To date, nation-states have been extremely hesitant about responding to cyber attacks with physical military force. That’s what makes Israel’s early May attack on Hamas so unusual. While it’s not uncommon for the Israel Defense Force (IDF) to respond to rocket attacks from Gaza with targeted strikes, this is the first time they have done so in response to hacking. The move has left many wondering how common an armed cyber response will be going forward.
The IDF released video showing an air strike on a Hamas-occupied building that the cyber attacks were being launched from. The IDF did not release any details of the nature of the cyber attacks, other than describing them as a threat to “the quality of life of Israeli citizens.”
Not only is this the first time that Israel has responded to a cyber threat in this way, it is believed to be the first time any military has responded to a digital threat with immediate force.
A lethal cyber response
The armed cyber response occurred in the midst of a spate of violence that saw Hamas launch over 600 rockets into Israel and the IDF retaliate with strikes against military targets. Though military exchanges of this nature are not uncommon in the region, activity has been abnormally high this year.
Though the objective of the Hamas hacks remains unknown, the terrorist organization has been caught attempting to hack IDF drones and cameras as part of an ongoing cyber offensive against Israeli forces in recent years. The hackers use the video feeds to precisely locate groups of military personnel and civilians in real-time to launch rocket attacks.
While cyber attacks from terrorist groups and other nation-states have become commonplace in all of the nations around the world, it is extremely rare for a nation to use military force as a cyber response. The United States military has targeted members of ISIS in years past in retaliation for hacking, but never as the attack was in progress.
Why countries avoid a military response
The conception of cyber aggression on a scale that calls for military retaliation is still a very new one, and international law has not yet properly addressed cyber response to it. It is usually tricky to identify a digital attacker with 100% certainty, especially as an attack is occurring. Identification usually happens over a period of days, weeks or even month following the attack as forensics experts trace the trail.
The theory that Hamas was attempting to hack Israeli drones thus is a very reasonable one here; the IDF likely identified them based on similar attack patterns that have been going on for over five years now. Most countries would not be so quick to pull the trigger even with a positive identification of the target, however. Current international law makes the line between “criminal action” and “act of war” very unclear when it comes to a cyber response.
While international law is too complex to get into in detail (particularly when one party’s legitimacy in governing a territory is widely questioned and they are equally widely labeled as a terrorist organization), there is some provision for reprisals to cyber attacks that are equivalent in result to an armed attack. If Hamas was attempting to use IDF drones and cameras to target Israeli civilians and troops, or perhaps even attempting to take control of armed drones, that could be seen as a valid justification for an armed cyber response. The IDF placed the time of the cyber attack as taking place during a bombardment of hundreds of rockets from Gaza, which adds further credence to the theory.
Of course, since we do not know exactly what Hamas was attempting to do prior to being bombed, there is ample room for debate about the appropriateness of Israel’s real world response. It has also led pundits to wonder if this is a literal opening salvo in a shift in norms in cyber response policy.
Israel’s actions will likely draw no real international backlash, as the building they struck was known to be the cyber HQ for Hamas and was designated as a military target. As the strike occurred during an active conflict in which Hamas was raining rockets down on their territory, Israel was within their legal right to retaliate against military targets in the Gaza area.
Is armed response to cyber attacks inevitable?
Russia’s cyber attack on Estonia in 2007 was something of a watershed moment for this element of modern warfare. Russia’s widespread crippling of the country’s vital internet-based services, including banks and news outlets, led to NATO intervention and establishment of the first “Centre for Excellence” to provide cyber capabilities and assist in cyber defense.
Since that development, a number of nation states have formally reserved the right to retaliate against a cyber attack with military force. Until this recent incident, none had actually done so in spite of widespread hacking to include stealing the sensitive personal information of millions of citizens and meddling with vital utilities. Russia has meddled in United States elections (as well as those of a number of other countries) and gained illicit access to the power grid. China has been conducting large-scale online espionage against other countries since the early 2000s. And the United States, in turn, has been caught spying on both rivals and allies as well as infecting enemy infrastructure with malware.
The chances of a hack attempt leading to an armed cyber response is all about proportionality, escalation and justification. For a nation to even begin to justify such a response, the cyber attack must be capable of causing serious damage and destruction. It also must be clearly attributable to the culprit in some way. The responding nation must then worry about their response being seen as an act of escalation. All of this makes it likely that armed responses will be limited to similar situations, in which the respondent to the cyber attack has a dominant military.