In a time when hackers can silently gather vital information from any network, Jewish agencies have an obligation to take these cybersecurity threats seriously, writes the director of a Jewish Federations of North America computer security initiative.
The growing risks posed by homegrown terrorism, the rise of European ultranationalist fervor and anti-Israel boycotts, coupled with the likelihood that Mideast tensions may intensify, has given rise to a distinct and unfamiliar threat directly impacting both homeland and Jewish communal security. Groups and individuals wishing to cause harm to Jewish institutions no longer require physical access. A criminal, hacker or terrorist-related group from the other side of the globe can breach an agency or synagogue computer network and silently gather its most vital information.
Hackers and computer criminals now have the capacity to make digital copies of information that once filled floors of locked filing cabinets under the careful watch of staff and volunteers. Most troubling is that a theft of this nature can go undetected for years, if not indefinitely.
As we witnessed during the holiday season, governments, retail establishments, corporations and nonprofit organizations large and small have been the targets of cyberattacks aimed at defacing websites, disrupting networks, stealing information and damaging systems. Earlier this month, several French Jewish communal websites were defaced by sympathizers of the anti-Semitic French comedian Dieudonne, a controversial figure known for his Holocaust denial and admiration for gas chambers.
Many Jewish community institutions maintain some of their most valuable assets in digital form, including the home addresses of their employees, monetary transfers, donor information and other sensitive data. The dangers are further enhanced when one considers our growing reliance on digital networks, Web-based technology and smartphones.
This massive dependence on technology provides a perfect platform for those who seek to harm Jewish interests. What’s more, an institution’s private information is threatened with every download, every click on an Internet link and every opened email.
Not one year ago, a server that hosts approximately 50 Jewish congregational websites was attacked by a politically motivated hacker group called the Moroccan Ghosts. The group plastered the targeted websites with their logo and an hourlong video denying the Holocaust. According to cybersecurity experts, it was part of a larger trend of hackers targeting the websites of groups thought to be supporting Israel.
The incident provides just a glimpse into the damage that can result from breaches to an institution’s cybersecurity. Of highest concern is when personal information, such as the names, home addresses and schools attended by the children of Jewish leaders and staff become open source posts on anti-Semitic and Islamic extremist websites.
“Cyber threats to Jewish organizations pose significant security risks to their operations and include everything from surveillance and intelligence collection on leaders and members to accessing systems that can disrupt operations or be exploited for conducting a physical attack,” says Mitch Scherr, CEO of the data security firm Encryptics. “The fact that critical information is being transmitted between offices and across the Internet is all the more reason that it must be protected while in transit and at rest.”
Due to the evolving nature of this risk, the question of who is responsible for addressing cybersecurity concerns is somewhat vague. The fiduciary duty of administrators and directors without a doubt extends to the protection of significant digital assets.
What, then, are their specific responsibilities when it comes to cybersecurity? Can an administration or organization’s leadership simply rely upon its IT department to address cybersecurity needs, particularly when many are ill equipped to identify, respond to and mitigate such threats?
Leaders of Jewish organizations large and small have an obligation to educate themselves on the nature of their respective agencies’ cybersecurity technology and ensure that the threat is treated earnestly. Some of the most elemental ways to do so include reaching out to state homeland security officials, pursuing cybersecurity training, promoting cybersecurity hygiene standards for staff and volunteers, conducting vulnerability assessments and, most important, contacting local law enforcement partners to request cybersecurity information and resources.
Cybersecurity has become the newest front in homeland security. It is imperative that we apply the same level of awareness and action to this threat as we have to ensuring the physical security of our facilities.
Last year, then-Defense Secretary Leon Panetta issued a call to arms against cyberattacks, warning that sophisticated attacks against the United States could be America’s “cyber Pearl Harbor.”
The threat of cyberattack is more real than ever. Like the years leading up to 9/11, the clarion call has been sounded and warnings have been made. Are we listening?
Paul Goldenberg is the national director of the Secure Community Network, an initiative of the Jewish Federations of North America.