MANILA, Philippines – Iran on March 1 attacked Amazon Web Services’ data centers in the UAE with drones, causing major disruptions to digital services across both consumer and business sectors in the region.

Ten days later, the Tasnim news agency — affiliated with the Islamic Revolutionary Guard Corps (IRGC) —signaled an expansion of targets to include Google, Microsoft, IBM, Nvidia, Oracle, and Palantir, according to Al Jazeera. These companies, many of which have military contracts with the United States, now find their offices and infrastructure in Israel and parts of the Gulf labeled as “legitimate targets.”

“As the scope of the regional war expands to infrastructure war, the scope of Iran’s legitimate target expands,” Tasnim said.

On the surface, the logic is simple: destroy data centers and you disrupt an adversary’s operations. As UK-based think tank Rusi notes, when facilities host both civilian and military workloads, “targeting them to disrupt military capabilities can make strategic sense.”

But the reasoning goes beyond that.

Going deeper

Rusi argues that these attacks are not just about military disruption, but also about economic and psychological pressure, especially as “calls to treat data centers as strategic assets and critical infrastructure have grown louder.”

Rusi provides 3 reasons.

First, striking data centers imposes economic and reputational costs. Gulf states have spent years trying to attract global tech firms, offering cheap land and energy to present themselves as stable, neutral investment hubs. Attacks weaken that image. As Rusi explains, “drone strikes damage Gulf states’ carefully cultivated reputation as a neutral, peaceful place for investment,” which could discourage companies and put billions of dollars in investment at risk.

Targeting US tech firms also adds another layer. While hitting any foreign-linked facility could have similar effects, US companies play a major role in the US stock market. Disrupting them could increase economic pressure on Washington, and Trump’s economic policy, Rusi says.

Second, data centers matter because of who they serve. Major cloud providers support governments and militaries. Companies like AWS, Google, Microsoft, and Oracle are part of large defense contracts, including the US military’s Joint Warfighting Cloud Capability program.

Still, Rusi suggests Iran likely did not know whether the specific sites targeted were being used for military purposes. This means the strikes were less about guaranteed military impact and more about sending a message: infrastructure linked to US military power can be targeted.

Finally, disruption itself is part of the strategy. The attacks affected everyday services like payments, banking, and online platforms, making it harder for people and businesses to operate normally. This creates a psychological impact, bringing the conflict closer to daily life and highlighting vulnerability.

Civilian danger, evolving war landscape

More than psychological impact, there is danger in having the same infrastructure hosting both civilian and military applications, the international law blog OpinioJuris writes.
“It’s an attack which disrupts the collective cognitive capacity of a population to respond to its own suffering. Within the first week following the outbreak of war, for instance, the World Health Organization has been forced to suspend its Dubai logistics hub due to the physical closure of airspace and sea lanes… The invisible harm of data center strikes, which we do not yet fully understand, could be even more profound.”
As data centers become high-value targets, it advised: “States should physically separate out their civilian data centers from those being used by the military. This is part of parties’ obligations to take precautions against the effects of attacks by protecting the civilian population from the dangers of military operations” — similar to how states are also prohibited from putting a munitions factory in residential areas.
Without such separation, extremely critical medical and humanitarian services and safety nets that are even more important in times of war may be severely crippled.
Attacks on data centers are new, but it might also highlight how international law is lagging behind these technological developments that are now playing a huge role in wars.
“The Geneva Conventions, last substantially updated in 1977, were designed for a world of standing armies and physical battlefields. They offer no meaningful guidance on dual-use digital infrastructure, AI in lethal decision-making, or accountability for autonomous and semi-autonomous strikes,” writes Subimal Bhattacharjee, a policy adviser on digital tech issues for corporations and government.
For these, the adviser says that ultimately, it must be mandated that human oversight has the top approval for “AI-assisted lethal decisions” while civilian digital infrastructure for critical sectors such as hospitals and water systems must be given “explicit protected status” as well as updated rules on the use of autonomous weapons systems. 

In Iran, we are seeing war evolve. Tech has changed society, and tech has also changed the fabric of war. How do we make sure that our policies for digital infrastructure evolve with it, in a way that civilians and critical sectors can be protected?

“What is clear is that the events of March 1 have added significant momentum to a debate that was already gaining force: whether cloud infrastructure can continue to be treated as a commercial utility, or whether it must be governed as a contested and consequential strategic asset, at the intersection of economic power and conflict,” Rusi concludes. – Rappler.com