16 May 2019

Hamas Cyber Attack and Israel’s Armed Response

By Seth Cropsey

As part of a larger operation that Israel conducted in response to rocket attacks from Gaza the first weekend in May, the Israeli Defense Forces (IDF) thwarted a Hamas cyber offensive against Israeli targets. Israel’s response did not stop at using digital means to turn back Hamas’ cyber assault. The IDF targeted and demolished a building where the Hamas cyber operatives worked. “Hamas no longer has cyber capabilities after our strike,” said IDF spokesperson Brigadier General Ronen Manelis, a statement that indicates Israel’s concerns in responding to Hamas included the terror organization’s use of cyber-warfare. 

According to the commander of the IDF’s Cyber Division, Hamas’ cyberattack occurred on Saturday, May 4 and was aimed at harming the quality of life of Israeli citizens. This could mean anything: from attacking critical civilian infrastructure to interrupting secure communications, to interfering with ongoing military operations to theft to espionage. There’s a wide range of possible Hamas targets and no sensible reason for the IDF to specify where the enemy might have succeeded or even come close to succeeding.

But it’s clear that Israel’s ability to answer cyber offensives had been planned thoughtfully and was coordinated across military/civilian lines. The cyber operation that countered Hamas was a joint effort of Unit 8200 of IDF’s Military Intelligence, the IDF’s Teleprocessing Directorate, and the Shin Bet security service.


Although the bombing of Hamas’ cyber center was part of a large operation, Israel’s response offers a precedent for future cyber operations. For the first time, an adversarial cyber operation has been addressed with a combination of cyber defense andkinetic action. While a U.S. drone strike killed Junaid Hussain, an ISIL’s hacker chief in August 2015, Israel’s answer to cyberwarfare is different.

With Hussain, the U.S. targeted a single individual after much planning and preparation that was prolonged when Hussain used his son as a shield to protect himself. By contrast, Israel targeted an entire building, launched its planes, and crippled Hamas’ cyber capabilities in short measure. Israel’s response marks the first time that a country has used immediate military force to destroy a foe’s cyber capability in an active conflict.

Israel's operation raises an essential question as to the damage that cyberwarfare can inflict grows. When artificial intelligence is fully incorporated into cyberwarfare, the question will become far more pointed. How do we decide when cyberwarfare demands more than a cyber response? Where is the line that divides cyber responses from an armed one? Can a foe’s knowledge that we might use force as a response to a cyber attack be an effective deterrent?

This past weekend’s events might eventually tell us more, but don’t count on it. It isn’t clear why the IDF believed that destroying Hamas’ cyberwarfare center was needed. Did Hamas succeed in its cyber-attack more than can be admitted? If Hamas cyber-attacks failed against one or two targets, were Israeli authorities sufficiently alarmed that it might succeed in others so that force became necessary?

A cyberattack can have devastating effects in the real world, so disruptive as to cripple a nation and put its citizens in physical danger. Both Hamas and Israel understand this: so, Hamas, probably with Iranian assistance, established a headquarters to conduct cyber operations. It is probably why Israel responded decisively in both the cyber domain and in the physical world.

This event ought to show state and non-state actors that adversarial cyber operations can be answered with the full spectrum of military capabilities including not only the military's growing cyber capabilities but kinetic operations as well. The U.S., on the other hand, remains more focused on cybersecurity than cyber-deterrence of which an armed response ought to be included. Here, Israel showed the way.

The operation took place during active conflict, in which more than 600 rockets had been fired at Israel from Gaza in fewer than 24 hours, killing at least four civilians. Under the usual circumstances of cyber-volleying, conventional wisdom is to respond covertly to avoid possible escalation. A cyberattack's severity, its immediacy, the victim's ability to repair the damage and prevent future harm from the same source are all critical in containing the cyber-battlefield. With barrages of incoming rockets, this was not the time for conventional wisdom.

This past weekend's events in Gaza are as potentially significant to the U.S. as they were critical to Israel’s defense. 

There are two approaches available to a nation-state as it plans for cyberattack: cyber defense and cyber deterrence. Cyber defense—for example, the building of so-called "firewalls" is useful but permeable. A perfect solution to defend against cyber-attacks does not exist. Cyber-deterrence—the threat and use of active cyber counter-measures to include an armed response—while mentioned in the U.S. National Cyber Strategy as part of a quiver of deterrent measures, is still in development. It has yet to move from policy guidance to action.

A response that includes cyber attacks, as well as the real possibility of armed responses, has just been proven to be, under specific circumstances, an integral part of military targeting—like command centers, airfields, and fuel dumps. While moderation and strategic thinking must play a vital role in the policy of leaders and military commanders, Israel’s actions demonstrate that the game is changing: cyber-attacks can have a significant impact on the citizens of a country and typing on a keyboard will not protect anyone from becoming a military target.

No comments: