Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

Israel: Policy Document on Regulation of Cyber Security Professions Published

(Jan. 20, 2016) On December 31, 2015, the National Cyber Bureau (NCB) under the Israeli Prime Minister’s office published a policy document on the regulation of cyber security professions in Israel. (Policy of Regulating Cyber Security Professions in the State of Israel (Policy Document) (Dec. 31, 2015), NCB website (in Hebrew).)

The NCB advises the Prime Minister and the government on cyber security policy and implementation. According to its website, the NCB is charged with “advancing defense and building national strength in the cyber field[;] … building up Israel’s lead in the cyber field[; and] advancing processes that support the first two tasks.” (Mission of the Bureau, Prime Minister’s Office website (last visited Jan. 14, 2016).)

The Policy Document explains that regulation of cyber security professions is needed to protect Israeli organizations from cyber threats and attacks. Regulated professions include that of a “Cyber Security Practitioner,” a profession that requires basic theoretical and hands-on knowledge of the implementation of certain aspects of cyber security in an organization. (Policy Document, § 16A.)  Professions that require additional professional knowledge within one’s area of responsibility are: “Cyber Penetration Testing Specialist,” “Cyber Forensics Specialist,” “Cyber Security Methodology Specialist,” and “Cyber Security Technology Specialist.”  (Id. § 16B-E.) The last-named two professions generally require an academic degree in specified areas related to computer science and engineering.  (Id. § 21A.) The Policy Document describes the responsibilities and the qualifications needed for each of these professions.  (Id. Appendix A.)

To obtain certification authorizing work in one of the above professions, the applicant will have to prove compliance with the professional and educational requirements, have attained the age of majority (18 years of age), and not have had a criminal record. (Id. § 21B(1).)  In addition, the applicant will need to have successfully passed theoretical as well as practical tests to prove relevant professional knowledge and ability.  Professionals will be further required to successfully pass professional eligibility testing once every three years, to ensure their knowledge of current “main changes and tendencies” in their respective profession.  (Id. § 21B(2-3).)

New Oversight Body

A new unit will be established within the NCB that will oversee the cyber defense services market. Among other responsibilities, the unit will be authorized to approve the list of regulated professions at least once every three years.  The unit will also evaluate the professional knowledge required under the different professions on an annual basis, to ensure that these requirements are current and relevant.  (Id. § 20.)  The unit will also be authorized to grant professional certification.  (Id. § 21C.)

Freedom of Occupation Protections

Recognizing the potential harm to the right to freedom of occupation and to free market activity, the Policy Document rejected proposals for either complete non-intervention or its opposite, the imposition of across-the-board licensing requirements as a precondition for engagement in cyber security professions. (Id. § 13.) Instead, the Document proposes that certificates of eligibility to practice will not constitute a precondition for practicing cyber security professions, under the assumption that in certain circumstances, various regulators will require cyber security providers to be certified and that such certification may even become mandatory in government offices.  (Id. § 15A.)

The Policy Document clarifies that the forthcoming regulatory framework will not monitor educational institutions or provide for training for members of the regulated professions. It assumes, however, that the topics of the exams that will be published by the NCB will provide guidance to educational and training institutions that wish to facilitate their graduates’ entry into the job market.  (Id. § 15.)