Cyber Incident Victim: Bahrains Electric and Water Authority
Date:
Jun 2019
Location:
Bahrain
Summary
A cyberattack targeted Bahrain's government entities and critical infrastructure providers, including the Electricity and Water Authority, resulting in system shutdowns and operational disruptions. Suspected Iranian actors were implicated, with U.S. intelligence assessments supporting this attribution amid heightened regional tensions. The incident demonstrated vulnerabilities in secure command and control systems, paralleling previous attacks on Gulf energy sectors. Authorities reported intercepting millions of cyber threats earlier that year, but the successful breaches highlighted persistent risks to civilian infrastructure. The attacks were interpreted as part of broader regional cyber hostilities involving U.S. allies and Iranian-linked threat actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2019, Bahrain's Electricity and Water Authority experienced a cyberattack that disrupted several of its systems. The incident occurred amid a broader wave of cyber intrusions targeting Bahraini government entities, including the National Security Agency, the Ministry of Interior, and the office of the first deputy prime minister. Attackers successfully shut down critical systems within the utility provider, demonstrating vulnerabilities in operational command and control infrastructure. While the full technical scope of the breach wasn't publicly detailed, the disruption highlighted risks to essential services in the Gulf state. The Bahraini Ministry of Interior later disclosed that authorities had intercepted over 6 million cyberattacks and 830,000 malicious emails during the first half of 2019, though it didn't specify how many were linked to this specific incident. No data theft or physical damage to infrastructure was reported, but the operational disruption served as a visible demonstration of systemic vulnerabilities.
U.S. intelligence officials cited by the Wall Street Journal attributed the attacks to Iranian state-sponsored hackers, though Tehran denied involvement. The intrusions coincided with heightened regional tensions following U.S. Cyber Command operations against Iranian systems after the downing of an American surveillance drone. Bahraini authorities implemented existing cybersecurity protocols but didn't detail specific remediation measures taken for the Electricity and Water Authority systems. The U.S. Department of Homeland Security had issued warnings in June 2019 about increased Iranian cyber activity targeting U.S. allies and critical infrastructure. Parallels were drawn to the 2012 Shamoon attacks against Gulf energy infrastructure, though no definitive technical links were confirmed. The incident underscored ongoing cyber threats to Gulf Cooperation Council states amid geopolitical friction, with critical infrastructure remaining a high-value target for regional threat actors.