Herzliya, Israel — Israel’s recently established National Cyber Directorate (NCD) and an increasingly activist sector of the local industry are prodding Defense Ministry officials to ease “illogical and irrational” export licensing restrictions on cyber-related programs, processes and technologies.
“The state of Israel will not be able to have a good cyber defense industry if it continues to monitor these exports illogically and irrationally,” said NCD Director Eviatar Matania, a former MoD research and development official appointed in 2011 to lead the government’s cyber agenda.
At the annual Herzliya Conference here last month, Matania said the cyber industry must not be obstructed by restrictions that do not apply to other global competitors.
“Throughout the world, these industries of cyber are not limited in any way. We cannot be different from the rest of the world,” he said.
While acknowledging Israel’s need to protect its intellectual property, Matania insisted the country’s primary goal is to encourage technological innovation and fortify Israel’s front-line cyber status. The national cyber chief said he was working with MoD and other organizations to devise a more balanced cyber export policy.
“I know there are very good technologies to prevent leaking of information. We have to find a way of dealing with this problem without limiting the industry,” said Matania, whose directorate, like Israel’s National Security Council, is part of the Prime Minister’s Office and operates independently of MoD.
Speaking at the same event, Avi Hasson, chief scientist for the Ministry of Industry, Trade and Labor, said Israel’s cyber industry will be unable to attract investors or strategic partners if its business potential is limited by export license restrictions.
“If we don’t have some type of balanced export licensing process, we won’t be able to move forward,” he said.
A leading industry executive said current policy presumes a blanket denial of programs, analytical tools and processes that involve offensive capabilities aimed at supporting defensive measures. Similarly, he said companies are blocked from exporting capabilities for monitoring mobile communications devices, which are increasingly needed to address growing market demands for countering advanced, persistent threats.
“We have permission to collect information from computers, but not from mobile phones. But since everything is connected, this restriction is anachronistic and very problematic, to say the least,” the executive told Defense News.
Nimrod Kozlovski, an adjunct professor at Tel Aviv University who co-initiated the School of Business Administration’s new Cyber Security Studies program, says the binary approach used by government regulators to distinguish offensive from defensive capabilities is no longer valid.
“A decade ago, everything used to be a lot clearer,” he said. “But today, defensive technologies are required to have some reverse logic on the offensive side. Defensive technologies must have proactive measures and countermeasures that could be considered offensive, and this creates ambiguity and uncertainty.”
In an April 4 interview, Kozlovski said ambiguity in existing regulations and the lack of precedent-setting cases prompt government attorneys and license authorities to fall back on excessively conservative interpretations of existing guidelines.
“As a lawyer, I can tell you the law in Israel is unclear. Since there is not enough information out there, readers of the law are reluctant to risk more liberal interpretations that could open up the market more to export sales.”
Isaac Ben-Israel, a former director of MoD research and development who spearheaded efforts to create the national cyber authority, insisted that Israel’s cyber industry could not survive without exports.
“The cyber industry, like other industrial sectors, cannot exist solely on sales to the domestic market. These firms need to know in advance what they will be permitted to export. Otherwise, they won’t risk investment in essential research and development needed to realize the prime minister’s objective of becoming a world superpower in the field of cyber,” he said.
In an April 3 interview, Ben-Israel said a key recommendation from an expert study endorsed two years ago by Prime Minister Benjamin Netanyahu and Cabinet ministers called for a liberal export licensing policy that would promote global competitiveness.
“The policy should be to open the market, and I believe that MoD, as the lead on this issue, understands,” Ben-Israel said.
MoD Director-General Udi Shani said he was well aware of sensitivities surrounding cyber export policy and was working with the Prime Minister’s Office, industry and other relevant groups to resolve disputes.
Addressing last month’s Herzliya Conference, Shani said MoD aims to encourage the development of Israel’s cyber industry, and it is prepared to allocate research-and-development funding to promising startup firms. Nevertheless, he insisted that MoD must maintain careful and cautious oversight of the cyber sector.
“If the technology provides solutions for defense, it can also sprout in other directions,” he said.
In an implicit reference to the many veterans of the military’s vaunted 8200 Intelligence Unit and other sensitive security organizations now in the commercial cyber sector, Shani warned: “This knowledge, which is based on our brainpower, our mindset and our understanding gained from our former roles. … If this goes to another direction without oversight, it can be lethal, even if we didn’t intend for this to happen.”
Shani, a retired major general and former director of the military’s C4I Directorate of the Israel Defense Forces General Staff, noted that cyber capabilities operate in a borderless domain that demands new “nonlinear” development and oversight methods.
“The way we relate to these threats and our ability to create solutions must be different from the traditional linear thinking of MoD and other bodies,” he said.
As examples of nonlinear approaches to cybersecurity issues, Shani cited recently established branches within the IDF’s C4I Directorate and MoD’s internal security bureau tasked with a more holistic monitoring of potential threats.
In parallel, Shani said MoD would soon establish a dedicated cyber directorate within the ministry’s MAFAT Defense Research and Development Organization to cultivate the local industrial base.
“First and foremost, [the new Cyber Directorate] will be a supportive body for industry. If today we have a directorate for active missile defense, satellites and unmanned aerial vehicles, this directorate will work with industry and all other R&D directorates,” he said.