Written by Haim Ravia and Dotan Hammer
The Israeli government has promulgated emergency, wartime regulations to address severe cybersecurity incidents in the digital services and hosting sector in Israel. The regulations authorize the Israeli National Cyber Directorate, the Cyber Threats Division of the Israeli Security Agency (also known as “Shabak”), and the Chief of Security at the Defense Establishment in Israel, to issue directives to digital services and hosting providers in Israel in case of a severe cybersecurity incident where a genuine threat to national security or public safety arises.
At the same time, the Israeli National Cyber Directorate published a draft bill that would enact the emergency regulations as law. The draft bill’s explanatory notes indicate that the ongoing war against Hamas has seen a significant increase in the scope and severity of cyberattacks against civilian targets in the Israeli economy.
A “severe cybersecurity incident” is defined as one that an authorized officer at the Israeli National Cyber Directorate, the Cyber Threats Division of the Israeli Security Agency, or the Chief of Security at the Defense Establishment in Israel has found to be severe due to a genuine concern that at wartime, the attack would have material adverse effects that are not limited to a given, specified, target service provider.
The directives that the authorized agencies may issue to digital services and hosting providers include action necessary to identify the cyberattack, defend against it, or prevent it, in furtherance of the overarching objective of protecting the public interest and mitigating the adverse effects of the attack.
Click here to read the Emergency Regulations (Iron Swords) (Addressing Severe Cyberattacks in the Digital Services and Hosting Services Sector) – in Hebrew.
Click here to read the draft bill on Addressing Severe Cyberattacks in the Digital Services and Hosting Services Sector (Interim Measure – Iron Swords) – in Hebrew.