The current Iran–U.S.–Israel crisis has forced many of us with a military Special Operations background to reflect on the true cost of conflict, not only the physical destruction, but the invisible battles determining outcomes long before the first missile is launched.
We see fighter jets striking targets, but we also see drones guided by RF signals conducting surveillance, followed by autonomous or semi-autonomous attacks on infrastructure and diplomatic facilities. Targeting is supported by big data, open-source intelligence, confidential data feeds, and even compromised CCTVs systems. Information warfare campaigns create distrust inside societies.
The Data Battlefield
Before the Russian invasion of Ukraine in 2022, cyberattacks hit government networks weeks in advance, disabling websites and probing critical systems. When the fighting started, attacks quickly expanded to telecom providers, financial networks, and power infrastructure. Ukrainian energy facilities were hit by both malware and missiles, sometimes within hours of each other. Similar spikes in cyber activity were seen at the start of the Gaza war and during tension in the Gulf. Cyber operations often begin before the first bomb falls, and they continue long after the headlines move on.
Unsecured civilian technology can also become part of the battlefield. In multiple conflicts, investigators found that internet-connected CCTV cameras and building security systems were accessed remotely and used to monitor troop movement, identify targets, and observe sensitive locations.
Many of these breaches were not sophisticated, rather the result of default passwords or weak credentials. Studies show that simply replacing default passwords and enabling proper authentication reduces the risk of unauthorized access by roughly 70–80%.
Recent events in the Middle East show how quickly technology is evolving on the battlefield. In March 2026, an Iranian-backed militant group used a fiber-optic-guided FPV (First Person View) drone to strike the Victory Base Complex in Baghdad, marking one of the first known uses of this type of system against U.S. forces in the region. Unlike traditional drones controlled by radio signals, fiber-optic drones cannot be stopped by standard electronic jamming.
This is exactly how modern warfare evolves. New technology appears on one battlefield, then spreads to another. The same pattern applies in cyberspace. Once a vulnerability is discovered, it is reused everywhere.
Therefore, we’re forced to consider how best to preserve data sovereignty and security when the information infrastructure could become a target.
Second and Third Layers of Security
One of the biggest mistakes is assuming that storing data with a major cloud provider is enough. In reality, this infrastructure can soon be disrupted by cyberattacks, sanctions, power outages, or political pressure.
Best practice requires at least a second and third layer of protection beyond the primary provider. This means encrypted backups with independent providers, offline storage for critical archives, and geographic separation of copies.
In Ukraine, several European financial and technology firms duplicated their production data outside the region while keeping live operations local. When cyberattacks and power disruptions hit, they were able to recover quickly because their data was not tied to one location. Similarly, some multinational energy companies operating in the Middle East now keep sensitive operational data in secondary storage in Europe or Asia.
Cloud vs. Data Centers
The debate between cloud and private data centers isn’t about cost or efficiency. It is about sovereignty.
Cloud platforms offer redundancy and global reach, but they also concentrate critical information inside infrastructure controlled by a small number of companies and jurisdictions. In a crisis, access can be limited. Private data centers offer control, but they are vulnerable if everything sits in one country or one facility.
Governments have already started adjusting. Some European regulators require banks to prove they can operate even if a cloud provider fails. In the Gulf, financial authorities allow cloud use but often require sensitive data to remain inside national borders or inside approved local data centers. In the United States, defense contractors and intelligence systems commonly use hybrid architectures, keeping critical data on controlled networks while using commercial cloud services only for non-sensitive workloads.
Recent cyber activity linked to regional tensions has shown that attackers go after centralized systems first. Distributed architecture makes that strategy much harder to succeed.
Surviving Mass Cyber Attacks
Modern wars often begin with network probing, denial-of-service attacks, misinformation campaigns, and attempts to map critical infrastructure. To survive this environment, systems must be designed to continue operating even after being hit. That means segmentation, strict identity control, zero-trust access, and the ability to isolate compromised systems without shutting everything down.
During recent conflicts, telecom networks, government portals, and public utilities have been forced to switch to backup environments after waves of cyberattacks. Power grids have been targeted multiple times, sometimes with cyber tools used to gather intelligence before the onset of physical strikes.
Protecting data availability is no longer enough. Protecting data integrity and authenticity is equally critical, especially when misinformation is used to create panic inside a population.
Act Before the Crisis
Data security requires coordination between governments, cloud providers, telecom operators, cybersecurity firms, and private companies. Organizations that already have agreements with multiple providers and regulators can move workloads, reroute traffic, and maintain operations within hours. Those without pre-emptive frameworks may lose access to their own systems when they need them most. And, these relationships must be built before the crisis, not during it.
Rethinking Data Sovereignty
Current conflicts force us to ask if it’s time to return to owning part of our own infrastructure as relying entirely on one cloud provider, one country, or one network is a clear risk. The future model will likely include a combination of national data centers, allied-country hosting, and secure cloud distribution across several regions.
Some governments are already investing in national data centers while still allowing commercial cloud use under strict rules. Large corporations are doing the same, keeping core data in controlled facilities while maintaining encrypted copies in different parts of the world.
This approach costs more, but war always teaches us that while resilience is expensive, failure costs far more.
Upcoming wars will not only be fought with aircraft and drones. They will be fought with signals, algorithms, and data. The ones who protect their information protect their future. Whereas, those who don’t may lose before realizing conflict has even begun.
By: Ayman Gomaa – Global Leadership Strategist & Educator. Founder and CEO of Acacia Innovations Technology.