The National Cyber Security Authority (NCSA), located within the Prime Minister's office, was an Israeli security entity responsible for protecting the Israeli civilian cyber space from 2016 to 2018. The NCSA provided incident handling services and guidance for all civilian entities as well as all critical infrastructures in the Israeli economy, and works towards increasing the resilience of the civilian cyber space.
At the end of 2017, the Israeli government decided to merge the NCSA with the Israeli National Cyber Bureau (established in 2012), the unit in the Prime Minister's Office, which served as the government's cyber policy Bureau, into one unit - the National Cyber Directorate.[1]
Background
Israel was one of the first countries to set up national Critical Infrastructure Protection CIP or CIIP. In February 2002, the Israel Government passed Resolution B/84, deciding to protect Critical Infrastructure, and assigning the Israel Security Agency ("Shin Bet") with the task. The National Information Security Authority (NISA ) took upon the task.
Although this CIP model has proven successful, the country's connectivity and dependency on technology continued to increase, and calls for an improved cyber strategy grew stronger. The discovery of Stuxnet catalyzed the policy processes.
In November 2010, Israeli Prime-Minister Benyamin Netanyahu formally nominated a special taskforce to devise recommendations for a National Cyber Strategy, also known as the "Cyber Initiative". The team, headed by Major-General (Ret.) Prof. Isaac Ben-Israel of Tel Aviv University worked for several months, in eight sub-committees manned by dozens of experts. The team examined all the components vital to the need of the State of Israel to cope successfully in cyberspace, including the analysis of national benefits regarding aspects of economy, academy and National security. The "Cyber Initiative" teamwork was concluded in May 2011 and summed-up in a special report dispatched to the Prime Minister.
The team's main conclusion was that "cyber-attacks should be considered as a substantial potential threat to the functional continuity of the state, its institutions and its citizens", and that "a central gap has been identified in the cyber defense of the civil sector at large".
At the core of its report, the team recommended that two bodies be established – namely, a "National Cyber Bureau" and an "executive body for the security of the civil sector" by its side. The team also recommended to set-up a national "cyber defence foil", comprising automated computerized systems and manned systems, together defending pre-defined computer systems. It also motioned for the establishment of a national CERT. The team indicated that the civil and security components of cyberspace are interlaced and are, to all intents and purposes, inseparable, and that there is a need for a broad national perspective and for an understanding that the preparedness of the State of Israel to the challenges of cyberspace is a national undertaking of the first order.
Following that, in August 2011 the Israeli government passed a resolution to establish the Israeli National Cyber Bureau (INCB), designated to assist the prime minister, the government and its committees in forging a National Cyber Policy and fostering the application of its aspects of National Security. Specifically, the INCB was assigned to develop a national cyber security strategy.
The development of that strategy generated a professional and important discourse on the national level regarding possible ways to establish an operational body responsible for the defence of the civil cyberspace. The need for it has never been in doubt; however, the manner in which this need should be satisfied has been the subject of many discussions and some poignant disputes, and was finally resolved through the government's decision to establish a civilian body in the Prime Minister's Office – the NCSA.
Government Resolutions 2443 and 2444
In February 2015, the 33rd Government of Israel approved two government resolutions concerning the Israeli cyber defense, centered by Government Resolution 2444, "Promoting National Preparedness for Cyber Defense". In this resolution, the government stipulated that the defense of the proper functioning in cyberspace is a vital, national state goal and a vital national interest of the state of Israel.
It was accordingly decreed that the aim of the NCSA is to protect the entire civilian cyberspace of Israel. Its functions include:
a. Managing, operating and carrying out all operational defence efforts in cyberspace on the national level, as needed in order to give a whole and continuous response to cyber-attacks. b. Operating the national CERT for the benefit of the economy as a whole, including the improvement of cyber resilience, and to assist in dealing with cyber threats and coping with cyber incidents. c. Building and enhancing the cyber resilience of the Israeli economy through preparedness, competence and regulation, including the enhancement of sectors and organizations, guidance, regulation of the cyber defence services market, licensing, standardization, exercising and general training, Incentivization, etc. d. Forging, implementation and assimilation of a national Cyber Defence Methodology. e. Performing any other task stipulated by the prime minister, according to the NCSA's aim.
Establishment of the NCSA
The NCSA began its activities in early 2016, upon the nomination of its Director General, Buky Carmeli. Carmeli came to the post after serving for over 20 years in Unit 8200 and in the defense establishment. In his last position he served as head of the technological unit of the Malmab, where he led cyber defense in the defense establishment and defense industries, and in the past he was involved in initiatives in the field of protection of sensitive systems. Prior to that position he headed a hedge fund that invests in international technology funds.
