Many years of neglect: The State Comptroller published a report today (Tuesday) from which it appears that there are significant gaps in the manner in which classified security information is managed and secured in the computer systems of the Prison Service (SHBS). The report shows, among other things, that the areas of responsibility and authority of the SHBS and of the regulators in the field of classified and cyber security, are not implemented.
As mentioned, the auditor found deep gaps and significant deficiencies in the security organization, which create a real risk. Among other things, a fundamental gap was found between the essence of the organization, its nature, the information held in it and the risks related to its activity – and the functional culture that prevails in it with regard to information security and the management of classified information. It was also found that during the eight years since the failure of the Kidama project, a corporate IT project that failed after 144 million NIS had been invested in it, the Shin Bet Commission and the Ministry of Internal Security did not conduct an investigation into the circumstances of the failure and did not learn any lessons.
Also, the Israel Defense Forces began the implementation of the 2018 "Captain" (multi-year plan) in 2021, without the approval of its total budget amounting to half a billion NIS, and without the approval of the Ministry and the Minister at the time for its full implementation. It therefore appears that the Israel Defense Forces began In the implementation of a comprehensive ICT program, when it has been given budgetary approval for approximately 20% of the total budgetary cost of the program which amounts to NIS 532 million, and without the approval of the level in charge of the program as a whole. This situation poses a risk to the completion of the program in the coming years.
The report also states that as of the date of the audit, approximately NIS 39 million out of the NIS 104 million budget was actually realized, for 62% of the budget purchase orders were issued whose execution has not yet been completed. Also, the rate of decrease in the scope of the technological budget in the Shavas in the years 2021-2018 was 13%, while the Shavas budget increased by 12%, and the technological budget of the other government ministries increased by 25%.
significant gaps
An examination carried out into a series of aspects relating to the management and security of classified security information revealed significant gaps, which stand in contrast to the practice that requires parallel bodies in each of the following areas: handling of classified digital information and classified documents, regulating the handling of classified security information through security procedures, maintaining and classifying documents, handling classified information received from external parties, the regulation of the security classification of employees in the Shavas, use of means of communication.
Gilboa Prison, archive (Photo: Flash 90)In the meantime, the ministry carried out penetration tests in combination with a vulnerability assessment survey regarding the networks of the Security Service, from which significant gaps emerged, which stand in contrast to the mandatory practice of parallel bodies, in each of these issues: cyber protection of some systems, conducting information security and cyber risk surveys and conducting penetration tests, Preparation for managing cyber incidents, managing users and permissions, the development processes of a classified computer network.
As mentioned, the audit revealed a long-standing reality according to which the areas of responsibility and authority of the Israel Defense Forces and the regulators in the field of classified and cyber information security and in the field of digital technologies and information systems are not, in practice, implemented properly and as required. Among other things, fundamental gaps were found in the disaster recovery plan for the technological systems in the Israel Defense Forces "S.
The report states that the situation emerging from the audit is the result of many years of neglect, during which there was no technological governance that set goals, established processes, allocated resources, and properly managed the risks and organizational methodologies in the technological field. There is substantial budgetary uncertainty regarding the implementation of the response planned in the "Captain" program to the set of technological and security gaps.
Auditor Engelman recommended that "the Prime Minister, in consultation with the Minister of National Security, will examine the issue of information and cyber security in the IAS as a whole and in particular the issue of classified information security. The Shin Bet and the Ministry of National Security must ensure that functional continuity is not compromised in the event of catastrophic events that could endanger the stability and functioning of the national prison system."
He also emphasized that "the Ministry of National Security and the minister who heads it are responsible for the functioning of the prison system in Israel, and in this framework they must ensure that the Israel Security Service fulfills its role through an appropriate technological infrastructure, and that the power building in this area is managed with a long-term vision and a budget plan that guarantees its implementation."
The IAS stated: "The prison service welcomes the comprehensive and objective review. The prison service sees value in constructive criticism as a central tool for improving processes in the organization. As the auditor points out, as early as May 2021, the SBS carried out in-depth work to map the technological gaps that exist in the organization, and built an operative plan to reduce them, as part of the 2015 'Captain'. Shavas invests a lot of effort in completing the gaps that have been mapped, both at the operational and administrative levels, and in the past two years, over 80 projects have been completed, in record time, among them: the launch of a smart prison pilot, scanning prisoner files, computer diaries, digital prisoner counts, hybrid medicine and more".
"Upon assuming office, Commissioner Perry set as a central goal the organization's technological leap in order to be at the forefront of technology, similar to leading correctional organizations in the world, and to close gaps for many years that the issue was not the organizational priority. Shavas will continue to work to reduce the gaps that appear in the auditor's report and will promote additional technological projects, in accordance with the state budget, in order to ensure the continued positioning of the organization and the strengthening of its capabilities, to meet the security, operational and social challenges facing it," it was further stated.
© 2024 News In Israel - Israeli News In English. All Rights Reserved.