Iran-Israel cyberattacks threaten unofficial rules of engagement

In late April, workers at a water pumping station in central Israel noticed a warning alert on their computer screens. Then, water pumps started to malfunction, turning off and on without control.  

It took a few hours to figure out what was wrong: The system that regulates the water at the facility had been hacked. According to reports, Iran was behind the attack and used American servers to carry it out.

As the eyes of the world are set on COVID-19 and global outrage over police brutality, in the shadows, Iran and Israel continue to fight — allegedly using cyberweapons.

Related: Israeli plans for annexation weigh heavily on Jordan Valley residents

The cyber breach at the water pumping station was apparently fixed before any real damage was done. Israeli officials have not gone on the record with what they know, and Iran denies it was responsible for the attack. 

But, according to a story in the Financial Times, the goal was to boost the chlorine levels in the water supplied to Israeli homes. That could have made hundreds, if not thousands of people sick. 

“What the Iranians did is, in a way, crossing international red lines,” said Ya’akov Amidror, a former Israeli national security adviser. He says that targeting critical civilian infrastructure, like a water station, was unprecedented for Iran.

“For them, civilian targets are legitimate,” said Amidror. “The Iranians did it in the past by proxies, using Hezbollah, Hamas. But here, it’s the state directly. In a way, you know, it’s terrorism run by a state.”

Israel’s prime minister, Benjamin Netanyahu, has accused Iran of conducting failed cyberattacks in the past. “Iran attacks Israel on a daily basis,” Netanyahu said at a cybersecurity conference last year. “We monitor these attacks, we see these attacks and we thwart these attacks. All the time. We’re not oblivious to these threats, they don’t impress us. Because we know what our power is, both in defense and in offense,” he said. 

Related: A cyberattack could wreak destruction comparable to a nuclear weapon

Military experts consider cyberspace to be the fourth significant battleground after land, air and sea. But the line that distinguishes military and civilian targets is easily blurred.

Israel’s response to the water station attack came on May 9, when operations at the Iranian port of Shahid Rajaee were disrupted. According to news reports, Israel hacked the facility’s computer system. 

Traffic jams and hold-ups with shipping containers stalled activity at the port for days. This was a serious disruption for a country that is already suffering from crippling economic sanctions as well as the coronavirus pandemic. 

“The Iranians have downplayed the damage and some Iranian outlets have also said that there has been no such attack,” said Meir Javedanfar, a Middle East analyst based in Tel Aviv. He was born in Iran, but moved to Israel in 2004.

Javedanfar says this latest round of cyber tit-for-tat between the two regional rivals has been escalating for over a decade. “Especially starting over the Iranian nuclear program, where allegedly Israel and the United States attacked Iran’s nuclear installation in [the Iranian city of] Natanz with the ‘Stuxnet’ virus,” Javedanfar explained.

Stuxnet is a malicious computer worm discovered in 2010, considered to be one of the world’s first sophisticated cyberweapons ever to be used between countries. 

Related: The history of US-Iran relations: A timeline

Adam Meyers, senior vice president of intelligence at cybersecurity company CrowdStrike, said the discovery of Stuxnet was a watershed moment for Iran. “This is something that awoke the Iranian thinking around cyber and the capabilities of what you could do with a cyber operation.”

Meyers says Iran has recently stepped up cyberattacks against the West, beyond Israel. He notes that in 2013, authorities in Rye, New York, detected an attempt by Iranian hackers to take control over a dam. That attack failed because the dam was under repair and offline.

“We don’t always know what their intention is if it gets stopped, right?” said Meyers. “So the Rye [dam], in New York, example, they had conducted some targeting of this dam, and that may have been opportunistic, it may have been very targeted. It’s hard to say for certain, but because it was stopped, we don’t know necessarily what the outcome would have been.”

Amidror says moves to target civilian infrastructure is dangerous for the future of cyberwarfare.

“The decision to cross the line was a big mistake by the Iranians,” he said. “From now on it’s an open question how Israel will retaliate.”