NCSA was established as a body which combines security and operational characteristics with civil ones, to synergistically lead, together with all other State security organizations, the defense efforts against cyber-attacks, aimed at Israel's civil sector.
One of the core missions of the NCSA is to assist Israeli organizations and the Israeli public at large in dealing with cyber threats – irrespective of the identity of those responsible for them. This assistance is realized through the CERT-IL (the National CERT). Located in the city of Beer Sheva at the heart of southern Israel, the CERT is a 24/7 center, offering aid to the general public: from the National Critical Infrastructure companies to the man on the street. Beside the CERT, special sectorial centers were established, assisting the government ministries, the Financial Sector and the Energy Sector, and had already proven the value of creating sectorial expertise.
As a governmental entity facing the public, the NCSA was aware that information being shared is often sensitive or confidential due to matters of privacy, intellectual property, etc. Therefore, its actions are compatible with the specific guidelines determined by the Attorney General and the Department of Justice.
The NCSA acted not only in removing attacks that had already penetrated organizations, but also helped deal with cyber threats before they reach the organizations. Thus, the BCSA led the national coping with dozens of cyber threats, such as: WannaCry, NotPetya, CCleaner and Bad Rabbit. In addition, since its creation, the NCSA has been active in the global cyber security community and has had operational relations with many bodies from various countries across the globe. These relationships generated not only shared insights and orderly work processes, but also real-time operational aid. Because of this connection, dozens of countries have in many cases assisted the NCSA's efforts to curb international attacks on Israeli organizations. Also, it was reported that the NCSA had created a framework for cooperation with the DHS's cyber protection body.
Another important activity the NCSA has been conducting since its establishment is boosting the economy's cyber resilience. This activity is conducted in consent, by means of raising organizations awareness to cyber threats, and through guidance, when public interest requires it.
Since March 2017, the NCSA was responsible by law to guide national CI organizations, such as the Israel Electric Company and Israel Railway, how to cope with cyber risks, which might shut down critical systems under their direct responsibility. Meanwhile, the NCSA began work with the sectorial regulators, in order to apply cyber-defence norms to various defence objectives. Thus, the NCSA and the Israeli government set up dedicated units within the regulatory authorities, and their activities have already begun to bear fruit, in the shape of risk assessment surveys and “cyber annexes” which help guide the relevant organizations under the general authority of each regulator.
In addition, in order to assist the economy in preparation for cyber threats, the NCSA published in early 2017 the "Organizational Cyber Defence Methodology". Based on NIST CSF, it offers every organization in Israel, be it large or small, with tools for the management and optimization of its defense against the risks of cyber threats, and assists it with devising a well-ordered work plan. Thousands of Israeli organizations are already working according to this methodology, which is accessible to all as a free service rendered to the Israeli economy (pdf).
Meanwhile, the NCSA has invested efforts in developing a professional cyber work force. This was carried out in several layers: initiating (in conjunction with the Ministry of Education) a strategic plan to educate youngsters in cyber; incentivizing the labor market to shift towards cyber defense jobs; and, finally, setting a professional benchmark for those who work in this field in the government ministries.
In this context, the NCSA was working to incorporate diverse elements of Israeli society into the industry and the government. Thus, in the course of 2017, vocational courses were opened for the ultra-orthodox community (both men and women), financed by the Ministry of Labour and Welfare.
Dissolution of the NCSA and establishment of a new unified body
As mentioned above, following the recommendations of the INCB, the government decided in February 2015 to establish the NCSA as the central operational body for cyber Security in Israel, which will work alongside the INCB as part of a "National Cyber Directorate". The decision to operate two independent units within one directorate was made at the time due to the need to build and strengthen separately the two branches – both the policy (which the INCB is responsible for) and the operational (NCSA). Therefore, each of the units was appointed a separate Director General and they were managed as independent entities. Towards the end of 2017, following the Prime Minister's directive to concentrate efforts in the field of cyber defense, it was decided to unify the authority with the national cyber headquarters, and in December 2017 the Government of Israel passed the government's resolution to unify them into one unit, the National Cyber Directorate, which will be responsible for all aspects of cyber defense in the civilian sphere, from the formulation of policy through R&D, to the operational defense of cyberspace. Its first Director General was Igal Una, the first to be responsible for both operational defense (which was the responsibility of the NCSA) and for the construction of the state force (which was the responsibility of the INCB).
Related Research Articles
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).
The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.
The Ministry of Defense of the government of Israel, is the governmental department responsible for defending the State of Israel from internal and external military threats. Its political head is the Defense Minister of Israel, and its offices are located in HaKirya, Tel Aviv.
