By early morning April 25, crews at Israeli water facilities realized that something unusual was going on. According to reports, one pump began operating non-stop. At another facility, something seemed to have taken over the operating system, and the technicians couldn’t access its regulating interface. A third station reported “irregularities resulting from unplanned changes to the dataflow.”
About an hour later, Israel’s National Cyber Directorate released an unusual announcement. It admitted that the facilities were under attack and asked companies involved in the water and energy sectors to “immediately change internet passwords to access the control system, limit internet connections and verify that the most up-to-date version of the regulatory system is installed.”
The Security Cabinet met for a special session on May 7, with each participating minister required to sign a confidentiality form. Reports claim that the meeting discussed possible responses to the cyberattack, which was allegedly attributed to Iran. Senior officials said after the meeting that they regard the attack as a significant escalation of hostilities by Iran and that the Islamic Republic had crossed a red line by targeting civilian water resources.
On May 9, just two days after the meeting, The Washington Post reported that Israel responded with a massive cyberattack against an Iranian port that left it paralyzed for several days. According to the report, the target was the country’s major port, the Shahid Rajaee port terminal in the southern Iranian city of Bandar Abbas. A source quoted by the paper said, “The attack targeted the container terminal at the port and paralyzed loading and unloading at the port for several days.”
If this is true, the retaliatory action was disproportionately stronger than the Iranians’ original attack. While there were no problems with water supply or sewage maintenance after the attack in Israel, the attack on the Iranian facility reportedly snarled activity in the port. “One cannot compare Israel’s cyber capabilities to those of Iran,” said Maj. Gen. Amos Yadlin (ret.), a former head of military intelligence. He told Al-Monitor, “Israel is a world-class cyberpower. While I am not deriding Iran’s abilities, they are far less impressive than those of Israel.”
Apart from the strategic location of the attack attributed by foreign media to Israel, what makes it especially interesting is that it took place out in the open. If the reports are true, the Iranian attack on Israeli infrastructure immediately legitimized a retaliatory attack on Iran, using similar weapons. “It is true that attacking civilian installations is usually not the thing done, but Israel wanted to send a message that if the Iranians introduce civilian facilities into the equation, Israel will not draw a line at that,” Raz Zimmt, a specialist on Iran at the Institute for National Security Studies, told Al-Monitor.
Yadlin believes that once the Iranians failed in their efforts to respond to Israel kinetically through the Syrian conflict, they decided to attempt a cyber-response to send a message that would also serve as a deterrent. “The Iranians were looking for an easy way in, and cyber offers more or less that. The attack may not have succeeded in the simplest sense of the word, but it did get a message through to Israel. For its part, Israel wanted to send a firm message to the Iranians, so we are witnessing a very aggressive response — relatively, of course.”
Zimmt is also convinced that the Iranian cyberattack was the result of Iranian frustration with Tehran's failure to provide an appropriate response to alleged intense Israeli attacks in Syria. “I already said two weeks ago that the crisis facing the Iranians will push them to attempt a cyberattack. Iran has a legacy of asymmetrical and proxy attacks. They do it everywhere: in Lebanon, Syria, Iraq and Yemen. What the Iranians haven’t really been able to do is to respond to those attacks in Syria, which are attributed to Israel. Cyber warfare is a good solution, at least temporarily. The attacks are cheaper and more aesthetic. It is also relatively easier to obscure any tracks that might be left.’’
The really disturbing question is whether a cyberwar could devolve into a conventional war. “What we have here is an exchange of blows, which is part of a larger campaign being waged between Israel and Iran. This is just another channel for that. But even in this channel, the Iranians are weaker and more vulnerable, so I assume that the exchange of messages will remain at this level,” said Yadlin.
Zimmt believes that Iran is not interested in a military conflict with Israel, at least at this stage. “Right now, the situation is less volatile, as compared to the last year and a half. This is not a good time for the Iranians to get into a full-blown military conflict with Israel. There are all sorts of reasons for this. I assume that when decisions about attacks are made in Jerusalem, they also begin with the assumption that the Iranians are being more cautious now.’’
Nevertheless, Zimmt warns that we are headed toward a milestone in the conflict between Israel and Iran, and that the current round of cyberattacks may be a prologue. “The Iranians are just four to six months away from obtaining nuclear capabilities. They are making progress, cautiously but steadily. This actually does have the potential to result in a significant clash between Israel and Iran. Within just a few months, Israel could find itself facing a situation that it cannot afford to ignore.”