‎Offensive Cyber Operations As a Tool of War

by January 2024
Photo credit: Jakub Porzycki via Reuters Connect.

Cyberspace has become a major domain for organized crime as well as for statecraft in the twenty-first century. Israel has become a top global cyber power. But cyber offense is no silver bullet. 

What Is a Cyber-Attack? 

A senior JPMorgan executive made headlines at the recent Davos gathering: “people are trying to hack into JPMorgan Chase 45 billion times a day.” This boast, seeking to demonstrate the firm’s cybersecurity prowess – suggesting that people unsuccessfully attack the bank 521,000 times per second – is totally false. The number indicates the total volume of traffic that JPMorgan networks process, as a spokesperson for the bank admitted later in response to journalists. Given this confusion, one should clarify what constitutes a cyber-attack. 

A cyber-attack delivers an effect, either physical (destruction, disruption, and degradation of computer-controlled systems) or cognitive (covert influence on public or leadership attitudes and behavior). The former, and to some extent the latter, can be considered acts of warfare. 

Cyber-spying does not impact the target (and would fail if it did). Cyber espionage is intended to gather intelligence. International relations accept spying as part of the reality of statecraft: it is not considered an armed attack. 

Cyber War: What is It Good For? 

General Patrick Sanders, chief of staff of the British Army, recently commented that “You can’t cyber your way across a river.” That is obviously true. No computer hack can reliably injure or kill enemy combatants. Cyber offense cannot transport one’s troops, nor can it conquer or hold territory. Cyber offense cannot generate damage that will be self-evident to observers. 

Ransomware groups routinely destroy non-paying victims’ data. Wiper malware is designed to destroy computer storage drives. However, few cyber incidents ever cause physical damage to things other than computer drives. A decade after Thomas Rid argued that “cyber war will not take place” no one has been physically harmed, let alone killed, by a cyber weapon. 

Similarly, the narrative that spyware is a weapon is false. ISIS/Da’esh and Hamas use trucks. A single terrorist ramming a truck at innocent citizens will generate more impact than most cyber-attacks. 

Yet its non-violent character is the main reason why offensive cyber attacks attract the interest of both state and non-state actors. Cyber offense largely denies clear and timely detection, attribution, and categorization. Thus, cyber offense is extremely useful for operating while remaining below the threshold of armed conflict. Corruption, subversion, hostile disinformation campaigns or influence operations, mercenary operations, and hired assassinations all can benefit greatly from cyber power. 

Moreover, cyber offense offers a truly radical innovation: global reach. The digital substrate made the range of both communication and weapons practically unlimited. 

Cyber offense enriches the toolbox of statecraft, opening venues to operate while avoiding escalation and retribution. Below are some of the comparative advantages of cyber offense with empirical examples. 

Cyber Offense In the Israel-Iran covert war

Much of the world’s state-on-state use of cyber power in recent years occurred in the Iran-Israel covert war. Iran cyber-attacked Israel through false-flag ransomware operations, succeeding in crippling the functions of hospitals, as well as publishing data from the Shirbit insurance company and even from a LGBTQ+ hosting provider.

These Iranian attacks came in response to Israeli challenges. Starting 15 years ago, Israel invested in sophisticated precision-targeted malware to disrupt – by both speeding up and slowing down – the motors rotating thousands of centrifuges at the Natanz nuclear plant. Discovered in 2010, Stuxnet stealthily caused seemingly random mechanical failures of Iranian centrifuges and delayed uranium enrichment. The covert sabotage rendered useless at least 1,000 of the 9,000 IR-1 centrifuges deployed at Natanz in late 2009 and early 2010.

These unexplained failures eroded Iranian confidence and triggered witch-hunting and reorganization throughout Iran’s establishment. The cyber-attack substituted for the air raids that would have been necessary to deliver kinetic, physically destructive, ordnance – and provided Israel and America (reportedly a full partner in the operation, nicknamed “Olympic Games”) with a stealthy, deniable, and effective alternative. This remains the most audacious and impactful cyber campaign to date. More than a decade later, Iran still does not possess the ultimate nuclear deterrent it has been seeking. 

