Data Is Now the Front Line of Warfare

Commentary by Emily Harding

Published March 19, 2026

The conflict in the Gulf has now claimed several new victims: data centers. This marks a sea change in warfare and will force tech companies to reevaluate their posture around national defense. Defending them effectively means a new policy by the U.S. government-one that creates deterrence not just to protect life and health, but also data.

In the early days of this conflict in the Gulf, Iran made a strategic decision: It struck two AWS data centers in the United Arab Emirates (UAE) and one more in Bahrain. Damage was moderate, but disruption was extensive, affecting everything from banking to consumer services. Then, on March 11, a strike hit a data center linked to Bank Sepah in Tehran that contained salary data for the Islamic Revolutionary Guard Corps (IRGC) and the Iranian army. That strike disrupted salary payments to Iranian military elements, and, according to the Jerusalem Post, online banking is at least temporarily inoperable.

That same day, Iran made a much broader threat. An IRGC-affiliated news outlet published a list of 29 "tech targets" Iran plans to strike across Bahrain, Israel, Qatar, and the UAE. The list included five AWS, five Microsoft, six IBM, three Palantir, four Google, three Nvidia, and three Oracle facilities. Iran dubbed these "legitimate" targets associated with Israel, but they are U.S. companies-giants of industry that are increasingly critical to U.S. national security.

This development has been brewing at least since the Russian full-scale invasion of Ukraine. In 2022, U.S. companies came to Ukraine's aid in a way never seen before. Microsoft had engineers in constant and close coordination with Ukrainians to defend against cyberattacks. Cisco also "stood by the country's side," helping Kyiv defend and secure its critical infrastructure and offering IT and cybersecurity training. Ukrainian agencies such as the Ministry of Defense, Economy, and Education use Palantir Technologies' software. Clearview AI technology has helped Ukraine identify Russian operatives and enhance checkpoint security, and Elon Musk's SpaceX notably gave the Ukrainian military Starlink to replace internet services that were destroyed or disrupted during the conflict. Ukraine is fighting a data-driven, AI-enabled war, made possible only through partnership with tech companies.

This partnership between the military and tech will only grow. Modern military efforts are intensely and increasingly dependent on data. As AI-enabled warfare becomes mainstream, militaries will require massive computing power both behind the scenes and at the edge. They will need blisteringly fast software development, seamless integration with allies, and on-demand access to a host of data. Ukraine is doing this right. On a recent trip to Kyiv, it was clear that cutting-edge software, flexible operations, and the strategic migration of data to cloud locations inside and outside the country have given Ukraine the edge it needs to fight. Tech companies are no longer in the back room; they are on the front lines.

The established convention on international humanitarian law defines combatants in part as those who directly participate in hostilities. But we should not kid ourselves: an adversary like Iran or Russia is unlikely to care. Moscow has repeatedly violated international laws and norms from the moment it stepped across the border to Ukraine; there is little to prevent Moscow from also blatantly stepping over the line between industry and combatants. Iran has already made that choice, targeting energy infrastructure and now data. The lines are more than blurred: There are no front lines anymore.

Industry will, of course, do what it can to protect its people, physical locations, and clients' data. The beauty of the cloud, after all, is that it is flexible and the data can move relatively seamlessly. But data centers cannot move, and tech companies are still just companies. They have robust security operations, but they do not have their own armies or air defenses. They employ intelligence analysts, but they do not have an $80 billion intelligence community looking around corners for them. They need help.

So how should the U.S. government help them and protect this vital asset? First, it should establish deterrence. It is time for a clear policy that the U.S. government will view an attack on critical U.S. companies' assets as an attack on the United States. Specificity in defining which companies is not necessary-this is one place ambiguity may be useful, extending a broad umbrella of protection while not tying the U.S. government's hands. The first test of such a policy should be met with decisive force to send a clear message.

Second, the United States should open the taps on intel sharing. Many of these companies have personnel with security clearances, but they report that the information exchange is often thin, inconsistent, or worse, late. These companies are vital partners and should have priority access to information.

Third, the U.S. government should evaluate the insurance landscape for these companies. If there is a gap in payouts in case of acts of war, the U.S. government could consider serving as a backup insurer to help ensure continuity of operations.

Without these steps, tech firms may be forced to reevaluate their risk exposure and willingness to support the businessman and the warfighter alike-at a moment when the United States needs them most.

Emily Harding is director of the Intelligence, National Security, and Technology Program and vice president of the Defense and Security Department at the Center for Strategic and International Studies.

Programs & Projects

Commentary by Emily Harding - March 11, 2026

Could the United States win a cyber war? This series explores the future of cyber warfare, examining how the United States and its adversaries-Russia, China, and Iran-wage war in the cyber domain.