Israel International Cyber Strategy
31
Transcript of Israel International Cyber Strategy
1
Israel International Cyber Strategy
International Engagement for Global Resilience
July 2021
This is a product of the Israel National Cyber Directorate (INCD), in collaboration with
relevant ministries and agencies. The INCD is a directorate within the Prime Minister's
Office, and serves as Israel's primary civilian cybersecurity agency. It carries
responsibilities for both cyber defense and national cyber development programs. It
advises the Israeli government on national cybersecurity policy.
2
Table of Contents
Foreword .......................................................................................................................................... 4
National Cyber Strategy ............................................................................................................. 6
Cooperation for Global ICT Security ..................................................................................... 10
Capacity Building and Confidence Building Measures ............................................... 15
Preparing for Emerging Technologies ................................................................................. 20
Conclusion ..................................................................................................................................... 24
Annex - Legal Frameworks ...................................................................................................... 26
3
Foreword
Israel believes that an open, free and vibrant cyberspace is of central importance for
global prosperity in the 21st century. To protect these values of openness and
innovation, strong cybersecurity and international cooperation are imperatives. The
Israel International Cyber Strategy serves as a compass for Israeli international
engagement on cybersecurity. It outlines Israel's main positions on international
cybersecurity issues and serves as a platform for discussion and coordination with
partners.
Israel is an international high-tech hub and world leader in cybersecurity -
operationally, technologically and industrially. Part of Israel's success in this sphere
is its cyber ecosystem, a close-knit community with stakeholders from the national
security agencies, civilian regulators, academic research institutes, industry and
cybersecurity professionals at large. These are complemented by a domestic legal
system based on the rule of law and human rights, and an economic environment
supportive of innovation and investment.
In its cyber journey so far, Israel has been a trailblazer in a variety of fields: setting
cyber-readiness standards for critical infrastructure; establishing a national CERT
with a public hotline; deploying a trusted information sharing platform for the CISO
community; establishing seven dedicated academic research institutes to tackle
cutting edge cyber challenges; leveraging the local cyber industry to supply
innovative solutions; and successfully battle-testing cyber defenses against
persistent cyberattacks. But in the borderless world known as cyber, these domestic
efforts are not enough - robust international engagement is needed.
On the international stage, Israel has concluded cyber defense cooperation
agreements with dozens of partner nations and organizations, takes active
participation in multilateral fora and hosts prominent international cyber
conferences. It works actively to share its experience and lessons learned, with a view
to benefit allies and partners across the world. It seeks to harness its advantages in
cyber to promote global cyber resilience and cooperation based on shared values
and trust.
However, cyber risk is on the rise: offensive cyber tools are becoming more
sophisticated and available to malicious actors; the technological landscape is
becoming more interconnected and embedded in all areas of our lives; and the
cyber workforce is not growing as fast as the demand. All of these create a
challenging strategic environment for national and international cybersecurity.
Preparing for it will require vision, action and cooperation crossing organizations,
sectors – and borders.
4
State of the Cyber Nation
>500 papers published by Israel's
7 cyber research centers
~2.9 B$ private investment in cyber 2020;
>3.3 B$ in first half of 2021
~24 MoUs for international cyber
cooperation
2 decades of critical infrastructure
cyber-readiness
120 cyber classes for
school-age students
CERT in 2020: ~9000 incidents reported;
~300 alerts distributed
5
1
National Cyber Strategy
6
Cyber and National Goals
Cyber plays multiple roles in furthering national goals: technological, economic, social, national
security and international.
This holistic view of cyber reflects the central place of information and technology in 21st century
society. It anchors both Israel's domestic policy and its engagement with the international community.
NATIONAL SECURITY
International conflicts increasingly feature cyber
elements. Cyber tools provide operational and
intelligence advantages to conflicting parties,
and need to be taken into account in national
security planning.
ECONOMIC
Economically, a secure cyberspace enables
digital trust in the economy, while reducing
financial damage from cyberattacks. The Israeli
cyber industry is also an important engine of
growth in the high-tech sector.
TECHNOLOGICAL
Cybersecurity has become a key consideration in
the development of virtually any new technology,
demanding a 'security by design' mindset,
facilitated by secure standards and secure
development practices.
SOCIAL
Socially, Israel’s cyber excellence is leveraged
to transcend social groupings, expand
inclusivity and connect the periphery to the
center, including the advancement of Be’er
Sheva in the south as the ‘Cyber Capital’.
