Iranian Jerusalem Day, the final Friday of Ramadan, which falls this year on this Friday, has become a notorious marker for disruptive cyberattacks on Israeli targets. This year, with the backdrop of the war and a shifting international balance of power, I argue that it’s reasonable to expect larger and more devastating cyber assault. The focus goes way beyond small and mid-cap businesses. Attackers now aim to cripple critical infrastructure – the very lifeblood of Israeli society – and sow widespread societal chaos.This raises a critical question: Is Israel adequately prepared to defend itself against such an attack?
Understanding the engine behind the attacks: Iran’s cyber strategy
Iran’s success in maintaining economic and security ties, despite international sanctions and domestic pressures, fuels its cyber capabilities. Their strategy resembles a meticulously constructed pyramid, with Iran at the apex, propped up by the economic and military might of China and Russia. This alliance allows them to circumvent Western influence and carve out a path for independent action. Furthermore, Iran actively strengthens ties with Arab allies like Saudi Arabia, aiming to isolate Israel geopolitically.
Technological advancements and doctrines: Sharpening the Iranian cyber weapon
While Iran’s cyber system has always been sophisticated, it has become demonstrably more aggressive in recent years. Doctrines and expertise acquired from Russia have significantly bolstered their offensive capabilities. Additionally, Iranian research institutes are adept at rapid technology acquisition. Through reverse engineering captured drones, they have significantly improved their own unmanned aerial vehicle (UAV) technology. However, the focus seems to have shifted towards manipulating Israeli public opinion through sophisticated fake news campaigns aimed at sowing discord and eroding social trust.
Shifting targets and the growing threat landscape
Iranian cyberattacks primarily targeted smaller Israeli organizations with weaker cyber defenses. In recent years, the focus has shifted towards critical infrastructure – the backbone of a functioning society. Hospitals, academic institutions, and technological supply chains, including data storage systems, are all highly vulnerable targets. Recent attacks have shown some success, granting Iran access to sensitive information that could be used to further disrupt Israeli economic activity. However, the major concern is that these are merely precursors to a more disruptive attack – potentially crippling critical infrastructure, disrupting the operations of key financial institutions, or even leaking sensitive information related to Israel’s foreign and security relations.
Restoring deterrence: A multi-pronged approach for a multi-layered threat
A multi-pronged approach is necessary to restore Israeli deterrence in the cyber arena. Politically, expanding the Abraham Accords to include Saudi Arabia, Oman, Kuwait, and Qatar, alongside neutral countries like Algeria and Tunisia, could present a united front against Iranian aggression. This diplomatic move could not only isolate Iran geographically but also create a more stable regional environment. Additionally, linking the reconstruction of the Gaza Strip to the expansion of these agreements, with US involvement, could offer a carrot-and-stick approach, incentivizing regional cooperation while deterring further conflict.Militarily, a more proactive stance is needed. Targeting Iranian leadership and disrupting supply chains to Hezbollah and Hamas could disrupt their operational capabilities and send a strong message of deterrence.
The cornerstone of deterrence: A national cyber defense strategy
Alongside Israel’s outstanding abilities in the field of cyber defense, we must develop and strengthen the recovery models for managing cyber crises. The strategy that ‘Code Blue’ recommends is an active defensive multidisciplinary effort.
We must always assume that every line of defense is breakable and will be broken. Employing a vision of crisis management and crisis anticipation, adopting defensive models performing proactive cyber defenses, for all sectors, from government companies to private businesses and individuals is a must.
The writer, founder of Code Blue, is a cyber crisis management expert. He is a former deputy head of the National Cyber Directorate.