The recent reciprocal cyber-attacks attributed to Israel and Iran were meant to set red lines on the non-kinetic dimension of war.
The May 9 cyber-attack on computers in Shahid Rajaee port in the city of Bander Abbas, Iran, was attributed to Israel. The attack led to the collapse of computers targeting the movement of vessels and trucks in the port, located in the strategic location of Hormuz strait in the Persian Gulf. There is logic behind attributing the attack to Israel. On April 26, it was announced that Iran was behind a major cyber-attack against Israel’s water and sewage infrastructure. It can be assumed that Israel may have been interested in responding to this. Another wave of cyber-attack against Israel on May 22, on the eve of Iran’s “Al-Quds” day, indicates that the conflict between Israel and Iran will continue in the cyber space in the near and distant future.
The use of the cyber warfare characterizes Iran’s asymmetric warfare. Because of its vague and covert nature, cyber warfare allows Tehran to allegedly face equals against militarily powerful actors. By attacking in the cyber domain, Iran can avoid military reactions, or reduce the intensity of possible responses due to the plausible deniability afforded by this tool. The Iranian attack on Israel’s water infrastructure may reflect growing despair in Tehran, which has already pushed the Iranian regime into provocative measures in other arenas. The attack is also intended to deter Israel from continuing its military operations against Iranian targets in Syria and elsewhere in the Middle East, thereby trying to counteract Israel without involving military forces and avoiding a harsh response. It may be that Tehran hoped the event would strengthen Iranian deterrence against Israel.
Israel’s Attack: Setting Red Lines in the Cyber Domain
Israel’s response signals to Iran that Jerusalem will not play by the rules of the game seemingly set so far, whereby attacks are not officially attributed to states because of the great difficulty in proving this and, accordingly, it is not common to respond to attacks in cyberspace. In its attack, Israel is trying to set clear red lines for Iran. Even if Israel did not take responsibility for the attack, and even if it did not officially admit an attack against it to Iran, the message was clearly transmitted via the international media to Tehran.
In addition, there are significant differences in levels of attack. A cyber-attack aimed at disrupting websites is not considered a severe challenge and therefore does not necessarily require a response. On the other hand, an attack on essential infrastructures of state is a serious matter, even if unsuccessful. The implication is that Iran has gambled by attacking an essential infrastructure of Israel. This indicates the despair and severity of its geopolitical situation, as well as the growing frustration from Israeli activity against its targets in Syria.
There is symbolic meaning to the site chosen by Israel for counterattack: the Shahid Rajaee port in the city of Bander Abbas. This city is a home to the naval headquarters of the Islamic Revolutionary Guard Corps. From there, Iran ships weapons to various destinations. For example, in March 2014, Israel captured an Iranian shipment of weapons (including long-range missiles) in the Red Sea that sailed from Bander Abbas. In addition, Iran is using the Bander Abbas Revolutionary Guards fleet to disrupt and harass traffic in the Persian Gulf. To this should be added the great economic importance of Shahid Rajaee Port, which is considered the leading entry terminal in the country. According to Iran’s Ports and Maritime Organization, in 2019 about 53 percent of all goods in and out of Iran traverse Shahid Rajaee. Hence, the Israeli attack allegedly targeted one of Iran’s most important infrastructures, with the aim of deterring Tehran from future major cyber-attacks against Israel.
Based on past events, and because of the pattern of attack, Israel may have been helped by another country – the US. In its attack on Israel’s water infrastructure, Iran used US servers; to the dismay of the United States. In addition, following the downing of a US drone by Iran in June 2019, the US launched a cyber-attack against Iran, which was similar in characteristics and objectives to the latest attack attributed to Israel. The US cyber-attack then led to the deletion of a vital database used by Iranians to plan oil tanker attacks and to locate ships in the Persian Gulf. According to reports, the attack hit Iranian Revolutionary Guards intelligence systems and Iran’s ability to carry out covert attacks against oil tankers and ships in the Persian Gulf.
The recent cyber-warfare exchange is unlikely to replace Israel’s military efforts against Iran, especially in Syria. Cyber-warfare is one tool alongside military means and is not intended to replace it. For example, cyber-warfare will never suffice to reduce the presence of Iranian forces in Syria, but it certainly can contribute to the effort. In addition, Israel has used in the past, according to foreign reports, extensively cyber-warfare against Iran’s nuclear military program (for example, the Stuxnet worm in 2011). The recent Israeli cyber-attack was made in response to Iran’s relatively unusual attack on Israel’s vital water infrastructure. It seems that Israel will use cyber-warfare also in response to significant challenges such as the Iranian nuclear project or major cyber-attacks by Iran.
 Charbonneau Louis, “Exclusive: U.N. experts trace recent seized arms to Iran, violating embargo,” Reuters (June 28, 2014).
 “Shahid Rajaee Port Holds Lion’s Share of Incoming Transit Traffic,” Financial Tribune (May 20, 2018).
 Annual Report of Iran’s Ports and Maritime Organization, Iran’s Ministry of Roads and Urban Development (2019).
 Barnes Julian, “U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say,” The New York Times (August 28, 2019).
JISS Policy Papers are published through the generosity of the Greg Rosshandler Family.