Iran ‘opened a Pandora’s box’ in cyber attack on Israeli water system

“It is not possible to know whether Israel’s reported response will deter Iran, which to a certain extent has opened a “Pandora’s box’ in a cyber attack designed to harm civilians,” said Amidror.

By Yaakov Lappin, JNS

The Iranian cyber attack in early April on an Israeli water-treatment facility, designed to get computers to add too much chlorine to the Israeli water supply, represents a new phase in Iranian aggression, a former Israeli defense official has said.

Maj. Gen. (res.) Yaakov Amidror, former national security adviser to Israeli Prime Minister Netanyahu and a senior fellow at the Jerusalem Institute for Strategy and Security (JISS), told JNS on Sunday that there is no historical experience for cyber wars and their consequences, and that therefore, much caution is needed when assessing them.

According to international media reports, Israel retaliated by paralyzing Iran’s key seaport—the Shahid Rajaee port in the city of Bandar Abbas, which is a strategic hub for Iranian sea imports, exports and trafficking of illicit weapons.

“It is not possible to know whether Israel’s reported response will deter Iran, which to a certain extent has opened a “Pandora’s box’ in a cyber attack designed to harm civilians,” said Amidror.

In its attack, Iran also “placed itself at great risk,” he added.

Amidror, who is also first distinguished fellow at the Jewish Institute for the National Security of America (JINSA), said that cyber maneuvers have the potential to deteriorate into war, if the side that is attacked “feels that it has been greatly harmed, and it cannot suitably retaliate against its enemy, and therefore remains vulnerable to attacks from it.”

However, as in any difficult decision, he added, “decision-makers must also take into account whether responding to a cyber attack with a kinetic [physical] strike will succeed, and what price might be paid if the adversary also decides to respond kinetically.”

“In any case, it is best to be prepared for an enemy that absorbs a major cyber strike to try and respond with a cyber counterattack, and through other means, including kinetically,” said Amidror.

A ‘cyber winter is coming’

April’s cyber strike on Israel’s water systems was a “synchronized and organized attack” designed to harm civilian infrastructure, Yigal Unna, who heads Israel’s National Cyber Directorate, said recently.

In comments relayed by the Associated Press, Unna said that recent developments have marked the start new era of covert cyber war, warning that a “cyber winter is coming.”

“Rapid is not something that describes enough how fast and how crazy and hectic things are moving forward in cyberspace, and I think we will remember this last month and May 2020 as a changing point in the history of modern cyber warfare,” Unna told a digital international cyber conference.

“If the bad guys had succeeded in their plot we would now be facing, in the middle of the corona[virus] crisis, very big damage to the civilian population and a lack of water and even worse than that,” he added.

A Western intelligence official told the Financial Times that had the Iranian attack succeeded, it would have “triggered fail-safes that would have shut down the pumping station when the excess chemical was detected, but would have left tens of thousands of Israeli civilians and farms parched in the middle of a heatwave.”

Professor Uzi Rabi, director of the Moshe Dayan Center for Middle Eastern and African Studies at Tel Aviv University, told Israel’s 101 FM radio station in recent days that the reported cyber attack on Bander Abbas port sent a powerful message to Iran’s regime about Israel’s cyber capabilities.

Bander Abbas “is not far from Hormuz Straits, which is outlet for shipping from the Persian Gulf to world,” noted Rabi. He described the port as a “central life artery” for Iran for exports, imports, sea trade and military activity.

The Washington Post reported that Israel was accused of a cyber attack that crashed the port’s computer systems and caused “total disarray,” including kilometers-long truck lines and long lines of sea vessels outside of the port. Satellite imagery was shown in the report of the chaos.

“There is no doubt if you turn off the switch with a hidden hand, that calls out for attention,” said Rabi, in reference to the reported attack on the port. “If it’s true that Iran tried to intrude with a polluted hand into Israel’s water infrastructure and harm the civilian world, then at a public-awareness level, a line has been crossed. Israel could not let this pass.”

The reported Israeli retaliation will give the Islamic Republic reason to think twice before launching a new cyber attack on Israeli civilian targets, assessed Rabi.

He noted that the Iranian regime is in a difficult situation, both economically and due to shaky relations between it and the Iranian population. “[Quds Force Commander] Qassem Soleimani, Iran’s big architect [of its overseas operations], is no longer with them. I can see Iran being tempted, in a dangerous and pretentious manner, to enter the cyber arena,” he added.

Israel’s reported response hit an Iranian nerve center, and demonstrated to Tehran “how big the asymmetry is, including in the cyber field,” argued Rabi, although, he added, Iran is making progress in its cyber-attack abilities.  “This is how the Iranian regime needs to be treated … Israel must speak in a Middle Eastern language. The message to Iran is: Find a different tree to climb. If you climb the Israeli tree, the price will be very high.”