ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

Similar documents
Israel and ICS Cyber Security

Resolution: Advancing the National Preparedness for Cyber Security

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Legal and Regulatory Developments for Privacy and Security

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

G7 Bar Associations and Councils

State of Israel Prime Minister's Office National Cyber Bureau. Unclassified

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

National Policy and Guiding Principles

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Commonwealth Cyber Declaration

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

Emergency Management Response and Recovery. Mark Merritt, President September 2011

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Draft Resolution for Committee Consideration and Recommendation

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

U.S. CHAMBER DELEGATION TO CYBER WEEK TEL AVIV, ISRAEL J U N E ,

National Open Source Strategy

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Cyber Security Strategy

Ms. Izumi Nakamitsu High Representative for Disarmament Affairs United Nations

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

EU policy on Network and Information Security & Critical Information Infrastructures Protection

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Implementing Executive Order and Presidential Policy Directive 21

Global Wildlife Cybercrime Action Plan1

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

ENISA s Position on the NIS Directive

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

COUNTERING IMPROVISED EXPLOSIVE DEVICES

ISAO SO Product Outline

RESOLUTION 67 (Rev. Buenos Aires, 2017)

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

RESOLUTION 130 (REV. BUSAN, 2014)

Private sector s engagement in the implementation of the Sendai Framework

Cybersecurity & Digital Privacy in the Energy sector

Security and resilience in Information Society: the European approach

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

CASE STUDY Institution Building in Malaysia Establishing the National SDG Council

WORKSHOP ON CYBERSECURITY 14 TO 17 AUGUST 2017

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

TO INSPIRE, CONNECT AND EMPOWER TO TURN BACK CRIME

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

RESOLUTION 179 (REV. BUSAN, 2014) ITU's role in child online protection

RESOLUTION 179 (REV. BUSAN, 2014) ITU's role in child online protection

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

STRATEGIC PLAN. USF Emergency Management

COUNTERING IMPROVISED EXPLOSIVE DEVICES

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

CALIFORNIA CYBERSECURITY TASK FORCE

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

Global Security Advisor

Department of Homeland Security Updates

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

World Telecommunication Development Conference (WTDC- 14) Dubai, 30 March 10 April 2014

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda

Preparatory process of the second High-level United Nations Conference on South-South Cooperation

--- International Forum on Geospatial Information and Services for Disasters Session 3. Bridgetown, Barbados 4-5 September ggim.un.

The Interim Report on the Revision of the Guidelines for U.S.-Japan Defense Cooperation

Promoting Global Cybersecurity

Presidential Documents

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

PIPELINE SECURITY An Overview of TSA Programs

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

ENISA EU Threat Landscape

Regional Development Forum For the Arab States(RDF-ARB) 2018

General Framework for Secure IoT Systems

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

QBPC s Mission and Objectives

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY

Overview of the Federal Interagency Operational Plans

Call for Expressions of Interest

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

Cloud First: Policy Not Aspiration. A techuk Paper April 2017

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

The role of COP/ITU on international level. Dr Ibrahim Al dabal chair of child on line council working group

Cyber Security Technologies

Transcription:

SEPTEMBER 2017 ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF STATE OF ISRAEL PRIME MINISTER S OFFICE NATIONAL CYBER DIRECTORATE

Vision and Objective 5 Development of Israel s national cyber security efforts 6 Concept of Operations 8 First Layer Aggregate Cyber Robustness 10 Second Layer Systemic Cyber Resilience: 11 Third Layer National Cyber Defense: 12 A Complete Solution 13 The National Cyber Security Authority 14 Capacity Building 16 1. Research, development, and implementation 17 2. Establishing of a national scientific and technological cyber foundations 17 International Cooperation 18 National Cyber Security Strategy In Brief 3

4 National Cyber Security Strategy In Brief

Vision and Objective The government of Israel has set a vision for Israel to be a leading nation in harnessing cyberspace as an engine of economic growth, social welfare and national security. Israel national cyber security strategy is, first and foremost, a means of realizing the Israeli cyber vision by keeping cyberspace safe and by confronting the various cyber threats, in accordance with the country s national interests. In addition, the strategy aims to ensure Israel s continuing role in the international arena, as a leader in technological innovation and as an active partner in the global processes of shaping cyberspace. The national cyber security strategy is the conceptual and practical foundation for achieving these goals. Designed to efficiently structure the national efforts and to ensure a stable, long-term solution, it establishes new concepts and approaches, adapted to the unique features and challenges arising from the use of cyberspace. National Cyber Security Strategy In Brief 5

Development of Israel s national cyber security efforts The first milestone in the development of Israel s national cyber security efforts was laid in 2002, when the Israeli government authorized the National Information Security Authority (NISA) to instruct and protect vital computerized systems of selected public and private civil organizations. The next and major milestone level was the establishment, in January 2012, of the Israel National Cyber Bureau (INCB) reporting directly to the Prime Minister, following a governmental resolution from August 2011. INCB was tasked with: devising the State s national cyber policy and strategy, promoting national processes, developing national cyber capabilities and strengthening Israel s leadership in the field. On February 15, 2015, the government of Israel adopted two pioneering resolutions, which reflected the major recommendations of the national cyber security strategy, developed by the Bureau. These resolutions included the establishment of the National Cyber Security Authority (NCSA), a dedicated government entity leading the operational cyber security efforts of the State of Israel. Together the INCB and the NCSA constitute the INCD Israel National Cyber Directorate. 6 National Cyber Security Strategy In Brief

ISRAEL S JOURNEY IN CYBER SECURITY Government Resolution Securing Critical Infrastructures (NISA) Establishment of the INCB 2002 2012 Operationalization of the NCSA 2016 2011 Government Resolution Advancing the National Capacity in Cyberspace 2015 Government Resolution 1. Advancing national regulation and governmental leadership 2. Advancing The National Preparedness National Cyber Directorate (INCD) National Cyber Bureau (INCB) (Policy, capacity building) National Cyber Security Authority (NCSA) (Operational efforts)

CONCEPT OF OPERATIONS

General Israel's cyber security strategy is based on a generic concept of operations for national cyber security a conceptual framework for all of the state's efforts and functions in the context of national cyber security. This framework includes both direct State actions to confront cyber threats and indirect efforts aimed at encouraging and supporting security activities in the private sector and collaborating with it. The concept of operations defines three operational layers: Aggregate Cyber Robustness, Systemic Cyber Resilience and National Cyber Defense. The three-layer approach derives from the unique nature of the cyber threat and the central role of private organizations in achieving national cyber security. The three layers differ from one another in their goals, in the role of the State and in the relations between the State and private organizations. National Cyber Defense Systemic Cyber Resilience Aggregate Cyber Robustness National Cyber Security Strategy In Brief 9

First Layer Aggregate Cyber Robustness Cyber robustness is the ability of organizations and processes to continue operating despite a routine of cyber threats by repelling and preventing most of the attacks. This is the very basic level of cyber security. The State of Israel has set a goal to raise the overall level of cyber robustness as a means of preventing high-level damage and reducing the cumulative risk. Government Resolution 2443 of February 15, 2015 introduced nation-wide efforts to enhance the national robustness through the promotion of security efforts undertaken by organizations (best practice, guidance, regulations, incentives, etc.) and by regulating the cyber security market. Additional efforts were made to set the bar high for government cyber security so as to "lead by example" and to implement technological solutions and processes to raise overall robustness in the market. REGULATING THE CYBER SECURITY MARKET (SUPPLY) Cyber professionals Security products and services Technological services GUIDANCE FOR THE PRIVATE SECTOR (DEMAND) Specific guidance to critical infrastructures Mandatory standarts in essential sectors Promoting knowledge and awareness through the private sector 10 National Cyber Security Strategy In Brief

Second Layer Systemic Cyber Resilience: The second layer in the concept of operations is the systematic ability to confront cyber-attacks before, during, and after incidents, prevent them from spreading and reduce their cumulative damage to the nation. While the first layer is focused on reducing attacks a priori, regardless of any specific event, this layer is event-driven by definition. Systemic resilience can be achieved through state processes encouraging information sharing, generating and disseminating valuable information, and assisting organizations during cyber incidents. This effort is led by the NCSA, with the national CERT at the forefront. The national CERT works closely with the private sector, both directly and through sector-based cyber centers which operate within the CERT. The CERT strives to engage in global and local cooperation while supporting innovation and harnessing it for its goals. Assistance to organizations Generation of valuable information Sharing of national and sector-relevant information National Cyber Security Strategy In Brief 11

