Michigan may be more than 6,000 miles away from the war in Iran, but, virtually speaking, it’s well within striking distance.

An Iran-linked group calling itself Handala claimed responsibility for a cyberattack on Portage, Michigan-based medical device maker Stryker Corp., carried out on March 11, 2026. Handala said the attack was in retaliation for events related to the conflict in Iran.

The cyberattack affected Stryker’s internal Microsoft software system, disrupting the company’s order processing, manufacturing and shipping.

As a scholar who researches cyber conflict, I’ve found that in periods of geopolitical tension such as the current U.S./Israel-Iran war, cyber operations often sit right next to missiles and airstrikes as a tool that states and state-linked groups use to inflict damage, probe weaknesses and signal resolve to their enemies.

The Stryker case is notable because it shows how quickly a regional conflict can translate into disruption for organizations far from the battlefield. It also illustrates the vulnerabilities of U.S. organizations, including those involved in critical infrastructure.

Modern critical infrastructure does not only involve the obvious big targets like power plants or water utilities. It also relies on suppliers and service providers that sit one or two links upstream – such as managed information technology providers, cloud and data center operators and specialized parts suppliers – that keep everything from hospitals to transit systems running.

This is one reason U.S. officials emphasize critical infrastructure as a whole-of-society problem, not a niche government issue. The Cybersecurity and Infrastructure Security Agency’s “Shields Up” guidance is written for exactly this reality: a world where geopolitical........

© The Conversation