US Cyber Strikes on Iran: The Accountability Gap in Modern Warfare

The photographs are crisp, the videos professionally edited. When US Central Command wants to showcase its latest strike package against Iran, the details flow freely—until Admiral Brad Cooper mentioned operations "from seabed to space and cyber-space" before moving swiftly on. That single phrase may be the most significant admission of the entire campaign, revealing a fundamental gap in how democracies oversee modern warfare.

While every missile launch gets a social media post and a press conference, the cyber operations that preceded, enabled, and continue alongside these kinetic strikes remain shrouded in near-total opacity. This asymmetry isn't accidental. It represents a deliberate choice to keep the most potent—and potentially most legally ambiguous—elements of modern military operations beyond public scrutiny.

The invisible battlefield

According to Pentagon briefings, months and sometimes years of preparation went into creating the target sets for strikes against Iranian military infrastructure. General Dan Caine, chairman of the joint chiefs of staff, described this groundwork in careful terms, but cyber operators from US Cyber Command and US Space Command were characterised as "first movers" who disrupted and "blinded Iran's ability to see, communicate and respond". What that actually meant in practice remains largely classified.

Enjoying this article?

Get stories like this in your inbox every week.

Join the Community

The Financial Times reported, citing unnamed sources, that Israel had compromised CCTV and traffic cameras across Iranian cities to create a surveillance network tracking the movements of Ayatollah Ali Khamenei and military commanders. Other reporting suggests mobile phone towers may have been jammed or disabled to prevent security teams from communicating as jets approached their targets. Neither claim has been independently verified.

Defence Secretary Pete Hegseth stated that Iranian military units "can't talk or communicate, let alone mount a coordinated and sustained offensive".

Whether that incapacity stems from cyber operations, electronic warfare, or kinetic strikes on communications infrastructure, he didn't specify. The Trump administration appears marginally more willing than its predecessors to acknowledge cyber capabilities—the president himself claimed that "the lights of Caracas were largely turned off due to a certain expertise that we have"—but the details remain deliberately vague.

Israel, meanwhile, is accused of compromising BadeSaba, an Iranian prayer-timing app with 5 million downloads. Reuters reported that users received a push notification reading "help has arrived" precisely as airstrikes began. The psychological warfare value is obvious; the operational details are not.

The Stuxnet precedent

This reticence has a long pedigree. Officials still won't formally acknowledge the Stuxnet operation that sabotaged Iranian uranium enrichment centrifuges in 2010, despite exhaustive technical analysis and widespread attribution to US and Israeli intelligence. Israel has similarly declined to claim responsibility for the 2022 meltdown at Iranian steel plants, an attack attributed to the mysterious "Predatory Sparrow" hacktivist group that few serious analysts believe operates independently of state sponsorship.

Tal Kollender, a former Israeli military cyber-defence specialist who now runs cybersecurity platform Remedio, argues the silence is operationally necessary. "If a country openly describes its capabilities or specific operations, it risks revealing techniques, access points, or intelligence sources that could be shut down quickly by adversaries," she said. "In cyber, the value of a capability often depends on the other side not knowing exactly how it works."

That logic holds for tactical advantage. The question is whether it should override democratic accountability. Dr Louise Marie Hurel from the Royal United Services Institute has noted the unusual level of disclosure the US has provided in this campaign, but argues it still falls short of what's required. "If cyber is openly acknowledged as integral to the strike package, it can help sharpen the questions about the laws of armed conflict, proportionality, and what counts as a use of force," she said.

The absence of debate creates a peculiar situation where legislators can scrutinise a missile strike based on publicly available information, but remain entirely in the dark about cyber operations that may have equally significant effects.

The missing retaliation

Equally puzzling is Iran's apparent absence from the digital battlefield. The country demonstrated sophisticated offensive cyber capabilities in 2012 when it deployed wiper malware against Saudi Aramco, destroying 30,000 computers at the oil giant. Yet despite Western cybersecurity firms bracing for retaliatory attacks, Iranian activity has been remarkably subdued.

Two explanations present themselves. Either Israeli strikes have successfully degraded Iran's cyber infrastructure and operational capacity, or Iran's capabilities have been systematically overestimated by Western intelligence. A third possibility—that retaliation is being carefully staged for maximum impact—cannot be dismissed.

The recent attack on medical technology firm Stryker, attributed to the Iranian-linked group Handala, suggests some capacity remains intact. Hurel cautions against premature conclusions. "I wouldn't jump to conclusions regarding Iran as we have seen considerable hacktivist activity, and public reporting has previously shown that patriotic hacker personas have sometimes been used as a facade for state-linked groups," she said.

The delayed response may simply reflect operational realities. Cyber operations against hardened Western infrastructure require extensive reconnaissance and pre-positioning—exactly the kind of patient groundwork US and Israeli operators reportedly spent years conducting before their own strikes.

Hegseth's recent comments about "hunting for more systems to kill" suggest the cyber campaign continues, with operatives likely using artificial intelligence tools to analyse satellite imagery and signals intelligence for emerging targets. He mentioned a young colonel "iterating on how we target and how we find and fix different aspects of what the Iranians are trying to do", a carefully worded description that reveals almost nothing.

The risk for Western nations is that whilst officials brief journalists about aircraft carriers and bomb tonnage, adversaries are mapping the critical infrastructure that keeps the lights on, the water flowing, and the hospitals functioning. That work happens in silence, and the bill may come due long after the conventional strikes have ended. As analysts note, the convergence of cyber and kinetic warfare is reshaping modern conflict in ways that remain poorly understood by policymakers and the public alike.

More articles by Ross Williams