Israel was the target of a cyber attack of rare proportions on the night of April 24. It hit Israeli water and sewage facilities, penetrating the computer systems of several regional water facilities and briefly disrupting their operations. Israel’s National Cyber Directorate identified an attempt to take control of the chlorine control system, some pumps and the command and control center of Israel’s Water Authority. Cyber defense systems identified and blocked the attack before it did more than disable a few pumps for several minutes. Experts believe the attack was state sponsored, perhaps by Iran, rather than the work of amateur hackers.
Less than two weeks later, according to assessments in the West, retaliation struck. The Washington Post reported on May 19 that Iran’s largest port, the Shahid Rajaee terminal in Bandar Abbas, had come under cyber-attack a few days earlier. Some 60% of Iran’s trade passes through the port to or from the Strait of Hormuz and it also houses Iran’s most strategically important naval base. WaPo cited US and foreign sources as linking Israel to the attack.
Israel did not assume formal responsibility, but in a May 19 address, Israel Defense Forces Chief Lt. Gen. Aviv Kochavi appeared to hint at it. Israel, he said, would “continue to act using a variety of military tools and unique methods of combat to strike the enemy.”
Analysts in the West as well as US administration sources are providing a creative interpretation of the general’s remark, arguing that the Iranian attack on Israel’s water distribution system had crossed a red line. It “was a first-of-its-kind attack and they were not far from inflicting human casualties,” an Israeli cyber expert and former senior defense agency official told Al-Monitor on condition of anonymity. “Anyone who tries to change the amount of chlorine in Israel’s drinking water is trying to hurt the civilian population. Even if it failed this time, next time it could succeed.” According to Western assessments, the Iranian attack generated great Israeli anger and the decision to teach the Iranians a deterrent lesson followed almost at once.
Satellite imagery and Western intelligence reports indicate that the retaliation attributed by foreign press to Israel was far more powerful than the attack attributed to Iran. “The damage caused to the Bandar Abbas port was significant and the chaos it created lasted for days, and is actually not yet over,” a former senior Israeli intelligence source told Al-Monitor on condition of anonymity. Information reaching the West indicates that the Iranian port was paralyzed for at least three days, with most of its computer systems crashing, lengthy lines of trucks observed outside its gates and a giant traffic jam of vessels blocking entry from the sea.
The Iranians invested significant effort in trying to contain the attack, minimize damage and restore the port to full operations as fast as possible. They do not appear to have been overly successful. “Someone used a sophisticated cyber weapon prepared well in advance for D-Day,” a veteran Israeli cyber expert opined on condition of anonymity. “This was not a spur-of-the-moment draw. It activated strategic cyber weaponry that reflects the capabilities of a cyber power and was prepared in advance for an all-out cyber clash. Someone wanted to convey a clear message that included a warning, a deterrent and a display of capabilities. It seems to have succeeded.”
Nonetheless, the port attack did not cause Iran significant strategic damage. According to Western experts, it was intended to illustrate to Iran the difference between its own capabilities and those of Israel in the cyber arena and to signal that additional attempts to damage civilian infrastructure in Israel would be costly. “Israel can attack more significant targets than the port and cause greater pain,” a former Israeli security official told Al-Monitor on condition of anonymity. “A precise dose was used this time to balance between a display of power and symbolic signaling in the hopes that the Iranians would get the message.”
On May 21, two days following the report of Israel’s responsibility for the Bandar Abbas attack, Israel itself came under a massive but somewhat amateur cyber attack. Hundreds of companies had their websites hacked and their computer screens plastered with videos showing Tel Aviv burning and captioned with various threats against Israel in less than perfect Hebrew. In the first few seconds, one might have assumed it was an Iranian tit-for-tat for Israel’s alleged retaliatory port attack, but the hackers could have been working on their own.
“The question is to what extent Iran controls the hackers’ activity and to what extent they are operating on its behalf,” tweeted former Military Intelligence director Maj. Gen. (res.) Amos Yadlin, who heads the Institute for National Security Studies. This latest attack targeted many sites but did not cause significant damage and was blocked within 24 hours.
These events provide an interesting glimpse into the ongoing cyber war between Israel and Iran, conducted with active American involvement. Israel is believed to be a world cyber power, one of five states with the most sophisticated and powerful cyber capacity in the world, and not necessarily in fifth place. Israeli cyber activity is coordinated with US activity and sometimes carried out in conjunction. According to Western intelligence sources, the brief May 13 visit to Israel by Secretary of State Mike Pompeo was linked in some manner to the Iranian cyber attack or to the retaliatory strike that followed.
The drawback of retaliatory action lies in its exposure of the attacker’s capabilities. If Israel was indeed responsible for the port attack, it may have wasted strategic cyber weaponry prepared for an all-out attack, providing the Iranians with an excellent opportunity to study the weapon used against them, plan relevant defense systems and pick up technological expertise. “That is what the Iranians are doing now,” an Israeli cyber expert told Al-Monitor on condition of anonymity. “They learn from everything, just like they did from the fragments of the American drone they struck down over the Gulf last June. True, Israel’s cyber capabilities are far stronger than Iran’s, but the Iranians are not sitting on their hands. They are constantly progressing and learning, and they have excellent emulation abilities. No one should underestimate them.”