“The ‘NIST Cybersecurity Framework’ has served as a solid and beneficial basis for developing the Israeli "Cyber Defense Methodology for the Organization". Furthermore, harmonizing our methodology with leading standards creates an international cyber defense language which supports collaboration against global cyber threats.”
-Igal Unna, Director General,
Israel National Cyber Directorate (INCD)
- The Israeli economy is comprised of small and medium-sized businesses, corporations, and other enterprises, including many that are key to its information infrastructure. Like most other nations, the Israeli economy relies heavily on information technology (IT) and operational technology (OT), which leaves the nation and its businesses vulnerable to many types of cyber risks.
- The cybersecurity of Israel’s critical information infrastructure (CII) has been guided, but not extensively regulated, by the state since 2002. Some sectors have implemented varying levels of regulation, yet most of the market is not regulated for cybersecurity risk management.
- In 2012, the Prime Minister's Office established the government Bureau responsible for promoting cybersecurity in Israel, known today as the Israeli National Cyber Directorate (INCD). Its responsibilities include promoting the resilience of the Israeli market against cyber threats.
- In 2017, INCD published the Israeli Cyber Defense Methodology (ICDM), which adopts the NIST Cybersecurity Framework – making it available to be implemented by the whole economy of Israel.
- Stakeholders recognized the need for an easily-adopted approach for achieving cybersecurity objectives and better protecting important resources.
- Legacy methodologies focused on "Identify, Protect and Recover" outcomes; the application of the NIST Cybersecurity Framework is seen as strengthening "Detect and Respond" considerations.
- Developing an international common language is of utmost importance for Cyber Defense. The Cybersecurity Framework was seen as enabling Israeli stakeholders (industry, academia and government) to engage with international colleagues.
- Stakeholders needed a flexible framework that could map to local and international standards as well as reduce the workload to achieve and record adherence to multiple regulations.
- INCD wanted to build upon previous experience from CII and local regulations, in addition to other international models such as ISO 27001 and the NIST Risk Management Framework.
- Many organizations work with global security software and products, which helps present the organization's compatibility with NIST's methodology. Adhering to this Framework helps the economy to adopt the Israeli methodology more smoothly and quickly.
- INCD chose NIST Cybersecurity Framework as the basis for building the methodology for the Israeli economy. Most of the controls that allow the method to be implemented are also derived from NIST (Special Publication 800-53).
Results and Benefits
- Synchronizes the common international cybersecurity language of the Cybersecurity Framework among the various Israeli stakeholders (economy, academia, government).
- By choosing the NIST Framework, it was simpler to convince regulatory and legal professionals to support the method, since they knew it was well-established, tested, and implemented in many organizations around the world.
- Provides a flexible framework to meet various sectoral and market needs.
- Since the ICDM was published in June 2017, it has been adopted voluntarily by many organizations in the Israeli market.
- Increase efforts to expand accessibility and assimilation of ICDM in the economy.
- Automate the ICDM process in a free application, available on the INCD website. The first module, addressing supply chain, has been released along with updates to the full ICDM module. Embedding the array app into organizations' compatibility with the NIST Framework, including Framework-based reports and graph development.
- Incorporate ICDM as the basis for guidance in various sectoral regulators’ work plans in 2019.
- Establish a national ICDM-based certification scheme for secure organizations. Work to harmonize an ICDM certification scheme with leading international standards.
- Develop a new organizational maturity model in 2019 based on ICDM.
- Develop ICDM 2.0 to include CII and new updates.
Contact Information & Resources
Here is the downloadable version of this Success Story.
NIST does not validate or endorse any individual organization or its approach to using the Cybersecurity Framework.