INTERNATIONAL
Internationally, Israel’s cyber
capabilities are a source of
international interest and a
springboard for cooperation. Israel
contributes to global cyber resilience,
which in turn is important for Israel's
own cybersecurity. International
engagement in cyber, based on
shared values and mutual benefit,
contributes in turn to the realization
of the other national goals.
7
National Cyber Defense Concept
Defense National
The third layer concerns taking
steps against attackers.
Diplomatic, law enforcement,
informational, economic,
military and cyber tools may
be deployed as appropriate
against cyber adversaries who
undermine Israeli interests.
These are designed to
intercept, defend against and
deter adversaries, beyond
Israeli borders when needed, in
accordance with domestic and
international law. It is an all-of-
government effort carried out
independently and/or with
partners.
Operational Response
The second layer relates to the
responses to cyberattack. It
includes threat detection,
analysis and removal,
functional recovery, and
immunization from similar
attacks throughout the market.
The overriding concept is for
the defense operational cycle
to outpace that of the
adversary. State intervention is
undertaken in case of a
national threat and assistance
to the private sector is
governed by strict legal
requirements and utmost
discretion, for maximum trust.
arket ResilienceM
The first layer is aimed at
ensuring the civilian sector has
the independent capability to
prevent and withstand
cyberattacks. To this end, the
State regulates critical
infrastructures, provides
cybersecurity guidance to the
public, distributes national
vulnerability alerts, facilitates
cyber crisis preparation and
proactively reduces the
national ‘attack surface’. Scale
is achieved together with major
service providers, professional
associations and the insurance
industry.
Israel's national cyber defense concept is composed of three distinct layers, each executed by a different
combination of authorized agencies. The different layers have a common goal: ensuring techno-
operational advantage over adversaries in cyber. These three layers are supported by an additional
national effort to shore up the national cyber scientific and industrial ecosystem.
The three layers rest upon a scientific and industrial cyber ecosystem, comprised
of people, knowledge and facilities. These require constant investment in
academic research, industrial innovation and human capital programs. The
contribution to the three layers of cyber defense are direct and tangible – cyber
agencies benefit from a trained workforce, state of the art technologies,
networking and opportunities that the ecosystem affords. In turn, the ecosystem
benefits from people with operational experience and practical skills developed
in the agencies, as well as attendant reputational value.
The Cyber Ecosystem
8
International Cyber Strategy
Defense ConceptNational Cyber
Market Resilience
Operational Response
National Defense
Cyber Ecosystem
Global Cyber
Resilience
Cooperate for Global
ICT Security
Capacity and
Confidence Building
Legal Frameworks
Collective
Resilience Efforts
Capacity
Building
Confidence
Building
Recognize Common
Challenges
Joint R&D
Solutions
Tech
Policies
Prepare for
Emerging Tech
The national cyber defense concept is complemented by an international cyber strategy. At the
heart of Israel's international cyber strategy, is its effort to build global cyber resilience. This
goal serves not only to create partnerships abroad, but also helps improve cybersecurity at home
– when the tide rises, all boats rise. The strategy is based on three components: cyber defense
cooperation; capacity and confidence building measures; and preparing for emerging
technologies. These are informed by the applicable domestic and international legal frameworks.
Bilateral
Joint Action
Trust in
ICT Trade
International
Standards
9
2
Cooperation for Global
ICT Security
10
Common Challenges
Threat trends for the coming years include increased sophistication of malicious actors, wider
access by them to offensive cyber capabilities and continuous attempts by them to attack high
value assets. International cyber discourse requires a common understanding of these threats.
When planning national and international cyber defense, a number of considerations need to
be factored in: the spectrum of threats, areas of market failure, relative advantages and the
resources available. Israel sees the following as priority challenges, both nationally and globally:
Functional Continuity - Continuity of critical infrastructure and essential services remains
the first priority of States. Cyberattacks can disrupt continuity not only by targeting
physical control systems, but also administrative systems or core digital assets. Scaled
effects can be obtained via a single chokepoint or viral attack. This complicates common
definitions of critical infrastructure.
Public Trust - Public trust in digital processes is of paramount importance. Trust in vote-
counting systems is a primary example. Looking ahead, trust in machine decisions will
be a key factor in enabling the AI transformation. Cyber defense is focused on verifying
the authenticity of the technological processes, not the veracity of the content.
