Seth J. Frantzman
An Iranian cyber-attack on Israeli water infrastructure provoked a response from Jerusalem in May. Is this the start of something far more troubling?
An Iranian cyber-attack on Israeli water infrastructure provoked a response from Jerusalem in May. Pro-Iranian groups then hacked Israeli websites on May 20 in a second round of attacks that appears to show the cyber battlefield in the Middle East is heating up. The Iranian attack was sophisticated while Israel’s response, according to U.S. officials, disrupted computer systems that run Iran’s Shahid Rajaee Port, a key economic facility for Tehran. The cyber battles come amid rising tensions, a recent trip by Secretary of State Mike Pompeo to Israel, and a recent joint exercise by U.S. and Israeli F-35s in March.
The initial attack began on April 24 when Israel’s Water Authority came under attack. Six facilities were affected ad in one there was irregularity related to unplanned change in data. A pump at one station went into “continuous operation.” Israel says that there was no effect on the water supply and Israel disconnected its systems, changed passwords and was able to recover from the assault. But the nature of the attack reveals things could be much worse.
There has been growing concern about Iran’s cyber warfare abilities. The United States analyzed potential cyber blowback from the killing of IRGC Quds Force Maj. Gen. Qassim Suleimani in January. The United States has been keen to increase cyber defenses against Russia and China over the last decades. Iran is also a key threat and it has used cyber attacks against Saudi Arabia, harming some thirty thousand computers in 2012. Washington increased cybersecurityto deal with these threats and the U.S. military has not only broadened defenses but also carried out a cyberattack on Iran in the wake of the downing of a U.S. drone in June 2019.
Israel and the United States have cooperated against Iran using cyberwarfare. According to reports, the Stuxnet attack on Iran’s nuclear program was a result of close U.S.-Israeli cooperation. The computer worm sabotaged centrifuges. Iran appears to want to show it can now do the same to Israeli infrastructure. Israel has known the risks for a decade and invested heavily in cyber defense and the creation of a cyber unit in the Israeli Defense Forces in 2011.
The result is that for most of the last decade no serious Iranian cyber attacks have been reported. That changed in April 2020 and it came amid rising tensions, the coronavirus crisis, and Iran’s increasing isolation due to sanctions. Pompeo was scheduled to arrive in Israel on an unprecedented trip during the pandemic on May 12. At the same time, the months of March and April included numerous reports in Syrian regime media that Israel carried out airstrikes in Syria. Israel’s former chief of staff said Israel carried out more than one thousand airstrikes on Iranian targets by January 2019. In the last year, there have been more. On April 30 an airstrike took place near the Golan, and on April 15 there was one near Lebanon and one on April 27 in Damascus. There were also airstrikes reported near Homs on April 20. These appear to frame the Iranian cyberattack.
The cyberattack may also be part of Iran’s decision to reposition some forces in Lebanon. Iran has around one thousand personnel in Syria as well as tens of thousands of militias it supports, such as Shi’ite fighters it paid to travel from Afghanistan to fight in Syria.
The degree of Iranian entrenchment in Syria and where that entrenchment takes place is important to Israel. In September 2017 Israel reportedly demanded Iranian forces be kept at least sixty kilometers away from the Golan ceasefire line. The Syrian regime’s forces and Russian military police eventually took back southern Syria from the Syrian rebels in the summer of 2018 and Iran’s use of Syria as a conduit to Hezbollah increased. The United States said that Iran must leave Syria.
Assessments now show that Iran had around eight hundred to nine hundred men in Syria in December 2019. Some of those were repositioned in recent months, moving away from Israel, according to reports at Israel’s Ynet. At the same time Israel’s outgoing defense minister, Naftali Bennett, indicated that Iran was withdrawing partly from Syria. On May 7, James Jeffrey, U.S. Special Representative for Syria Engagement said that while Washington has seen some Iranian movement around Syria pulling back from areas where the Israelis have struck, Iran was not changing its strategic commitment to strike at Israel and move precision-guided munitions to Hezbollah.
The cyber battle comes precisely at the time that Iran appeared to be moving forces back. It also comes amid reports that Russia was displeased with the Assad regime and while the regime had internal troubles with a key businessman and Assad family insider, named Rami Makhlouf. Tehran may be relying on the cyber front because its other arsenal is in flux. It is continuing to build long-range ballistic missiles and recently launched a military satellite into orbit. It also continues to develop new drones. But Iran’s conventional forces are in bad shape. A naval disaster took place in early January when Iran shot one of its own ships. Iran also shot down a civilian airliner in January amid U.S.-Iran tensions. Hacking Israeli websites to threaten an Iranian conquest of Jerusalem under the guise of what Iran’s supreme leader calls a “final solution” to destroy Israel is easier than a face-to-face confrontation in Syria or with proxies in Lebanon.
Seth J. Frantzman is a Jerusalem-based journalist who holds a Ph.D. from the Hebrew University of Jerusalem. He is the executive director of the Middle East Center for Reporting and Analysis and a writing fellow at Middle East Forum. He is the author of After ISIS: America, Iran and the Struggle for the Middle East(forthcoming Gefen Publishing). Follow him on Twitter at @sfrantzman.