Summary: The activities of Jerusalem and Tehran’s cyber programs likely indicate a growing cyber conflict. The secretive nature of Jerusalem’s cyber program coupled with previously destructive cyber-attacks against Tehran likely indicates a robust cyber program and increased tensions with Tehran. Determined to increase its cyber capabilities to challenge Jerusalem and control a domestic dissident population, Tehran has invested heavily in its cyber program. However, this investment will still likely fail to meet the robustness of Jerusalem’s cyber program.
Background: Jerusalem first identified cyber as a threat to national security almost two decades ago. Rapid technological advancements reformed Jerusalem’s governmental response to cyber-attacks, such as the establishment of the Israeli National Cyber Directorate, and it boasts a high defensive cyber capability. However, there remains little information about Jerusalem’s offensive cyber capability due to counterintelligence efforts. To curb Tehran’s nuclear program, Jerusalem allegedly created the Stuxnet worm, a powerful malicious software that disabled Iranian nuclear centrifuges, an essential component of nuclear weapons. After media outlets reported Jerusalem launched the cyber-attack, Tehran established the Supreme Council of Cyberspace. The council focuses on creating cyber strategies to target its enemies, mostly to Jerusalem, and finding ways to control its population through information restriction.
Israeli Cyber Capability: Jerusalem’s cyber program, while not exactly publicly known, likely exhibits a fair degree of robustness and sophistication based on historical examples. Additionally, Jerusalem likely utilizes cyber against Tehran but refuses to publicly disclose its existence and involvement. For Jerusalem’s overall cyber defense, evidence shows that Jerusalem possesses a strong cyber defense due to strong collaboration efforts between the Israeli government, academia, private sector, and key international partners. However, details relating to cyber intelligence efforts and offensive cyber capabilities remain largely unknown. Historical examples offer some insight into Jerusalem’s cyber program. The Stuxnet worm, allegedly created by Unit 8200 of Israel in collaboration with the NSA, highlights Jerusalem’s ability to sabotage critical infrastructure as it set Tehran’s nuclear program back. In 2020, Unit 8200 launched a cyber-attack against a critical Iranian port in retaliation for a Tehran-sponsored cyber-attack against Israel’s water treatment facilities. Jerusalem shifted its tactics over time, with more of an emphasis on propaganda and cognitive warfare rather than sophisticated cyber-attacks. This likely serves to influence public perception of the Iranian regime, as Tehran regularly launches disinformation campaigns to portray Israel as evil and warmongering.
Iranian Cyber Capability: Tehran’s cyber program, while not exactly publicly known, likely does not meet the robustness and sophistication of Jerusalem’s cyber program due to domestic problems and historical examples. Even though Tehran saw its budget for cyber increase by 1,200% from 2012 to 2016, internal issues stemming from economic sanctions, political turmoil, terrorism, and other internal deficiencies suggest that its limited resources cannot increase Tehran’s cyber program quickly enough to match Jerusalem.
However, Tehran hacker proxies known as Advanced Persistent Threat groups (APTs) still attempt to hack, with moderate to low success. These APTs likely serve to shift official blame from Tehran. The technical success of most Iranian APT attacks remains low. Reports from Tehran-based cyberattacks show that Tehran regularly engages in low-impact cyber-attacks, specializing in social engineering and public defacement. Overall, Tehran-sponsored operations lack sophistication and ingenuity.
Outlook and Implications: Jerusalem and Tehran’s cyber capabilities likely indicate a growing cyber conflict. Overall, a cyberwar will likely occur due to evidence of both countries ramping up their cyber program and utilizing it against each other. However, neither country will likely admit to getting hacked because of the embarrassment of having its cyber defenses penetrated. Tehran and Jerusalem will likely shift their targeting away from the more secure military organizations and shift to the less secure private sector, as recent cyber-attack trends show that targeting the private sector leads to a higher chance of successfully breaching a system. Additionally, even though Tehran likely does not possess the capability to conduct any meaningful cyber-attack against Israel, it will likely continue to try to sabotage Jerusalem.