Strategic Silence: Cyber Retaliation in the Iran-Israel Conflict

by Rimsha Malik

On June 21, US President Trump ordered a direct attack on Iranian nuclear sites, sending B2 stealth bombers to strike three underground facilities. The operation marked a clear change in strategy and sparked mixed international reactions.

However, it is clear that the boundaries of the war in the Middle East are no longer just geographical, and it is not only about missiles striking fortified infrastructure; there is another, less noticeable face of  this conflict: cyberspace.

The leadership in Iran has promised retaliation and although the traditional military response is still a possibility, it is more likely that cyber activity will become more prolific.

Indeed, over the last few years, there has been a growing trend of Iran relying on asymmetric digital warfare as a strategic instrument to overcome deficiencies in conventional warfare capability. Ever since the attacks of October 7 and the Israeli campaigns, the manifestation of cyber capabilities in Tehran has become more consistent, not only in the form of retaliation but also to demonstrate resilience and cohesion within the system.

Analysts are keenly observing this change. Chief analyst of Google Threat Intelligence Group John Hultquist has observed an increased likelihood of Iranian cyber operations against U.S. systems following the strikes. Although Iranian successes in the cyber field had been variable so far, in the particular cases of targeted institutions, such endeavors were disruptive. These are attacks that do not easily distinguish the line between technical harm and psychological harm. There is a risk of overstating the Iranian cyber groups’ effect to achieve their strategic vision hence premature conclusions are hard to make on their effectiveness. However, the consequences of minor less secured businesses can still be drastic.

Iran has an established history of cyber posture that consists of espionage, disinformation and disruption of some infrastructure. Hacktivist organizations are capable of launching a denial of service operation, but Iranian-related activity is more about surveillance, especially of individuals and organizations with a connection to the region or policy matters. Noty only governments. Air transport, telecommunications and guest net access are also targeted with a view of gaining information on the movements and communications of the policymakers, analysts and oppositionists.

In that regard, the retaliatory action may not be targeted by one particular instance but rather by an ongoing pressure campaign in most areas. As it is, cyber units allied with Tehran have already executed attacks on Israeli institutions such as hospitals and government portals. In its turn, the Israeli-affiliated hacking groups have organized counter attacks, establishing an impact on Iran banking networks and crypto exchanges.

These attacks are signs of change in doctrine. Cyber is not quite a disruptive device anymore; it is an enclosure, an avenue of struggle, carefully tuned to create strategic messages and political advantage. The regional ripples are already being felt. In the UK, the government has made known that it has seen continuous Iranian-related cyber-attacks against national infrastructure.

Major Iranian dissident media outlets in London (including Iran International TV) have continually been under threat, and it has subsequently transferred its operation to Washington. Increased surveillance has seen the European security agencies pay closer attention since there have been incidents where surveillance in cases of suspected attacks were detected in London in the recent past.

The US, in its turn, has found itself in the era of increased digital awareness. Critical infrastructure protection agencies have warned and advised the actors in the private sector to increase their resiliency. According to views brought forth by both the public and private security analysts, a cyber retaliation is likely to be directed to sectors that include energy, transport, and the financial system. The operations cannot be massive in line but the strategy is to establish a growing feeling of vulnerability and tactical exhaustion.

Among other things, it is noteworthy that this conflict does not settle as an exclusively interpersonal conflict between the immediate participants. Globalization of risk has occurred as a result of the digitalization of warfare. Any interdependent system turns into a point of attack and the major threats are exploiting the weak points which are a third-party vendor, aged or neglected infrastructure and the ignorant people.

This change holds valuable lessons for countries like Pakistan. By remaining strategically neutral in this conflict, Pakistan is becoming increasingly vulnerable to cyber spillover in the region. The escalation of the cyberwar between Israel and Iran, in which the U.S. participated, indicates that future problems originating in the region will almost certainly involve a digital aspect. In such an atmosphere, cyber alertness cannot be reactive. States must pay attention to capacity building, legal forms of digital sovereignty, and incorporate them into national security planning.

Going forward, it is not difficult to envisage that this cyber war will take a gradual approach. It is not going to be one dramatic breaking point, but instead it can manifest itself in the form of surveillance operations, disinformation campaigns, and silent coercion of friendly or neutral nations. Retaliation can also be sown in other areas than where it is anticipated as it can be directed towards influence networks, diaspora groups, or economic relations. The escalatory cost in physical terms can prevent the launch of a missile. But in cyberspace the bar to action is less high and attribution is usually incomplete.

The most important thing about this moment is the changing character of the deterrence itself. The old model (it relies on being seen, intimidating power) cannot work easily in a bastion filled with small-scale, delayed or plausible deniability attacks. This leads to a strategic gray area whereby the actors push the boundaries to the point that does not evoke an official war action, and all of the rules are still unspecified.

Without effort to establish a standard of cyber interaction, there is danger that such operations will come to be considered normal– tools of statecraft, in whatever way they cause collapse to civilian life, in whatever way they come to haunt us. In the absence of international cooperation, there is a heightened risk that the unintended collision or escalation in the digital space will result in a real conflict in the real-life arena.

This hour is thus a military challenge not alone, but a diplomacy planning outlook as well as technology control. The cyber aspect of the Iran-Israel conflict is unlikely to make headlines in the same way as airstrikes are, but its consequences are long-term, cumulative, and long-range and destabilising to a far greater extent than the region itself. Not only is it a new kind of warfare – it is a new kind of diplomacy, a gamble, a standing off.

Author: Rimsha Malik – Associate Research Officer, Center for International Strategic Studies, AJK, Pakistan.

(The opinions expressed in this article are solely those of the author and do not necessarily reflect the views of World Geostrategic Insights).

You may also like

Leave a Comment

Stay Connected

Follow and subscribe

Contact CISS AJK

Center for International Strategic Studies AJK, King Abdullah Campus Chatter kalas Muzaffarabad, Azad Jammu and Kashmir

05822922322

admin@cissajk.org.pk

career@cissajk.org.pk