The conflict between Israel, the U.S. and Iran is yet another example of the crumbling wall between cyber and kinetic warfare. Organizations must pay attention and rethink cybersecurity as something inseparable from physical and geopolitical risk.
On the ground, Iranian missile and drone strikes have targeted sites across the Gulf, including the United Arab Emirates, killing civilians and damaging infrastructure. In at least one case, a major Amazon Web Services data center in the UAE experienced a fire and subsequent outage after objects struck the facility amid Iranian attacks.
Meanwhile, the Department of Homeland Security has issued official warnings that the conflict could spur retaliatory cyber activity — from hacktivist attacks to disruptive operations against U.S. networks.
This concurrent physical and cyber escalation isn’t surprising to seasoned cyber defenders; it is exactly the trajectory predicted by decades of hybrid warfare theory — but it is a wake-up call for organizations that have been slower to heed the warnings.
Kinetic Action, Digital Impact
The AWS damage highlights how cloud data centers are now part of the critical infrastructure landscape, just like power grids, airports, and ports. Damage to these facilities — whether driven by kinetic strikes or cascading outages from a conflict zone — can disrupt enterprise operations, financial systems, and national communications long before hackers write a single line of code.
For organizations that only plan for cyberattacks that originate from the network, this is a dangerous blind spot.
Bill Brenner
Cyber Strikes Are Accompanying the War
At the same time, Iranian networks and news sites have been hit with cyberattacks amid the strikes by U.S. and Israeli forces, reflecting a digital front running in parallel with kinetic operations.
DHS warnings indicate that retaliatory cyber operations are likely to spread beyond Iran’s borders and could affect poorly secured systems around the world.
What This Means for Risk Strategy
This convergence has deep implications for how organizations — government or commercial — understand and approach risk:
1. Physical conflict is cyber risk.
Security strategies must treat physical security, location-based risk, and geopolitical conflict as part of the attack surface. When looking at the damage throughout the Middle East caused by Iranian drones, and the damage drones have caused in Russia's war with Ukraine, it's clear that organizations must start planning for how it would respond if they suffered such an attack.
2. Cyber risk extends beyond the SOC.
Defenders can no longer assume that cyber threats originate from code, malware, or remote intrusions alone. Cyber adversaries are now paired with kinetic actors, proxy groups, and hybrid campaigns — meaning cyber risk must be assessed alongside troop movements, diplomatic escalation, and conflict zones.
3. Retaliatory cyber threats are real and imminent.
Government bulletins warn that hacktivists and nation-linked actors could strike in response to the Iran conflict. This means organizations must harden digital assets not just to defend against opportunistic criminals, but because geopolitical instability can ripple into enterprise systems without warning.
4. Resilience planning must be multi-domain.
Incident response playbooks must integrate physical crisis management, disaster recovery for hybrid events, and cross-team coordination between cybersecurity, facilities, and leadership.
Conclusion: The Omnidigital Battlefield
Security leaders must stop thinking in silos. Cyber defense cannot be divorced from the dynamics of global conflict — and global conflict cannot be fully understood without recognizing the cyber dimension inherent in it.
Failure to adapt will leave organizations vulnerable not only to the next massive data breach — but to the very real possibility that the next round of missiles, drones, or artillery strikes becomes the trigger for a digital storm.
