AnalysisWestern official to Israeli TV: Tehran 'crossed a line'

Cyberattack on port suggests Israeli tit-for-tat strategy, shows Iran vulnerable

Amos Yadlin says shutdown of Iranian port seems to be response to attempted hacking of Israeli water companies, which appears to have been retaliation for Syria airstrikes

Judah Ari Gross

Judah Ari Gross is The Times of Israel's religions and Diaspora affairs correspondent.

The Shahid Rajaee port facility near the Iranian coastal city of Bandar Abbas. (Iran Ports and Maritime Organization)
The Shahid Rajaee port facility near the Iranian coastal city of Bandar Abbas. (Iran Ports and Maritime Organization)

The former head of Military Intelligence on Tuesday said a sophisticated cyberattack on an Iranian port last week appeared to be an Israeli retaliation to Tehran’s failed attempted hacking of Israel’s water companies last month, sending a message that Jerusalem could significantly harm Iran’s economy if attacks on Israeli civilian infrastructure continued.

This appears to indicate that Israel has adopted a “tit-for-tat” strategy in responding to Iranian cyber aggression — a tactic already used by the Israeli military with physical, or kinetic, attacks — as the digital realm becomes increasingly important in modern warfare.

Maj. Gen. (res.) Amos Yadlin, an influential former IDF intelligence chief and current head of the leading Institute for National Security Studies think tank, said the alleged Israeli cyberattack could be seen as a message to Iran that Jerusalem would not accept attempts to damage its civilian infrastructure.

“If Israel was the one that responded to the Iranian attack against civilian infrastructure (water and sewage), Israel is making it clear that civilian systems ought to be left out of fighting,” Yadlin wrote Tuesday, hedging his assessment with the reservations that are common in Israeli officials looking to preserve a degree of ambiguity about Israel’s military activities abroad.

Illustrative: Soldiers of the IDF’s signal (C41) corps (Courtesy: IDF Spokesperson’s Unit)

“This is a significant message about the vulnerability of Iran’s economic systems to Israeli cyber capabilities,” he wrote in a series of tweets.

The Shahid Rajaee port facility in the Iranian coastal city of Bandar Abbas (Iran Ports and Maritime Organization)

Iran has faced a major financial crisis in recent years when the United States put in place a series of crushing economic sanctions after withdrawing from the 2015 nuclear deal, which offered relief from these measures in exchange for Tehran abandoning aspects of its atomic program.

Yadlin noted the growing importance of the digital realm in modern warfare, as an ever-greater portion of our daily lives is controlled by internet-connected computer systems. Once considered distinct from the physical battles waged between countries, the retired general said, cyber warfare appeared to be becoming just another area in which militaries can square off against one another.

The former intel chief indicated that the Iranian cyber attack on Israeli water infrastructure in April was a response to Israel’s ongoing efforts against Iran’s military presence and proxies in Syria. Israel has for years been bombing bases and convoys of Iranian forces and Iran-backed militias in Syria in order to prevent them from establishing a permanent military presence in the country from which to carry out attacks against the Jewish state and to halt the spread of advanced weapons to Hezbollah and other terror groups in the region. These strikes have reportedly stepped up in recent months.

Satellite images purporting to show the damage to a missile factory outside Aleppo, Syria, caused by airstrikes attributed to Israel on May 4, which were released on May 7, 2020. (ImageSat International)

“Cyber joins the earth, naval and air dimensions as a significant warfare dimension. It is important to note — both Iran (which is being attacked kinetically in Syria) and the United States (after the downing of its advanced unmanned aerial vehicle last summer) have used cyber responses when they didn’t want to escalate matters kinetically,” he wrote.

Yadlin was referring to reports that the US carried out a series of cyberattacks on Iranian weapons systems after the Iranian military shot down an American drone that Tehran said entered its airspace last June.

The former Military Intelligence chief echoed comments made by an unnamed Western official on Tuesday, who also told Israeli TV that the cyberattack on the Iranian port on May 9, which shut it down completely and caused widespread chaos at the site, was a response to an apparent Iranian attempt to sabotage Israel’s water and sewage infrastructure.

Amos Yadlin speaks during an event organized by IsraPresse for the French-speaking community at the Begin Heritage Institute, Jerusalem, February 22, 2015. (Hadas Parush/Flash90)

“The cyberattack on the [Shahid Rajaee port] in Iran was an Israeli response to the cyberattack that [the Iranians] carried out against Israel two weeks ago against Mekorot [national water company] components — an attack that failed,” the official from a Western country told Channel 12 news, on condition of anonymity.

“Israel hopes that [the Iranians] stop there. They attacked water infrastructure components. They didn’t really cause damage — but they crossed a line and [Israel] needed to retaliate,” the official said.

The official appeared to misspeak regarding the date of the alleged Iranian cyberattack, which was not reported to have occurred two weeks ago, but over three weeks ago, in late April.

According to the Ynet news site, the alleged Iranian attack targeted at least six water installations throughout Israel on April 24-25, causing minor disruptions.

The Eshkol water filtration plant in northern Israel, on April 17, 2007. (Moshe Shai/FLASH90)

One station saw a pump go online by itself, another had its entire operation system taken over, and a third noted “inconsistencies during an unplanned change to its figures,” the news outlet reported, without attributing the information.

Other stations similarly identified attempts to hack into their systems, but each of these were caught earlier and resolved quickly, according to Ynet.

However, despite these issues at individual stations, the Water Authority said “there was no harm to the water supply and it operated, and continues to operate, without interruption.”

A May 7 meeting of the high-level security cabinet, the first to be held in months, reportedly dealt in part with this Iranian attempt.

On May 9, Israel allegedly responded to these attempted hacks, carrying out a cyberattack on the Shahid Rajaee port — one of Iran’s most important terminals — shutting it down completely and causing widespread chaos, the Washington Post reported Monday.

“Computers that regulate the flow of vessels, trucks and goods all crashed at once, ­creating massive backups on waterways and roads leading to the facility,” the Post reported.

The port is a newly constructed shipping terminal in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz.

“There was total disarray,” a security official, who spoke on the condition that his identity and national affiliation not be revealed, told the Post.

Iran later acknowledged that an unknown foreign hacker had knocked the port’s computers offline, but denied the severity of the attack.

Satellite images of the port on May 11 and May 12 taken by Planet Labs and seen by The Times of Israel indeed show scads of ships idling off the port and a buildup of containers on dry land, days after the alleged Israeli cyberattack.

There was no comment from the Israeli embassy in Washington or the Israel Defense Forces, the report said.

Iran — whose regime avowedly seeks Israel’s destruction — and Israel have engaged in covert cyber-warfare for over a decade, including reported efforts by the Jewish state and US to remotely sabotage the Islamic Republic’s nuclear program in 2010 using an advanced cyber weapon known as Stuxnet.

Times of Israel staff and agencies contributed to this report.

Most Popular
read more: