Whilst the world media was distracted by the Covid-19 Pandemic, a series of cyberattacks between Israel and Iran might have shown us the future of cyberwarfare.
From an Israeli perspective, these attacks went largely unnoticed. Though we reported, back in May, on the recent Iranian attack on Israeli water facilities, for most people the more striking incident was the cyberattack on Israeli websites during which 300 sites were defaced with a picture of Tel Aviv burning. Nevertheless, it is the former kind of attack – on commercial, but also undoubtedly critical infrastructure – that will likely characterize the future of cyberwarfare.
The Recent Attacks
To see why the recent attacks are so unusual, it’s worthwhile looking at them in a little more detail. As Ynet reported, the attack on Israel was initially reported as a technical malfunction that affected water and sewage treatment facilities. It was only later that this incident was reported as a cyberattack, and that it had originated in Iran (albeit having been directed through servers in Europe and the US).
Then came the retaliation. On May 9, Iran’s busiest facility for maritime trade, Shahid Rajaee Port in Bandar Abbas (near the Strait of Hormuz) was hit with an intrusion attempt that disrupted computer systems there for several hours. The Iranian regime initially sought to play down the attack, saying that the hackers did not penetrate the central systems at the port. However, the Washington Post reported a week later that the attack triggered serious congestion – and, no doubt, a significant cost – for several days afterward. The Post also reported that the attack was instigated by Israel, though Israel Defense Forces Chief of Staff Aviv Kochavi refused to directly acknowledge this.
A New Form of Warfare
Cyberattacks similar to these recent incidents have, of course, been occurring for years, and are also getting more frequent. The most recent World Economic forum Global Risks Report now ranks cyberattacks as among the top ten risks to the world economy, and cybersecurity statistics indicate that businesses of all sizes are seeing increased levels of cyber risk.
What marks the two recent attacks as unique, though, and might herald a new age of cyberwarfare, is both their level of visibility and their targets. Let’s look at each in turn.
First, the two recent attacks have been admitted to (at least implicitly) by both Iran and Israel. Up until now, one of the major characteristics of state-sponsored cyberattacks, and arguably part of their efficacy, is that they are deniable by those who have deployed them. In these most recent attacks, both Iran and Israel used the attacks as ammunition in their ongoing war of words. It seems that neither side was particularly worried that the other (or, indeed, the world) knew who the attacks originated with.
The second novel element of these attacks is their targets. Up until quite recently, state-sponsored cyberattacks have been directed mainly against national-level targets. These have included the military, but also nuclear weapons research centers, or intelligence agencies. The emergence of attacks targeted on civilian installations arguably began during the Ukrainian War, during which Russian (or at least Russian-sponsored) hackers managed to damage the Ukrainian power grid. Now, though, attacks on commercial targets are becoming increasingly common, and attacks on energy production and distribution networks are regularly making headlines.
It’s possible to read the recent Israel-Iran attacks in at least two ways. One school of thought, and one that has been extant for some time now, is that attacks like this are merely training exercises, or probes to test the security of an adversary’s system. The fact that neither of the recent attacks caused, or even sought to cause, lasting damage may indicate that they are little more than a show of power by two adversaries who have been locked in a (largely) cold war for decades.
Another interpretation, though, is that the battleground has shifted. The thinking in Tel Aviv and Tehran may be that instead of causing casualties, cyber warfare can now be deployed to cause economic damage. This is a particularly tempting motive to ascribe to Iran, because Iranian-backed fighters are now being frequently engaged (and killed) by Israeli military units; strikes to which Iran has a limited ability to respond. Cyberattacks are cheap, deniable, and can cause significant civilian and economic panic.
Whatever the motives behind the recent attacks, it’s likely that this kind of attack is likely to become standard in the future. The fact that neither party in the recent debacle was embarrassed about admitting culpability for the attacks indicates that civilian targets are now “fair game” in the ongoing cyberwar, and that both countries are no longer held back by the perception that penetrating computer systems is analogous with border intrusion.
This latter point might, in fact, be the most worrying aspect of the recent attacks. It’s long been noted that there exist no international standards, let alone international laws, on cyberwarfare. In this context, analysts postulate that countries can – theoretically – launch attacks against each other without these attacks breaking any accepted military codes. Up until now, the threat of retaliation from cyberattacks seems to have held most countries back from doing so. That might be slowly changing.
Predicting the future is always difficult, of course, and emerging technologies like AI-driven cyberattack tools will also undoubtedly play a part. However, whilst the world was looking the other way, Iran and Israel might have quietly started a new type of war. So, despite the ongoing pandemic, it’s time to pay attention.