Introduction
In the contemporary security environment, the lines between war and peace have become increasingly blurred. States and non-state actors are employing a range of coordinated military, political, economic, and technological instruments to achieve strategic goals, a phenomenon often described as ‘hybrid warfare’. This form of conflict avoids direct, large-scale military confrontation, instead operating in the 'grey zone' below the threshold of a traditional armed attack (Hoffman, 2007). Within this context, cyber operations have emerged as a significant tool. This essay will argue that cyber operations constitute a fundamental and integrated component of Israel’s hybrid warfare strategy. It will demonstrate how Israel utilises cyberspace for defensive, offensive, and intelligence-gathering purposes to manage a complex array of national security threats. This essay will also consider the legal ambiguities that surround such operations, highlighting how this uncertainty is characteristic of, and even exploited within, hybrid warfare approaches.
Israel's Strategic Environment and the Logic of Hybrid Warfare
Israel’s national security doctrine has long been shaped by its unique geopolitical circumstances, facing threats from both conventional state armies and non-state actors such as Hezbollah and Hamas. These adversaries often employ asymmetrical tactics, blending terrorism and guerrilla warfare with political and information campaigns. In response, Israel has developed a multi-faceted strategy that combines conventional military superiority with intelligence dominance, special operations, and technological innovation. This approach aligns closely with the concept of hybrid warfare, which involves the "synchronized use of multiple instruments of power tailored to specific vulnerabilities" (Hoffman, 2007, p. 3).
Cyber operations fit naturally into this strategic framework. They offer a means to project power, gather intelligence, and disrupt adversaries' capabilities with a degree of deniability, potentially avoiding escalation to full-scale armed conflict. The Israeli government has recognised the strategic importance of the cyber domain, investing heavily in relevant institutions. The establishment of the Israel National Cyber Directorate (INCD) consolidated various bodies into a single entity responsible for all aspects of cyber defence, reflecting a centralised and integrated approach to managing cyber threats as a matter of national security (INCD, n.d.). This institutional focus shows that cyber is not an afterthought but a central pillar of its defence posture.
Defensive Cyber Operations as a Core Priority
A primary role of cyber operations in Israel's strategy is defensive. As one of the world's most technologically advanced and connected societies, Israel’s critical national infrastructure (CNI) – including water, power, finance, and transport systems – is highly vulnerable to cyber-attack. Recognising this, Israel has developed one of the most robust cyber defence ecosystems in the world. The INCD’s role is to provide a comprehensive defence for the civilian sphere, working with private sector companies and government agencies to prevent and mitigate attacks (Ben-Israel, 2015).
However, Israel's approach often goes beyond passive defence. It embraces a doctrine of 'active defence' or 'defending forward', which can involve proactive measures to identify and neutralise threats before they materialise. This can include penetrating adversaries' networks to gather intelligence on planned attacks or taking pre-emptive action to disable their offensive cyber tools. For example, in 2020, the head of the INCD reported that a major cyber-attack on Israel’s water systems, attributed to Iran, had been thwarted. This incident highlights the reality of the threats faced and the necessity of a sophisticated defensive shield to ensure the functioning of the state (Gross, 2020). This proactive defensive posture is a key element of its hybrid strategy, designed to deter and disrupt hostile activities below the threshold of open warfare.
Offensive Cyber Operations for Coercion and Disruption
Beyond defence, Israel is widely acknowledged as a leading offensive cyber power. Offensive operations are used to achieve specific strategic objectives, such as degrading an adversary's military capabilities, coercing them to change their behaviour, or retaliating for hostile acts. These actions are a clear example of the hybrid warfare model, as they create effects that can be as damaging as conventional military strikes but are often carried out with a degree of ambiguity and deniability.