Next-Gen Data Protection - Advanced analytics are vastly improving what can be
extracted from data, including for important security and law-enforcement use cases.
However, this has also spiked the sensitivity of data, whether in closed networks or open
media, especially biometrics. Data protection will need to adapt to these new conditions.
Technological Supply Chain - One of the most challenging threat vectors in cyber is via
the supply chain. One weak link in the chain, such as an under-protected IT vendor or
compromised component, could end up becoming gateways for attackers. This is a
multifaceted challenge requiring careful coordination with the private sector and the
building of international trust.
Connectivity - The Covid-19 epidemic brought with it a realization that large-scale
connectivity is crucial to national health and security. It will also underpin mass
deployment of IoT devices. Israel pays special attention to the resilience of network
connections, both via cable and the RF spectrum, including satellite services.
Cybercrime - Cybercrime is exacting an increasing cost on the global economy. The
international response requires innovative concepts of operations, integrating cyber
defense with law enforcement tools.
11
Info Sharing
Introducing common
cyber hygiene checks
into routine supply
chain management in
the private sector, can
have ripple effects on
collective cyber
security. Israel
implements a
methodology, a digital
platform and a
certification scheme for
supply chain security
compliance officers in
corporations. Cross-
border interoperability
of this scheme could
help build trust.
Supply Chain
The digital market is
increasingly moving
to service-based
models. Sometimes,
digital service
providers such as
cloud platforms and
web hosting servers,
are exploited by
malicious actors to
attack third parties.
Basic steps, such as
'Know Your Customer'
(KYC) practices by
digital service
providers, could
reduce these attack
vectors.
Digital Services
Financial incentives
are an essential driver
of security investment.
But problems in
quantifying the risk,
inadequate corporate
governance and a still
maturing cyber
insurance market have
inhibited full
leveraging of these
financial incentives.
Israel is engaged with
relevant stakeholders
as well as multilateral
forums such as the
OECD to address these
issues.
Financial Incentive
Information sharing is
at the heart of cyber
cooperation. Israel
implements a trusted
national network
(CyberNet) linking
CISOs and security
practitioners for real-
time exchange. A
similar model for
international use, with
attendant safeguards
and agreed protocols,
could help reduce
barriers to cooperation
and overcome legal
and technical
constraints.
Collective Resilience Efforts Raising cyber resilience across the board is a particularly challenging goal. Israel suggests
focusing on a number of promising directions for raising collective cyber resilience:
12
In addition to collective efforts, bilateral collaboration is an essential element of
improving global cyber resilience. Bilateral relationships enable optimization of both
parties' mutual areas of interest, the scope of efforts and resource allocation to the
collaboration. They help build the trust required in cybersecurity.
Cyber Dialog and Joint Investigations
International cooperation is critical when it comes to raising resilience and mitigating
cyber events, especially since sophisticated attackers will usually seek the weakest link.
Allied cyber defense teams share a common objective of ensuring that they are all
prepared and capable to prevent offensive cyber acts. In that sense, cyber defense is truly
a global "team sport" requiring intensive coordination.
To reach the full potential of such coordination, international defensive collaboration
should be promoted between national level organizations, based on the following
principles:
Relative advantage: Based on each side's threat landscape, experience and lessons
learned, partners share critical information on malicious tactics, techniques and
protocols they have encountered.
Early warning: Sharing cyber events and indications of compromise at early stages,
enables each party to undertake national risk analysis, detect weak signals for serious
threats and implement timely mitigation measures.
Speed: Speed is always of the essence in cyber, and it can be increased through
bilateral cooperation mechanisms. Efficient communications protocols and the
potential for joint live investigations can greatly accelerate incident management.
Technology: Trusted and secure collaboration platforms can be a force-multiplier.
Common platforms for cyber analysts can facilitate instant messaging, data sharing,
joint analysis and research, risk assessments etc.
Agreed frameworks: Tailored agreements can help set expectations, enhance trust
and create legal mechanisms to close the loop in cyber defense settings. This can be
essential to removing barriers for cooperation between agencies.
Bilateral Joint Action
CERT-IL is an operational unit, responsible for engaging with the Israeli market,
receiving alerts, developing full cyber situational awareness, and warning the market
on current attacks and upcoming risks, using a proactive approach. CERT-IL is a focal
point for sectoral SOCs and the cyber intelligence community. It operates the national
cyber hotline (dial 119) and engages with more than 90 international partners around
the world. This model brings great value to the national cyber defense, providing an
essential public service to the private sector in Israel and an address for cooperation.
