On March 11, the 12th day of the war between the United States, Israel, and Iran, the Islamic Revolutionary Guard Corps (IRGC) released a list. Distributed via Telegram by the IRGC-affiliated Tasnim News Agency, it named Google, Microsoft, Amazon, Nvidia, IBM, Oracle, and Palantir - together with their specific regional offices, data centres, and research facilities, as legitimate targets. The IRGC-linked Khatam al-Anbiya Headquarters, Iran's unified military command, framed the announcement in language that should concern every government and technology executive on earth: "As the scope of the regional war expands to infrastructure war, the scope of Iran's legitimate targets expands."
The declaration was not rhetoric. It came 10 days after Iranian drone strikes had already hit three Amazon Web Services facilities across the Gulf - two data centres in the United Arab Emirates struck directly, a third in Bahrain damaged by a nearby explosion. AWS confirmed structural damage, disrupted power systems, and fire suppression activity that caused additional water damage. Two of three availability zones in the UAE region went offline. Emirates NBD, First Abu Dhabi Bank, Abu Dhabi Commercial Bank, the payments firm Hubpay, and the ride-sharing platform Careem all reported significant service disruptions. Iran stated explicitly that the facilities were targeted because AWS hosts United States military workloads. The Uptime Institute described it as the first confirmed kinetic strike on a hyperscale cloud provider in history.
The March 11 targeting list was precise: Google's Dubai office, its Qatar cloud centre, Nvidia's largest R&D facility in Haifa, IBM's AI research centre in Be'er Sheva, Palantir's Abu Dhabi collaboration hub and Tel Aviv office, Oracle's Jerusalem and Abu Dhabi offices, and additional Amazon facilities in Tel Aviv and Haifa. Iran justified each target on the grounds that these companies supply technology with direct military applications to the United States and Israeli armed forces, a charge that is, in several cases, a documented fact. All six companies named have Pentagon contracts. NVIDIA, IBM, Microsoft, Google, Oracle, and Palantir all have documented ties to Israeli government and military programmes. The list is not arbitrary. It is strategic.
The destruction of economic infrastructure has proceeded in parallel. Iranian drones struck near Dubai International Airport on 11 March, wounding four people. The world's busiest airport continued operating, but the insurance, diplomatic, and logistical consequences were severe. Iran has effectively closed the Strait of Hormuz, through which a fifth of global daily oil supply passes. At least fourteen vessels have been struck since the war began; seven mariners have been killed. A Thai cargo ship, the Mayuree Naree, was set ablaze in the strait, with three crew members still missing after twenty were rescued by the Omani navy. The United States destroyed 16 Iranian minelayers near the Strait, but Brent crude has already risen 20% since February 28, pushing up fuel prices and rattling financial markets worldwide.
The cyberspace dimension has been equally destructive. Israel launched what analysts described as the largest cyberattack in history against Iran on February 28, reducing internet connectivity to between 1% and 4% of normal. Tasnim itself was briefly hacked to display anti-government messages. Iran's retaliatory cyber operations targeted Gulf states, Jordan, Cyprus, and the United States, with over 600 attack claims logged within days. The GPS and automatic identification systems of more than 1,100 vessels were disrupted by coordinated electronic warfare. A cyberattack targeted Israeli railways, broadcasting evacuation warnings inside stations. The boundaries between kinetic, electronic, and cyber warfare have ceased to exist as meaningful distinctions.
This transformation has exposed the fundamental inadequacy of existing international law. The Geneva Conventions, last substantially updated in 1977, were designed for a world of standing armies and physical battlefields. They offer no meaningful guidance on dual-use digital infrastructure, AI in lethal decision-making, or accountability for autonomous and semi-autonomous strikes. The ICRC has repeatedly and urgently called for new legal instruments. A UN Group of Governmental Experts on Lethal Autonomous Weapons has deliberated since 2014. There remains no binding treaty, no enforcement mechanism, no shared red lines. The legal architecture of war has not kept pace with its technological architecture by a margin of decades.
The legal vacuum has direct consequences extending far beyond the battlefield. Standard insurance policies do not cover losses incurred through military action, meaning the AWS strikes - and any prospective strikes on Google, Nvidia, Microsoft, Oracle, IBM, and Palantir facilities - will be borne entirely by the companies themselves. The Gulf states have attracted hundreds of billions in Western technology investment premised on stability. OpenAI's ten-square-mile Stargate AI campus in the UAE, backed by Oracle, Nvidia, and Cisco, now sits in a region where Iran has demonstrated both the will and capability to strike commercial technology infrastructure at will. Microsoft's reported fifteen-billion-dollar UAE investment faces an equally uncertain horizon. Infrastructure warfare is not a regional problem. Its consequences are global.
There is a further, underappreciated dimension that international debate has barely begun to address: the epistemic failure built into AI-assisted targeting. Systems trained on historical conflict data encode biases about who constitutes a combatant. Deployed at machine speed in densely populated environments, misidentification is not an edge case, it is a structural feature. The United States military is already investigating how a Tomahawk missile struck an Iranian girls school in error. The principle of distinction, that combatants must be differentiated from civilians, was designed for a human-paced battlefield. Algorithmic war does not pause for deliberation.
What 12 days of this war have made undeniable is that the global technology ecosystem - cloud infrastructure, AI systems, semiconductor research, maritime communications, financial networks - is now a primary theatre of armed conflict, simultaneously as weapon and as target. The UN Security Council voted 13-0 on 11 March to demand Iran halt its attacks on Gulf neighbours. That resolution addresses kinetic strikes. It says nothing about the infrastructure war Iran has explicitly declared, nor about the legal framework governing AI-assisted targeting or attacks on dual-use digital infrastructure.
That governance void must be filled urgently. Any credible framework must mandate meaningful human oversight before AI-assisted lethal decisions are executed; confer explicit protected status on civilian digital infrastructure analogous to hospitals and water systems; impose legally binding constraints on autonomous weapons systems; and establish multilateral accountability mechanisms when civilian harm results. They are the minimum requirements of a functional international order in a world where a company's data centre is, in one state's declared doctrine, as legitimate a military target as a command post. The time for serious dialogue is not after the next strike - it is now.
(Subimal Bhattacharjee is a policy adviser on digital technology issues for corporations and government and former country head of General Dynamics.)
Disclaimer: These are the personal opinions of the author
