National Cyber Security Authority (Israel)

The National Cyber Security Authority (NCSA), located within the Prime Minister's office, was an Israeli security entity responsible for protecting the Israeli civilian cyber space from 2016 to 2018. The NCSA provided incident handling services and guidance for all civilian entities as well as all critical infrastructures in the Israeli economy, and works towards increasing the resilience of the civilian cyber space.

At the end of 2017, the Israeli government decided to merge the NCSA with the Israeli National Cyber Bureau (established in 2012), the unit in the Prime Minister's Office, which served as the government's cyber policy Bureau, into one unit - the National Cyber Directorate.

Background
Israel was one of the first countries to set up national Critical Infrastructure Protection CIP or CIIP. In February 2002, the Israel Government passed Resolution B/84, deciding to protect Critical Infrastructure, and assigning the Israel Security Agency ("Shin Bet") with the task. The National Information Security Authority (NISA ) took upon the task.

Although this CIP model has proven successful, the country's connectivity and dependency on technology continued to increase, and calls for an improved cyber strategy grew stronger. The discovery of Stuxnet catalyzed the policy processes.

In November 2010, Israeli Prime-Minister Benyamin Netanyahu formally nominated a special taskforce to devise recommendations for a National Cyber Strategy, also known as the "Cyber Initiative". The team, headed by Major-General (Ret.) Prof. Isaac Ben-Israel of Tel Aviv University worked for several months, in eight sub-committees manned by dozens of experts. The team examined all the components vital to the need of the State of Israel to cope successfully in cyberspace, including the analysis of national benefits regarding aspects of economy, academy and National security. The "Cyber Initiative" teamwork was concluded in May 2011 and summed-up in a special report dispatched to the Prime Minister.

The team's main conclusion was that "cyber-attacks should be considered as a substantial potential threat to the functional continuity of the state, its institutions and its citizens", and that "a central gap has been identified in the cyber defense of the civil sector at large".

At the core of its report, the team recommended that two bodies be established – namely, a "National Cyber Bureau" and an "executive body for the security of the civil sector" by its side. The team also recommended to set-up a national "cyber defence foil", comprising automated computerized systems and manned systems, together defending pre-defined computer systems. It also motioned for the establishment of a national CERT. The team indicated that the civil and security components of cyberspace are interlaced and are, to all intents and purposes, inseparable, and that there is a need for a broad national perspective and for an understanding that the preparedness of the State of Israel to the challenges of cyberspace is a national undertaking of the first order.

Following that, in August 2011 the Israeli government passed a resolution to establish the Israeli National Cyber Bureau (INCB), designated to assist the prime minister, the government and its committees in forging a National Cyber Policy and fostering the application of its aspects of National Security. Specifically, the INCB was assigned to develop a national cyber security strategy.

The development of that strategy generated a professional and important discourse on the national level regarding possible ways to establish an operational body responsible for the defence of the civil cyberspace. The need for it has never been in doubt; however, the manner in which this need should be satisfied has been the subject of many discussions and some poignant disputes, and was finally resolved through the government's decision to establish a civilian body in the Prime Minister's Office – the NCSA.

Government Resolutions 2443 and 2444
In February 2015, the 33rd Government of Israel approved two government resolutions concerning the Israeli cyber defense, centered by Government Resolution 2444, "Promoting National Preparedness for Cyber Defense". In this resolution, the government stipulated that the defense of the proper functioning in cyberspace is a vital, national state goal and a vital national interest of the state of Israel.

It was accordingly decreed that the aim of the NCSA is to protect the entire civilian cyberspace of Israel. Its functions include:

a.	Managing, operating and carrying out all operational defence efforts in cyberspace on the national level, as needed in order to give a whole and continuous response to cyber-attacks. b.	Operating the national CERT for the benefit of the economy as a whole, including the improvement of cyber resilience, and to assist in dealing with cyber threats and coping with cyber incidents. c.	Building and enhancing the cyber resilience of the Israeli economy through preparedness, competence and regulation, including the enhancement of sectors and organizations, guidance, regulation of the cyber defence services market, licensing, standardization, exercising and general training, Incentivization, etc. d.	Forging, implementation and assimilation of a national Cyber Defence Methodology. e.	Performing any other task stipulated by the prime minister, according to the NCSA's aim.

Establishment of the NCSA
The NCSA began its activities in early 2016, upon the nomination of its Director General, Buky Carmeli. Carmeli came to the post after serving for over 20 years in Unit 8200 and in the defense establishment. In his last position he served as head of the technological unit of the Malmab, where he led cyber defense in the defense establishment and defense industries, and in the past he was involved in initiatives in the field of protection of sensitive systems. Prior to that position he headed a hedge fund that invests in international technology funds.

