By Gary Corn

In April of this year Iran’s ability to enrich uranium and move closer to producing nuclear weapons suffered a significant setback when its Natanz uranium enrichment site experienced a power failure caused, apparently, by an explosion.  Without offering much detail, Iran accused Israel of authoring the power outage in an act of “nuclear terrorism.” At the same time, reports surfaced alleging the explosion was the result of an Israeli cyber operation. Although facts substantiating this claim are sparse, in an unusual step, Israel imposed no censorship restrictions on coverage of the incident.  Further, in the face of reports by Israel’s public radio that the Mossad had been involved, the Israeli defense chief, Aviv Kochavi, said the country’s “operations in the Middle East are not hidden from the eyes of the enemy.” Some have taken this as a less-than-veiled admission.

If true, it would not be the first time that Israel has acted preemptively to impede its adversaries’ efforts to develop nuclear weapons.  Some of these operations have been open, acknowledged, and quite kinetic, such as the 1981 airstrike on Iraq’s Osiraq nuclear reactor. And if one accepts common lore, Israel has also reached into its impressive cyber toolkit on more than one occasion to covertly thwart its enemies’ nuclear ambitions. The notorious 2010 Stuxnet operation against the Natanz facility, as well as an alleged cyber operation in 2020 that led to a fire in the main hall at Natanz, being popularly (but not officially) attributed at least in part to Israel. 

Although frequently conducted in the shadows, States have long employed sabotage—intentional actions aimed at weakening another state by impeding through interference, obstruction, damaging or destroying, the development of its military or other potentially threatening capabilities—as a tool of statecraft.  These actions, often taken in a preventive framework, have ranged from overt, highly destructive operations like the Osiraq airstrike, to far more subtle, covert operations.  When conducted in advance of a perceived threat actually manifesting, sabotage raises challenging issues of international law.  If the recent Natanz explosion was indeed the product of an Israeli cyber operation, how would it square with Israel’s international legal obligations? 

Despite a long and steady drumbeat of accusations to the contrary, Israel’s overall track record is, albeit imperfect, one of respect and support for the international legal order.  It’s approach to assessing its international legal obligations is no doubt pragmatic, and at times discordant with the general views of the international community and international law experts.  But this is a reflection of the unique and challenging security posture Israel has found itself in since its founding as a State, not a manifestation of general disregard of international law as is often alleged.  It’s no surprise, therefore, that Israel is one of the few States to publicly affirm international law’s applicability to cyberspace and to expound on its views of how that law regulates its cyber operations.

In particular, at the end of last year Israeli Deputy Attorney General (International Law), Dr. Roy Schöndorf, gave an important speech at the US Naval War College detailing Israel’s views on the application of international law to cyber operations.  Not surprisingly, it reflected a thoughtful and practical approach to applying extant law to new technologies and circumstances. Relevant to any discussion about the legality of preventive or preemptive cyber sabotage, Dr. Schöndorf  made clear Israel’s view that cyber operations can amount to uses of force subject to the UN Charter’s general prohibition against the threat or use of force in international relations.  As with more traditional uses of force, Israel recognizes that any cyber use of force must be conducted pursuant to a Security Council authorization, the consent of the targeted State, or in the legitimate exercise of self-defense pursuant to Article 51 of the UN Charter. Otherwise, cyber uses of force are internationally wrongful acts, whether conducted as sabotage or otherwise.

So what of the alleged cyber operations against Natanz?  Again, assuming the reports to be true, each of the alleged operations manifested in some degree of physical harm—from the extensive damage to centrifuges in the case of Stuxnet, to the more limited explosion reported in the most recent event.  This begs the question of whether these operations amounted to a use of force, and if so, whether they were justified pursuant to the international legal right of self-defense.

Whether a particular action amounts to a use of force is a highly contextual question, and not every operation resulting in physical damage will qualify.  For example, although commentators frequently point to Stuxnet as a rare example of a cyber use of force, to date no State has made that claim.  But Israel appears to be unusually forthcoming on how it assesses what qualifies as a use of force. According to Dr. Schöndorf, cyber operations “expected to cause physical damage, injury or death, which would establish the use of force if caused by kinetic means,” fall into this category. Furthermore, Israel does not exclude the possibility that “operations not causing physical damage could also amount to a use of force.”  Therefore, if Israel in fact authored some or all of these reported acts of cyber sabotage, it is possible it did not consider them as amounting to uses of force.  But based on Dr. Schöndorf’s speech, self-defense is the more likely Israeli legal justification for engaging in such operations.  This presents its own difficulties, however. 

