State Comptroller Matanyahu Englman on Tuesday issued a series of reports detailing widespread security lapses across Israel’s transportation network, critical infrastructure, airport protection and biological-research oversight, warning that the findings “should keep government ministers awake at night.” Most of the reports were released publicly, while a separate audit on Israel’s air-defense systems remains classified.
Light rail preparedness
Englman’s review identifies significant gaps in security on the Tel Aviv light rail, including staffing shortages among security guards, reduced training refreshers and unresolved communication failures between emergency agencies underground.
The red line, built to carry about 300,000 passengers a day, includes both above-ground and underground segments and has long been considered a high-risk target for terrorism.
That risk materialized on Oct. 1, 2024, when two terrorists opened fire on passengers and people waiting at the light-rail station on Jerusalem Boulevard in Jaffa, killing seven and injuring dozens.
Despite that attack, the comptroller found that the Transportation Ministry has for more than five years failed to present an expert assessment to replace the casualty scenario set in 2019 by the National Emergency Authority. The ministry rejected the scenario as unrealistic but did not produce an alternative by the end of the audit in January 2025.
A letter from the National Emergency Authority published in the report described the ministry’s handling of the issue as “the embodiment of absolute absurdity.”
Englman warned that the lack of an agreed-upon casualty scenario could undermine coordinated rescue, evacuation and medical response during a mass-casualty attack, especially at underground stations.
The report also notes that Israel lacks a formal mechanism to ensure security consultation during planning and tender stages for large public projects that include underground spaces, even though unconventional terror attacks have taken place in other countries.
Security staffing, training and communications
The comptroller reported that the red line’s security-guard force shrank even before October 7 and decreased further once reservists were called up. In several cases, the number of guards on duty fell below required standards. Training refreshers, including hand-to-hand combat sessions, were also reduced.
Communication gaps between emergency services remain unresolved. Magen David Adom teams still lack reliable radio communication underground and cannot interface with police and fire services. Medics instead rely on mobile phones, which would fail if cellular networks collapse. Some findings in this section were withheld for security reasons.
Critical infrastructure protection
Englman found that the Defense Ministry, the IDF and the National Security Council had not advanced national plans to fortify critical facilities against rockets, missiles and other aerial threats, despite repeated warnings and despite the events of Oct. 7.
Before the war, the Defense Ministry had not mapped the facilities needing fortification and had no multiyear plan or budget. A senior official’s appeals between 2019 and 2022 to defense ministers went unanswered. Only in December 2024, as the follow-up review ended, did the ministry’s director general order formation of a team to address the issue.
The report says the National Security Council also failed for years to bring the matter for discussion in cabinet forums responsible for preparing the home front, even though air-defense systems cannot provide full protection.
Ramon Airport readiness
At Ramon Airport near Eilat, the comptroller found that no single official at the Israel Airports Authority oversees security. The report also highlights gaps in the police command-and-control framework for mass-casualty events.
A six-year dispute over who must fund the airport’s medical-emergency response remains unresolved, despite repeated National Security Council directives. In a March 2019 letter, a senior Health Ministry official wrote that the ministry “cannot assume responsibility” for routine or emergency medical coverage at Ramon without dedicated funding.
Houthi drone strike at Ramon airport
Englman said the absence of a medical-response plan endangers passengers and staff and called on the head of the Civil Aviation Authority to ensure all deficiencies are corrected for the airport to meet licensing requirements. He also said Transportation Minister Miri Regev and National Security Minister Itamar Ben-Gvir must verify that Ramon is prepared for emergencies, particularly in light of lessons from the Oct. 7 attacks.
The report cites shortages in manpower, equipment and infrastructure, as well as shortcomings in postwar lessons-learned processes. It also notes that Ramon Airport has recorded an average annual operating loss of 274 million shekels from 2019 to 2023, totaling roughly 1.4 billion shekels.
Defense-export marketing agents
Another report criticizes the Defense Ministry’s oversight of private agents, intermediaries and marketing facilitators used by Israeli defense companies in export deals. Israel received a score of 64 out of 100 in Transparency International’s 2024 Corruption Perception Index.
The comptroller warns that reliance on external marketing agents carries significant corruption risks under Israeli law and OECD conventions. In one 2020 case, a high commission promised to a marketing agent was discovered accidentally by ministry officials, who then blocked the deal.
The audit found major gaps, including the absence of rules for supervising marketing agents, no review mechanism for companies’ compliance programs, no system for verifying who the agents are or how commissions are approved, and no comprehensive database of agents.
Englman said corruption in defense exports could harm Israel’s security, foreign relations and global standing, and urged the Defense Ministry’s director general to adopt clear oversight rules, including requirements for small and mid-size exporters.
Biological-research oversight
A separate report warns that Israel has not established the regulations required for labs working with dangerous pathogens, even though the law mandating them passed in 2008.
The Health Ministry has not set criteria for recognizing institutions authorized to handle pathogens, and guidelines from the national council overseeing such research have never been anchored in regulation. The comptroller said this increases the risk of knowledge or biological agents leaking to hostile or criminal actors.
Englman also warned that there is no oversight of dual-use biological research that could aid in developing biological weapons. Since 2008, the oversight council has not debated criteria for reviewing sensitive publications, and a dispute persists between police and the National Security Council over who is responsible for supervising such matters.
He said rapid advances in synthetic biology and AI tools heighten the risks and called on the Health Ministry to establish regulatory oversight and coordinate with relevant agencies.
Cybersecurity and data protection in the Defense Ministry
The comptroller found inadequate cyber protections for Defense Ministry databases containing personal data of hundreds of thousands of people. Penetration tests are insufficient, and many users retain active access they do not use.
A review found that about half of the 481 users with access to the “Shemesh” system had not logged in for more than six months, and 29 percent had never logged in at all.
Englman said the ministry must comply with privacy-protection requirements, especially ahead of an August 2025 legal amendment, and must review authorization procedures across all systems.
Consultants employed by the Defense Ministry
The audit found that 27 percent of consultants employed across the Defense Ministry as of October 2024 were working beyond limits the ministry itself set to prevent dependency on long-term contractors. Nearly half exceeded either maximum monthly hours, maximum years of service or both.
Englman warned that excessive reliance on consultants undermines fair competition, risks creating employer-employee relationships and may lead to loss of institutional knowledge. Only three of the 20 highest-paid consultants were women, with an average monthly engagement of 65,000 shekels.