Iran Israel Cyber Conflict

Cyber Warfare & Sovereignty: A Case Study of the Iran-Israel Cyber Conflict

By /

Cyber warfare increasingly threatens state sovereignty by allowing non-physical attacks on critical infrastructure. The escalating cyber conflict between Iran and Israel exemplifies this, with incidents like Stuxnet and retaliatory actions blurring lines between war and peace. This digital battlefield challenges traditional international law, as attribution remains difficult and established norms struggle to govern cyber operations, underscoring the urgent need for new legal frameworks.

Askari Bank Banner

Abstract

This paper explores the changing landscape of cyber warfare and what it means for the concept of state and sovereignty, especially in light of the ongoing geopolitical conflict between Iran and Israel. Unlike conventional warfare, cyber warfare enables nations to target vital infrastructure and threaten national security without needing to be present there physically present. The study looks at how this form of cyber warfare challenges traditional ideas of sovereignty, particularly within the framework of international law. Focusing on the escalating cyber conflict between Iran and Israel, it pulls from various sources like articles, books, and reports to examine the key events, such as the Stuxnet attack and the following retaliatory actions. By evaluating how both defensive and offensive capabilities are being used. The research highlights how countries like Iran and Israel are integrating cyber operations into their strategies, blurring the lines between war and peace in today’s digital world.

Introduction

In the international modern conflict world, cyber warfare has become a central issue. It raises new challenges for the concept of sovereignty. Cyber warfare is the use of computer-based attacks of one state to target another state’s system, such as infrastructure, military, or intelligence network, to disrupt the damage it or steal sensitive information (Nye, 2011).  Unlike traditional warfare, which involves physical combat and territorial expansion, cyber warfare functions through invisible attacks in cyberspace. It is more challenging to prevent and govern in the existing international law (Sanger, 2012).

Cyberattacks are now a strategic instrument due to our growing reliance on technology and infrastructure, which allows state and non-state actors to question sovereignty in previously unheard-of ways, especially in politically volatile regions like the Middle East. The concept of sovereignty is traditionally understood as the absolute authority of one state to govern itself without external interference. It is the principle of international law and is upheld by the United Nations Charter. However, in the cyber age, this definition is increasingly under threat. The rise of cyber warfare challenges the concept of sovereignty because it allows states to disrupt or manipulate another state’s affairs without any physical presence.

Both Iran and Israel view cyberspace as an important battleground in their conflict. Both of them have developed offensive and defensive capabilities to assert their power (Lappin, 2018). In the world, Israel has one of the most advanced cyber programs and uses it as a strategy against Iran to contain its influence in the region. On the other hand, Iran sees cyber warfare as a way to challenge Israel’s technological superiority and assert its sovereignty despite economic and military constraints (Anderson and Sadjadpour, 2018).

The rivalry between Iran and Israel offers a compelling case study of how cyber warfare can be used to undermine state sovereignty. Iran and Israel have been engaged in geopolitical conflicts for decades. In recent years, this conflict has expanded into cyberspace. The most notable incident occurred in 2010 when  Iran’s nuclear facilities were attacked by a sophisticated computer worm called Stuxnet. It is widely believed that the attack was carried out by Israel and the United States to delay the Iranian nuclear program. The Stuxnet attack is often cited as the first attack of cyber warfare, which has been used to target critical infrastructure and sabotage national progress, raising concerns security of other sovereign states.

Iran has made significant investments in building up its cyber capabilities after the Stuxnet attack, which it has used to retaliate against Israel (Anderson and Sadjadpour, 2018). Iran was charged in 2020 with trying to breach Israel’s water supply system, which might have been a deadly attack that could have injured citizens (Ahronhein, 2020). These incidents demonstrate how cyber warfare allows a state to engage in war without crossing a physical border. This makes it harder to defend against such attacks and creates new questions about the limits of state sovereignty in the digital age.

This ongoing conflict between Iran and Israel highlights the evolving nature of warfare and the challenges it poses to international law (Schmitt, 2024). Cyberattacks blur the lines between war and peace as they are often covert and difficult to detect until significant damage has already been done (Cornish, 2010). The lack of clear international rules regarding cyber warfare means that states often carry out the attacks without facing significant consequences, which further undermines the principle of sovereignty (Nye, 2017).

Research Questions

  1. How does cyber warfare challenge traditional concepts of state sovereignty in the context of international law?
  2. How have cyberattacks affected the geopolitical conflict between Iran and Israel?

Research Methodology

The researcher has used qualitative methods for data collection and gathering reliable information. Secondary sources such as books, journals, and articles have been utilized for the collection of relevant literature. Other than this, a different source of data, like the internet websites for broad quality information, will be accessed.

Theoretical Framework

Neorealism suggests that the main players in international relations are states, focused on protecting their sovereignty and pursuing national interests. In the case of cyber warfare, both Iran and Israel illustrate this concept.

From Iran’s standpoint, developing cyber capabilities is crucial for defending itself against perceived threats from Israel and the U.S. The Iranian government views these cyber operations as a way to deter aggression and retaliate without engaging in traditional military conflicts. This aligns with the idea in realism that states will seek out tools that enhance their security. On the other hand, Israel operates similarly, enhancing its cyber capabilities in response to the dangers posed by Iran and its allies. For Israel, staying safe means maintaining technological superiority in the cyber realm, allowing it to strike potential threats before they materialize. This quest for security leads Israel to heavily invest in both cyber defense and offensive technologies.

A key idea in neorealism is the security dilemma. When one state tries to strengthen its security, it can unintentionally make another state feel threatened, often sparking an arms race or conflict. As Iran builds up its cyber capabilities to ward off potential Israeli attacks, Israel interprets this as a threat, prompting it to enhance its defenses and countermeasures. This creates a tension-filled cycle where each nation’s cyber activities are seen as aggressive, leading to retaliatory actions on both sides. Power dynamics are vital in this situation. Iran and Israel both strive to establish a form of deterrence through their cyber abilities. Israel, with its cutting-edge technology, can carry out cyber operations that disrupt Iranian military functions. Meanwhile, Iran wants to showcase its capability to strike back at Israeli cyber operations, aiming for a balance based on mutual vulnerability.

The struggle for technological superiority in cyber warfare highlights the principles of realism at play; Israel invests deeply in its cyber capabilities due to its geopolitical landscape and the existential threats it perceives, especially from Iran’s nuclear ambitions. The ongoing cyber confrontation between Iran and Israel has wider implications for international relations.

The militarization of cyberspace adds to regional instability, as both countries engage in offensive actions that could spiral into larger conflicts. Neorealism suggests that this instability arises from the chaotic nature of international relations, where states prioritize survival over cooperation. Additionally, while neorealism emphasizes power dynamics, it also points out the weaknesses of international norms in controlling state behavior in cyberspace.

The absence of enforceable international laws on cyber warfare allows countries like Iran and Israel to maneuver with relative ease, complicating any diplomatic efforts for resolution. In summary, viewing the cyber warfare between Iran and Israel through a neorealist lens highlights how national interests, power struggles, and the security dilemma shape their interactions. Both nations see their cyber capabilities as essential for survival and asserting influence in a challenging geopolitical environment. Understanding these dynamics helps illuminate the motivations behind their actions and the possible implications for regional and global stability.

Cyber Warfare: Challenging the Concept of State Sovereignty

In international law, state sovereignty is the foundational principle, which is rooted in the Treaty of Westphalia (1648). It established the notion of territorial integrity and non-interference in the domestic affairs of the state. According to Article 2(4) of the United Nations Charter, all the member states are obliged to refrain from the threat or use of force against the territorial integrity or political independence of any state, a cornerstone of the principle of sovereignty in modern international relations (Schmitt, 2012).

However, the concept of sovereignty was developed for the world of physical borders, where the movement of troops, weapons, and resources is easily observable. This traditional understanding was disrupted by cyber warfare, as it enabled states and non-state actors to conduct operations across national borders without physical presence, often bypassing conventional defenses. The rise of cyberattacks prompts debate about whether and how they impact national sovereignty and whether they qualify as acts of aggression under international law.