A cyber-attack disrupted gasoline stations across Iran, December 2023. Photo credit: Xinhua News Agency via Reuters Connect (video screenshot).

Israel has developed and deployed other offensive cyber capabilities in order to counter Iran. Below are some of the published examples.

In May 2020, cyberattacks halted operations at the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz. Iran heavily subsidizes fuel, and plans to raise fuel prices in 2019 led to major protests across the country. Cyber-attacks disrupted Iranian fuel supply in October 2021 and December 2023. Iran’s railroad was paralyzed in July 2021. The hackers urged passengers to call for information, listing the phone number of the office of Ayatollah Ali Khamenei on the train information boards. Iran is the leading producer of steel in the Middle East. Three of Iran’s state-owned steel companies were forced to halt production after suffering a cyberattack in 2022. As the regime struggles to suppress popular unrest, video footage showing abuse in the country’s notorious Evin prison was leaked out in August 2021. 

For Israel, cyber weapons offer two advantages: range and deniability. Iran is far from Israel, but cyber weapons have no range limits. Cyber offense has proven that hitting ports, railroads, fuel stations, and other targets is possible. Second, cyber operations provide ample deniability and minimize the risks of unintended escalation. Delivering effects on Iranian soil means that people or projectiles will be detected, certainly after the impact, and direct or indirect retaliation might ensue. 

For Iran, the two main advantages of cyber effect operations are the idea of weakening Israel from within, given Iran’s conceptualization of Israel as an artificial vulnerable entity; and enhancing the regime’s domestic prestige. Personal data leaks are intended to sow discomfort among the presumably decadent Israelis, eventually leading them to give up on the Zionist project. Even if this plotline may look weak to outside observers, the regime gains at home by boasting that Iran, too, can play the cyber game. Military parades, scientific rankings of Iranian universities, and cyber-attacks all contribute to the domestic prestige narrative. 

Cyber is Less Effective in Gaza and Lebanon

One advantage of cyber weapons is their unlimited geographic range. But Hamas and Hezbollah are right on Israel’s borders. This proximity negates some advantages of cyber offense. Moreover, Israel must conquer land to win against both Hamas and Hizbullah; cyber disruptions will not significantly advance this operational goal. 

Cyber capabilities are of some use, generating intelligence dominance for Israel, resulting in finding some of the needles in the urban haystack in Gaza, or in the mountainous terrain in Lebanon, and destroying those with precision-guided airstrikes. 

Israel as a Cyber Power

The London-based International Institute for Strategic Studies (IISS) has published an assessment of countries’ cyber capabilities, in categories ranging from strategy, command and control, intelligence, offense, security, among others. In Tier One, defined as possessing world-leading strengths in all categories, the United States is alone.

In Tier II, with world-leading strengths in some categories, Israel is included alongside China, Russia, the UK, and France. Israel is seen as particularly strong in civilian cybersecurity, cyber intelligence, and the development and use of cyber offense. 

To conclude, cyber-attacks in the Israel-Iran theater will intensify because they offer distinct benefits for both powers. For Israel, cyber weapons offer range and deniability. For Iran, cyber-effects weaken Israel from within and enhance regime prestige. Cyber power plays a supporting role in Israel’s operations against Hamas or Hizbullah where boots on the ground are key. As ever, new ways of war stack up, adding to rather than replacing the old ways.

Lior Tabansky
Lior Tabansky is the Head of Research at the Blavatnik Interdisciplinary Cyber Research Center, and the Academic Director of the Effective Cybersecurity Program, both at Tel Aviv University. He combines a Ph.D. In Political Science with business experience, including formulating cybersecurity strategies for nations and enterprises in Asia, Africa and Europe.
Read the
print issue
Get the latest from JST
How often would you like to hear from us?
Thank you! Your request was successfully submitted.