Israel and Iran Just Showed Us the Future of Cyberwar With Their Unusual Attacks
A shadow war fought largely in secret has reached a new, more open phase.
In late April, Israeli media reported on a possible cyberattack on several water and sewage treatment facilities around the country. Israel’s national water agency initially spoke of a technical malfunction, but later acknowledged it was a cyberstrike. According to Israeli officials, the event caused no damage other than limited disruptions in local water distribution systems. At the time, the reports went all but unnoticed amid the flood of pandemic-related media coverage. Israeli media later blamed Iran for the cyberattack, which had been routed through U.S. and European servers. Iran has denied involvement.A closer look suggests that cyberwarfare is maturing into a new phase, where new rules of engagement and deterrence are in the process of being established.
In late April, Israeli media reported on a possible cyberattack on several water and sewage treatment facilities around the country. Israel’s national water agency initially spoke of a technical malfunction, but later acknowledged it was a cyberstrike. According to Israeli officials, the event caused no damage other than limited disruptions in local water distribution systems. At the time, the reports went all but unnoticed amid the flood of pandemic-related media coverage. Israeli media later blamed Iran for the cyberattack, which had been routed through U.S. and European servers. Iran has denied involvement.
Then, on May 9, a cyberattack targeted the computer systems at Iran’s busiest hub for maritime trade, Shahid Rajaee Port in Bandar Abbas near the Strait of Hormuz. According to Iran’s Ports and Maritime Organization, the attack did not penetrate central security and information systems but instead disrupted private operating companies’ systems for several hours. On May 18, the Washington Post cited unnamed officials who identified Israel as the author of what appeared to be a retaliatory attack. Contradicting official Iranian claims of negligible effects, the Post reported that the attack triggered serious road and waterway congestion for several days. Israel Defense Forces Chief of Staff Aviv Kochavi didn’t directly acknowledge responsibility, but he alluded to the event when he declared that “Israel will continue acting [against its enemies] with a mix of instruments.”
The unusually public cyberskirmish between the Middle East’s arch-adversaries brings a shadow war fought largely in secret into a new, more open phase. Just as unusually, both parties focused on critical civilian targets but caused relatively low damage. A closer look at this new type of Israeli-Iranian exchange suggests that cyberwarfare is maturing into a new phase, where new rules of engagement and deterrence are in the process of being established.
Cyberattacks have been increasingly recognized as one of the world’s biggest threats. In its 2020 Global Risks Report, for instance, the World Economic Forum ranked cyberattacks among the top 10 risks in terms of likelihood and impact. This concern is neither new nor surprising. Cyberwarfare technologies allow countries to attack an adversary covertly at relatively low risk. It’s not only the attacker who gains deniability. Even if an attack incurs visible consequences such as disruptions to the national power grid or telecommunications networks, the victim may claim that these are the result of technical issues rather than admitting it has been successfully attacked.
State-sponsored cyber-operations have long been defined by secrecy, even as they have become more important as routine instruments of statecraft in the pursuit of power, influence, and security. Their covert character isn’t limited to deniability but inherent in the anonymous nature of the technological medium itself. However, as the Israeli-Iranian cyberspat shows, silence and plausible deniability have lately been giving way to public attribution. States and their agencies are increasingly acknowledging their roles—whether as victim or perpetrator.
That Iran and Israel would herald a new phase in cyberwarfare shouldn’t be surprising. Israel, the technology-driven “Start-up Nation,” is a world-leading cyberpower with vast government resources invested in digital security and cyberwarfare capabilities. Together with the United States, Israel was reportedly behind the Stuxnet computer virus—the world’s first digital weapon that specifically targeted and successfully paralyzed Iranian nuclear enrichment facilities about a decade ago. As the target of the attack, Iran in turn invested furiously in its own militarized cyber-infrastructure. While its capabilities are not as sophisticated as Israel’s, they are steadily improving, fueled by Tehran’s perception of the cyberthreat and an unremitting thirst for technological equality.
Their most recent cyberskirmish raises questions about motivations. Both adversaries targeted civilian infrastructure without, deliberately or otherwise, causing durable damage, even if Iran denied involvement while Israel apparently opted to leak details about its counterstrike. Furthermore, both sides were forthcoming about having been targeted and about the cyberattacks not having completely failed, likely preparing the ground for justified retaliation.
