The recent attack against Saudi Aramco, which both the Saudi and US governments has claimed was the work of Iran, has generated many headlines. It has also brought renewed focus on the long-simmering cyberwar between the two countries.
The attack, in fact, can be seen as a real-world spillover of a cyberwar that has been going on for decades. The recent US cyberattack on Iran, and Trump’s accusations of “treason” against the NYT over releasing details of US attacks on Russia, are just two examples of the kind of attacks that will become more common in the next decade.
In this context, some are fearful that the Middle East could become a new theater in a worldwide cyberwar that will draw in many of the world powers.
The Long War
It’s important to realize that the recent attacks, both physical and cyber, are just the most recent examples of a silent war between Iran and Saudi Arabia. The conflict arguably started back in the mid-2000s, when the Stuxnet virus infected systems that Iran was using to enrich uranium.
It wasn’t long before Iran copied some of the features of Stuxnet, and developed their own cyberweapons. Stuxnet was designed to specifically target atomic energy infrastructure, but it relied on a huge “infection pool” of consumer devices. Today, the oil industry has been one of the major early adopters of “Internet of Things” (IoT) technology, which provides exactly this kind of infection pool.
It’s no surprise, then, that spyware in the IoT has become of major concern for cybersecurity professionals, nor that Saudi’s oil infrastructure seems to have become a major target for Iranian cyberweapons. In 2012, Saudi Aramco was hit by a virus called “Shamoon”, which replicated many of the features of Stuxnet, and managed to “brick” 30,000 computers at the oil company.
Given this context, Israel initially appears to be highly vulnerable. Stuck between two warring parties, some worry that the country could become a ‘staging ground’ for future attacks.
On the other hand, the country could also benefit from an escalation of worldwide cyberwarfare. It has long been at the forefront of the development of both cyberweapons and ways to defend against them, and now appears to have spotted an opportunity. Israel is easing its rules on the marketing and export of both offensive and defensive cyber weapons, in an effort to become a much bigger player in the global market.
These systems are likely to be in high demand. Following the Shamoon attack, Saudi Aramco took a few years to improve its defenses, thanks in part to conservative tendencies within the organization. Though the company eventually began to employ American-style cybersecurity measures, no-one in the sector was remotely surprised when it was hit again in 2017, and again by the same “Shamoon” virus.
Since 2017, things appear to be escalating. There have been reports that Saudi Aramco’s safety systems have been ‘tested’ by hackers, who wanted to see if they could turn them off. An attack of this type would not only affect Saudi Arabia, but could have knock-on effects across the whole of the oil industry.
In the context of these attacks, some commentators are warning that the Middle East could become the next theater in the ongoing cyberwar. It’s important to note that, at present, there does not appear to have been an escalation in the number or severity of cyberattacks. But with tensions rising in the region, and the relatively low cost of cyberweapon deployment, it could well be that we will see an increase in the coming years.
These concerns also come in the context of the mass adoption of new technologies, and similar concerns that these are insufficiently secure. In the two decades since Stuxnet, the number of companies (and individuals) connected to the internet has increased dramatically, and this could make future attacks even more damaging.
In addition, many of these new connectivity technologies have not been designed with security in mind. There are significant concerns, for instance, about the security implications of 5G, now being rolled out in many companies. A significant proportion of cheap web hosting providers have not put in place adequate security measures.
At the broadest level, the rise of Software as a Service (SaaS) companies means that many companies have outsourced their cybersecurity to third parties, and have little control over their own systems.
The place of Israel in this escalating cyberwar remains to be seen, but in many ways the country is ahead of the curve. It has long been a world-leader in the development of cybersecurity measures, not least because Iran has long regarded it as a primary target of cyberwarfare techniques.
The critical factor will be whether Israel can maintain its technological dominance over Iran, and other Middle Eastern states. For that reason, the recent opening up of the rules on the import and marketing of cyberweapons is to be welcomed.