13
Cybersecurity methodologies and best practices need constant update due to the
changing nature of technology and threats. This knowhow is developed constantly, all
over the world. Sharing of methodologies and best practices can speed the development
and implementation of up-to-date cybersecurity measures. Current areas of focus
include:
Organizational cybersecurity
Supply chain
OT/IOT
Aviation, maritime and automotive systems
Cloud migration
Crisis management and incident response
Israel believes in unity of efforts when it comes to cyber. This concept has many facets –
organizational structure, operational command and control, legal authorities, national
capacity building programs, engagement with the market and joint work with all
government offices and sectors. Creating this unity is a difficult endeavor and Israel
shares its lessons learned with other countries interested in advancing this model.
Israel also shares its experience in developing innovation ecosystems. The Be'er Sheva
ecosystem is a prime example. It combines government (CERT-IL), academia (Be'er Sheva
University cyber research center), private sector (from MNC to start-ups) and military
(IDF) collaboration, where those organizations are co-located in a Cyber-Park, sharing
knowledge, manpower and innovation culture. This model has many advantages –
inclusion, knowledge development, workforce development and leveraging public
assets.
Sharing Methodologies
14
3
Capacity Building and
Confidence Building
Measures
15
Developing countries on the other side of the ‘digital divide’ seek to leapfrog their digital
economies, and do so securely. 'Capacity Building' in this context is the family of efforts
conducted to empower partner countries so they can achieve this objective. Specifically,
capacity building is an important measure in building trust, promoting a stable and
resilient global cyberspace and facilitating continued human prosperity and progress in
the information age.
Israel's efforts in cybersecurity capacity building are numerous and diverse, touching
upon a wide scope of issues: building institutions and legal frameworks, formulating
strategies and policies, training decision makers and professionals, laying down technical
infrastructure, building operational cores, raising public awareness and creating
mechanisms to cultivate academic and industrial excellence and innovation.
Israel's capacity building activities are aimed at improving global resilience on a
politically neutral basis, thus adopting a constructive and cooperative approach, while
encouraging cybersecurity innovation. Israel views capacity building as part of its foreign
policy, cyber defense concept and its general international development program. Its
capacity building effort is based upon an "impact first" approach, based on the
following principles:
Cybersecurity is an urgent issue. Currently, the growth of risk far outpaces
defensive capacity building. The global community needs to do more, faster.
Capacity building efforts must be geared towards achieving a dramatic change
to the country's cybersecurity posture. Resources needs to be allocated with a
"leapfrog-oriented" mentality aimed at impacting at scale.
Sporadic, overlapping efforts are counterproductive. Coordination and focus
are essential to achieving the common goals.
While promoting policies, legal frameworks and institutions is important,
precedence should be given to core operational capacities, both technical and
human. The top-down and bottom-up approaches can be pursued in tandem.
But core operational capacities need less adjustment to the unique circumstances
of each country and have the potential for a more immediate and significant
impact.
True impact requires cybersecurity expertise together with viable and sustainable
development processes and financial models. Unmediated cooperation
between cybersecurity agencies and development bodies (banks, agencies and
fora) is necessary.
Cybersecurity should not be treated only as a silo/vertical capacity building issue,
but also as a horizontal issue, which must be dealt with in any sort of digital
capacity building - for example, when designing a power-grid reform, a new
transportation infrastructure or when working on the stability of a financial
system.
Capacity Building
16
In the last 5 years Israel has:
Helped create and participated in a capacity building fund with the Inter-
American Development Bank for the benefit of Latin American countries.
Helped create and participated in a capacity building fund with the World Bank
for the benefit of African Countries.
Assisted additional cybersecurity efforts in the World Bank's Digital Development
Partnership fund.
Invested in a research project to promote better development methodologies
and practices in the field of cybersecurity.
Worked with the Israeli industry to create consortia with the ability to tackle
country-scale capacity building challenges.
Conducted dozens of bilateral capacity building missions: study tours, expert
missions, training sessions, emergency technical assistance, gap analysis and
more, some of which matured into full-scale national capacity building programs.
Participated actively in international organizations promoting the capacity
building agenda, among them the GFCE and WEF.
