Taking a global lead in cyber, Israeli-style

Author: | Published: 19 Oct 2018
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

As cyber risks increase, international organisations, governments, businesses and NGOs are investing substantial resources and energy to meet the challenge. Israel has recognised the threats and opportunities of cyber risk and channelled them into a comprehensive set of programmes to enhance cybersecurity and develop into a global cyber hub. As the use of technology and digital communication deepens and the risks heighten, it is the role of all stakeholders, regulators and businesses alike, to enhance their efforts to protect us all.

Escalating risks and counter-measures

As technology, data and communication are integral to the infrastructure of virtually every aspect of modern life, the risks that are associated with them are quickly evolving and the potential impact of their occurrence is ever more substantial. One of the major risks that derives from the technological era is that of system hacking, either to gather information, perform unauthorised transactions or damage activity. Ransom demands for data held hostage, penetration of financial systems and unauthorised money transfers are only a few examples of the attacks that have occurred in recent years. Of course, there have also been politically oriented activities.

International organisations, governments, businesses and NGOs invest substantial time, effort and money to counter cyber risk. According to a White House analysis, federal agencies in the US alone spent $13.2 billion on cybersecurity in FY 2017.

Israel's cyber-scape

Israel faces its own cyber risks, with some unique characteristics. Israel's limited trade ties with its surrounding neighbours and its standalone power, water and telecommunication networks isolate it from larger networks and provide a certain level of protection. However, Israel's advanced capabilities, high-end technologies and its assets attract both enemies and allies. At the same time, the country's well-known innovation industries and hi-tech ecosystem enable it to leverage the new reality and turn it into an opportunity, and so has it been doing.

Israeli Prime Minister Benjamin Netanyahu recognised the threats and opportunities of cyber and back in 2011 announced that Israel would become a cyber superpower. This vision was translated into a comprehensive programme for defence, education, research and business support. In 2018 the vision became reality and Israel is now a leading cybersecurity hub, with a cyber industry attracting investors and customers worldwide and an established national cybersecurity system.

An interconnected cybersecurity ecosystem

Israel's cyber ecosystem is comprised of several components, which are interconnected.

The Israeli Defence Force (IDF) is in charge of the military effort. Its technology and cyber units, the most famous of which is unit no. 8200, develop innovative and advanced tools that for many resemble the world of science fiction. These units attract the most talented young Israelis who need to serve in the army for several years. The alumni of these units have leading roles in Israel's high-tech and cyber industry.

Another component of the government cyber programme are the special courses and programmes for high school students. Dedicated computer science courses, specialist cyber programmes and initiatives to encourage studies in advanced maths are only a few examples of the investments in education. Academic research in cyber has been granted a designated budget and a cyber research centre has been established next to Ben-Gurion University, located in the city of Beer-Sheba in the southern part of Israel.

Coordinating the efforts to protect civilian infrastructures and other aspects is the role of the National Cyber Security Authority (NCSA) within the Prime Minister's Office. The NCSA sets the national cybersecurity doctrine, which is used by the various government units and by businesses. At the heart of the NCSA lies the National Cyber Event Readiness Team (CERT), located in Beer-Sheba. The CERT, the cyber centre next to the Ben-Gurion University and a long term project involving the relocation of IDF's headquarters to the southern part of the country have turned Beer-Sheba into a national and a global cyber centre.

Levering expertise for commercial gain

In addition to security and defence, the Israeli Government has established dedicated programmes to support entrepreneurs as part of its support of innovation. These programmes are led by the Innovation Authority. According to Start-Up Nation Central, a not-for profit organisation, 420 cybersecurity companies were active in Israel at the end of 2017. Cybersecurity companies raised $814 million in 2017, 28% more than in 2016. It is clear that the financial services industry is the leading consumer of these services.

Special attention for the financial sector

As banks are an essential infrastructure in a functioning economy, a focused effort should be taken to protect it from outside attacks, and this is the case in Israel as in many other countries.

The Israeli Supervisor of Banks (the Supervisor) issued various regulations even before the establishment of the NCSA, and regulation was tightened as the risk increased. For example, in 2003 the Supervisor issued a designated regulation for managing information systems. This regulation had a special section dealing with information security, including a requirement to appoint a designated information security officer, establish a policy and set a program to protect the bank. In 2015, the Supervisor issued a designated regulation for cybersecurity management, which aimed to enhance cybersecurity and to make sure that banks allocated sufficient management attention and resources.

In addition to setting regulation, the Supervisor was active in establishing a banking cyber centre together with the NCSA, the Ministry of Finance, the banks and the industry. Due to the importance of the centre, the Anti-Trust Authority granted a permit for its establishment. The permit was granted, as the banking cyber centre will not gain any commercial advantage but will enable the banking industry to share information and enhance protection. The banking cyber centre operates within the NCSA and under its guidance and supervision.

Considering cyber risk was the reason for another unique decision. Over recent years a credit bureau system has been in the process of establishment. The central bank (Bank of Israel) is in charge of establishing a credit data registrar and setting a regulatory framework for credit bureaus to use the data. The Bank of Israel has decided that the credit database will be stored and managed as part of the central bank IT systems, and therefore will be subject to the Bank's strictest cybersecurity procedures. In addition, the credit bureaus' access to the database will be subject to the same level of security, and they will be required to run this activity in the premises of the central bank. This operational model is unique to Israel and is a result of the special attention given to cyber risk.

A global cyber leader

Vision, strategy and commitment has positioned Israel as a leading global force in the protection of data and resources. As the use of technology and digital communication deepens and the risks rise, it is the role of all stakeholders, regulators and businesses alike, to enhance their efforts to protect us all.

About the author

Eileen Toledano
Partner and head of financial services, KPMG
Tel-Aviv, Israel
T: +972 (3) 6848120
F: +972 (3) 6848444
E: etoledano@kpmg.com
W: www.kpmg.com/il

Eileen Toledano heads the KPMG Israel Financial Services (FS) practice and has over 30 years of experience in the financial sector. The FS practice includes audit well as advisory services.

Eileen is involved in both national as well as global KPMG projects, and is a member of the Global KPMG Fintech Community of Interest.

Eileen is the chairman of the liaison committee between the Bank of Israel and the Institute of CPAs in Israel (ICPA), as well as a member of various subcommittees of the Israel Securities Authority.

About the author

Dan Gan-Zvi
Manager, thought leadership (banking), KPMG
Tel-Aviv, Israel
T: +972 (3) 6848532
T: +972 (3) 6848444
E: dganzvi@kpmg.com
W: www.kpmg.com/il

Dan Gan-Zvi is a manager at the KPMG Israel financial services (FS) practice, where he leads knowledge management and industry expertise of the banking sector. In addition, Dan is involved in various audit and advisory projects of banks and credit card companies.

Prior to KPMG, Dan worked for the regulation unit of the supervision of banks department at the Bank of Israel.