Cyber in hybrid conflict: The new invisible frontline

When I joined the Italian Navy more than thirty‑five years ago, the operational world felt clear and well‑defined. Military doctrine revolved around three physical domains—land, sea, and air. Technology supported these domains but did not shape them. Today, that certainty has disappeared. Multi Domain Operations (MDO) have expanded the battlespace to include space and, most disruptively, cyber.

Cyber is disruptive not because it replaces traditional domains, but because it permeates all of them. In modern hybrid conflicts, cyber operations blur the lines between military defense, national security, and the protection of civilian infrastructure. Cyber is not “IT security in uniform.” It is an operational domain where states maneuver, project power, deny access, influence decisions, and create strategic effects—often without triggering open conflict.

Cyber operations now support kinetic actions by degrading command and control, disrupting intelligence, and shaping the information environment. They manipulate data, perceptions, and trust. They enable persistent engagement below the threshold of war through espionage, sabotage, and coercion. They also create pre‑positioned access that can be activated during crises.

What makes cyber fundamentally different from land, sea, air, and space is that its terrain is largely civilian owned. Military systems depend on commercial telecommunications, cloud platforms, satellite services, and energy grids. Defending military cyber capability is therefore inseparable from defending the broader digital ecosystem. This interdependence forces us to rethink where national defense begins and ends.

The borderline question in hybrid conflict

Where is the boundary between cyber as military defense and cyber as protection of critical infrastructure?

In hybrid conflict, there is no clean technical line. The boundary is defined by authority, intent, impact, and escalation—and it shifts constantly.

Hybrid threat actors exploit this ambiguity. They operate below the threshold of war, targeting civilian systems that are strategically vital but politically difficult to defend with military force. Cyber is the ideal tool for this grey‑zone strategy.

The recent U.S.–Israeli operation against Iran, and the subsequent cyber spillover into the Gulf region, illustrates this dynamic clearly.

Cyber as an instrument of military operations

From the outset, cyber activity was integrated into a broader military campaign. Cyber effects disrupted coordination, isolated decision makers, and constrained Iran’s ability to respond. In this context, cyber functioned as a military domain, synchronized with kinetic planning and strategic signaling.

Iran’s response also blended kinetic and cyber operations. But the effects quickly extended beyond military networks, revealing the true complexity of hybrid conflict.

Civilian infrastructure as strategic terrain

Many affected systems—communications backbones, cloud services, aviation platforms, and digital government systems—were civilian in ownership but military in relevance. Disruptions impacted not only state command structures but also economic activity, public information flows, and societal confidence.

This reflects a core truth: in hybrid conflict, strategic effects are often achieved by targeting civilian infrastructure because it is deeply intertwined with military capability and essential to daily life.

Cyber spillover into the Gulf: A case study in grey-zone tactics

The spillover into Gulf countries made the blurred boundary even more visible. Governments and organizations across the region experienced heightened cyber pressure on public services, financial institutions, aviation, logistics, and energy systems. These states were not direct participants in the initial military operation, yet they were part of the broader ecosystem that supports military basing, coalition operations, and global supply chains.

Here, cyber activity operated in the grey zone between coercion, deterrence, and destabilization—forcing national cyber authorities and private operators to respond long before any formal military escalation.

Private companies as de facto cyber front lines

Perhaps the most revealing aspect of this conflict is the role of private organizations. Cloud providers, logistics firms, and technology vendors found themselves targeted not because they were combatants, but because they were strategically embedded in national and regional operations.

This underscores a hard reality: in hybrid conflict, private organizations become part of the operational terrain. Their networks and services are now integral to national security.

Rethinking cyber defense: Beyond the borderline

One thing is clear, cyber defense can no longer be divided into “military cyber defense” and “civilian critical infrastructure protection.” These are now interdependent components of national and collective security.

Military cyber forces cannot operate effectively without resilient civilian infrastructure. Civilian operators cannot withstand sustained hybrid pressure without intelligence, coordination, and support traditionally associated with national defense.

Hybrid conflict therefore demands deep, institutionalized collaboration between governments and the private sector. This requires:

• Joint preparation and planning
• Shared situational awareness
• Coordinated response mechanisms
• Clear escalation pathways

Resilience must be designed collaboratively, not improvised during crises.

Critical infrastructure protection must also be recognized as a pillar of deterrence. Hybrid cyber threats ignore borders, so defenses must be equally interconnected. Alliances and partnerships enable shared intelligence, coordinated responses, and collective signaling.

Leaders across government, military, and industry must internalize that cyber conflict is continuous, societal, and inseparable from modern sovereignty. Cyber defense is not something activated in wartime—it is a permanent condition.

Conclusion

Looking back to my early years as a naval officer, the clarity of domains and responsibilities belonged to a different era. Today, cyber has erased many of those boundaries. Military defense, critical infrastructure protection, and private‑sector resilience now form a single, interdependent system.

To operate effectively in this environment, organizations must strengthen their cyber readiness and embrace shared intelligence as a core element of defense. The Crystal Ball initiative is an example of this— collective cyber defense model and cross‑country intelligence‑sharing platform. It reflects this shift toward collective global resilience. CPX helps reinforce the platform’s infrastructure and support organizations in turning shared intelligence into practical resilience.

If you’re looking to strengthen your own cyber defense posture, get in touch with us.