The most famous example attributed to Israel (in collaboration with the United States) is the Stuxnet worm, discovered in 2010. Stuxnet was a highly sophisticated piece of malware that targeted Iran's nuclear enrichment facilities at Natanz, causing physical damage to centrifuges by manipulating their controller systems (Farwell and Rohozinski, 2011). This operation demonstrated that a cyber-attack could have kinetic effects, achieving a military-style objective—delaying Iran’s nuclear programme—without firing a single shot and without taking clear ownership, thereby avoiding an immediate military reprisal. More recently, a cyber-attack on the Iranian port of Shahid Rajaee in May 2020, which caused significant disruption to shipping and logistics, was widely attributed to Israel as retaliation for the attempted attack on its water systems (Fassihi and Sanger, 2020). Such operations show the use of cyber power as a tool for proportionate response and coercion, a hallmark of grey-zone conflict.
Cyber Operations and the Ambiguity of International Law
The use of cyber operations in this manner thrives in the current ambiguity of international law. The legal framework governing armed conflict, primarily the UN Charter and the Geneva Conventions, was developed long before the advent of cyberspace. There is significant debate and no universal consensus on how these rules should apply to cyber operations. Key questions remain unresolved, such as when a cyber-attack constitutes a prohibited ‘use of force’ under Article 2(4) of the UN Charter, or when it qualifies as an ‘armed attack’ that would trigger the right of self-defence under Article 51 (Schmitt, 2017).
The Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, an influential academic study, provides a detailed analysis of how existing law might apply, suggesting that the scale and effects of an operation are key to its legal categorisation (Schmitt, 2017). For example, a cyber-attack causing significant physical damage or death, like Stuxnet, could arguably be considered a 'use of force'. However, most cyber operations fall into a grey area. Espionage, low-level disruption, or information operations do not typically meet this threshold. The hybrid warfare strategist can exploit this legal ambiguity. By keeping operations below the clear-cut threshold of an ‘armed attack’, a state like Israel can pursue its objectives without triggering a formal state of war, forcing its adversaries to respond in a similarly hybrid and deniable manner. This perpetuates a cycle of grey-zone conflict where cyber serves as a primary battlefield.
Conclusion
In conclusion, cyber operations are not merely an ancillary tool but a central and indispensable element of Israel's hybrid warfare strategy. They are deeply integrated into its national security posture, providing a spectrum of options from proactive defence of critical infrastructure to deniable offensive strikes designed to coerce and disrupt adversaries. The use of Stuxnet and retaliatory actions against Iranian targets exemplify how cyber power can achieve strategic effects comparable to conventional military force, while simultaneously exploiting the legal ambiguities of the cyber domain to manage escalation. While a robust defensive capability is essential for national resilience, it is the combination of defence with a credible offensive threat that makes cyber a potent instrument in the grey-zone conflicts that characterise Israel’s security environment. The ongoing difficulty in applying established principles of international law to cyberspace ensures that cyber operations will remain a key and contested feature of hybrid warfare for the foreseeable future.
References
Ben-Israel, I. (2015) 'Cyber security: the Israeli model', in: Brom, S. and Kurz, A. (eds.) The Lessons of Operation Protective Edge. Tel Aviv: Institute for National Security Studies (INSS).
Farwell, J.P. and Rohozinski, R. (2011) 'Stuxnet and the Future of Cyber War', Survival, 53(1), pp. 23-40.
Fassihi, F. and Sanger, D.E. (2020) 'Israelis Believed to Be Behind Cyberattack on Iranian Port', The New York Times, 19 May. Available at: https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyber-port.html (Accessed: 15 May 2024).
Gross, J.A. (2020) 'Cyber chief says major attack on Israel’s water systems was thwarted', The Times of Israel, 27 May. Available at: https://www.timesofisrael.com/cyber-chief-says-major-attack-on-israels-water-systems-was-thwarted/ (Accessed: 15 May 2024).
Hoffman, F.G. (2007) Conflict in the 21st Century: The Rise of Hybrid Wars. Arlington, VA: Potomac Institute for Policy Studies.
Israel National Cyber Directorate (INCD). (n.d.) About. Available at: https://www.gov.il/en/departments/israel_national_cyber_directorate/about_in_english (Accessed: 15 May 2024).
Schmitt, M.N. (ed.) (2017) Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press.