One of the major challenges cyber warfare poses to international law is the difficulty of attributing cyberattacks to specific state actors. Traditional warfare involves clear lines of responsibility, with the attacking state being identified through military forces or declarations. However, in the context of cyber warfare, attacks can be launched anonymously or disguised through sophisticated means such as the use of proxies or state-sponsored hacker groups. This means it is difficult to identify or determine whether the cyberattack is an act of war by a sovereign state or merely the action of a non-state actor (Moerel and Timmers, 2021).

International law was largely developed with traditional means of warfare in mind, focusing on the laws of armed forces (LOAC) and the Geneva Convention, which govern the conduct of war and the protection of civilians. The application of these laws to cyber warfare is still evolving. Although some scholars argue that existing international law can be applied to cyber warfare, others suggest that the unique characteristics of cyber conflicts, such as speed and scale, anonymity, necessitate the development of new legal norms. For instance, the Tallinn manual, a set of guidelines developed by NATO experts.

It provides insights into how international law may apply to cyber operations, particularly in the context of armed conflicts. However, these guidelines are not legally binding, and there is no consensus on their applicability (Schmitt, 2017). Due to the state’s growing recognition of the need to protect its cyberspace, international efforts to regulate cyber warfare have gained momentum in recent years.

The UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunication has issued reports advocating for the application of international law to cyber activities, urging states to avoid using cyberattacks to violate the sovereignty of other states. The 2015 GGE report, for example, emphasized that international law, including the UN Charter, applies to the use of ICT in conflicts. However, the enforcement mechanism remains unclear, and many states have expressed concerns about state control over the internet, citing issues such as censorship and data sovereignty (UN Secretary General, 2013).

Cyber warfare can undermine national sovereignty by destabilizing government functions such as economic stability and security infrastructure. The attacks on critical infrastructure such as power grids or financial systems could be seen as direct interventions into the state’s domestic affairs, yet they often occur without a formal declaration of war, leaving states vulnerable. Moreover, the attribution issue complicates the state’s ability to respond and take countermeasures. For example, the cyberattack in 2007 in Estonia, which targeted the government and financial system, raised questions about the appropriate response in terms of both cyber defense and retaliation under international law (Rid, 2012).

Despite the challenges posed by cyber warfare, there are emerging efforts to create norms that could balance state sovereignty with the need for international cooperation in cyberspace. The Paris Call for Trust and Security in Cyberspace, endorsed by numerous countries and private sector entities, advocates for norms around accountability, stability, and protection of critical infrastructure. These efforts underscore the potential for cyber governance that respects sovereignty while ensuring responsible state behavior in cyberspace (Novento et al., 2018). International law traditionally defines state responsibility in terms of kinetic actions, requiring clear evidence of state involvement in wrongful acts. However, cyber operations introduce complexities that challenge these frameworks.

The complex nature of cyber warfare may not be sufficiently addressed by the International Court of Justice’s ‘effective control’ standard for assigning blame to the government. Cyber weapons can function discreetly or lie dormant, it might be challenging to prove the direct involvement of the state in strikes (Margulies, 2013). According to Article 2(4) of the UN Charter, member states are not allowed to threaten or use force against another state’s political independence or territorial integrity. There are serious concerns raised by this clause regarding the classification of cyberattacks as a “use of force.”

Understanding how states can react to cyber activities that have the potential to cause serious harm or disruption depends on how this article is interpreted. Cyberattacks can have traits in common with both non-military coercion (like economic pressure) and military measures (like taking down vital infrastructure). Under international law, this vagueness makes legal responses and enforcement more difficult (Schmitt, 2017).

If a member state is the target of an armed attack, Article 51 recognizes the inalienable right to defend oneself or one’s community. Whether a cyberattack might qualify as an armed attack under this clause and warrant a military response is the main point of contention. Legal experts and practitioners are increasingly realizing that some serious cyberattacks may qualify as armed attacks and hence trigger Article 51 rights to self-defense. This viewpoint emphasizes how important it is to define precisely what an “armed attack” in cyberspace is. (Roscini, 2010)

The UN General Assembly provides a forum for debating and creating cybersecurity and cybercrime standards. Its decisions have considerable political clout and have the power to affect governmental policies even if they are not legally binding. By starting conversations on a range of cybersecurity topics, the General Assembly has helped to create international standards that direct state conduct in cyberspace (Odermatt, 2020).

The United Nations has been developing an international convention to combat cybercrime since May 2021. This agreement may establish a fundamental legal framework for global collaboration in stopping and investigating cybercrime. Adoption of this convention might strengthen international efforts to combat cybersecurity risks while guaranteeing online human rights protection. However, worries about possible misuse by authoritarian governments continue to be significant.

Impact of Cyberattacks on the Conflict between Iran and Israel

The geopolitical conflict between Iran and Israel has escalated in recent years, particularly through the lens of cyber warfare. As both nations leverage technology for their strategic advantage, cyberattacks have become a critical component of their confrontations, influencing military strategies, political narratives, and international relations. The conflict between Iran and Israel dates back to the Iranian Revolution in 1979. It marked a significant change in the bilateral relations between Iran and Israel.

After the Iranian Revolution, Iran adopted a constant anti-Israel stance and supported groups like Hezbollah and Hamas to counter the Israeli influence in the region, and these groups are against Israel’s interests. Historically, Iran and Israel have engaged in a shadow war characterized by intelligence, sabotage, and direct military confrontation. Israel has targeted Iranian nuclear facilities and military assets through various means, like cyberattacks and Stunext, which disrupt the Iranian uranium enrichment efforts. Conversely, Iran has sought to retaliate through its cyber capabilities, targeting Israeli infrastructure and institutions.

Israel is known as the leader in cyber capabilities. Israel advanced its technology military sector and intelligence service to build a formidable cyber force. Israel’s military intelligence cyber unit, which is 8200, plays a very important role in the offensive cyber operations. These operations include intelligence gathering and cyberattacks on critical infrastructure in Iran (Tabansky, 2020). Israel’s cyber strategy is defined by a proactive approach, focusing on hindering or postponing Iranian initiatives, particularly regarding its nuclear program.

The country’s significant investment in cybersecurity underscores its wider goal of achieving technological dominance in the region (Yadlin, 2019). In response to Israel’s cyber strengths, Iran has swiftly established its cyber unit. The Islamic Revolutionary Guards Corps (IRGC) and various state-linked entities frequently conducted Iranian cyber operations. Iran has executed counter-cyberattacks aimed at Israel’s private industry, infrastructure, and governmental institutions. While Iran may not possess the same technological sophistication as Israel, it has managed to launch disruptive attacks by exploiting differences in cyber capabilities to challenge and weaken Israeli interests.

The Stuxnet worm, which penetrated Iran’s Natanz nuclear facility, was the first identified cyberattack to inflict physical damage on industrial systems. By focusing on particular Siemens software utilized in Iran’s nuclear centrifuges, the attack postponed Iran’s nuclear ambitions by several years. Additionally, Stuxnet conveyed a clear message: Israel—and likely the U.S.—possessed the ability to discreetly interfere in Iran’s nuclear endeavors without resorting to direct military action. This attack established a benchmark for future cyber operations in the region (Langner, 2012).

Iran’s response to Israeli cyber aggression was marked by decisive actions, including the Shamoon attacks on Saudi Aramco in 2012 and 2016. Although these strikes targeted a Saudi entity, the message was unmistakable: Iran has the ability and resolve to launch powerful cyberattacks against Israel’s allies and Western powers (Lewis, 2017). Starting in 2019, both nations intensified their cyber warfare against each other’s critical infrastructure. In 2020, Israel reportedly carried out cyberattacks on Iran’s port systems, leading to considerable economic disruption. In response, Iran targeted Israeli water systems, highlighting the susceptibility of civilian infrastructure in both countries to cyberattacks (Efron, 2020).

After the outbreak of the Israel-Hamas war on October 7, 2023, Iranian cyber operations against Israel surged drastically. Reports indicate that nearly half of Iran’s cyber activities during this period target Israel’s entities. There is a significant shift from previous focus areas such as the United States and Gulf states. Microsoft’s digital defense reports highlighted that from July to October 2023, only 10% of Iranian cyberattacks were directed at Israel. However, this figure skyrocketed post-war (Microsoft, 2024)

A notable recent development occurred on April 13, 2024, when Iran launched a missile strike on Israel from its territory. This unprecedented act was coupled with assertions from Iranian hacking groups that they had infiltrated Israeli radar systems shortly before the assault. While Israeli officials indicated there was no unusual online activity at that time, the incident highlighted the interconnection between kinetic and cyber warfare in this ongoing conflict (Institute for the Study of War, 2024).

On April 13, 2024, Iran executed an unprecedented missile strike against Israel, reportedly in response to a previous assault on its consulate in Syria. In the days leading up to this attack, Iranian-affiliated hacker groups, including Handala Hack, claimed to have compromised Israeli radar systems. Furthermore, since October 2023, following Hamas’s attack on Israel, there has been a notable increase in Iranian cyber activity aimed at Israel. This uptick in cyberattacks has involved efforts to infiltrate Israeli military systems and carry out phishing campaigns targeting government personnel.

Since the escalation of conflict in the region following the Hamas attack on October 7, 2023, reports indicate that Iranian cyberattacks targeting Israel have surged, increasing threefold. These cyber offensives have involved attempts to compromise military systems and phishing tactics aimed at government employees (Al Arabiya, 2024; Iran International, 2024). Groups like Handala Hack and Nethunt3r have publicly taken credit for numerous breaches within Israeli infrastructure.

Notably, Handala Hack asserted it gained remote access to Israeli radar systems shortly before the missile strikes, though Israeli officials reported no signs of unusual online activity at that time, casting doubt on the validity of these claims. Additionally, several pro-Iranian hacktivist organizations have emerged, with Handala Hack, active since early 2024, focusing on low-level website defacement and reported access to military infrastructure. Similarly, Nethunt3r claimed to have infiltrated the Israeli Ministry of Defense, leaking sensitive documents about military procurement (The Economist, 2024).

The ongoing cyberattacks are part of a larger pattern of escalation between Iran and Israel where both states engage in tit for tat attacks. In the situation between Iran and Israel, both states are continuously assessing and enhancing their cyber capabilities in response to detected threats. Furthermore more the dynamic allows for continued hostilities while minimizing the direct military engagement, which could lead to broader conflict.

Conclusion

Cyber warfare is reshaping the dynamics of state sovereignty and international relations. The traditional framework, such as the UN Charter, prohibits intervening in a country’s internal matters; however, when it comes to cyber warfare, these guidelines fall short. They don’t clarify how nations should react when their sovereignty is threatened by online attacks. This leaves a bit of a gray area, making it unclear what exactly counts as a violation of sovereignty in the digital world..The situation between Iran and Israel underscores the increasing dependence on cyber operations, allowing both countries to exert influence without physically invading a territory. The complexities introduced by cyberattacks include challenges in identifying the culprit and the absence of clear international law and diplomacy. As cyber warfare continues to blur the boundaries between conflict and peace, nations must create strong cyber strategies while collaboratively working to establish the norms that can help reduce the escalation risks and safeguard national sovereignty in this digital era.

