The cyberwar between Israel and Iran has long stepped out of the shadows. The Jewish state and the Islamic republic have been locking horn for years in the diplomatic arena, and while the kinetic collisions between Israel and Iran's proxies in the Middle East often resonate in the global media, their clashes in the cyber sphere often remain covert.
These cyber battles often resemble a game of water polo: utterly elegant on the surface and extremely violent underwater. All it takes is a brief glance at reports on Stuxnet, the malware that crippled Iran's nuclear program in 2010 as part of an Israeli-American operation, or the various reports about Iran's attempts to launch cyberattacks on critical Israeli infrastructure, to learn that the cyber battlefield is anything but passive.
Follow Israel Hayom on Facebook and Twitter
On the contrary: it is hyperactive and effective, but the moves played out on this virtual chessboard are mostly made in the dark, so as not to compromise them.
Still, the fact that according to the Washington Post Israel pulled this cyberwar from darkness into the light by targeting Iran's Shahid Rajaee port – a newly constructed shipping terminal in the coastal city of Bandar Abbas, near the strategic Strait of Hormuz – was not a decision that can be taken lightly.
In other words, not only did Israel decide to launch a cyberattack against Iran – reportedly in retaliation over a failed Iranian cyberattack on a minor water facility in central Israel – but it also designed it so everyone will know about it.
"The decision to mount a forceful response – assuming Israel was the one behind the cyber strike in Iran, sought to ensure that the Iranians don't even think about stepping up their cyberattacks," Arik Barbing, former head of the Shin Bet security agency's Cyber Department, explained. "As I understand it, the Iranian cyberattack lacked the potential to do any strategic damage to Israel, but the message Israel sent back was unequivocal: we will not tolerate such strikes and we will retaliate with full force."
That message was tow-pronged. It included physical damage to the cargo terminal at the Shahid Rajaee port, as well as an aspect of psychological warfare, by having a top American newspaper report about it.
"I believe that sought to enhance the operation's circle of influence," Barbing said. "Were it not made public, the world wouldn't be dealing with it and Iranians could argue that it was the result of some malfunction in the system, just as the Syrians sometimes do with respect to airstrikes attributed to the Israeli Air Force. Someone probably wanted to make sure everyone knew. It generates deterrence."
But not everyone agrees with this assumption.
Many defense and cyber experts believe that not only did Israel "waste" its abilities on a relatively minor target, but it also exposed some of its cyber warfare capabilities, thus allowing Iran to enhance its defenses elsewhere.
Moreover, making the incident as public as it has become may expose Israel to an Iranian counterattack, thus risking a cycle of cyber blows that could escalate to the point of truly jeopardizing Israel.
"If you set out to mount a substantial [cyber] strike, certainly one that resonates internationally, you have to make sure your defenses are up to counter the potential retaliation," Barbing said. "The country that is aggressor must be ready to ward off a counterattack that is larger in scope, especial with respect to protecting its civilian infrastructure."
Israel's cyber defenses are "in reasonable shape, especially for critical infrastructure where it's regulated," he continued, referring to critical infrastructure controlling water and power supplied, among others, whose cyber defense is supervised by the National Cyber Directorate and the Shin Bet.
"But there are plenty of places in local government and the business sector that remain very vulnerable and [cyberattacks on them] could do serious damage. A country mounting a cyberattack of this magnitude should be ready to defend them, as well."
Col. (res.) Ehud Schneorson, the former commander of Israeli Military Intelligence elite Unit 8200, agrees.
"Israel must be ready for Iranian retaliation. I don't know the details of this specific operation, but if you're planning a mission of this type, you have to think several steps ahead – and not just in cyber terms. Iran can decide to retaliate in different ways and in different places."
Hidden capabilities
The world of cyber warfare has four main dimensions: offensive, defensive, intelligence gathering, and psychological. Israel is a major player in all of them and almost all of the country's high-tech industry – the same one which earned the Jewish state the title of "startup Nation" and is considered a major economic engine – is the product of abilities cultivated by the defense establishment, especially by Unit 8200.
"Without getting into the details, I can safely say that Israel is a Premier League player," Schneorson said. "I wouldn't recommend anyone try to wage war on us in this dimension."
Yet Iran has chosen to engage Israel in the cyber sphere. Tehran may have assumed it wouldn't get caught – probably because it seems the failed cyberstrike on the Israeli facility was routed through serves in the US – or the ayatollahs have become so infuriated by the damage Israeli airstrikes inflicts on their assets in Syria that they decided to try and create a new type of deterrence vis-à-vis Israel.
Cyber is the weapon of the powerful – it affords them another tool with which to inflict significant damage to their enemies, especially when it involves targets that are not vulnerable to kinetic weapons, such as the banking system or public opinion. But cyber is also the weapon of the weak, as it allows them to use relatively inexpensive means to harm the powerful, which usually relies heavily on technology and therefore are more vulnerable to cyberattacks.
Schneorson believes that the used of cyber warfare will increase through three dimensions: Tactical, meaning targeting weapon systems; targeting critical infrastructure with aim of triggering economic and functional chaos that, in turn, can undermine a country's international image; and psychological warfare, ranging from influencing content consumption to exposing classified information to the public.
"Cyber is a counterattack instrument. it's unlikely it will ever fully replace the need for [traditional] warfare, but it is a significant tool a country can add to it," Schneorson explained. "Cyber has a fatal capability that reaches far beyond what meets the eye. Anything a system malfunction can do, cyber can do as well.
"Take the [1986] Chernobyl disaster, for example. That was an accident but that's also the kind of damage a cyberattack can inflict. I hope we don't see such tools in action outside an actual war."
The cyber sphere knows no physical boundaries and there lies its greatest advantage. But the ability to operate anywhere and at any time is not without its faults: Cyber operations require walking a thin line to keep them under the radar, and if they are exposed, the aggressor in trouble with various states and organizations.
In Israel, mounting a cyber-operation requires the same steps and credentials as an operation on the ground, meaning the Diplomatic-Security Cabinet must give in the green light.
This senior forum was briefed on the attempted Iranian cyberattack and on counterblow Israel dealt the Islamic republic, most likely as preparations for a potential Iranian response. While Israel hopes that the message was received in Tehran and that the damage inflicted on Shahid Rajaee port generated the necessary deterrence, defense officials are already gearing up for the next round, now that the Israeli-Iranian cyber war is out in the open.