Implementation
PROGRESS
("Promoting Global Cyber Resilience for Sectors and Society")
As part of the effort to promote an impact-oriented capacity building agenda,
Tel-Aviv University, supported by INCD, is developing the PROGRESS
framework, a novel paradigm designed to both evaluate the current cyber
maturity of a critical sector (eg. energy, finance) and to offer a practical path
forward: in regulatory development, workforce training, technological
mitigation, institutional reform and more. The framework is generic but easily
suited to the specific national and sectoral circumstances. It is designed to
bridge the gap between two other types of cyber maturity evaluation schemes
in use today: those which employ a macro-level state-wide perspective, and
those which employ micro-level organizational analysis. It is hoped that
PROGRESS will enrich the toolbox available to decision makers wishing to
allocate their capacity building resources on cyber resilience in critical sectors.
17
Developing effective international understanding requires an infrastructure of trust. In
addition to extensive bilateral information sharing, Israel supports the important work
done by the OSCE in confidence building measures, which serves as an example of a
positive regional initiative that has resonated with other regional organizations
worldwide. Israel, as a Mediterranean Partner, actively contributes its experience and
efforts in this framework. Moreover, Israel, is a founding member of the Global Forum on
Cyber Expertise (GFCE), and is an active partner in developing CBM's and capacity-
building initiatives on cyber security related issues in the GFCE framework.
Israel's Participation in Diplomatic Multilateral Cybersecurity Fora
Israel attaches great importance to the multilateral efforts to promote security and
stability in cyberspace. Israel's international engagement seeks to ensure that the
development and use of cyberspace are in line with shared values, good governance and
a commitment to maintaining a peaceful and stable international environment.
Israel was a member of the UN Group of Governmental Experts on advancing responsible
State behavior in cyberspace in the context of international security (GGE) - the first GGE
in 2009 and the fourth GGE in 2015. It is an active participant in the UN Open-Ended
Working Group on developments in the field of information and telecommunications in
the context of international security (OEWG). Israel's priorities for the GGE and the OEWG
are to: develop recommendations on how to better coordinate and target cyber capacity
building; find additional ways to conduct CBMs; and generate practical guidance on how
to implement the recommendations of previous GGE reports.
The 2015 GGE report included a chapter on cyber norms. These were drafted by
consensus as voluntary, non-binding standards, which do not alter rights or obligations
of States under international law. The GGE 2015 norms may be useful in indicating the
general expectations of the international community, but since their endorsement by the
United Nations General Assembly, they have been routinely flouted by malicious actors.
This suggests that norm development is not a panacea.
A Practical, Bottom-Up Approach
Rather than focus on formulating new norms, Israel is supportive of a more cautious,
incremental and bottom-up approach, focused on the actual, practical needs of
cybersecurity agencies, CERTs and the broader cybersecurity community. There is a need
to remove barriers to cybersecurity cooperation, on such concrete issues as privacy
guarantees for information sharing and legal protections for security researchers making
responsible disclosures. Facilitating cybersecurity cooperation by making relevant
governing legal rules among States more interoperable, could be useful for States and
the private sector alike, and it could serve as an added source of confidence.
Global Internet Governance
Israel supports the multi-stakeholder model of global internet governance, as the most
appropriate model to ensure an open, global and secure cyberspace. In that regard, Israel
is an active participant in Internet Governance Forum sessions, and follows closely
developments at ICANN, IETF and similar bodies.
Confidence Building
18
Israel is a party to several bilateral and multilateral treaties in the fields of trade and
investment protection. Such treaties have been instrumental in developing the global
economy and fostering innovation. Similar to the physical world, in the digital sphere,
there is an ongoing effort towards the reduction of barriers in order to enable cross-
border trade in digital goods and services, alongside a trend to facilitate cross-border
data flows in order to foster global economic development.
These efforts are hampered by a growing security-driven international trust deficit. The
more dependent society becomes on cyber-physical systems and massive data traffic,
the higher the stakes become for cybersecurity. As global economic integration expands
in parallel, States in certain cases seek to manage the attendant risks by adopting
exceptional measures, such as source code reviews, data localization requirements and
foreign investment oversight.
