Israel Has Failed to Address Severe Cybersecurity Issues, and Threats Are Imminent

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Likud election campaign launch in Jerusalem, January 2020.

For the second time in a week, a catastrophic breach has been discovered in the Elector app, which the Likud party is using to manage its get-out-the-vote campaign. The National Cyber Directorate and the Privacy Protection Authority were informed and took swift action. Yet the company, also named Elector, ignored the evidence it was shown, while Likud not only continued using the app, but promoted it at every possible event, even after the first information leak from it.

This leak exposed some Israelis’ full names, ID and phone numbers, as well as up-to-date addresses for all of the country’s 6.4 million eligible voters. Despite the many warnings and leaks that preceded the latest scandal, and despite all the concerns raised by cybersecurity investigators when they saw the lapses that led to the information leak, Elector is still operating.

The latest “contribution” to this failure came from Attorney General Avichai Mendelblit and the Privacy Protection Authority. Both of them argued that a petition to forbid Likud to use the app because of the information leaks from it should be rejected out of hand. They took this position even though the authority itself wrote in black on white that using Elector could still be dangerous, since an inquiry into it hasn’t yet been completed.

Anyone who has been following this scandal has seen how even Israel’s highest values – privacy and security – are pushed to the sidelines when they contradict the political needs of the ruling party and Prime Minister Benjamin Netanyahu. Once again, the authorities have revealed their helplessness in dealing with the cybersecurity challenge, which has only gotten more complicated over the last 20 years.

On Sunday the media reported that Hamas succeeded in penetrating the cellphones of hundreds of army officers and soldiers, extracting information from them and using them as recording devices. A new report published by the ClearSky cybersecurity company this week, about an ongoing Iranian espionage operation against a long list of companies and organizations in Israel and other countries, is an important reminder of this challenge. The report paints a picture of a sophisticated, advanced, resourceful enemy that would have posed a significant challenge even to the world’s most secure environments.

The government and the man who heads it have failed to address the severe problems in the cybersecurity field. They haven’t bothered to deal with the plethora of factors that make these serious attacks and impersonations possible, while at the same time denying enforcement powers with teeth to defense agencies, partly due to political considerations. It doesn’t matter how many great brains emerge from the army’s Unit 8200 and its systems operators – if legislation, regulations and, above all, education and enforcement lag far behind, Israel doesn’t stand a chance against its enemies’ cyberattacks, and its citizens have no guarantee that their privacy will be protected from either governmental or nongovernmental actors.

The above article is Haaretz’s lead editorial, as published in the Hebrew and English newspapers in Israel.

Click the alert icon to follow topics: