Article written by Haim Ravia, Dotan Hammer and Adi Shoval
The Israeli government is proposing a draft bill that would be provisionally effective for two years, which among other matters would authorize the National Cyber Directorate and the Israeli Security Agency (colloquially called “Shabak”) to instruct private and public organizations on how they should defend against cyberattacks, and obtain court orders granting these agencies direct access to operate the computer systems of private and public organizations.
The draft bill’s explanatory notes indicate that amid this past year’s COVID-19 pandemic, “the level of risk has dramatically increased, among others due to the greater scope of employees working remotely in the private and public sector, the increased activities in the digital arena, and the accelerated digitization of services in the public and private sectors.
According to the draft bill, the National Cyber Directorate could instruct an organization how it should prepare for cyberattacks if it is convinced that the organization engages in essential activities, it suffers a critical security vulnerability that it does not address, and a cyber-attack against the organization would severely harm the public interest.
The draft bill would also authorize the National Cyber Directorate to collect personal information if it is valuable for cyber-defense purposes, or if a court authorizes the collection. The draft bill would limit the use of such information for cyber-defense only or otherwise subject to court approval.
The draft bill seeks to grant similar powers to the Israeli Security Agency.
CLICK HERE to read the draft bill on Cyber Defense and National Cyber Directorate (Powers for Reinforcing Cyber Defense) (Provisional Measure), 5781-2021 (in Hebrew).