Israel, together with many of its likeminded partners, seeks a balanced approach between
these competing needs. Israel has a national export control system, which incorporates
widely accepted international standards in its legislation. In 2019, the Israeli cabinet
adopted a decision on Foreign Investment Review, which allowed for "defense, foreign
relations and cyber" considerations to be represented to Israeli regulators before
licensing foreign companies to carry out national infrastructure projects. This is in
addition to mandatory cyber guidance given to critical infrastructure operators by law,
some of which are foreign entities or deploy foreign systems. These steps are aimed at
mitigating long term cyber risks, without detracting from free trade obligations and while
maximizing economic benefits.
As a leading tech producer and exporter, Israel sees great importance in strengthening
international trust in technology supply chains, and thinks this is attainable with partner
nations through secure development practices, robust security provisions in technology
standards, information sharing, consultations and ad-hoc arrangements where
appropriate. In addition, policies aimed at diversifying tech markets will serve both
economic interests and risk management.
Fostering Trust in ICT Trade
19
5
Preparing for
Emerging Technologies
20
R&D
Emerging technologies
should be tested for
vulnerabilities and attack
vectors, often in dedicated
labs. Technical safety and
security standards need to be
accelerated to influence the
development stages. Specific
R&D efforts are required for
mitigations and defensive
solutions ahead of
widespread deployment.
These are public-private
efforts requiring international
investment and coordination.
Tech Policy
Cooperation Since emerging technologies
arise in parallel around the
world, often by cross-border
teams of developers, there is a
need for coordination among
states regarding their security
policies. Ensuring diversified
and interoperable suppliers
can spread risks. Information
sharing and joint development
programs can help build trust.
Meanwhile capacity building
can improve equal access to
emerging technology without
compromising on security.
Cyber is not a discreet technological field, but rather a permanent feature of almost all digital
technologies. In the coming decade, it is anticipated that the digital landscape will undergo wide-
scale transformation. Mass migration of digital assets to the cloud is expected to improve services,
while concentrating those assets in the hands of a few providers. Upgrade to 5G telecommunications
together with broad deployment of IoT devices, will underpin smart cities, connected transportation,
digital health and more. AI systems will support decisions and enable autonomy in an expanding
number of contexts. Together these demand security foresight and cyber readiness:
Technology and Innovation
Emerging technologies need
to be fostered in a supportive
regulatory and policy
environment, that refrains
from stifling innovation. At
the same time, it should
encourage resilience and
safety across the
technological lifecycle. This
requires establishing the right
incentives for all
stakeholders. Uncertainties
should be managed, through
regulatory sandboxes, among
other tools.
21
AI is a transformative technology, with capabilities in object classification, statistical
prediction, anomaly discovery, content generation and optimization in complex systems.
It will require stewardship to ensure AI trustworthiness and security across broad use-
cases. In support of securing AI, Israel is investing in programs for resilient, explainable
and privacy-preserving features. Israel is engaged internationally on the issue and took
part in drafting the OECD principles and recommendations for AI. It sees the following
risks as requiring international attention:
Adversarial threats against AI systems can distort processes and outputs, resulting in dangerous situations. Technologically, Israel is researching security and verification mechanisms for AI systems. On the regulatory level, public consultations are gathering insights from field experience. Security incentivization and liability regimes are being explored in critical use cases such as autonomous vehicles. Internationally, Israel engages with standards bodies to synchronize with emerging security metrics.
Training data was often created before its machine learning uses were understood, and is sometimes drawn from unsuspecting sources. This raises privacy and security concerns, such as the potential to micro-target individuals in unprecedented ways. Biometrics are especially sensitive - Israel's biometric database for secure ID is heavily protected and governed by law. Work is being done to inform secure data collection and training for AI. Privacy attacks are being researched. Technical solutions for anonymization are being explored.
The powerful capabilities of AI are a force for good, but they also have potential malicious uses. For example, every element of the cyber "kill chain" is ripe for upgrade with AI. Autonomous vulnerability search, "deepfake" content for social engineering and malware obfuscation are but a few examples that have already been demonstrated. Israel is researching these attack vectors and developing updated cybersecurity concepts for the AI era. International discourse will need to address some of these phenomena as well.
Secure AI
Data
Protection
Malicious
Use
System
Resilience
22
5G Telecoms - Israel completed its first frequency auction for
5G and is working to ensure 5G security with robust cyber
standards in telecommunications licenses, and with security
solutions from both the telecoms and cyber industries.
Internationally, Israel supports the Prague process for
coordinating international 5G security principles. It also
supports international efforts for open radio networks,
diversifying suppliers and spreading risk.
