Former Shin Bet spokesman: The cyber law has been waiting for three years – what is the urgency of a temporary order

Eli Bachar, a former GSS ombudsman, claims that the urgency of approving the temporary order requested by the cyber system is unclear. ‘The cyber law memorandum has been parked in the Ministry of Justice for three years. No one, including the prime minister who is the minister in charge of the alignment, promoted him, nor did he put him on the Knesset table. As is well known, in those three years there have also been cyber attacks. Even those against critical infrastructure. It is clear that these attacks have been addressed. So what is the urgency now, during the election period? ‘Says Bachar.

“The formation claims in the explanatory memorandum that because of the corona there was an urgency because there was an increase in the number of attacks. But the Corona has been with us for over a year, so what have they done so far in the last year? The question arises again as to why the urgency now. What has changed. We have not heard evidence that the lineup fails to thwart critical attacks. As mentioned, in the last three years, since the Cyber ​​Law Memorandum was written, it has not been promoted.

‘Temporary instruction is an unreasonable form of legislation for the reality of the cyber system. This is a temporary order that includes harm to the citizen and the private sector, and as such, it is right to do so without pressure as part of an orderly legislative procedure. It also took the GSS law to legislate for several years. This is the nature of such sensitive legislation in terms of harm to the public.

‘Of course there is a lot of point in cyber protection for us, the citizens, as there is for critical infrastructure. There is no dispute about that. To this end, cyber law wants to expand the existing powers of the array. These are very sharp powers, which require an orderly legislative procedure, which comes to whitewash all aspects. There is no public justification at this time for a temporary order of the kind requested by the cyber array.

‘For example, the cyber law memorandum has a mechanism for supervising the exercise of powers. It is not in the temporary order. The judge must approve actions without being able to assess the urgency and necessity of the application. “Everything is being done at a disproportionate speed in relation to possible harm to the public.”

Bachar claims, and rightly so, that the cyber system has existed for several years. The CERT allows companies and individuals to complain about cyber attacks. ‘This system works voluntarily. “It is unlikely that the cyber system will reach the company, detail the threat it is exposed to, and the CEO will not open the door and take it very seriously,” Bachar explains.

‘No business company wants to be hacked, stolen or ransomed. Unlike a government office or critical infrastructure, in the private sector, a CEO wants to be a partner in a decision. It should reflect the threat, the costs involved and the risk involved. If the array works right, it will gain the cooperation of almost any business company.

‘Temporary instruction is a kind of legal force. This power is not a good method to get cooperation from a private sector. It is necessary to examine how the array approaches business companies. This is an enforcement capability that needs to be refined all the time. There is also a delicate texture between the company and its customers. For years there has been a law called a law regulating security in public bodies designed to also cover the issue of information security of critical infrastructures, including private companies that are critical to the functioning of the state. The formation received the responsibility for this from the GSS and is responsible for this in law.

‘Here we want an expansion to the private market so that it can be a legal source of authority. To date, however, the GSS or the formation have not had a problem thwarting a security incident. I do not doubt the need for a state-of-the-art cyber system, but rather a way to achieve it. A regulated legislative process is far more appropriate than an urgent temporary order that does not explain why it is needed at all, when for three years now a memorandum of law has been in place as an irreversible stone.