Can an entire country be subdued without moving a single tank or scrambling a fighter jet? According to Brig. Gen. (res.) Yossi Karadi, head of Israel’s National Cyber Directorate, the answer is yes, and the scenario is closer than ever.
Speaking Tuesday at the Cyber Week conference at Tel Aviv University, Karadi revealed part of Israel’s dramatic defensive activity over the past six months and painted a troubling picture of what he called “the first cyber war.”
Digital war
“We are heading toward an era in which wars will begin and end in the digital sphere,” Karadi warned. He introduced the term “digital siege,” a nightmare scenario in which power stations are shut down, traffic lights stop working, communications systems collapse and water sources are contaminated, all with the push of a remote button. “This is not some imaginary future scenario, but a very real direction of development,” he said.
The idea of a digital siege, Karadi stressed, is not just a catchy phrase. It marks the end point of a 15-year evolution. In the past, state cyber warfare was seen mainly as quiet espionage or a “surgical” tool aimed only at military facilities. In recent years, the gloves have come off. The new enemy is not only trying to steal secrets, but to disrupt the daily lives of civilians.
The widely accepted starting point of physical cyber warfare is the exposure of Stuxnet in 2010. The sophisticated worm, attributed in foreign reports to Israel and the United States, hit centrifuges at Iran’s Natanz nuclear facility. Stuxnet’s defining feature was its precision. The malware was carefully designed to strike only specific industrial controllers, while broadly avoiding civilian computers or unrelated infrastructure. It was a sniper’s weapon, quiet, targeted and without collateral damage.
The watershed moment came midway through the previous decade in Eastern Europe. Russian hackers from the Sandworm group carried out what had been considered theoretical until then. They breached Ukraine’s power grid and plunged hundreds of thousands of homes into darkness in the freezing cold of December. It was a declaration of intent. Cyber operations had shifted from weapons against military sites to tools for psychological and physical impact on civilian populations. At the same time, the global WannaCry ransomware attack in 2017, attributed to North Korea, showed how cyber weapons can spiral out of control, indiscriminately disrupting hospitals and emergency services around the world.
A major escalation
The current phase Karadi described represents another sharp escalation, as Iran has adopted a doctrine of “cyber terror.” The clearest example was an attempt in 2020 to alter chlorine levels in Israel’s water system. Had it succeeded, it could have led to mass poisoning.
Since then, Iranian attacks have focused on Israel’s civilian soft underbelly. Targets have included hospitals, such as Hillel Yaffe and Mayanei Hayeshua, disruptions of alert systems and repeated attempts to damage the power supply. These join Iran’s nonstop influence operations against Israel.
Even attacks on hospitals have taken a new form. One of Karadi’s central revelations concerned an attempted assault on Shamir Medical Center (Assaf Harofeh) during the last Yom Kippur. Karadi said that behind the Qilin ransomware group, which appeared to be a routine financial crime outfit, stood an Iranian attack team.
This model, in which states hide behind proxy cyber gangs to blur responsibility, is not unique to Israel. Intelligence assessments from the United States and Europe point to similar trends. In China, groups such as Volt Typhoon have been identified as implanting back doors into critical U.S. infrastructure, not for profit but as preparation for a future order to strike.
As in Israel’s case, the boundary between criminal activity and state-backed terror is fading. That makes it harder to identify the true attacker and gives countries such as Iran and Russia plausible deniability.
A blended playbook
During Operation “Am Kalavi,” the directorate spotted a hybrid pattern of Iranian activity. Karadi described one case in which a missile fired at the Weizmann Institute was accompanied by a hack into the institute’s security cameras. The goal was to capture the impact in real time and amplify its psychological effect.
At the same time, institute staff received emails containing intimidation messages and leaked personal information. The tactic resembles the hack-and-leak operations seen in the war in Ukraine, where Russian hackers paired attacks on internet providers with artillery strikes to block information from the field and spread panic.
Karadi said the scale of psychological warfare aimed at Israel is unprecedented. During the operation, the directorate identified 1,200 separate influence campaigns. The result, he said, was that millions of Israelis were exposed to false messages and frightening videos meant to undermine national resilience. He described the surge as a major increase compared with similar campaigns that attempted to sway elections in the United States and France in recent years.
The data presented at the conference placed Israel at the center of the storm. Citing Microsoft figures presented at the event and published by ynet, Karadi said Israel is the third most targeted country in the world, absorbing about 3.5 percent of all global cyberattacks. Given Israel’s population size, the figure is especially striking and is usually associated with superpowers. “Israel finds itself on an unrelenting global front line,” Karadi said. Alongside the threats, he added, this reality is turning Israel into a global knowledge laboratory for cyber defense.
He concluded with both a warning and an opportunity tied to the age of artificial intelligence: “Total dependence on digital systems and the AI explosion bring incredible opportunities, but they also give attackers infinite room to operate.” The message was clear. In the next war, the keyboard will be no less lethal than the missile.