Israel’s Emergency System Vulnerable to Cyber Attacks, State Comptroller Warns

Jerusalem, 1 April, 2025 (TPS-IL) -- A computer system used by Israel’s Home Front Command for monitoring and managing emergencies is highly vulnerable to cyberattacks, Israel’s State Comptroller warned on Tuesday. One expert told The Press Service of Israel that while it is common for hackers to attack such systems, “the real concern lies in whether it can withstand these attacks.”

The report centers on the two-part Shu’al system, which coordinates the response of emergency responders and sends real-time alerts to the public. By compiling real-time data into a detailed geographic database, the system delivers a clear and up-to-date view of evolving situations. One platform is used by the Israel Defense Forces and its Home Front Command while the second platform is used by 251 of Israel’s 258 municipalities.

Hackers penetrating the system could potentially spread misinformation and manipulate emergency alerts.

According to the report, written by State Comptroller Matanyahu Englman, “From January until the end of May 2023, 2,469 alerts were received in the monitoring systems of Home Front Command’s Security Operations Center. For 139 of 283 deficiencies discovered in the Shu’al systems, quality control to verify correction of the deficiencies was not performed.”

The State Comptroller, also known as the State Ombudsman, periodically releases reports auditing Israeli preparedness and the effectiveness of government policies.

In 2023 alone, Shu’al recorded thousands of cyber alerts, with some incidents involving direct intrusion attempts. However, comptroller’s report said no measures were taken to boost Shu’al’s security.

“The cyber threat, which could harm the availability and continuity of the systems and communication networks and their reliability, is also part of the reference threat to the Shu’al system,” the report warned.

The State Comptroller cited the absence of a comprehensive risk management plan, recurring security weaknesses identified in system resilience tests, and insufficient oversight of cybersecurity improvements.

According to the report, the Home Front Command has not aligned its security protocols with IDF cybersecurity standards, while six out of the ten organizations working with Shu’al have no formal agreements regarding information security.

“Any system connected, even partially, to the internet will inevitably face attacks. While it’s unsurprising that the system has been targeted, the real concern lies in whether it can withstand these attacks,” Herzliya-based cybersecurity expert Yotam Gutman explained to TPS-IL.

“We’re not talking about a nuclear reactor control system, though Shu’al does manage critical operations. That’s why from a technological perspective, securing such a system isn’t overly complicated — it relies on standard computer infrastructure, communication protocols, and widely available cybersecurity tools,” Gutman said.

“Emergency response systems, like 911 dispatch centers, have been targeted globally, mostly by cybercriminals seeking financial gain. Attacking emergency infrastructure creates chaos, and that can serve not only economic but also political or military objectives,” Gutman explained. “We’ve seen increasing synergy between cybercriminal groups, terrorist organizations, and even state actors, making these attacks more sophisticated and dangerous.”

Englman called on the Home Front Command to implement a comprehensive risk management strategy, enforce mandatory cybersecurity standards for private contractors, and enhance monitoring efforts to ensure Shu’al’s resilience.

“Defense against cyber threats is a critical component in Home Front Command’s ability to carry out its missions,” the report said. “The lack of such discussion in a defense committee harms the control and supervision of defining the protection requirements of the civilian Shu’al system, and may expose it to cyber threats.”

Responding to questions from The Press Service of Israel, the IDF Spokesperson told TPS-IL the army consistently works to enhance its cyber defenses.

“Most of the recommendations on the subject were received and examined immediately upon completion of the audit, and the bodies began implementing them,” the IDF told TPS-IL, adding that “the IDF is investing ongoing efforts in upgrading and adapting to changing threats.”

The military also highlighted that the comptroller’s audit was conducted more than two years ago, and that “many processes and significant progress have been made in the field of cyber defense, security awareness, and system implementation” since then.