On January 7, 2016, the Defense Exports Control Agency of the Ministry of Defense (DECA) published a draft of changes, concerning exports of cyber products, to the Export Supervision Order. According DECA's notice, during the last three years, an inter-Ministerial team (including representatives from the Ministry of Defense, Ministry of Economics, Foreign Ministry, the National Defense Committee and the Cyber Bureau) carried out a wide reaching examination on the subject of supervision over export of technology and know-how in the cyber field. This examination being with a view to reach agreed policies which will balance between the protection of sensitive defense interests on the one hand and the maintenance of competition and flexibility of operation of the Israeli cyber industry, on the other.
The draft Supervision Order on the export of products in the cyber field is now published for comment from the industry and the public in order to enable the improvement and greater accuracy of policies of the said Committee. The process of cooperation from the industry and the public in relation to supervision over defense and dual-use exports is unprecedented and demonstrates the level of understanding of the inter-Ministerial team to the sensitivities of this subject and its importance.
The Supervision Order on the export of products in the cyber field is directed primarily at exporters and draws the line between what is allowed and what is prohibited in that field. The Order adopts the legal situation as set forth in the Wassenaar Arrangement, to which Israel has aligned its defense export control although it is not a member, and adds to it a number of important updates. It should be mentioned that Israel will be the first country to adapt its defense export controls in the field of cyber products to that of the Wassenaar Arrangement, should this new draft Supervision Order be adopted shortly.
The first part of the Order addresses intrusion software, being intrusive technologies, by sharpening the definition with respect to the aspects of jamming and the physical damage and extends the existing supervision on infrastructures for the manufacture of products to include the export of the products themselves. Also, it is suggested in the Order to supervise technologies which are intended to imitate such activities, in respect of which it is clear that they are intended to be used for an intrusive capability.
The second part of the Order deals with proposed supervision of 'weaknesses', namely, imperfection in the code or in the protocol. The working assumption is that knowledge of such weaknesses, may give rise to exploitation against the necessary interests of the State of Israel, while damaging the system or the software. According to the drafter of the proposed Order, many efforts were made to try to draft this part as accurately as possible such that it would enable companies to make inter-company/inter-branch transfers of knowledge in an easy manner.
The third part adds to the Wassenaar Arrangement and suggests supervision over cyber defense products which are especially adapted to defense systems or national defense and espionage equipment. The definitions which were added to the drafting, according to those who drafted the proposed Order, again were drafted as accurately as possible in order not to confuse between cases of export of defensive products to civilian customers on the one hand and the export of generic products to defense forces on the other.
The fourth part of the proposed Order suggests that supervision of advanced forensic capabilities by means of a physical connection to the system under attack, which is of considerable interest in the espionage world.
The draft Order also includes many exceptions which are designed to make life easier for the on-going work of exporters.
The introduction of cyber systems into the Supervision List is an additional step in a growing trend taken by various authorities in Israel with respect to the supervision of defense exports. For example, on October 11, 2015, the Tax Authorities published a paper mainly addressed to administrative technical issues concerning the export of goods within the framework of the Import and Export (Supervision of Export of Goods, Services and Dual-Use Technologies) Order, 2006. In addition to these technical issues, this 2006 paper also included a chapter on 'enforcement' demonstrating the intention of the Tax Authority to increase the enforcement of the laws addressing the defense exports.
Industry and public are invited to comment on the draft Order by February 7, 2016.
In addition, also on October 11, 2015, the first decision in a criminal case was handed down concerning the violation of the provisions of the Defense Export Control Law, 2007. This case concerned an individual who was sentenced to public service work under a plea bargain, after such individual sought to sell telecommunications equipment with accessories over E-bay for some US$ 200,000 (CF (Reh) 11119-03-15 Public Prosecutor, Economic Department v Ilan Shimon Yaacobi [published on Nevo, 11.10. 2015]).
Reference: The Office of the Prime Minister, the National Cyber Bureau, 'Draft Version of the Definition of Products and Know-how for Supervision in the Cyber Field', for Comment by 7.2.2016