NCSA was established as a body which combines security and operational characteristics with civil ones, to synergistically lead, together with all other State security organizations, the defense efforts against cyber-attacks, aimed at Israel's civil sector.

One of the core missions of the NCSA is to assist Israeli organizations and the Israeli public at large in dealing with cyber threats – irrespective of the identity of those responsible for them. This assistance is realized through the CERT-IL (the National CERT). Located in the city of Beer Sheva at the heart of southern Israel, the CERT is a 24/7 center, offering aid to the general public: from the National Critical Infrastructure companies to the man on the street. Beside the CERT, special sectorial centers were established, assisting the government ministries, the Financial Sector and the Energy Sector, and had already proven the value of creating sectorial expertise.

In many cases, after a professional analysis of the significance of the incident, it was decided to send response teams to assist the organization in containing the attack. For example, it was published in the media that during April 2017, the NCSA had thwarted a largescale cyber attack targeting over 120 organizations in Israel, and that in June, the NCSA dealt with a large cyberattack on Israeli hospitals.

As a governmental entity facing the public, the NCSA was aware that information being shared is often sensitive or confidential due to matters of privacy, intellectual property, etc. Therefore, its actions are compatible with the specific guidelines determined by the Attorney General and the Department of Justice.

The NCSA acted not only in removing attacks that had already penetrated organizations, but also helped deal with cyber threats before they reach the organizations. Thus, the BCSA led the national coping with dozens of cyber threats, such as: WannaCry, NotPetya, CCleaner and Bad Rabbit. In addition, since its creation, the NCSA has been active in the global cyber security community and has had operational relations with many bodies from various countries across the globe. These relationships generated not only shared insights and orderly work processes, but also real-time operational aid. Because of this connection, dozens of countries have in many cases assisted the NCSA's efforts to curb international attacks on Israeli organizations. Also, it was reported that the NCSA had created a framework for cooperation with the DHS's cyber protection body.

Another important activity the NCSA has been conducting since its establishment is boosting the economy's cyber resilience. This activity is conducted in consent, by means of raising organizations awareness to cyber threats, and through guidance, when public interest requires it.

Since March 2017, the NCSA was responsible by law to guide national CI organizations, such as the Israel Electric Company and Israel Railway, how to cope with cyber risks, which might shut down critical systems under their direct responsibility. Meanwhile, the NCSA began work with the sectorial regulators, in order to apply cyber-defence norms to various defence objectives. Thus, the NCSA and the Israeli government set up dedicated units within the regulatory authorities, and their activities have already begun to bear fruit, in the shape of risk assessment surveys and “cyber annexes” which help guide the relevant organizations under the general authority of each regulator.

In addition, in order to assist the economy in preparation for cyber threats, the NCSA published in early 2017 the "Organizational Cyber Defence Methodology". Based on NIST CSF, it offers every organization in Israel, be it large or small, with tools for the management and optimization of its defense against the risks of cyber threats, and assists it with devising a well-ordered work plan. Thousands of Israeli organizations are already working according to this methodology, which is accessible to all as a free service rendered to the Israeli economy (pdf).

Meanwhile, the NCSA has invested efforts in developing a professional cyber work force. This was carried out in several layers: initiating (in conjunction with the Ministry of Education) a strategic plan to educate youngsters in cyber; incentivizing the labor market to shift towards cyber defense jobs; and, finally, setting a professional benchmark for those who work in this field in the government ministries.

In this context, the NCSA was working to incorporate diverse elements of Israeli society into the industry and the government. Thus, in the course of 2017, vocational courses were opened for the ultra-orthodox community (both men and women), financed by the Ministry of Labour and Welfare.

Dissolution of the NCSA and establishment of a new unified body
As mentioned above, following the recommendations of the INCB, the government decided in February 2015 to establish the NCSA as the central operational body for cyber Security in Israel, which will work alongside the INCB as part of a "National Cyber Directorate". The decision to operate two independent units within one directorate was made at the time due to the need to build and strengthen separately the two branches – both the policy (which the INCB is responsible for) and the operational (NCSA). Therefore, each of the units was appointed a separate Director General and they were managed as independent entities. Towards the end of 2017, following the Prime Minister's directive to concentrate efforts in the field of cyber defense, it was decided to unify the authority with the national cyber headquarters, and in December 2017 the Government of Israel passed the government's resolution to unify them into one unit, the National Cyber Directorate, which will be responsible for all aspects of cyber defense in the civilian sphere, from the formulation of policy through R&D, to the operational defense of cyberspace. Its first Director General was Igal Una, the first to be responsible for both operational defense (which was the responsibility of the NCSA) and for the construction of the state force (which was the responsibility of the INCB).