Israeli Security Agencies: New Cyber Authority Could 'Seriously Harm' Our Activities

In letter to prime minister, agency heads say legislation concerning Cyber Defense Authority would render their cyber units obsolete

Mossad chief Yossi Cohen.
David Bachar

The heads of Israel’s security agencies are asking Prime Minister Benjamin Netanyahu to halt legislation that would give broad powers to the Cyber Defense Authority, saying it could cause serious damage to the security community’s cyber defense activities.

“The draft bill seeks to grant extensive powers to the Cyber Authority, whose purpose has not been clearly defined, and it could seriously harm the core security activity of the security community in the cyber field,” said the letter signed by Shin Bet security service head Nadav Argaman, Mossad chief Yossi Cohen, Deputy Chief of General Staff Maj. Gen. Yair Golan (who is responsible for cyber defense issues in the army) and Defense Ministry Director General Udi Adam.

In the letter, which Channel 2 first reported on Monday night, they ask the premier to halt the existing bill and formulate a new one.

The bill seeks to regulate the activity of the Cyber Defense Authority, which was establishment by the cabinet two years ago. According to the authority’s head, Buky Carmeli, it will focus on issuing protection guidelines to thousands of companies, organizations and public agencies to help them prevent cyber attacks. It will also set cyber regulations and emergency management.

The issue was raised at the last cabinet meeting against the backdrop of the defense establishment's resistance to the legislation, which they said would render their cyber units obsolete.

Over the past few days, after the first draft of the bill formulated by the Prime Minister’s Office’s cyber headquarters was circulated among the relevant ministries, it became clear to defense officials that it is much more expansive than a previous version, whose principles had been agreed on by the Knesset Foreign Affairs and Defense Committee. The officials thus decided to take the unusual step of taking a joint stand against the legislation.

The establishment of the Cyber Defense Authority has previously caused serious tensions, with the agencies arguing that transferring some of their authority to the new body would undermine their ability to function. The main agency likely to have to yield its work in the cyber field would be the Shin Bet, which is currently responsible for the cyber defense of critical national infrastructures such as the banks and communications companies. In an effort to resolve these tensions, the Foreign Affairs and Defense Committee examined the consequences of the government decision to set up the authority.

In a report that the committee issued last August, it wrote, “Establishing the authority comes to fill a void in areas that were not dealt with until now (particularly in the civilian realm) and to improve the coordination between all the elements of cyber defense. Although the [cabinet] decision stated that there would be no effect on the responsibility and the authority of the Shin Bet, it’s natural that the entrance of the authority as a new, leading player infringes on areas of the Shin Bet’s authority and responsibility, and this requires regulation, both systematically and individually with regard to each of the defense agencies.”

In the end, the committee stated, the national cyber authority would have to be responsible for cyber defense in Israel. Nevertheless, the committee members said that the bill being formulated “must be written in cooperation and with the involvement of all the relevant defense and civilian agencies.”

However, this apparently did not happen, as evidenced by the objections of the security agencies' heads.