On June 2018, the Israeli Prime Minister’s Office published a memorandum on the proposed Cyber Defense and National Cyber Directorate Law. This law is designed to regulate the National Cyber Directorate’s purpose, functions, and powers when contending with rapid technological developments and an accelerated frequency of cyber threats mainly targeting the civilian sector. The National Cyber Directorate, which is defined as a defense agency tasked with defending cyberspace, will be subordinate to the Prime Minister and will work in conformity with the provisions of the Memorandum and with government orders.
In order for the National Cyber Directorate to fulfill its purpose and its various roles, it will be required to manage and perform national defense operations against cyberattacks, to promote cyber policy according to government decisions, to promote international cooperative cyber-defense efforts, and to advise the government in relation to cyber security issues.
The National Cyber Directorate’s powers focus on safeguarding the proper functioning of cyberspace and preventing cyberattacks. Inter alia, the Directorate will be allowed to exercise very broad powers whenever it has reasonable grounds to assume a cyberattack is imminent or is likely to occur:
- The Directorate’s authorized employees may compel any organization to produce the documents or computer materials it may need to pinpoint, contend with, or prevent a cyberattack.
- The Directorate is empowered to order any organization to appoint a contact person who will receive orders from the Directorate. It may also instruct Directorate employees to physically enter the premises of any organization and confiscate objects and computers if it suspects they contain valuable security information.
- When countering a cyberattack, Directorate employees may issue compulsory orders to any organization. The organization and its employees are then obligated to secrecy and are prohibited from publicly disclosing the contents of the instructions issued to them.
Although a court order from a magistrate court is normally required for the Directorate to exercise its authorities, the head of the National Cyber Directorate may himself authorize the exercise of powers even without a court order in case of emergency, in order to prevent serious damage.
The Memorandum proposes that the National Cyber Directorate set a uniform regulatory policy at the national and sectoral levels, and that it should be allowed to disseminate orders directly to organizations in order to prepare for and maintain appropriate readiness to contend with cyber threats and cyberattacks. It will be within the purview of the Directorate to directly supervise industries and agencies deemed critical to the economy.
The expansion of cyberspace and the increased exposure to threats in cyberspace is what prompted the drafting of this Memorandum. Proposed there are new provisions and tools to contend with and combat cyberattacks. These provisions, if adopted, are likely to influence and change the approach toward cyber defense and cyber security both in individual organizations and in the Israeli economy as a whole, including even in the company where you work.