Ombudsman sounds alarm on Israel's shoddy cybersecurity infrastructure

Through services of white-hat hackers, State Comptroller Englman's office was able to map out vulnerabilities at Israel’s main airport and one Israeli hospital, as well as myriad of cybersecurity shortfalls that put numerous state institutions at risk of falling prey to hackers
Yaron Drukman|
State Comptroller Matanyahu Englman on Tuesday released a special report listing a myriad of cybersecurity shortfalls that put numerous state institutions at risk of falling prey to hackers.
<< Follow Ynetnews on Facebook and Twitter >>
Read More:
Through the services of white-hat hackers, Englman’s office was able to map out vulnerabilities at Israel’s main airport and one Israeli hospital.
4 View gallery
(Photo: Gil Yochanan, Rafi Kotz, Shaul Golan)

Ben Gurion Airport security breach

According to the findings, the Population and Immigration Authority has failed to properly implement a security protocol designed to prevent criminal and terrorist elements, both foreign and domestic, from entering or leaving the country.
The report presents several cases where different groups exploited the weakness in border controls to either enter or exit the country. The ombudsman further noted that the examples do not represent the full extent of the phenomenon and that it is impossible to ascertain how many times, by whom and for what purpose the weakness was exploited.

Old non-biometric passports and ID cards

The state comptroller dedicated a whole chapter to the issue of biometric ID cards and passports, parts of which were redacted due to national security concerns.
4 View gallery
מתניהו אנגלמן
מתניהו אנגלמן
State Comptroller Matanyahu Englman
(Photo: State Comptroller's Office)
According to the report, almost half of Israelis did not make the switch to biometric ID cards despite the state sinking NIS 430 million ($115 million) into the move.
About 45% of Israeli ID card holders still possess the old, easily forgeable version despite the biometric version having been available for almost a decade and becoming mandatory in 2017. Additionally, some 2.9 million Israelis, comprising 37% of all passport holders, still possess non-biometric passports.
Englman warned that the continued use of old documents has criminal and security implications. For example, in the first half of 2022, there were approximately 400 attempts to enter the country using fake identification documents at border crossings.
He also noted that there is a clear correlation between the number of times citizens reported losing their biometric ID cards and requesting a new one and having a criminal record.
4 View gallery
תורים להוצאת דרכון בירושלים
תורים להוצאת דרכון בירושלים
Massive lines to issue passports
(Photo: Rafi Kotz)
Since the introduction of smart ID cards began in June 2013, 3,834 citizens have reported losing or having their smart cards stolen at least three times, with 70% of them having a criminal record. Of those who have made at least eight requests, 100% had a criminal record.
Englman also noted that massive backlogs in the issuance of biometric passports post-pandemic pushed back the schedule for the completion of the transition to the new version by an additional two years.

Millions of attacks a day

The report also found that Israel’s National Insurance Institute (Bituach Leumi) is targeted by millions of cyberattacks on a daily basis.
The institution—which provides a wide range of services including pensions, health insurance, unemployment payments, etc.—employs only 20 people, six of whom are students, in charge of fending off 2.9 million attacks on a daily average.
Given the volume of residents' personal information stored in the National Insurance Institute's servers and the risks of data leaks, Englman recommended classifying the body as part of Israel's critical infrastructure and shoring up its defenses.
4 View gallery
ביטוח לאומי
ביטוח לאומי
Bituach Leumi faces millions of cyberattacks every day
(Photo: Ori Davidovich)

Hospitals aren't safe either

The report also pointed out severe vulnerabilities in the servers of an Israeli hospital. The report withheld the name of the hospital out of security concerns.
The revelations are reminiscent of the conditions that led to a 2021 cyberattack that almost completely shut down a northern Israel hospital for days.
Following the audit, the management of the medical center fixed several issues and updated the security of certain systems. According to an estimate, the total cost of fixing the vulnerabilities could amount to over NIS 10 million ($3 million) per year.
The ombudsman also recommended that the Health Ministry as the regulator take action to implement the recommendations across all medical institutions.
The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.