Life came to a momentary halt last night in the Israeli cities of Jerusalem and Eilat when air raid sirens went off despite no projectile being moving. The Israeli military said it suspects the false alarm was triggered by a community-level cybersecurity attack, not military systems.
Untriggered by any known source, air raid sirens wailed in the Israeli cities of Jerusalem and Eilat, prompting uproar and blame. Now, an Israeli industrial cybersecurity startup has said Iran is suspected of triggering Israel’s air raid sirens, a reminder of their growing cyberwarfare capabilities.
In a statement, Ilan Barda, CEO of Radiflow, said: “Whether this Iranian false flag siren attack was triggered or accidentally remains to be seen, but the lack of communal cybersecurity is clear.”
Just two years ago, Iran successfully breached six Israeli water management facilities, threatening the health and safety of civilians in the process. However, these threats are not limited to disputes between Israel and Iran. In the US and Europe, community violations have put people at increasing risk in recent years. In July 2021, a Florida water treatment facility was attacked when hackers tried to poison the water by increasing sodium hydroxide levels 11-fold. This means that consumers are at risk of severe respiratory reactions as a result of this poisoning.
Unfortunately, this story has played out continuously in recent years as OT environments such as water, power, and other critical community utilities have been brought online. Looking to the future, traffic lights, public transportation and other municipal systems will be brought online and automated.
Part of the challenge is that municipalities aren’t equipped to manage the game of cat and mouse that cybersecurity professionals are used to. Once a cybersecurity system is in place, regardless of its capabilities, it becomes obsolete as hackers learn to discover it and manipulate vulnerabilities. Without regular updates and management, even the best systems are at risk.
Alarming consequences with few answers
In the case of this morning’s sirens in two major Israeli cities, many answers remain unanswered. The first question is: why commit such a bold incident on an ordinary morning?
If this were to disrupt civilian life, it would make more sense to conduct this incident during a religious holiday or a time of large gatherings to destroy any sense of security. It’s possible the sirens were triggered while hackers were still searching for weaknesses in the community’s security system, or it was a false flag used as a distraction when another undisclosed cyberattack was carried out.
An example of this was the 2017 Iranian cyberattack on Aramco in Saudi Arabia, which discovered a security flaw only to later compromise thousands of computer systems, causing a devastating meltdown or explosion. Pursuing a community would bring down a city or region, disrupt supply chains, food shipments and more, and lay siege to a city.
For communities in any region to protect themselves, they must work with experienced managed cybersecurity service providers who understand the complex nature of how today’s OT facilities and utilities operate online. Without a deep understanding of industrial controls and their vulnerabilities, it is nearly impossible to adequately secure them in the short or long term. For municipalities to be as secure as today’s leading technology companies, they must develop a partnership with their managed cybersecurity service provider over time.
This means that proper installation and maintenance, as well as continuous monitoring through a digital environment, are top priorities. This goes beyond identifying an attack along with its gateway or entry point and allows the team to practice mitigating attacks without affecting the physical environment. Only then can governments ensure that the critical systems that their people rely on are truly secure.
Based in Tel Aviv, Israel, Radiflow, founded by Ilan Barda in 2009, is an OT cybersecurity company that has unique tools to protect and manage OT digital assets over the long term.