Cyberattacks from Iran and Israel are now targeting critical infrastructure.


In late June, Iran’s state-owned Khuzestan Steel Co. and two other steel companies were forced to halt production after suffering a cyberattack. A hacking group claimed responsibility on social media, saying it targeted Iran’s three biggest steel companies in response to “the Islamic Republic’s aggression”.

Israel’s defense secretary then ordered an investigation into a leaked video showing damage to steel mills, citing “operational events in a manner that violates Israel’s policy of ambiguity.” This incident came on the heels of a statement by the Israel Security Agency, or Shin Bet, claiming that a May cyber operation by Iran was intended to generate action outside the cyber realm.

The two incidents show how the cyber conflict between the two countries has become increasingly public over the past two years. While Israel traditionally sticks to ambiguous answers, these latest examples and others suggest that may be changing. Iran also broke its silence and chose to publicly discuss some of these incidents.

Why are Israel and Iran publicizing these cyber operations? Here are three things to know about the not-so-secret cyber conflict between Israel and Iran.

The war in Ukraine has side effects on the geopolitics of the Middle East

Cyber ​​actions become less secret

Iran and Israel have long engaged in mutual offensive cyber covert action, although neither government takes credit for it in public. Over a decade ago, Iranian officials discovered Stuxnet malware in uranium enrichment centrifuges at one of Iran’s nuclear facilities, marking the first public evidence of the use of cyberweapons against Iran. . But the alleged cyberattacks and intrusions between Iran and Israel have escalated, gaining global attention and coverage, giving a new public dimension to the ongoing covert conflict.

Examples include an attempt in April 2020 to breach Israel’s water and sewage infrastructure, a cyberattack on Iran’s Shahid Rajaee port in May 2020, cyberattacks on Iranian transportation systems in July 2021, hacking from an Israeli hosting company and the leak of users’ personal information in October 2021, and a cyberattack disrupting gas stations across Iran in the same month – and many more.

The long-running shadow conflict between Israel and Iran, both in cyberspace and on the ground, landed in the spotlight last month with a comment by then-Israeli Prime Minister Naftali Bennett. In an interview for The Economist discussing Israel’s shift in strategy towards Iran, he said: “We are no longer playing with the tentacles, with the proxies of Iran: we have created a new equation by opting for the head.

What do Russia’s cyber moves mean for the Ukraine crisis?

What drives countries to abandon the benefits of secret space and shift their cyber conflict to the public arena? In my research, I argue that choosing to make the details public is not a binary political decision between revealing or concealing the attack. Instead, victims of a cyberattack can choose to respond in a variety of ways, including complete silence, attribution of the attack, and assignment of blame. Previous research has hypothesized that strategies for the attacker similarly range from complete silence to claiming credit.

Israel and Iran have become noticeably more public about these attacks. For example, in April 2020, Israel’s National Cybersecurity Directorate confirmed an “attempted cyber breach” of water command and control systems. The media pointed the finger at Iran, but Israeli officials did not comment.

In this event, Israel chose to publicize the attack without official public attribution. This strategy allowed Israel to stay ahead of the news cycle and establish the public narrative – but also to avoid further humiliation in the event that Iran or a third party made public the offensive. At the same time, refraining from directly blaming Iran allowed Israel to minimize the risk of escalation. Iran remained silent, a strategy that also prevented escalation at the time.

A few weeks later, a cyberattack on the port of Shahid Rajaee severely disrupted the movement of goods through the Iranian port for several days. Initially, Iran claimed the massive delays were caused by a technical malfunction, but officials later admitted the incident was the result of a cyberattack. Media quoted an unnamed US official as saying many believed Israel was behind the attack.

Other statements from both countries leave little doubt about their intentions. Without mentioning Iran directly, the director of Israel’s National Cybersecurity Directorate said the events of April and May 2020 marked a “turning point in the history of modern cyber warfare.” Iran, having publicly acknowledged the incident as a cyberattack, said it would not allow Israel to challenge it on the cybersecurity front.

Don’t miss any of TMC’s smart analytics! Subscribe here to our newsletter.

What about international law?

International law establishes a minimum standard of responsible behavior that is binding on countries. Many countries, including Israel and Iran, agree that the general principles of international law based on the UN Charter also apply to cyberspace. However, there are various disagreements regarding the specific modalities of its application. For example, the Deputy Attorney General of Israel said: “Israel considers international law to be applicable to cyberspace […] However, when we seek to apply particular legal rules to this area, we are aware of its unique characteristics. »

A recent reference to international law in the context of government-sponsored cyber operations came during the coronavirus pandemic, when the Netherlands declared that cyberattacks on the health sector, in many cases, constitute violations of law. international.

Israel and Iran have moved from traditional secrecy and ambiguity to an increasingly public forum. Given what has happened in the past two years, it seems that the international community does not consider these types of cyber intrusions as crossing a certain threshold of violation of international law, because no other country does. is attacked. And the goals of these cyberattacks have shifted from primarily defense targets to disruption of critical infrastructure and civilian life. The more the public is exposed to these cyberattacks, the greater the risk that they could spread beyond cyberspace and influence other areas of this conflict as well.

Teachers: Check out TMC’s growing list of topical classroom guides.

Gil Baram is a Fulbright cybersecurity postdoctoral fellow at the Center for International Security and Cooperation in Stanford University and associate researcher at the Center of Excellence for National Security at Nanyang Technological University in Singapore. His to research focuses on government decision-making during cyberattacks and policy related to strategic attribution.

Comments are closed.