Transportation - Israel has national initiatives for aviation,
maritime and smart automotive cybersecurity. These involve
multi-stakeholder arrangements, with OEMs, operators,
cybersecurity industry, regulators, standards bodies, trade
organizations and partner nations. Israel aims through these
initiatives to raise international cyber standards and
accelerate security solutions in this global sector.
Medi-Sec - The Covid-19 pandemic revealed the critical
vulnerability of health systems to cyberattack. As
bioinformatics, e-health and medical IoT become ubiquitous,
cyber risk increases. Israel's world contribution to both
medicine and cyber have paved the way for unique
collaborations aimed at securing the technological landscape
of the health sector.
Fin-Sec - As the financial sector is transformed by a growing
stream of fintech innovations, there is a parallel need to
develop innovative security solutions and standards. Israel's
Fin-Sec Arena brings international financial service providers
and local developers together to facilitate this process, to the
benefit of the global financial system.
Computing Infrastructure - Cloud security is a growing
international concern, as public and private bodies entrust
digital assets to global vendors. Israel's national cloud project
will be secured under the shared-responsibility model. The
national quantum initiative will further augment national
computing capabilities. It will be accompanied by efforts for
post-quantum cryptography, another global concern.
PNT - Positioning, navigation and timing services underpin
such varied functions as network synchronization, smart
agriculture, high frequency trading and transportation.
Multiple global GNSS services are freely available, but easily
interfered with. Israel seeks to ensure continuous and trusted
PNT services, while sharing solutions with partners.
Select Focus Areas
23
6
Conclusion
24
By placing global resilience at the heart of its international cyber strategy, Israel is
recognizing that national and international cybersecurity are intrinsically linked. Yet
achieving this goal requires a multi-pronged effort, combining technological, policy
and diplomatic disciplines. Israel stands ready to leverage its own experience and
expertise, as well as to learn from that of our partners, in order to move forward on
this pressing international need.
To be successful, Israel believes in a practical, bottom-up approach, to help with the
real problems of cyber defenders. Cybersecurity cooperation must become more
actionable, capacity building more impactful and tech policy more concrete. In a
global and interconnected economy, our ability to become more secure depends
on our ability to work together across nations and political divides. Based on shared
values and common understandings, Israel prioritizes ways to facilitate international
cooperation for promoting and implementing cybersecurity policies.
This document summarizes some of Israel's main positions in the international
cybersecurity discourse. It demonstrates Israel's firm commitment to the core shared
values of an open, free and resilient international cyberspace, as key enablers of
global prosperity. These basic values will continue to guide Israel's policies in
navigating the complex challenges going forward.
25
Annex
International Legal
Frameworks
26
Applying International Law Israel considers that international law is applicable to cyberspace. Israeli
officials have consistently expressed this position over the years, including the
Minister of Justice in 2016, as well as the diplomatic representatives to the United
Nations Governmental Group of Experts (UNGGE) and the Open Ended Working
Group (OEWG), as well as in other fora. In December 2020, Israel's Deputy Attorney
General for International Law reaffirmed this position and laid out in more detail
some key aspects of Israel’s approach regarding the application of international
law to cyberspace1, some of which will be highlighted below.
Traditional rules of international law, which mainly evolved in a bricks-and-mortar
world, and often in domain-specific contexts, do not always lend themselves to
application in the cyber domain, which has certain distinctive characteristics. For
example, data travels globally across networks and infrastructure located in
multiple jurisdictions, transcending national borders and lacking meaningful
physical manifestations. Moreover, cyber infrastructure is, to a large extent,
privately-owned and decentralized, both at the domestic and international levels.
The cyber domain is also highly dynamic, with technological developments and
innovation advancing at a rapid pace.
When considering the applicability of specific rules of international law to
cyberspace, it is important to be mindful of such distinctive features, and to carry
out a meticulous examination of the rules at play and the context in which these
rules emerged.
