The Israel Defense Forces (IDF) used to have two basic systemic situations: fighting in war and preparing for war. These dynamics existed for decades, but the situation began to change after the Second Lebanon War (2006). A few years later, a third dimension in IDF strategy appeared, as formulated by former IDF chief of general staff Gadi Eisenkot: “the Campaign Between the Wars” (CBW). Among the objectives of the CBW is to postpone war, disrupt the opponent’s initiatives, give Israel a dimension of initiative, and design the strategic arena.
At CBW, the IDF operates all the tools and methods, both overt and covert, including the cyber dimension. As early as 2009, the IDF defined cyber as a strategic and operational combat space and started preliminary organizational changes. The former commander of Unit 8200, the IDF’s cyber intelligence unit, addressed the need to create cyber superiority and the need for constant friction in order to turn the theory into practical capabilities. He also proposed establishing cyber offensive capabilities as part of Israel’s combat concept.
Recently, a debate has arisen around the question of why effective and aggressive Russian cyber activity was not activated in the war in Ukraine. Several explanations were given for this: Russia was not interested in it, for various reasons, or alternatively, Ukraine—with the help of the West—thwarted Russian plans to disrupt its infrastructure. In any case, it seems that when guns are roaring it is harder for cyber to make an impact.
In recent years, Israel and Iran have been exchanging cyber blows. The struggle began more than a decade ago with the discovery of the “Stuxnet” worm that was designed to disrupt the Iranian centrifugal system and attributed to the West and Israel. Subsequently, a disruption to the operation of an Iranian shipping company (IRISL) was attributed to Israel. In the last two years, there has been an escalation in the number of attacks attributed to Israel, such as disruption to the operation of a central port in Iran, the takeover of cameras in an Iranian prison, disruption of train traffic, shutdown of government sites, and, recently, disruption of work in a steel plant. It is not always possible to clearly interpret the purpose of these attack, which have been attributed to Israel, but it is possible that the attacks were intended to intensify the pressure on the regime and to allow Israel to respond to Iranian moves.
In contrast to the CBW in Syria, where Iran does not respond to attacks by the Israeli Air Force, the cyber dimension is different; Iran frequently acts directly or indirectly against Israel. For example, the attempt to disrupt water facilities in Israel, the disruption of government websites, and the attack on insurance companies and other civilian companies, in order to disrupt the routine of life and the sense of security by invading public privacy. The above attacks are only part of full picture, and, of course, downplay Israel’s ongoing defensive efforts to thwart Iran’s attempts to harm it.
The confrontation between Israel and Iran in the cyber dimension is exacerbated and it recently came up for discussion among the captains, when former Israeli prime minister Naftali Bennett referred to the recent exchange of cyber blows between Israel and Iran and claimed that cyber deterrence was required, meaning “whoever deals with Israel will pay a price.”
From all of these above, five important insights can be gleaned:
First, as a new combat space, cyber has found a place in Israel’s competition with Iran, especially in the CBW where there are fewer lethal actions and non-noisy moves can make an impact.
Second, cyber action does not stand on its own. It must be integrated into the framework of cognitive influence campaigns on social networks and in the media with the purpose of strengthening the cyber actions and ensuring that their message resonates with the other side.
Third, in cyber, both sides are constantly learning from one another while they compete. This is even true of players at different levels of technological and intelligence prowess.
Fourth, the rules of the game have yet to be formulated and set. Thus, each side tries to take advantage of its opponent’s weaknesses and it should not be assumed that only one side will act without response.
Fifth, cyber wars occur where it is convenient for one side. Therefore, civilians may find themselves being targeted and under attack, especially when military facilities and critical infrastructure are under the protection of resilient cyber defenses.
Lt. Col. (res.) David Siman-Tov is a Senior Research Fellow at the Institute for National Security Studies (INSS) and deputy head of the Institute for the Research of the Methodology of Intelligence (IRMI) at the Israeli Intelligence Community Commemoration and Heritage Center.