For decades, the existence of US offensive cyber operations was an open secret that Washington preferred not to discuss in public. That changed on Monday, when the Chairman of the Joint Chiefs of Staff, General Dan Caine, stood at a Pentagon podium and placed cyber warfare squarely alongside land, air and sea operations as a defining feature of the US military's assault on Iran.
The operation, which Caine described as "highly classified" so that "the enemy would see one thing: speed, surprise, and violence of action," opened with US Cyber Command and US Space Command as the "first movers," layering what the general called non-kinetic effects to disrupt, degrade and blind Iran's ability to see, communicate and respond. As reported by The Register, it is one of the most explicit public acknowledgments of offensive cyber capability in the Pentagon's history.
"Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate or respond effectively," Caine said at the briefing. The statement, adding another chapter to the Pentagon's growing public acknowledgment of Cyber Command's involvement in high-profile military operations during the second Trump administration, marks a deliberate shift in how the US government speaks about its digital arsenal.
One former Pentagon cyber official noted that following operations in Venezuela, there is a greater appreciation for the role of cyber, with current officials seemingly more willing to discuss its use in planning and integration with kinetic operations. That transparency, however partial, carries its own strategic risks. What officials reveal about capabilities can shape adversary responses just as much as what they conceal.
The cyber dimension of this conflict is not confined to Iran's degraded military networks. Multiple Amazon Web Services availability zones in the Middle East are experiencing outages or degraded connectivity after objects struck a UAE facility, as Iranian retaliatory missile and drone attacks hit targets across the Gulf. A strike on the UAE facility marks the first time a major US tech company's data centre has been disrupted by military action.
"In the UAE, two of our facilities were directly struck, while in Bahrain, a drone strike in close proximity to one of our facilities caused physical impacts to our infrastructure," AWS said. "These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage." Delivery and taxi platform Careem, payments companies Alaan and Hubpay and enterprise software provider Snowflake were all hit with service disruptions. Financial institutions using AWS services have also been affected, according to one person with direct knowledge of the situation who spoke to Reuters.
The Center for Strategic and International Studies had essentially predicted this scenario: "In previous conflicts, regional adversaries such as Iran and its proxies targeted pipelines, refineries, and oil fields in Gulf partner states. In the compute era, these actors could also target data centres, energy infrastructure supporting compute, and fiber chokepoints."
Inside Iran itself, the picture is equally severe. Iran has entered its fourth day of an internet shutdown impacting its population of over 90 million. The nation has spent over 72 hours in a near-total internet blackout, with connectivity at around 1% of ordinary levels, according to data from independent internet watchdog NetBlocks. NetBlocks has attributed the blackout to a "regime-imposed" nationwide internet shutdown, though the country's government has not commented. Analysts at CNBC note that concurrent US-Israeli cyber operations deliberately targeted telecommunications infrastructure to disrupt the Islamic Revolutionary Guard Corps' command-and-control networks during the kinetic strikes.
The retaliatory cyber threat is already materialising. Adam Meyers, head of counter adversary operations at CrowdStrike, said the firm was "already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating denial-of-service attacks." "These behaviors often precede more aggressive operations," Meyers said. Palo Alto Networks' Unit 42 has observed a surge in hacktivist activity, with some estimates of 60 individual groups active, including pro-Russian groups as of March 2. Multiple Iranian state-aligned personas have claimed responsibility for a range of disruptive operations, several associated with the "Electronic Operations Room" formed on February 28, 2026.
"The Iranian leadership vacuum is likely going to lead to more unpredictable, decentralised proxy attacks," one security analyst told Fortune, noting that aligned hacktivists and proxy groups are now making their own targeting decisions without approval from central authorities. That decentralisation is precisely what makes the threat difficult to model. In past conflicts, Tehran's cyber actors have aligned their activity with targets including energy, critical infrastructure, finance, telecommunications and healthcare, sectors that Australian organisations rely on just as much as American ones.
The UK's National Cyber Security Centre has already moved. The NCSC is advising UK organisations to review their cyber security posture, assessing that there is likely no current significant change in the direct cyber threat from Iran to the UK, but that the fast-evolving nature of the conflict means that assessment may be subject to change. Australia's Australian Signals Directorate has not yet issued a public advisory, but given the Five Eyes framework and Australia's status as a host of US military assets and intelligence facilities, similar guidance should be anticipated.
The broader strategic question this conflict raises extends well beyond any single press conference. For years, experts and advocates have argued that cyber operations should be treated as a domain of warfare equivalent to any other, with proper oversight, doctrine and accountability. Former officials and cyber operators told Breaking Defense that the cyber mission in Epic Fury is expected to evolve, potentially sliding into more intelligence-gathering mode and saving some key capabilities for specific moments in the weeks ahead. That sustained, adaptive role is precisely what makes it harder to define, regulate or scrutinise through conventional parliamentary or congressional mechanisms.
The Pentagon's willingness to publicise its cyber operations reflects genuine strategic calculation. Demonstrating capability deters adversaries and reassures allies. But it also creates pressure for reciprocal transparency from partner nations, including Australia, about their own offensive cyber postures. How much the public deserves to know, and how much operational security demands silence, is a tension democratic governments have not yet resolved. The events of this week show that the question is no longer theoretical.