For Iran, the motive may be hidden in plain sight. There has been a growing frequency of Israeli strikes on Iranian assets and weaponry, and Iranian or Iran-backed fighters, overwhelmingly inside Syria. Cyber-retaliation targeting critical civilian infrastructure in Israel is one way for Tehran to strike back.
The latest skirmish appears to mark the beginning of a shift in the Israeli-Iranian cyberconflict, one that will likely be more public than clandestine going forward. Another change is the shift to strictly civilian facilities, whereas past cyberattacks have focused on traditional military or security targets. Disrupting civilian targets raises the stakes without heating up the military conflict. However, if the attacks on civilian targets are uncalibrated or botched, Israel and Iran risk escalation. Had Iran’s attack on water treatment facilities intended to tamper with, or successfully tampered with, the injection systems for chlorine, for instance, Israeli public health could have been at risk. Similarly, while disruptions at Shahid Rajaee Port are unlikely to kill, serious dislocations in the logistics chains of essential goods such as medicines could have real humanitarian consequences.
Even as cyberwarfare becomes more established and—as we have seen—moves into the public view, it is still a murky and uncontrolled realm. There are no hard international rules resembling the accepted conventions of armed conflict. This leaves state actors to push boundaries, with dangerous margins for error.
These dangers put a premium on deterring against unpredictable attacks—and there is an ongoing debate about the effectiveness of deterrence in cyberspace. That may be the biggest lesson from this latest Israeli-Iranian exchange: That Israel likely leaked its own cyberattack on Shahid Rajaee Port suggests it is pursuing three objectives one would normally associate with conventional deterrence.
First, Israel is signaling to Iran, and to other potential cyber-aggressors, that it will tolerate no attempts to strike critical civilian infrastructure. As we know from traditional deterrence, such red lines implicitly lay out the rules of future engagement.
Second, Israel has demonstrated its options for retaliation—and its ability to scale up from disruption to destruction within cyberspace. Retaliation could also potentially cross over to other types of deterrence, including the military kind, although this would likely erode both states’ ability to control the ladder of escalation.
Third, Israel is communicating not just its capabilities, but also its commitment to respond to future cyber-offensives. This strengthens the credibility of its deterrence posture, even if the notion of cyberdeterrence remains nebulous. If we can assume that Israel’s cyberwarfare capabilities, including cyberdefense, remain more powerful than Iran’s, then Israel’s demonstrated red line could convey the threat of offensive responses with disproportionate effects.
Conducting a cyberskirmish out in the open would have been counterintuitive in an earlier age of cyberwarfare, when Israel and Iran might have chosen to remain silent or blame technical glitches. But their conflict has entered a new phase—and not just in the cybersecurity realm. In Syria, the Israeli-Iranian contest has already seen a shift to open quasi-warfare from earlier conflicts conducted in the shadows or through proxies. The digital wars between both adversaries—and potentially elsewhere—are also now likely to become more frequent, more open, and aimed at a wider swath of targets. Even as we see the first tenuous attempts to establish new rules for deterrence, the scope for miscalculation has just become bigger.
Gil Baram, an expert for cyberstrategy and policy, is a research fellow at Tel Aviv University’s Blavatnik Interdisciplinary Cyber Research Center.
Kevjn Lim is a senior risk advisor for the Middle East and North Africa at IHS Markit, an adjunct research fellow at the National University of Singapore’s Middle East Institute, and the author of Power, Perception, and Politics in the Making of Iranian Grand Strategy. Twitter: @Kim_LevJn
More from Foreign Policy
At Long Last, the Foreign Service Gets the Netflix Treatment
Keri Russell gets Drexel furniture but no Senate confirmation hearing.
How Macron Is Blocking EU Strategy on Russia and China
As a strategic consensus emerges in Europe, France is in the way.
What the Bush-Obama China Memos Reveal
Newly declassified documents contain important lessons for U.S. China policy.
Russia’s Boom Business Goes Bust
Moscow’s arms exports have fallen to levels not seen since the Soviet Union’s collapse.