assist policy-making in other countries.
Article Preview

Critical Infrastructure Protection In Israel, 2002 – 2011: Regulation And Cooperation

Following the accumulated understanding of civilian infrastructures vulnerabilities for cyber-attack, the Ministry of Defense (MoD) Defense R&D directorate (Hebrew: Maf’at) has initiated staff work at the National Security Council. Its outcome resulted in Special Resolution B/84 on “The responsibility for protecting computerized systems in the State of Israel”, of the ministerial committee on national security of December 11, 2002. After years of occasional activities, the governmental decision opened an era of national civilian cyber security policy. In fact, it might have been one of the first centralized national Critical Infrastructure Protection policies in the developed world.

The definitions stated in the B/84 Resolution are worth examining. First, ‘cyberspace’ was not an independent area of operation, but one interconnected with all physical spaces. Second, ‘information’ system is differentiated from ‘control’ system. An information system “performs mechanized activities of input reception, processing, storage, processing, and conveyance of information.” On the other hand, a control and supervision system is a “computer-integrated system that controls and supervises the frequency and regulation of measureable activities, which are carried out by mechanized means within the information system itself.”

The responsibility for protecting computerized systems rests with the users and state regulators. A ‘user’ is a supervised organization, which is in charge over financing all operation, protection, maintenance, upgrading, backup and recovery of its critical IT systems, as it shares information and activities with the regulator. The regulators are the existing chiefs of security at government ministries, who are professionally responsible for guided bodies (for example, the Ministry of Communication is in charge over the telephone company Bezeq). Two additional regulators are established: “The top steering committee for the protection of computerized systems in the State of Israel,” and “The national unit for the protection of vital computerized systems.”

The steering committee was established within the National Security Council, and comprised of senior government officials, representatives from the Bank of Israel, and the security forces. While the steering committee has a policy perspective, the ‘national unit’ - National Information Security Authority (NISA, Hebrew: Re'em) - has the professional authority1.

The government's decision delegates eight responsibilities for NISA:

  • 1.

    To assess the threat landscape – subject to the steering committee approval;

  • 2.

    To suggest classifying systems as critical and suggest oversight to the steering committee;

  • 3.

    To develop protective doctrine and methods;

  • 4.

    To integrate intelligence;

  • 5.

    To provide professional instruction to the supervised organization;

  • 6.

    To set standards and operating procedures for the benefit of supervised organization;

  • 7.

    To develop technological expertise and cooperation with partners in Israel and abroad;

  • 8.

    To initiate and support research for developing defensive capabilities, in cooperation with the defense community.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing