As mysterious explosions rock Iran's nuclear facilities, is cyber-warfare Israel's newest weapon of choice?

There has been no confirmation that explosions in Iranian facilities are the result of cyber-attacks, but it has got experts talking.
5 min read
15 July, 2020
Iran has experienced a series of what some believe to be cyber-attacks [Getty]

Iran recently vowed to retaliate against any country that carries out cyber-attacks on its nuclear sites, after the country suffered from several explosions at its nuclear facilities in an assault that some experts have suggested originated from Israel's digital sphere.

In the past few years, sophisticated cyber tactics have been used as a first line of attack between foreign governments in a new frontier of war.

In January 2010, Iran was hit with Stuxnet, a computer virus widely believed to have been deployed by Israel and used to target the country's extensive nuclear weapons program.

Inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant at the time noticed the centrifuges used to enrich uranium gas were failing; five months later a computer security firm discovered a malicious virus on a handful of Iranian computers.

The virus was Stuxnet, the world's first cyber weapon. Now, a decade later, a series of explosions at nuclear sites in Iran have some experts fearing a second Stuxnet – or worse.

The Natanz nuclear site was one of a set of three sites where explosions occurred in three consecutive weeks; the other two occurred at key military and nuclear bases in Khojir, home to the country's largest missile production facility, and another in Tehran, near military and training facilities.

In the past few years sophisticated cyber tactics have been used as a first line of attack between foreign governments in a new frontier of war

"There are two underground facilities, a site associated with chemical weapons research and an unidentified military production site," said Fabian Hinz, an Iran military expert and research associate at the James Martin Center for Nonproliferation Studies speaking with The New York Times.

Iran's top security body said on Friday the cause of the "incident" at the nuclear site had been determined, but "due to security considerations" it would be announced at a convenient time.

Read more: China and Iran's strategic partnership: A
zero sum game?

Iran's Atomic Energy Organisation initially reported an "incident" had occurred early on Thursday at Natanz, located in the desert in the central province of Isfahan.

It later published a photo of a one-storey brick building with its roof and walls partly burned. A door hanging off its hinges suggested there had been an explosion inside the building.

"Responding to cyber-attacks is part of the country's defence might. If it is proven that our country has been targeted by a cyber-attack, we will respond," civil defence chief Gholamreza Jalali told state TV late on Thursday.

What caused the explosions remains unclear; Iranian officials speculate the explosions were caused by cyber-attacks launched by the United States or Israel.

Israel has not come forward to claim responsibility for the attack, and Iran remains hesitant to place outright blame on its regional foe or to confirm the attack was of a cyber nature.

Cyber-attacks are already, and will continue to be, a key response option for states involved in dispute or conflict situations

Tools of war?

Cyber weapons are becoming sophisticated tools of war and have been used to target electricity grids and infrastructure in the past.

"There have been a number of confirmed cyber-attacks targeting electricity providers or utilities, including attacks specifically targeting the Operational Technology (OT) underpinning the power generation or transmission systems," Alister Shepherd, Managing Director of FireEye's Mandiant, a cybersecurity company in the US, told The New Arab.

Click to enlarge

"Whilst cyber-attacks targeting IT can be digitally destructive, and thus disruptive to operations, cyber-attacks targeting OT can be physically destructive and with a real world impact.

"Examples of such attacks include the Industroyer malware which caused a significant power outage in Ukraine in 2016 and the TRITON malware which caused a halt to operations at a critical national infrastructure organisation in the Middle East in 2017." Such attacks however, remain rare.

When asked about the explosions at Iranian nuclear and military facilities, Shepherd underlined that there have been "no confirmations that these attacks were cyber in origin".

However Iran may be developing such cyber capabilities. 

"Based on leaked data, much of which can be independently confirmed, Iran initiated a well-funded, industrial control systems (ICS)-focused research project, known as Project 910, with a possible objective of developing malware similar in nature to Stuxnet in July 2014, showing clear aspirations in this area," he said.

Open source reporting has linked both US and Israel to the Stuxnet malware, and both countries are assessed to have highly sophisticated offensive cyber capabilities

One of many options

"There is no evidence of the current attacks being cyber in origin or linked to either Israel or US," Shepherd said.

"Open source reporting has linked both US and Israel to the Stuxnet malware, and both countries are assessed to have highly sophisticated offensive cyber capabilities."

Whilst cyber-attacks are becoming utilised in a variety of military contexts as countries become increasingly digitally literate, it remains merely one of many weapons in a state's arsenal.

Read more: The geopolitics of Iran's fuel shipments to
Venezuela

"Cyber is just a domain of operations," Shepherd said. "As countries implement policies driven by geo-political relations, they have a whole range of options from diplomatic to military.

"Both Israel and Iran have demonstrated a willingness to undertake military operations, or to sponsor proxy groups in terrorist attacks, in response to regional geo-political developments, and there would be no surprise to see either utilising destructive cyber-attacks as part of their suite of options.

"The main difference in cyber operations is the risk judgement – a remote cyber-attack causing a destructive impact provides a potentially lower risk to an attacker than a military strike, which may expose personnel or equipment to danger.

"Cyber-attacks may also be seen as more deniable, although that is becoming less so as public attribution becomes more common and in certain instances a government may want their response to be visible to their own population or the enemy country.

"Cyber-attacks with a physical impact are also extremely difficult and expensive to develop and may become ineffective or unusable once deployed, creating a serious threshold for the attacker in choosing when/how to deploy them. 

"So, cyber-attacks are already, and will continue to be, a key response option for states involved in dispute or conflict situations. However, they do not fundamentally change geo-political drivers, and merely provide an additional set of options with associated risk and impact judgements within the normal framework of international relations."

Narjas Zatat is a staff journalist at The New Arab.

Follow her on Twitter: @Narjas_Zatat