References

  • Anderson, C., & Sadjadpour, K. (2018, January 4). Iran’s cyber threat: Espionage, sabotage, and revenge. Carnegie Endowment for International Peace.
  • Ahronheim, A. (2020, May 2). Iran tried to hack Israel’s water systems in a failed cyberattack. Jerusalem Post.
  • Al Arabiya. (2024, October 15). Iran cyberattacks against Israel surge after Gaza war: Report. Retrieved from https://english.alarabiya.net/News/middle-east/2024/10/15/iran-cyberattacks-against-israel-surge-after-gaza-war-report
  • Bronk, C. (2015). Cyberattacks and the Interpretation of Article 2(4) of the UN Charter. Global Legal Studies Review8(2), 17-23.
  • Clarke, R. A., & Knake, R. K. (2010). Cyberwar: The next threat to national security and what to do about it. HarperCollins
  • Collin Anderson and Karim Sadjadpour, “Iran’s Cyber Threat: Espionage, Sabotage, and Revenge,” Carnegie Endowment for International Peace, 2020.
  • Cornish, P. (2010, March). Cyber warfare and the laws of war. Royal United Services Institute.
  • Economic Times. (2024, October 13). Israel-Iran War: Massive cyberattacks strike Iran’s nuclear facilities and government agencies
  • Efron, Y. “Cyberattacks and Infrastructure: The Iran-Israel Cold War,” INSS Insight, 2020.
  • Hollis, D. B. (2012). Why states need an international law for information operations. Harvard International Law Journal, 54(1), 21-25.
  • Langner, R. “Stuxnet and the Future of Cyber War,” Foreign Affairs, 2011.
  • Lappin, Y. (2018). Israel’s cyber warfare capabilities: A critical component of national security. Journal of Strategic Studies, 41(1-2), 112-130. https://doi.org/10.1080/01402390.2017.1307744
  • Lewis, J. A. (2019, December). Sovereignty and the role of government in cyberspace. Center for Strategic and International Studies
  • Lewis, J. “Shamoon: Iran’s Destructive Data Wiper,” Center for Strategic and International Studies, 2017.
  • Margulies, P. (2013). Sovereignty and cyberattacks: Technology’s challenge to the law of state responsibility. Melbourne Journal of International Law14(2), 496-519.
  • Moerel, L., & Timmers, P. (2021). Reflections on digital sovereignty. EU cyber direct, research in focus series.
  • Nakashima, E., & Warrick, J. (2012, June 2). Stuxnet was the work of U.S. and Israeli experts, officials say. The Washington Post
  • Novanto, D. C., Putranti, I. R., & Dir, A. A. B. (2021). Cybernorms: Analysis of International Norms in France’s Paris Call for Trust and Security in Cyberspace. Journal of Islamic World and Politics5(2), 326-342.
  • Nye, J. S. Jr. (2011). The future of power. Public Affairs.
  • Nye, J. S. Jr. (2017). Deterrence and dissuasion in cyberspace. International Security, 41(3), 44-71.
  • Odermatt, J. (2020). Cyber Espionage and International Law: The Regulation of Force and Conflict Begins with the UN Charter. Cyber Espionage and International Law.
  • Rid, T. (2012). Cyber war will not take place. Journal of Strategic Studies35(1), 5-32.
  • Roscini, M. (2010). Cyberattacks as “Force” Under UN Charter Article 2(4). Columbia Law Review110(5), 1882-1900.
  • Sanger, D. E. (2012). Confront and conceal: Obama’s secret wars and surprising use of American power. Crown Publishing Group
  • Schmitt, M.N. (2014). Cyberattacks and the Use of Force: Back to the Future of Article 2(4). Yale Journal of International Law36(2), 427-455.
  • Schmitt, M.N. (2017). Power Relations and Regulating Cyberattacks: The Role of UN Organs in Addressing Cyber Threats. Cyber-Attacks and the Use of Force.
  • Schmitt, M. N. (Ed.). (2017). Tallinn manual 2.0 on the international law applicable to cyber operations. Cambridge University Press.
  • UN Secretary-General (2013). Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security: note/by the Secretary-General.
  • Tabansky, L. “Israel’s Cyber Defense Doctrine,” Cyber, Intelligence, and Security, 2020.
  • The Stuxnet Operation: Cyber Warfare’s Impact on Geopolitics,” Journal of Strategic Security, 2012. 
  • The Economist. (2024, August 15). Iran’s electronic confrontation with Israel.
  • Yadlin, A. “Cyber Power in Israeli National Security Strategy,” Israel Journal of Foreign Affairs, 2019.
  • Voice of America. (2024, October 15). Report: Iran cyberattacks against Israel surge after Gaza war
  • Waxman, M.H. (2016). Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4). Austin Journal of International Law28(1), 10-20.

If you want to submit your articles and/or research papers, please visit the Submissions page.

To stay updated with the latest jobs, CSS news, internships, scholarships, and current affairs articles, join our Community Forum!

The views and opinions expressed in this article/paper are the author’s own and do not necessarily reflect the editorial position of Paradigm Shift.

About the Author(s)
+ posts

Sidra Riaz is a student of MS in international relations at Bahria University with a keen interest in climate change, security studies, and social development in South Asia. Her work focuses on exploring the intersections of environmental challenges and human security. She has contributed to various academic and non-academic platforms on related topics.