Organizations relying on the distributed nature of cloud computing to ensure data availability are currently evaluating new physical risk factors. On Feb. 28, following military action by the US and Israel, internet traffic in Iran decreased to less than 1% across major networks, according to Cloudflare Radar. Shortly after, infrastructure in the United Arab Emirates, Bahrain, and other Gulf States experienced kinetic disruptions. Amazon Web Services (AWS) reported on its Health Dashboard that two facilities in the UAE and a third in Bahrain sustained physical impacts from drone strikes.
"These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage," AWS stated on March 2. "We are working closely with local authorities and prioritizing the safety of our personnel throughout our recovery efforts."
Direct kinetic disruption of data centers represents a shift in operational risk. Kathryn Raines, cyber threat intelligence team lead at Flashpoint, observes that militaries and enterprises alike depend heavily on cloud infrastructure.
"The physical strikes on facilities housing cloud infrastructure... may seem like outliers, but the reality is that they’re likely the new blueprint for modern warfare," Raines says. "We're seeing reports of adversaries using a multi-domain approach — kinetic bombardments paired with claims of simultaneous cyberattacks on ICS networks by hacktivist proxies — with the intent to blind military targeting and paralyze the civilian economy."
Evaluating physical cloud risks
Private infrastructure now runs government operations, effectively turning hyperscale cloud data centers into strategic targets. Raines notes that while cloud architecture handles severe weather well, it is not designed to withstand military conflict. Backup facilities are often built within 60 miles of primary locations, meaning they share a similar geographic risk profile.
Physical damage from fires, roof collapses, emergency sprinklers, or severed external cables connecting the facility to the broader internet can result in permanent hardware loss.
In contrast, the ongoing conflict between Russia and Ukraine has not yet resulted in kinetic action against cloud data centers outside Ukraine. The "Cloud of War" study presented at the 17th International Conference on Cyber Conflict (CyCon) suggests this restraint may be due to a shared reliance on public cloud infrastructure for military operations. However, network-level incidents remain continuous.
Blake Darché, head of threat intelligence at Cloudflare's Cloudforce One team, notes that unauthorized network activity is frequent across all phases of conflict. Threat actors continue to deploy traditional disk-wipers designed to delete critical information, complicating recovery efforts.
Resilience and operational continuity
System disruption affects industries differently based on their architecture and physical requirements. Transportation and utilities face immediate operational challenges if network connectivity fails. Darché points out that any industry reliant on real-time processing or instantaneous transactions carries higher vulnerability to regional outages.
Security and IT teams must distinguish between high availability and comprehensive resilience, says Kim Larsen, group CISO at data protection provider Keepit. While resilience relies on prevention, detection, and recovery, many organizations underinvest in testing their recovery capabilities and assume backups will function seamlessly during a crisis.
"For years, many organizations treated the cloud as if it were beyond geography," Larsen says. "These incidents are a reminder that the cloud is still made of buildings, power, fiber, people — and therefore, it inherits the same geopolitical and kinetic risk as any other critical infrastructure."
Organizations are encouraged to reevaluate their disaster recovery and data governance models. Applications requiring ultra-low latency or real-time processing carry the highest exposure during localized events. Additionally, strict data localization policies could present strategic liabilities if a single physical region is compromised. Raines anticipates a shift toward "Allied Data Sovereignty," where legal frameworks adapt to allow critical data backups to be hosted in allied regions during emergencies to ensure survivability.
(This report incorporates analysis from veteran technology journalist and former research engineer Robert Lemos, who has tracked cybersecurity and vulnerability trends for over 20 years.)