Iranian ‘Restraint’ and ‘Small’ Cyber Attacks
“Cyber winter is coming,” warned Yigal Unna, Israel’s national cyber chief, but The New York Times can’t see past the fall.
In an article this week arguing that Iran is pursuing a policy of restraint in the months before the US elections, The New York Times cites by way of example the Ayatollah Ali Khameini’s rejection of “any large-scale response” to Israeli attacks on Iranian troops in Syria. “Instead the Islamic Revolutionary Guards Corps received permission for a small cyberattack against Israel,” according to the Times authors (“As U.S. Increases Pressure, Iran Adheres to Toned Down Approach,” Sept. 19).
The digital news story links to a May 19, 2020 Times article about Israel’s cyberattack on an Iranian port, launched in response to Iran’s unsuccessful attack the previous month on Israel’s water system. While The Times characterized the Iranian port of Shahid Rajaee as “major” and “strategically important,” no such adjectives are attached to Israel’s critical civilian infrastructure, described blandly as “an Israeli water facility.” In the eyes of Times writers, civilian water infrastructure in Israel’s desert climate during a devastating epidemic is, apparently, neither “strategically important” nor “major.”
The Times went to lengths not only to minimize the significance of the Israeli infrastructure, but also the severity of the attack itself. “Officials in Israel initially decided the country should not retaliate for the attack on the water system, according to the intelligence sources, because its effect would have been minor even if it had succeeded,” reported the Times‘ Ronen Bergman and David Halbfinger. “The attack and its quality were described by intelligence official [sic] as ‘miserable.’”
Meanwhile, less than 10 days after The Times quoted an unnamed intelligence official (or officials?) describing the attack as negligible, Unna, Israel’s cyber head, “officially acknowledged the country had thwarted a major cyber attack,” “calling it a ‘synchronized and organized attack’ aimed at disrupting key national infrastructure,” reported The Associated Press (“Israeli cyber chief: Major attack on water systems thwarted“).
In a video address to CybertechLive Asia, an international cyber conference, he said: “I think we will remember this [attack on Israel’s water system] last month and May 2020 as a changing point in the history of modern cyber warfare,” according to AP. “If the bad guys had succeeded in their plot we would now be facing, in the middle of the Corona crisis, very big damage to the civilian population and a lack of water and even worse than that.”
“Unna said the attempted hacking into Israel’s water systems marked the first time in modern history that ‘we can see something like this aiming to cause damage to real life and not to IT or data,’” AP continued. “Had Israel’s National Cyber Directorate not detected the attack in real time, he said chlorine or other chemicals would have been mixed into the water source in the wrong proportions and resulted in a ‘harmful and disastrous’ outcome.”
A May 31 Financial Times article, ominously titled “Israel-Iran attacks: Cyber Winter is Coming,” noted that the suspected goal of the Iranian plot was to “trick the computers into increasing the amount of chlorine added to the treated water that flows to Israeli homes, the western official said.”
“The alleged Iranian cyber attack on the water plant could have triggered fail-safes that would have left tens of thousand [sic] of civilians and farms parched in the middle of an Israel heatwave, as the pumping station shut down when the excess chemical was detected. In the worst-case scenario, hundreds of people would have been at risk of becoming ill, said the western official, whose government was briefed on the attack,” according to the Financial Times.
“It was more sophisticated than they [Israel] initially thought,” the British paper quoted the Western official. “It was close to successful, and it’s not fully clear why it didn’t succeed.”
Beyond the April 24 and 25 attack on Israel’s water system, the Institute for National Security Studies cited a May 25 Channel 12 (Israel) report which found “that in recent weeks, cyberattacks intended to harm Israeli research institutes dealing partly with the development of medications and vaccines against the coronavirus have been disclosed. According to the report, the goal of the attacks was not information collection, but destruction.”
“Iran’s supreme leader has blocked any large, direct retaliation to the United States, at least for now, allowing only cyberactivity to flourish, according to American and allied officials briefed on new intelligence reporting,” the Times reassured this week, discounting the Trump administration’s portrayal of Iran as “an increasingly dangerous threat.”
The US president and senior administration officials “have presented Iran as a threat to the fall election on par with Russia, an assessment that intelligence officials and outside experts say is wrong,” said The Times.
But Iran’s unprecedented, brazen attack on Israeli civilian infrastructure, endangering the water supply of tens of thousands and risking the deaths of hundreds of citizens due to chlorine poisoning, underscores that it would be imprudent to dismiss the regime’s appetite for cyber warfare as “only cyberactivity” and “restraint.”
Likewise, though the Times’ coverage of Iran’s cyberactivity focuses narrowly on potential (read: minimal) threats to the upcoming US elections, it would be foolhardy to ignore Iran’s demonstrated willingness to direct its cyber assaults against civilian populations of US allies, opening the door to future attacks against American civilians as well.
“We are just seeing the beginning,” Unna predicted the approaching cyber winter.
If he is right, the storm will wreak havoc on more than just the Times‘ calming portrait of a restrained Iran.
Tamar Sternthal is director of the Israel office of CAMERA, the Committee for Accuracy in Middle East Reporting and Analysis.