1 Roy Schöndorf Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations 97 INT’L L. STUD. 395 (2021).
27
Sovereignty
Sovereignty is a foundational concept in international law and international relations. In
recent years, a debate has emerged as to its legal implications, with one view advocating
that there is a general legal obligation under international law to respect another State's
sovereignty, and another view holding that sovereignty is merely a general principle from
which legal obligations emerge such as the prohibition on use of force and the
prohibition to intervene in another country's internal affairs. It is Israel’s view that in
international law there is a firmly-entrenched legal rule with regard to respecting the
territorial sovereignty of other States. However, the application of this rule in the cyber
domain raises questions and challenges. In practice, cyber activity in the exercise of State
functions often implicates infrastructure physically located in other States, without such
activity being deemed by any party a violation of territorial sovereignty. In addition,
States' legitimate interests in the protection of data and networks of its citizens and
companies hosted abroad, e.g. in cloud computing, should also be borne in mind.
Non-intervention
The prohibition on intervention in other States’ internal affairs has been typically taken
to mean that a State cannot take actions to coerce another State into taking a course of
action, or refraining therefrom, in matters pertaining to the latter's core internal affairs.
This rule has usually been applied in the context of military intervention and support to
armed groups seeking the overthrow of the regime in another State, entailing a high
threshold of application. In the cyber context, manipulation of election results or
interfering with a State’s ability to hold an election could also likely be considered a
violation of this rule.
Due diligence
In the 2015 Report of the UNGGE, due diligence is mentioned as a voluntary, non-
binding norm of responsible State behavior, providing that States should not allow their
territory to be used for the commission of international wrongful acts. The application of
due diligence to cyberspace presents practical and legal challenges. For example,
"shutting down" service providers' traffic could harm freedom of expression. In light of
current state practice and opinio juris, it has not crystallized into a customary rule.
State responsibility
The international law of State responsibility is generally applicable to the cyber domain,
determining whether States are responsible for internationally wrongful acts in this
domain. Attribution of acts to States in the cyber domain in order to determine State
responsibility is mainly a factual matter. There is no international legal obligation to
disclose information forming the basis of an attribution of a particular act in cyberspace.
While in some cases States might find it useful to publish such details, it may not always
be desirable or possible to do so, for reasons such as national security or foreign
relations. A State's decision whether to provide details and to whom, remains its exclusive
discretion. The rules regulating countermeasures are also relevant to cyberspace. There
is no absolute duty to notify the responsible State in advance of a countermeasure. Such
a requirement would often undermine the effectiveness of a countermeasure, render it
obsolete or compromise other interests of the State undertaking the countermeasure.
28
Use of force
Israel considers that the Charter of the United Nations, including the prohibition set out
in Article 2(4) of the Charter on the “threat or use of force” in international relations, is
applicable in the cyber domain. A cyber operation can amount to use of force if it is
expected to cause physical damage, injury or death, which would establish the use of
force if caused by kinetic means. Moreover, an action taken in accordance with a State's
inherent right of self-defense, enshrined in Article 51 of the Charter, against an armed
attack conducted through cyber means, may be carried out by either cyber or kinetic
means.
The law of armed conflict
The law of armed conflict (LOAC) and its fundamental principles generally apply to cyber
operations conducted in the context of an armed conflict. Israel views that only an act
expected to cause death or injury to persons or physical damage to objects beyond de-
minimis, may constitute an “attack” within the meaning of this term under LOAC. The
LOAC rules on targeting relating to distinction, precautions and proportionality apply
only to cyber operations qualifying as "attacks" under LOAC. Military operations not
constituting “attacks” are subject to general obligations under LOAC that do not depend
on whether the act is an attack or not.
Cybercrime
Israel is a party to the Budapest Convention and cooperates with States across the globe
in prosecuting criminal actors. Israel also supports, and is taking part in, negotiations for
a protocol on law enforcement access to data on the cloud. It is imperative to achieve
better understandings of the interplay between law enforcement and extraterritorial
jurisdiction. State practice indicates that there are different approaches on this matter,
and greater clarity is required. In addition, particular attention needs to be afforded to
the protection of government data stored by third-party cloud providers. In Israel's view,
such data is not – and should not be made – subject to access requests by law
enforcement authorities of other States.
Furthermore, Israeli law enforcement agencies, aware of the "going dark" phenomenon,
are considering different approaches to address it. To that end, Israel views international
cooperation in this field as important.
Human rights
New technologies present constantly evolving opportunities and dilemmas, including in
the field of human rights. As with other concepts of international law, our common
understanding of how human rights law applies may entail adjustments to the digital
context. In that regard, Israel is a party to seven international human rights conventions.
States' applicable obligations under these conventions remain relevant also in the cyber
domain, in particular in striving to protect key rights such as freedom of speech and
privacy.
29
30