Third Layer National Cyber Defense: A national-level campaign is required against severe threats by determined, resource-rich attackers who pose serious danger to the nation. National defense campaigns incorporate defensive effort, to contain such attacks and their ramifications together with active efforts to confront the sources of the threats. CAMPAIGN AGAINST ATTACKERS Intelligence Prevention Enforcement and deterrence Joint investigations NATIONAL DEFENSIVE CAMPAIGNS Defensive operations National incident response Situation assessment 12 National Cyber Security Strategy In Brief

A Complete Solution The three-layer approach offers a holistic solution, taking into account the differences in the level of risk, the nature of the threat and the degree of its clarity. The following graph illustrates the state's mode of action, according to the three-layer approach, given the context of the State's action (the horizontal axis) and the magnitude of the threat to the nation (the vertical axis). For example, the resilience layer enables a first response to incidents that do not present an immediate and severe threat, but may cause cumulative damage over time, or might and severe a national defense response as the understanding of the threat evolves. Level of National Risk Dedicated Guidance for Critical Infrastructure Guidance in Essential Sectors Active Defense Defensive Operations Sectoral Centers National Defense Law Enforcement Aggregate Robustness Systemic Resilience Information Sharing Incident Response Call Center Early Warninng Regardless of an Event Regarding a Specific Threat Regarding a Concrete Event Understanding the Nature of an Event National Cyber Security Strategy In Brief 13

THE NATIONAL CYBER SECURITY AUTHORITY

Establishing a Central Cyber Security Authority To lead the operational cyber security efforts, the government of Israel decided, in Government Resolution 2444 of February 15, 2015, to establish a new government entity the National Cyber Security Authority (NCSA). The NCSA is an operational agency, with cyber security as its sole concern, but also civilian in its nature, cooperating mainly and openly with the private-sector. The NCSA serves as a hub of national knowledge, a primary cyber regulator and an operational center for managing cyber incidents. The NCSA also conducts integrated defensive campaigns with national security and law enforcement agencies. Functions of the NCSA at the Three Layers: Aggregate Robustness Critical infrastructure regulation Systemic Resilience Nation-wide information sharing National Defense Managing defensive campaigns within the civilian sector Security guidance (mainly through sectoral regulators) National knowledge hub Cyber security market regulation Assistance to organizations under attack Identification and investigation of attacks Support for sectoral SOCs Coordination between agencies National situation assessment National Cyber Security Strategy In Brief 15

CAPACITY BUILDING

For several decades, Israel has been at the global forefront of innovation and scientific-technological knowledge in the field of cyber security. Cyber security is highly dependent on innovation to cope with the attacker's dynamic approach. Israel's culture of innovation, its unique human capital and its national security efforts create a perfect environment for cyber innovation, thus answering this need both locally and globally. In its Government Resolution 3611 of August 7, 2011, Advancing National Cyberspace Capabilities, the State of Israel made it a priority to strengthen Israel's scientific and technological cyber capabilities and innovation processes. This task was assigned to the National Cyber Bureau, as a crucial component of the national cyber security strategy, in order to ensure Israel's long term cyber security capability. This includes two main efforts: 1. Research, development, and implementation of national level security capabilities and technologies, including: secure and efficient information sharing platforms; solutions supporting the state s efforts to expose, investigate and contain cyber attacks; robust cyber processes; and centralized security services. 2. Strengthening the national science and technology (S&T) base in cyber: promoting industrial innovation, supporting academic research (including the establishment of six research centers in Israel s leading universities), enhancing the the nation s human capital in the cyber field and fostering an ecosystem for mutual enrichment. This includes the unique CyberSpark project a concentrated and powerful cyber security ecosystem consisting of Israeli startups, global companies, academia and civilian and military cyber security centers all within a walking distance of one another. National Cyber Security Strategy In Brief 17

INTERNATIONAL COOPERATION Cyberspace is a global sphere and cyber security is a global challenge. The State of Israel views international cooperation as a critical element in establishing cyberspace as a secure, free and global sphere of activity as well as a complementary component in its own national cyber security efforts. Israel is also engaged in efforts to assist partner nations in strengthening their national cyber security, while harnessing Israel's cyber capacities. Israel invites partners around the world to work together, to share knowledge, to develop new solutions on the global level and to fulfill our shared vision of a secure and prosperous cyberspace. 18 National Cyber Security Strategy In Brief

STATE OF ISRAEL PRIME MINISTER S OFFICE NATIONAL CYBER DIRECTORATE

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback