The next front is already here in war against Iran

Wars do not end when the bombs stop falling. They evolve.

After 18 days of sustained U.S. and Israeli strikes, Iran’s air force is grounded. Its navy is at the bottom of the Gulf. Its drone stockpiles, once a credible threat, are finite and shrinking. Tehran knows this. So does every intelligence analyst who is watching the situation.

What Iran still has is its cyber capability. And last week, Iran used it.

The attack on Stryker Corporation was not a nuisance. It was a signal. Over 200,000 devices wiped across 79 countries. Fifty terabytes of data exfiltrated. Emergency responders in Maryland cut off from the system they use to transmit patient data to hospitals before a patient ever arrives. That is not a hacker playing games. It is a nation-state conducting warfare, asymmetric war. Iran is good at it.

The group that claimed responsibility, Handala, is a known proxy of Iran’s Ministry of Intelligence and Security. The Iranians have long understood that deniability is a strategic asset. You do not need to sign your name to an attack when everyone already recognizes your fingerprints.

This matters for how we think about what comes next.

Iran has invested heavily in its cyber capabilities precisely because they are cheap, scalable and hard to attribute in real time. A missile strike requires infrastructure, fuel, logistics and crews. A cyberattack requires a laptop and an internet connection. The barriers to entry are low. The potential for disruption is enormous.

American companies should expect more of this, not less.

The targets will not be random. Defense contractors, companies with operations in Israel, firms supplying the U.S. military, the supply chain from development to refining of rare earths and critical metals, hospitals, water plants, energy infrastructure are targets for disruption. The Iranians and their proxies declare out loud on Telegram and in state controlled media. They are not hiding their intent.

What this moment demands is clarity, not panic.

Stryker makes defibrillators and ambulance equipment. It supplies medical technology to hospitals across the country and to the U.S. military. It is not an intelligence agency. It is not a weapons manufacturer. It is a company doing exactly what American industry is supposed to do, serving patients across all demographics. The fact that Stryker was targeted tells you something important: the adversary does not distinguish between combatants and non-combatants in cyberspace. This is a feature of their strategy, not a flaw.

We should be clear-eyed about what this means going forward.

Every major American company has a digital footprint. They all are potential targets regardless how the current conflict evolves. The private sector is on the front line whether it wants to be or not. The question is not whether another attack will come. It is whether we are organized to absorb and respond to it.

Government and industry need to operate together with a level of integration we have not yet achieved. The federal response to the Stryker attack has been appropriate so far. The Cybersecurity and Infrastructure Security Agency is engaged. The Department of Health and Human Services is assessing impacts on patient care. That coordination needs to become standard, not exceptional.

We also need to resist the temptation to assign blame where it does not belong. Companies that become victims of nation-state attacks were not complacent. They did not fail. They were targeted. There is a difference. Conflating the two discourages transparency, undermines incident reporting, and ultimately makes us more vulnerable as a nation.

I have spent a career in intelligence. I know what it means when an adversary shifts its tactics. What we are seeing from Iran right now is a fundamental adaptation. Long term, conventional military options are limited. Proxy forces in the region remain active but degraded. What is left is the keyboard and the clear intent to use it with strategic direction and effect.

The next phase of this war will be fought in server rooms and network operations centers as much as it is in the other domains of war: aerospace, land, sea and sub surface. I’d suggest that American industry understands this, but policymakers must resource accordingly.

The front line just moved. It is time to act like it.

James “Spider” Marks is a retired U.S. Army brigadier general and former senior intelligence officer. He served as the chief intelligence officer for Combined Forces Land Component Command during Operation Iraqi Freedom.

Copyright 2026 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

More Opinions - Cybersecurity News

Senate GOP plows forward on SAVE America Act amid pressure from right

US speeds up deployment of thousands more Marines, sailors to Middle East

The Memo: Frustrated Trump struggles against perception that he’s losing ...

GOP Senate candidate on rising gas prices: ‘Maybe you take one less trip to ...

Senate passes measure prohibiting preferential airport screening for lawmakers

White House seeks to circumvent Schumer on potential DHS funding deal

Huckabee Sanders says she was asked to leave restaurant because employees felt ...

Live updates: Pentagon accelerates Mideast deployments; Senate set to vote on ...

Chuck Norris dies at 86

Jeffries says Democrats will oppose rule governing spy powers bill

Obama’s former DHS secretary calls to end shutdown, pointing to Iran threat

Netanyahu says revolution in Iran will require ‘ground component’ to war

GOP debate on SAVE America Act morphs into ‘circular firing squad’

TSA official: Airport security problem ‘going to get worse before it gets ...

Enabling this TSA feature could save you hours in airport security lines

Trump's push to abolish the Education Department reaches student loan portfolio

Iran threatens world tourism sites

Boebert on $200B Iran war funding request: ‘I’m not doing that’

The Hill Podcasts – Morning Report

© The Hill