Absent from Dr. Schöndorf’s remarks was a discussion of Israel’s views on the law of anticipatory self-defense, a doctrine that Israel, like the United States, has long embraced.  Since at least the early 1980s, Israel has not shied away from testing, and perhaps resetting, the international legal boundaries of engaging in sabotage as a tool of national security under the umbrella of the inherent right of self-defense.  Immediately after the airstrike on the Osiraq reactor, then Prime Minister Menachem Begin acknowledged the attack, justifying it morally and legally as an operation intended to prevent Iraq from developing weapons of mass destruction that would present an existential threat to Israel.  Setting out what became known as the Begin Doctrine, he noted that the airstrike was an act of “anticipatory self-defense at its best” that should be understood as setting down precedent for how Israel would approach such threats going forward.

International condemnation of the Osiraq attack was swift, nearly universal, and grounded in the assertion that Israel had violated international law.  Israel’s invocation of self-defense to justify the attack was roundly rejected as a misapplication of the doctrine and the generally recognized strict imminence standard derived from the famous Caroline affair, which requires that threats must be “instant, overwhelming, and leaving no moment of deliberation” to justify such anticipatory uses of force.

Notwithstanding this international condemnation, Israel again took forcible preventive action against a potential nuclear threat in 2007 when it conducted a similar raid on the al-Kibar nuclear reactor in Syria.  In contrast to the Osiraq attack, this time international reaction was far more muted.  Syria itself offered no condemnation, downplayed the strikes and sought to cover up any traces of the nuclear facility.  Neither the UN generally, nor the Security Council specifically, took up the matter or offered any rebuke.

Although these two operations were quite similar in execution and result, myriad reasons might account for the markedly different reactions to the two events.  Some have pointed to, inter alia, the al-Kibar reactor posing a greater threat, different regional and international political considerations, and the failure of either party involved to openly acknowledge the open secret of the strike. 

Others argue that the different reactions reflect an evolution in the view of states with respect to the standard of imminence required for a state to use force in anticipation of a threat manifesting, at least in the case of nuclear weapons and perhaps other weapons of mass destruction.  Owing to the destructive nature of these weapons, and the compressed decision timelines to counter them, States may be more tolerant of uses of force intended to pre-empt threats that cannot be said to meet the strict Caroline standard.

Israel does not stand alone in seeking to evolve the notion of imminence to better reflect the realities of modern weapons technology and national security threats. For example, the so-called Bush Doctrine, first articulated in the 2002 National Security Strategy of the United States, sought to move the needle in light of modern weapons technology, signaling a broadened aperture for assessing what qualifies as imminent within the meaning of international self-defense law, “even if uncertainty remains as to the time and place of the enemy’s attack.” And although this shift met with criticism, especially after it was viewed at least in part as a misapplied justification for the U.S. invasion of Iraq in 2003, it retains currency to this day in the U.S. Standing Rules of Engagement’s pronouncement that “[i]mminent does not necessarily mean immediate or instantaneous.”  However, whether this broader view of imminence has gained currency as a matter of customary international law is far from clear.

In his speech, Dr. Schöndorf signaled an understandably cautious approach to applying existing international law to the new and distinctive domain of cyberspace.  Given its unique and precarious security situation, this should not be surprising.  Israel can ill afford to stand idly by while Iran or other regional threats seek to develop nuclear weapons.  There is little indication that Israel will shelve the Begin Doctrine any time soon, and it appears that it is deftly leveraging cyber capabilities as another, and potentially more precise and artful arrow in its sabotage quiver. But Israel is far from alone in facing emerging threats of great magnitude that produce substantial stress on the logic of strict imminence reflected in the Caroline doctrine. Other states may share an interest in a more forthcoming discourse on how the justification of individual and collective self-defense can keep pace with a rapidly evolving threat environment.   

Gary Corn is the Director of the Technology, Law & Security Program and Adjunct Professor of Cyber and National Security Law at American University, Washington College of Law; a Senior Fellow in Cybersecurity and Emerging Threats at the R Street Institute. Read full bio here.