"AI is 'totally integrated' into the collection of intelligence and its use in strategic decision‑making and military operations," The New York Times reported — a blunt observation that recasts where national and commercial vulnerabilities now lie.
Missile and drone attacks in the Middle East exposed a new strategic vulnerability
Missile and drone attacks that took out cloud data centers in the Middle East underscored a critical vulnerability: modern economies, militaries, and corporations increasingly depend on digital infrastructure that sustains competitive advantage and operational continuity. The outages and downstream disruption were described as a preview of a new form of strategic and operational risk. As AI workloads dramatically increase compute demand for businesses, supply chains, and national security systems, the infrastructure that trains, hosts, and runs AI becomes a higher‑value target.
Stryker on March 11: how a wipe looked like a kinetic strike
On March 11, reports surfaced that thousands of servers and endpoints were wiped inside Stryker, a U.S.‑based medical device manufacturer. A hacktivist group sympathetic to Iran, known as Handala, claimed responsibility. According to the reporting, attackers accessed Stryker’s Microsoft environment and issued a wipe command via Intune. The incident reportedly halted Stryker’s global production — a digital incident producing the operational outcome of a strategic disruption without a single missile being launched.
Power, cooling, and building management emerged as real attack surfaces
AI’s growth is colliding with a power wall in many regions where grid capacity cannot scale fast enough, driving facilities toward on‑site generation and distributed energy. That increased complexity in power management becomes a pressure point: interruptions to power supply or to management systems can quickly force a data center offline. Thermal management is similarly crucial; as the industry adopts liquid cooling for dense AI loads, interference with cooling shifts from a niche technical worry into a vector that can cause downtime and equipment damage. Building management and automation systems — HVAC, physical access controls and other facility systems — are often exposed to the Internet, misconfigured, and inconsistently secured, creating pathways to outages. Remote access by vendors, contractors, and systems integrators compounds the risk: each trusted connection can become an entry point if not tightly controlled.
The report notes precedent for attacking physical infrastructure: Russia has on several occasions demonstrated the ability to target and disrupt power generation and distribution in Ukraine in 2015 and 2016, illustrating how attacks on energy systems can cascade into broader operational failures.
What this means for technologists, policymakers, and enterprises
- Technologists and security teams: treat facilities systems as critical operational technology. That means asset inventories, vulnerability management, logging, and incident response plans that anticipate disruption — not just traditional IT hardening.
- Policymakers and regulators: governments are increasingly treating data centers as critical infrastructure, and policy frameworks are moving to reflect that view. The National Cybersecurity Strategy, CISA’s Secure by Design principles, and international standards like IEC 62443 are cited as evidence of that shift.
- Enterprises and procurement leaders: resilience is a board‑level priority. The stakes include halted production, missed shipments, delayed care, and lost trust across hospitals, utilities, chemical production, food and beverage, oil and gas, and transportation — sectors that feel data‑center disruption long after the technology shop has closed its incident ticket.
Operational steps recommended: segmentation, remote‑access controls, and realistic exercises
The writeup sets out concrete resilience practices for organizations: first, define resilience targets that match business reality — what must stay running, what can degrade, what cannot fail. Segmentation between IT and OT assets should be non‑negotiable. Remote access should be treated as a critical risk pathway and governed by least privilege, strong authentication, and continuous monitoring. Facilities systems — power, cooling, building management — should be managed as critical operational technology with inventories, vulnerability management, logging, and incident response plans that anticipate disruption.
Crucially, organizations should train to operate under degraded conditions. Tabletop exercises should include scenarios such as loss of a cloud region, partial failure of a facility, or compromise of a management plane, to validate whether essential operations can be maintained and recovered quickly. The argument is explicit: companies that get ahead of this shift will not only reduce risk, they will build competitive advantage in a world where downtime can be wielded as a strategic weapon.
Grant Geyer, chief strategy officer at Claroty, framed the piece’s central claim: in the AI era, data centers are essential infrastructure for modern economies and national security, and protecting them is about protecting the systems society depends on every day.
