It is impossible to take lightly the recent cyber attack, in which, among other things, the details of the users of the "Atref" dating site of the proud community were stolen.
On the face of it, this is a private matter of a private person and a commercial site, but for all intents and purposes it is a much more serious event - which requires more serious consideration than has been given so far.
The fact that the infrastructure that was attacked this time is relatively marginal - compared to the attack on Hillel Yaffe Hospital, the Shirbit company or the municipal water infrastructure - makes it possible to look at it in a matter-of-fact manner, without excessive hysteria.
And such an examination indicates that Israel is lagging behind in everything related to protection against cyber attacks, and the protection of the privacy of its citizens.
Even two weeks later: Hillel Yaffe Hospital is still recovering from the cyber attack / Photo: Hillel Yaffe
It is no secret that Israel is under cyber attacks, the frequency of which is only increasing.
The reasons for this are many: from the fact that Israel is an advanced country that relies significantly on computing infrastructure (a paradise for attackers looking for ransom), to the multiplicity of enemies and rivals who seek the same infrastructure to obtain information or cause damage.
In these and those there is no surprise;
Israel is well aware of the threats, and is apparently also prepared to respond to them.
But there is a worrying and dangerous gap in the way Israel treats the various threats to the various infrastructures.
Not that all infrastructures need the same protection;
Just as the Personal Security Unit protects the personalities that constitute symbols of government and not every citizen, so the National Cyber Headquarters is responsible for securing the critical infrastructure and not the personal computer of each of us.
But from here to the debauchery that exists today, the road is long.
The cyber headquarters distributes news to the controllers about the threats, but a large part of the factors simply ignore them.
The attack on Hillel Yaffe is a good example of this: if the hospital had bothered to update its protection software against new vulnerabilities that had been exposed and published, the damage would have been spared.
This is exactly what happened to Shirbit, and other factors, who did not take good care of themselves (and us).
Hillel Yaffe Hospital is beautiful.
Victim of a cyber attack, Photo: Danny Maron
The problem is that no one really oversees the application, and certainly no one fines those who do not do what is required of them.
Cyber law is full of loopholes in this regard: it has no real enforcement powers, and it has no incentives for organizations to be careful and preserve themselves and the information in their possession - which is our private information.
Unhealthy decision making
In this situation, the Privacy Protection Authority was asked to intervene and act, but it operates as if it did not concern it - even when the private information of users of one site or another may be published, some of which may cause personal, image or financial damage as a result of the exposure.
On the face of it, the current event could have been closed with a ransom - but that would not happen.
Unlike the attack on Hillel Yaffe, it seems that Iran is responsible for the current incident - through the Black Shadow group that works on its behalf (and has already attacked Israel in the past).
The laws banning money laundering and banning terrorist financing prevent payment to Iran-related entities, and in any case it is doubtful whether the attackers' goal is to get money;
It is more likely that they are mainly interested in embarrassing Israel, and presenting it as someone who cannot protect its citizens.
This is exactly what the factor that attacked and shut down gas stations in Iran last week tried to do: present the Iranian government as an empty vessel.
Yesterday (Sunday) Iran accused Israel of being behind the attack, and is therefore asked to ask whether prior to the Israeli attack there was an orderly discussion of its desired achievements, and the dangers it entails - from exposing capabilities to an Iranian counter-attack as revenge.
The answer to this can be assumed to be negative.
Defense Minister Bnei Gantz, Photo: Oren Ben Hakon
Israel does not have an orderly policy in the cyber world, and its activities - as in almost any other security area - are not done as part of a strategic vision, but mostly from the occasional exploitation of various opportunities and pressures.
This is an unhealthy recipe for decision making;
Not only because of the controversial achievement on offense, but also because of the holes exposed as a result of it in defense.
As stated, the state cannot protect every citizen at any given moment.
Even when there is a kinetic attack in Syria or a senior assassin in an enemy organization, there is a fear that the counter-reaction will lead to Israeli casualties.
But it is at least expected of it to take steps that will reduce the risk, certainly in a world as hackneyed and attractive as the cyber world.
And all this Israel is late to do - in legislation, enforcement and also in the way decisions are made.
It will only arise after significant damage has been done to infrastructure and civilians, which is a shame.