The Australian Intelligence Community (AIC) and the National Intelligence Community (NIC) or National Security Community of the Australian Government are the collectives of statutory intelligence agencies, policy departments, and other government agencies concerned with protecting and advancing the national security and national interests of the Commonwealth of Australia. The intelligence and security agencies of the Australian Government have evolved since the Second World War and the Cold War and saw transformation and expansion during the Global War on Terrorism with military deployments in Afghanistan, Iraq and against ISIS in Syria. Key international and national security issues for the Australian Intelligence Community include terrorism and violent extremism, cybersecurity, transnational crime, the rise of China, and Pacific regional security.
The National Security Council (NSC) of India is an executive government agency tasked with advising the Prime Minister's Office on matters of national security and strategic interest. It was established by the former Prime Minister of India Atal Bihari Vajpayee on 19 November 1998, with Brajesh Mishra as the first National Security Advisor.
The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2020 has about 1,100 employees. Its current president, since 1 February 2016, is former business executive Arne Schönbohm, who took over the presidency from Michael Hange.
New Zealand's intelligence agencies and units have existed, with some interruption, since World War II. At present, New Zealand's intelligence community has approximately 550 employees, and has a combined budget of around NZ$145 million.
Doron Tamir is a former top intelligence officer of the Israel Defense Forces who participated in the founding of the Israel National Cyber Bureau (INCB) in the office of the Prime Minister of Israel.
Proactive cyber defense, means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defense can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence.
The Estonian Defence Forces is the unified military force of the Republic of Estonia. The Estonian Defence Forces consists of the Estonian Land Forces, the Estonian Navy, the Estonian Air Force, and the paramilitary Estonian Defence League. The national defence policy aims to guarantee the preservation of the independence and sovereignty of the state, the integrity of its land area, territorial waters, airspace and its constitutional order. Its main goals remain the development and maintenance of a credible capability to defend the nation's vital interests and development of the defence forces in a way that ensures their interoperability with the armed forces of NATO and European Union member states to participate in the full range of missions for these military alliances.
United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.
The Defence Intelligence Agency (DIA) is an intelligence agency responsible for providing and coordinating defence and military intelligence to the Indian Armed Forces.
Israeli Prime Minister's Office is the Israeli cabinet department responsible for coordinating the work of all governmental ministry offices and assisting the Israeli Prime Minister in their daily work.
The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.
Gabriel "Gabi" Siboni is a colonel in the Israel Defense Forces Reserve service, and a senior research fellow and the director of the Military and Strategic Affairs and Cyber Security programs at the Institute for National Security Studies. Additionally, he serves as editor of the tri-yearly published, Military and Strategic Affairs academic journal at INSS. Siboni is a senior expert on national security, military strategy and operations, military technology, cyber warfare, and force buildup. Siboni is as a professor at the Francisco de Vitoria University in Madrid.
The Ministry of Communications and Information Technology ,Qatar (MCIT) is a Qatari ministry that was established within the new cabinet formation announced in June 2013 to be an extension of the Supreme Council of Information and Communication Technology that was established under Emiri Decree Law no. 36 of 2004.
The Department of Home Affairs is the Australian Government interior ministry with responsibilities for national security, law enforcement, emergency management, border control, immigration, refugees, citizenship, transport security and multicultural affairs. The portfolio also includes federal agencies such as the Australian Border Force and the Australian Security Intelligence Organisation. The Home Affairs portfolio reports to the Minister for Home Affairs, currently held by Clare O'Neil, and is led by the Secretary of the Department of Home Affairs, Mike Pezzullo. In 2022, the Australian Federal Police, Australian Criminal Intelligence Commission and Australian Transaction and Analysis Center were de-merged from the department and moved to the Attorney General portfolio.
The Australian Cyber Security Centre (ACSC), the successor to the Cyber Security Operations Centre, is the Australian Government's lead agency for cyber security. The ACSC is part of the Australian Signals Directorate and is based at the Australian Security Intelligence Organisation headquarters in Brindabella Business Park in Canberra. The Centre is overseen by the Cyber Security Operations Board and is the joint responsibility of the Minister for Defence.
The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.
Eviatar Matania was the founder and Head of the Israel National Cyber Bureau and starting February 2015 also the founder and first Director General of the Israel National Cyber Directorate, that consists of both the National Cyber Bureau and the National Cyber Security Authority, a tenure he concluded in January 2018. Currently, Matania is a professor at the School of Political Science, Government and International Affairs at Tel Aviv University, where he also serves as the head of the MA Security Studies Program, and holds an adjunct professorship at Oxford University’s School of Government. Matania also holds consultancy roles in the fields of cyber, technological policies and strategies, and national security, and is the joint-head of the Smart Systems Initiative.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
