Israel cyber head: US-backed cyber norms too broad

Israel cyber head: US-backed cyber norms too broad
© Getty

The head of the of the Israeli National Cyber Directorate on Tuesday criticized the State Department's strategy for developing international cybersecurity norms, calling the plans overly broad.

Secretary of State John KerryJohn Forbes KerryBringing the American election experience to Democratic Republic of the Congo Some Dems sizzle, others see their stock fall on road to 2020 The Hill's 12:30 Report MORE last year listed a number of cybersecurity norms the department has pursued. They were meant to differentiate acceptable espionage from malicious actions.

ADVERTISEMENT
Kerry's five points included governments not impeding emergency teams responding to a cybersecurity problem, not stealing intellectual property, cooperating in investigating crime, aiding countries under attack and not attacking critical infrastructure. 

"The norm of 'do not attack critical infrastructure' sounds great, but can you define for me what critical infrastructures are?" Eviatar Matania asked at the Billington Cybersecurity Summit in Washington. "The definition in every nation is different. Some will define everything as critical."

Matania asked whether the U.S.'s definition was unique. U.S lawmakers and observers have recently begun debating whether elections count as critical infrastructure. 

Matania stressed that increasing international cooperation was a still critical component of developing any one nation's security and said he was taking steps to increase connections between London and Washington. 

"It is not by coincidence I am here," said, referring to the Billington conference, which attracts many government representatives.

Matania further advocated that countries, especially those similar in size to Israel, follow Israel's lead in moving to a centralized cybersecurity organization. 

“When you need 24/7 to understand what is happening in your country, to have the best people to analyze what’s happening, to have a critical mass of knowledge and need someone to be accountable for everything, you need a one and only authority,” he said, referring to a centralized cybersecurity authority as the final phase of evolution in a country's security posture.

The U.S. currently segments cybersecurity responsibilities across agencies, states and national offices. Even the advisory positions are split, ranging from National Institute of Standards and Technology wing of the Department of Commerce to the new Federal Chief Information Security Officer in the Office of Management and Budget. 

Israel approved a centralized authority in February and has been working to transition to it since then. 

He added that governments should work to share the fiscal risk of innovation with investors and pair private industry with university research. 

“Encouraging innovation means knowing that most of the projects will not succeed. They will fail. Encouraging innovation means building a culture where people try and fail, try again and fail — but then they succeed,” he said.