A comprehensive analysis of major contemporary conflicts has revealed a stark and increasingly undeniable truth: offensive cyber operations, long heralded as a revolutionary tool of statecraft, consistently fall short of their hyped potential to deliver decisive battlefield effects. Despite the involvement of some of the world’s most technologically advanced and cyber-capable nations in recent wars, the digital domain has yet to produce a strategic, war-winning blow. The pervasive fear of what cyber warfare could theoretically accomplish has far outpaced what it has actually achieved, prompting a necessary and critical re-evaluation of its role in modern conflict. While cyberattacks generate headlines and cause tactical disruptions, they remain a secondary theater to the brutal, decisive reality of kinetic force, forcing strategists to reconsider how this powerful but limited tool should be integrated into future military doctrine.
The Predominance of Physical Force
Across the landscapes of recent conflicts, a clear pattern has emerged where traditional kinetic weapons—such as precision-guided glide bombs, unmanned aerial vehicles, and sophisticated ballistic missiles—have proven to be far more effective and reliable for achieving strategic military objectives. The degradation of critical national infrastructure, a task once theorized to be the primary domain of cyber warfare, has been accomplished far more thoroughly and decisively through physical strikes. While cyberattacks have certainly caused tactical disruptions, such as temporary power outages or data breaches, these effects have been consistently overshadowed by the destructive power of conventional munitions. This reality positions cyber operations not as a primary instrument of war capable of breaking an enemy’s will to fight, but rather as a supplementary tool. It serves to harass, distract, and create friction, but it does not, on its own, alter the strategic calculus or the overall trajectory of a conflict. The evidence suggests that for the foreseeable future, wars will continue to be won and lost in the physical domain, with cyberspace acting as an important but supporting theater of operations.
Another defining trend is the rapid and chaotic globalization of regional conflicts through the digital domain, a phenomenon that complicates the battlefield but rarely contributes to a strategic outcome. While the physical battles are waged by state or non-state actors within specific geographic boundaries, cyberspace instantly becomes a global free-for-all. A diverse and often uncoordinated array of non-state actors, ranging from ideologically motivated hacktivist groups to profit-driven cybercriminals, quickly joins the fray on all sides of a conflict. This influx creates a complex and multi-layered digital battleground that extends far beyond the physical front lines, touching allied nations and neutral parties alike. In the Russia-Ukraine war, for instance, an international legion of volunteer hackers mobilized in support of Ukraine, while pro-Russian groups worked to advance Moscow’s agenda. This global participation adds a significant layer of noise and complexity for defense planners, but the impact of these non-state actors has been largely tactical, focused on low-level targets and propaganda, rather than achieving meaningful military effects.
Contrasting Approaches to Cyber Timing
The strategic timing of cyber operations relative to kinetic assaults has revealed two distinct and competing philosophies, each with profound implications for military planning. In its full-scale invasion of Ukraine, Russia employed a preemptive model, launching a major wave of cyberattacks targeting Ukrainian infrastructure a full month before its ground forces crossed the border, followed by another intense barrage in the 24 hours immediately preceding the multi-axis physical assault. This approach, intended to sow chaos and paralyze Ukrainian command and control, ultimately proved to be strategically counterproductive. Rather than shocking the defenders, the premature cyberattacks served as an unambiguous early warning of an impending invasion. This not only provided Ukraine with critical time to harden its defenses and mobilize resources but also bolstered the international narrative of Russia as an undeterred aggressor, fatally undermining Moscow’s own strategic messaging and attempts to justify its actions on the world stage.
In sharp contrast, both Hamas in its October 2023 attack on Israel and Israel in a projected strike on Iran prioritized operational security for their kinetic surprise attacks above all else. In both scenarios, the days and months leading up to the physical assault were characterized by a deliberate quiet in cyberspace. Hamas launched its first significant cyber salvos only after its ground attack was well underway, ensuring that no digital activity could tip off Israeli intelligence. Similarly, the projected Israeli plan delayed major cyber operations against Iran until nearly a week after the initial strikes. This delayed approach demonstrates a clear strategic choice that subordinates cyber activity to the paramount importance of achieving surprise in the physical domain. The analysis suggests that this model, which accepts a lesser role for cyber in the opening stages of a conflict, was more effective in ensuring the initial success of the kinetic operations, even if the subsequent cyberattacks proved to be largely inconsequential to the wider war effort.
The Failure to Achieve Strategic Impact
The core finding from a review of recent conflicts is the consistent and demonstrable inability of cyberattacks to deliver strategically significant results that could alter a war’s outcome. During the Russia-Ukraine war, widespread fears that sophisticated Russian hackers would cripple Ukraine’s critical infrastructure and shatter its national will to resist never materialized. While Ukraine’s electric grid, communication networks, and water supplies were repeatedly targeted by digital means, these cyber operations failed to achieve the feared nationwide blackouts or societal collapse. Instead, physical strikes with missiles and drones proved to be Russia’s preferred and far more effective method for inflicting lasting damage on infrastructure. The resilience of Ukrainian networks, bolstered by international support, combined with the inherent limitations of cyber weapons against hardened physical systems, meant that the digital front remained a secondary concern compared to the existential threat posed by kinetic bombardment.
This pattern of strategic inadequacy was mirrored in the Israel-Hamas conflict. Initial, alarming reports of hackers successfully breaching Israel’s sophisticated Iron Dome missile defense system stoked fears of undefended cities but were quickly proven to be false; the system remained largely effective against incoming rocket barrages. The most impactful and strategically significant tactic employed by Hamas was not a complex cyber operation but the brutal, physical act of hostage-taking. This created a profound and lasting strategic dilemma for Israel, shaping its military objectives and political landscape in a way that no cyberattack could ever replicate. Likewise, in the projected Israel-Iran conflict, cyber actions were limited to tactical, headline-grabbing disruptions. Pro-Israeli groups claimed credit for an attack on an Iranian bank, and a separate incident saw Iranian state television briefly broadcast anti-regime messages. While disruptive and embarrassing for Tehran, these actions did not meaningfully impact the conflict’s overall state or Iran’s fundamental capacity to wage war.
Recalibrating Future Cyber Doctrine
A crucial policy insight that emerged from these conflicts was that cyberattacks have not been a significant driver of military escalation. Despite a high volume of hostile cyber activity, none of the belligerents, including nuclear-armed states, responded with major escalatory actions in direct response to digital provocations. This stood in stark contrast to physical events, which often provoked swift and severe retaliation. This apparent lack of escalation, coupled with a deliberate policy by victim states to avoid public attribution even when they possess the technical capability to do so, had fostered a uniquely permissive environment. This reality suggested that states and non-state groups could conduct a wide range of cyber operations with a perceived low risk of significant consequences, potentially making them an ideal tool for third-party interventionist states seeking to impose costs on an adversary that is already distracted by a primary physical conflict.
Based on these observations, it became clear that the strategic value of cyberattacks in support of major combat operations had been widely misunderstood. They could not be viewed as a tool to “knock down the door” before an invasion or as a means to land a single, decisive blow. Instead, a more fitting analogy was that of traditional sabotage. Offensive cyber operations were most effective when employed covertly, behind enemy lines, to create specific and targeted effects that supported the overall war effort. From an operational planning perspective, advanced cyber forces needed to adapt to a digital battlefield crowded with moderately capable hacktivists who invariably targeted the most accessible “low-hanging fruit.” It was therefore deemed inefficient for a sophisticated state actor to expend its advanced resources on these same targets. The evolved doctrine advised that military cyber units should cede these easy targets and instead focus their unique capabilities on more difficult, high-value strategic objectives that remained beyond the reach of non-state actors.
