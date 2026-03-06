RUSI
Fog, Proxies and Uncertainty: Cyber in US-Israeli Operations in Iran
As Operations Epic Fury and Roaring Lion develop, several dimensions of cyber activity demand attention and careful qualification.
These are days of considerable uncertainty in Iran and across many countries in the Middle East and, as with any military intervention, reporting in the first instance remains at best speculative. As we carefully assess the potential, and eventually actual, role and effects of cyber capabilities and activities in the context of Operations Epic Fury and Roaring Lion, there are at least seven elements that merit close attention.
Assessing the Role of Cyber Capabilities in Military Operations
First, as more information is shared about the operations, these cases might contribute to our ongoing assessment of whether cyber remains more useful as a first-strike enabler, or they may provide additional lessons on how cyber might sustain physical effects. So far, US General Dan Caine’s press conference speech on 2 March noted two roles for US Cyber Command: firstly, as ‘first-movers’ in using ‘non-kinetic effects’ to shape the environment for the subsequent phases of the operation; and secondly, in maintaining a ‘continuous layering’ throughout the first 57 hours of the operation – he claims that it had ‘disrupted communications and sensor networks’. Previous operations, such as last year’s Midnight Hammer, reportedly used cyber to disrupt air defences ahead of the bombing of nuclear sites. Epic Fury will require supporting elements working around the clock, cycling between offensive targeting, defensive operations, information operations and intelligence collection across a continuously shifting battlefield.
As the operation unfolds and more information is released, it remains to be seen whether these activities fit the pattern observed in Venezuela and Ukraine: that cyber effects are most consequential at the start of a campaign, when conditions are more controlled and when degrading the adversary's coordination capacity has the highest strategic impact. The current landscape is different from that of the US Operation Absolute Resolve aimed at removing Nicolás Maduro from Venezuela, where energy infrastructure was suffering from gradual and critical decay, cyber capabilities within the country were far from developed, and the timeline and scope was more contained. In contrast, Iran hosts patriotic hacker groups, the IRGC has its own dedicated cyber–electronic command, and several Advanced Persistent Threats (APT34, APT39 and APT42) have long been linked to the country, raising concerns about retaliatory cyber activity – which has already been taking place.
Moreover, it is clear that Operation Midnight Hammer, Operation Absolute Resolve and now Operation Epic Fury represent successive opportunities that the US has been using to sharpen the institutional, operational and tactical integration of cyber capabilities in military operations with different lengths and against different kinds of adversaries. Epic Fury is possibly the most contextually challenging given the leadership decapitation and spillover to other parts of the Middle East. A more public understanding of the use of cyber capabilities in sustaining military operations can also further support informed debate, especially at a time when other NATO member states have been more eagerly and publicly arguing for the further development of offensive cyber capabilities.
