Israel’s State Comptroller Audits Cybersecurity and Accountability

Matanyahu Engleman is Israel’s State Comptroller, tasked with ensuring that government funds are spent properly and to thwart corruption. He has held key positions across government, academia, and the private sector, including just to list a few, Executive Vice President and Director General of the Technion, Israel Institute of Technology, Director General of the Council for Higher Education, and the Audit Committee. In addition, he was Director General of the Council for Higher Education in the Audit Committee, Director of Joint JDC Israel, and the first Vice President of EuroCite, the European Organization of Supreme Audit Institutions. 

Note: This interview was recorded prior to the horrific October 7th attack on Israel.

————–

In a recent episode of the Left to our Own Devices podcast, Israel’s State Comptroller and Ombudsman, Metanyahu Engleman, shed light on the crucial role he plays in the nation’s governance. Engleman’s responsibilities are vast, but at the core of his mission is the task of auditing. His job is to scrutinize any department or organization that receives public funds or possesses the authority to collect such funds. In his interview, he delved into the key insights, emphasizing his focus on cybersecurity and modernizing the approach to audits.

Operating independently is pivotal to the controller’s role. Engleman carries the responsibility of choosing the subjects of his audits from a pool of over 2,000 public bodies. His background and vision have steered him away from the traditional compliance audits that focused on determining only whether organizations adhered to the law. Instead, he now emphasizes cybersecurity audits as a way to protect the state’s funds.

Governing in Israel, which is known as the “Startup Nation”, Engleman is a strong proponent of bringing the innovative startup spirit into his office. His approach is not about dwelling on the past but embracing the future. He illustrated this during a meeting with Israel’s Police Commissioner, Kobi Shabtai, where he urged law enforcement to shift their focus from traditional crime prevention to the digital realm. “When I met the Police Commissioner in Israel, Kobi Shabtai, and I had an introductory meeting with him, I told him, whenever you think about protecting the public, don’t think about the old way,” said Engleman. “Then if somebody was approaching a bank, you’d have to safeguard over there to see that he is not coming to rob the bank. Not anymore. Look at all the services that we receive in digital ways. This is the relevant place for the police to be, for law enforcement to be, because these are the new criminals.”

The advent of online services and the changing landscape of crime meant that law enforcement needed to adapt to the modern criminal, who operates digitally.

One of the most striking points raised in the interview was the critical need for enhanced cybersecurity measures. It was revealed that cybersecurity had not been given due consideration by the comptroller in the past, despite it being a massive threat to the nation. Today, with children in Israel spending an average of four hours online daily, the importance of safeguarding digital spaces cannot be overstated.

Engleman extended his auditing purview to the education system to assess how well it prepared students to navigate the online world and cope with the potential dangers and crimes that lurk there. Engleman’s initiative led him to engage with the Department of Education and other relevant stakeholders to address this glaring gap in the system.

Engleman’s department took a proactive stance in addressing cybersecurity concerns and published the “Cyber Information Systems Report.” The report revealed critical insights into the state of cybersecurity in Israel. Notably, it pointed out that the global cost of cybersecurity in 2020 had surged from $6 billion to $10 billion today. Government authorities were identified as being among the most exposed entities to these escalating threats.

The report focused on three primary spheres:

1. Public Expenditures in IT and Cyber Protection– It examined the rate of expenditure on cybersecurity and information technology, emphasizing the importance of protecting these digital assets.
2. Cyber Attacks and Infrastructure Damage- The report delved into the impact of cyber attacks on critical infrastructure, highlighting the vulnerabilities that needed to be addressed urgently.

Personal Information Protection- It assessed public sector entities’ handling of citizens’ personal information and emphasized the need for better safeguards.

The audit of these spheres produced crucial insights into Israel’s cybersecurity landscape:

• Lack of Binding Regulation– One major gap identified was the absence of binding regulations and a centralized governmental body to oversee cybersecurity across all sectors of the economy.
• Gaps in Protection– Many public bodies were found to be inadequately aware of their duty to protect the information they held. This lack of awareness posed significant risks.
• Law Enforcement Unpreparedness– The report highlighted the alarming fact that nearly 90% of cybercrime victims did not report the incidents to the police. Even more concerning was that 75% of reported cases remained unsolved due to the authorities’ lack of knowledge about the attackers.

Whether speaking about securing digital systems or the physical products we rely on, the realities of today’s threat landscape demand that we prioritize removing vulnerabilities from our systems– whether it is the result of software vulnerabilities or human error.