Is Iran hacking Bahrain to send message to others?

According to a Wednesday (August 7) report in the Wall Street Journal, suspected Iranian cyber offensives have raised fears in the region “that Tehran is stepping up its cyberattacks amid growing tensions.”

As ever in the cyber domain, there is always some level of activity, but the WSJ reports that regional analysts believe such activity has now risen “above the normal level of Iranian cyber activity.” Recent attacks have targeted Bahrain’s National Security Agency, the Ministry of Interior and the first deputy prime minister’s office.

Of more concern, though, have been attacks against actual critical infrastructure services. Late last month, hackers shut down several systems within the Electricity and Water Authority—this is thought to have been a mix of message and rehearsal. A demonstration of the vulnerability of heavily secure command and control systems that would have a quick and significant impact on the country. And that message is not for Bahran alone. Other Gulf states will be taking note.

As usual, direct attribution is hard to pin down and there is no certainty that the attacks were executed by or on behalf of Teheran. There is also the challenge with cyberattacks that there is no physical evidence to examine, just reports to analyse. According to the WSJ, U.S. intelligence has suggested Teheran is the likely culprit, with a Bahrain Ministry of Interior spokesperson assuring that “robust safeguards are in place,” adding that “in the first half of 2019, the authorities had successfully intercepted over 6 million attacks and over 830,000 malicious emails.”

While these attacks have reportedly been against targets in Bahrain, the message will have been received by other states in the region as well as by the U.S. and its allies more broadly. The cyber situation in the Gulf mixes military offensive and defensive capabilities with state-sponsored attacks on civilian targets. And critical infrastructure is the most prized hunting ground for offensive cyber activity after military and intelligence agencies themselves.