The challenges posed by cyber attacks are on the rise. According to a 2022 World Economic Forum report, in 2020, malware and ransom attacks increased by 358% and 435%, respectively. Covid-19 forced remote work and the massive use of digital platforms for communication. There is a worldwide return to “normality” despite the unknowns on how the pandemic will evolve. However, the new norm of allowing or encouraging working remotely by the government, businesses, and other organizations is here to stay.
Cybersecurity companies report more use of legitimate credentials to penetrate a system, in addition to the routine practice of attempting to insert malware. Defenders are in a tough race with increasingly sophisticated attackers.
The U.S. led the world into the digital era. We now know that this transition caused the urgent, strategic need to protect societies and economies against cyber attacks, which require determined government actions, including presidential executive orders and congressional legislation.
In 2014, the U.S. National Institute of Standards (NIST) published the first version of a Cybersecurity Framework, which was updated in 2018 (CSF 1.1). The CSF is organized in five key functions: (1) Identify; (2) Protect; (3) Detect; (4) Respond; (5) Recover (see here). NIST is now planning a more significant framework update (CSF 2.0).
The CSF is a tool that organizations of all types and sizes can use. The CSF is also considered a basis for standards by many other countries. In August 2022, a workshop organized to discuss CSF 2.0 attracted participants from 100 countries.
Israel’s cybersecurity ecosystem is recognized globally for its thriving technology sector. At the end of 2021, more than 30% of the cyber unicorns in the world were from Israel. In 2022 and despite the global economic atmosphere, Israeli cybersecurity companies continue to attract large capital investments.
However, it is not only technology. Israel was ahead in recognizing the need to establish a centralized government agency to deal with non-military cyber threats. A government resolution to do so passed in 2011. The agency is now called the Israel National Cybersecurity Directorate (INCD).
Based on the close U.S.-Israel relationship, it is not surprising that in 2017 the INCD used the CSF to develop the first Israel Cyber Defense Methodology (ICDM). A new version (Cyber Defense Doctrine 2.0) was published in 2021.
Now, the Department of Homeland Security (DHS) and the INCD have identified four topics in which there are significant gaps that require technology solutions, and which development justifies financial government support: (1) the protection of industrial control systems; (2) cyber visibility and situational awareness for small to medium airports or small to medium seaports; (3) comprehensive, affordable solutions for small and medium businesses; (4) advanced data fusion and analytics for to identify Advanced Persistent Threats (see here). In July 2022, DHS and INCD launched a new program (“BIRD Cyber”) seeking joint U.S.-Israel solutions on these four topics.
In a previous article, I wrote about the strategic partnership between the U.S. and Israel in cybersecurity and the approved U.S. legislation to strengthen it by jointly funding innovation and cybersecurity research and development. The BIRD Cyber program is an important first step.