Israeli Government Publishes Draft of Regulatory Framework for the Cyber Defense Profession

The National Cyber Headquarters at the Israeli Prime Minister’s office recently published a policy document on the regulation of the cyber-defense profession in Israel, aimed at ensuring an adequate level of professionalism, reliability and ethics of those in the profession. According to the policy, its rationale is derived from the understanding that currently, professionals in various disciplines in the field of cyber-defense are employed in different organizations, and they highly vary in terms of expertise and provide no assurances as to their professional standards. 

In an effort to promote cyber-defense on a national level, the government intends to regulate the basic profession of a “cyber protection implementer”. Additional professions will be regulated based on that rubric, such as certified intrusion testers, authorized cyber investigators, certified cyber defense methodologists and cyber-defense technology specialists.

The National Authority for Cyber Protection, through a newly established unit aimed at regulating the cyber-defense services market, will grant certification credentials to individuals according to their qualifications under the professions listed above. Working in these professions, however, will not be wholly limited and the certifications granted by the Authority will not constitute a precondition for engaging in the relevant professions. Additionally, the forthcoming regulatory framework will not monitor educational institutions or provide training in this field.

The Cyber Headquarters assumes that various regulators in will require cyber defense providers to have these certifications in certain circumstances. For example, future tenders announced by public or private sector bodies will require companies engaged in the cyber-defense field to prove that their employees have been certified. In government ministries, new employees in this domain will be required to be certified.

The process of establishing the regulatory framework is expected to continue until 2021. Source: Prime Minister’s Office – National Cyber Headquarters (in Hebrew).