As COO of a mid-sized defense contractor that develops both defensive and offensive cyber capabilities, I’ve spent the last decade watching the convergence of kinetic and cyber operations. The February 2026 escalation in the Iranian conflict—Operation Epic Fury—has crystallized something we’ve long anticipated: ICS and SCADA infrastructure are no longer peripheral targets. They are the primary battlefield where strategic effects are delivered at the speed of light.
We’ve seen coordinated cyber operations deliver instant and effective battlefield effects into Iranian energy, aviation, and critical command and control systems, achieving widespread outages and operational paralysis without relying solely on physical strikes. Internet connectivity across major Iranian cities dropped to near-single digits, crippling the real-time monitoring and control loops that keep power grids, fuel distribution, and industrial processes running. This isn’t theoretical disruption—it’s measurable degradation of national capability: Halted refining operations, compromised safety mechanisms, and severed C2 links that once enabled rapid response.
The retaliation has been equally instructive. Iranian-aligned actors (state-directed and proxy hacktivist networks alike) have pivoted hard toward exposed PLCs and SCADA interfaces in Israel, Jordan, and Gulf partners—claiming access to power plant controls, fuel systems, and manufacturing OT environments. Claims of manipulated setpoints, reduced output, and downtime underscore the asymmetry: low-cost code can now create high-impact physical effects across borders.
From CNF’s labs and red-team exercises, the lesson is unambiguous. Legacy OT environments—often internet-facing with default credentials or unpatched controllers—remain the soft underbelly. But the flip side is equally powerful: well-engineered offensive tools, paired with resilient defensive architectures (air-gapped segments, AI-based anomaly detection, and zero-trust OT gateways), can decisively shift the balance.
The Iranian conflict has proven that cyber is no longer support—it is the decisive enabler of effects on ICS/SCADA. Nations and enterprises that treat operational technology as a “set it and forget it” domain do so at existential risk.
At CNF, we are doubling down on dual-use solutions that harden allied infrastructure while preserving the ability to impose precise, reversible effects when national security demands it. The next chapter of defense isn’t about more platforms—it’s about superior code and superior resilience.
Fellow defense, energy, and critical infrastructure leaders: How are you evolving your OT cybersecurity posture in light of these hybrid realities? I’d value your perspectives in the LinkedIn comments area. Let’s keep the conversation going—our collective resilience depends on it.