Of Cyber And Regulation

This post is also available in: עברית (Hebrew)

Avi Yariv

At the Cyber and Regulation conference, which took place in the University of Haifa last week, special attention was given to the regulatory challenges that cross state borders in the cyber field. The conference was attended by both academy and industry (Sponsored by the Israel Association of Electronics & Software Industries), and was organized by prof. Amnon Reichman and prof. Niva Elkin-Koren from the University of Haifa. Senior lecturers from Israel, the United States, and the world discussed this fascinating subject.

According to prof. Jonathan Zittrain, from Harvard University, the trend of exchanging products for service over the internet, limits creativity and allows the larger companies, the suppliers of technological infrastructure for services, to have power facing small, creative companies. Gathering information is achieved with a large clientele – the algorithm which produces insights from this information is written and managed by the big companies who control and in fact use the wide amounts of information produced and sometimes (being either aware or unaware) also tilt those insights. Sometimes individuals can learn these breaches in the process of “customer production” and use them in various ways.

Amit Ashkenazi, the legal adviser for the national cyber bureau, explained about it. Ashkenazi explained the American concept of STIX for information sharing, a language built for intelligence regarding cyber threats.

Prof. Bracha Shapira,  chair of the Information Systems Engineering Department at Ben-Gurion University, talked about Big Data technology for surveillance and analysis. The challenge is creating value from the mountains of data, using advanced algorithms and techniques. We are witnessing the development of Data Scientists – developing analysis expertise, and a secure method of collecting and using the data and the insights.

Prof. Michael Birnhack, from Tel Aviv University, spoke about a new position in company management – the CPO – a position combining law, technology and organization. Another subject discussed – the issue of privacy by design (PbD) – for example body scanners at the airport, that never took into account voyeurism and presenting a man with no clothes as part of the scan.

Prof. Joel Reidenberg dismisses altogether what most of us hold dear. To him the question of how to keep a democracy in an age of, privacy, security and cyber” is irrelevant – since democracy is no longer relevant. According to him, we are stepping towards a different form of government which will be more fitting for the new circumstances. Democracy respects the law, hold each and every one us accountable, promises individual freedom and maintains public order. According to Reidenberg, we are losing respect for Rechtsstaat and the government, all the data is being recorded constantly so everyone is guilty all time, all of our information is online, which makes us no longer anonymous – we have lost our freedom and privacy, security softwares reveal a lot about us – information that endangers our safety by being available to those with malicious intents.

The conclusion is that we are witnessing and evolution in the system of government and a growth of a new governmental dynamics.

Ami Braun, VP at Cyberbit, Elbit System’s cyber company, presented the organization’s’ security perception. Walls and isolated networks no longer offer the proper security. In order to provide a full solution, these next steps must be taken: Risks evaluation, prevention, monitoring and detection, and finally response – eliminating the threat and closing the breach.

A cyber attack is not an isolated event but part of an attack protocol including many stages of intelligence, investigation, trial and error – until the aggressor succeeds. The response process is also complex and includes technological, regulational, business, organizational capabilities, as well as disabilities. The way to a solution includes technology, procedures and regulations, personnel training and cooperations between organizations and systems.

Prof. Nico Van Eyck, from the University of Amsterdam, spoke of setting standards for transparency and supervision in national intelligence agencies operations. Such agencies must be provided with sufficient resources to allow for controlled and transparent operations.

Esti Peshin, Director, Cyber Programs, at Israel Aerospace Industries, attacked the academy for publishing articles discussing weaknesses and weak points in national critical infrastructure systems. Hackers’ abilities to learn the weakness and use it to cause damage is high must more efficient than the industry and regulators’ ability to close the breach. There is also an implementation cycle which offers hackers a serious head start to cause damage before the good guys come in with a solution.

Tal Goldstein from the national cyber bureau spoke on strategical plans on the national level.

Mr. Eldar Haber spoke on the matter of finding a countermeasure against cyber attacks on national critical infrastructures, while balancing it with privacy rights.