The tech industry often talks about “the cloud” as though it were something abstract and untouchable. But the cloud runs on data centers, those data centers have an address, and that address can be hit by a drone.
Last week, three data centers operated by Amazon Web Services (AWS), two in the United Arab Emirates and one in Bahrain, were struck by Iranian drones or missiles. The attacks forced the facilities offline and led to service outages affecting banking, payments, delivery apps, and enterprise software across the region.
The U.S. military also uses AWS to run some of its workloads, including running Anthropic’s AI model Claude for some intelligence functions, and Iran’s Fars News Agency said on Telegram that the Bahrain facility had been deliberately targeted “to identify the role of these centers in supporting the enemy’s military and intelligence activities.” AWS has declined to comment on the Iranian claim, and it is not known whether the attacks impacted U.S. military computing workloads.
Still, the attack is believed to be the first time data centers have been deliberately targeted for air strikes in a conflict. Experts say it almost certainly won’t be the last. Data centers are rapidly emerging as vital strategic assets—and vulnerable targets.
The boundary between commercial cloud computing and military operations has largely vanished. The Pentagon’s Joint Warfighting Cloud Capability and its Joint All-Domain Command and Control networks run on the same commercial infrastructure that serves banks and ride-hailing apps. Meanwhile, several news organizations have reported that the U.S. military used Anthropic’s AI model Claude—which runs on AWS—for intelligence assessments, target identification, and battle simulations during the Iran strikes.
That dual-use reality means that attacks on commercial data centers can have immediate military consequences—and vice versa. “If data centers become critical hubs for transiting military information, we can expect them to be increasingly targeted by both cyber and physical attacks,” Zachary Kallenborn, a PhD researcher at King’s College London, told Fortune.
Kallenborn recently coauthored a study in the journal Risk Analysis on “globally critical infrastructure”—including data centers and subsea cables—that can be important “choke points” for adversaries seeking to disrupt either civilian economies or military operations. He said that in conducting the study he’d held numerous conversations with senior officials around the world and found that “basically no one is thinking about these risks in a systematic way.”
Missile defense for data centers?
Data centers have long made some efforts at physical security. But most of these security measures—high fences topped with barbed wire, carefully controlled access, and security cameras—are aimed at preventing espionage or sabotage by a person on the ground, not aerial attacks.
Data centers are sprawling, visible complexes dependent on exposed infrastructure—such as cooling units, diesel generators, and gas turbines—that can be disabled without a direct hit on the server halls themselves. “If you knock out some of the chillers you can take them fully offline,” Sam Winter-Levy, a fellow at the Carnegie Endowment for International Peace, told the Financial Times.
Chris McGuire, an AI and technology competition expert who worked on technology policy at the National Security Council under the Biden administration, told the Guardian that data centers built in the Middle East might need to consider measures to guard against aerial attacks. “If you’re actually going to double down the Middle East, maybe it means missile defense on data centers,” he said.
Kallenborn previously told Fortune that as wars are increasingly fought with drones and other robotic systems, it is possible that even local conflicts could become much more regional or even global, as adversaries seek to strike the remote command centers and data center infrastructure needed to control those unmanned systems.
And the problem extends beyond the data centers themselves. Seventeen submarine cables pass through the Red Sea, carrying the majority of data traffic between Europe, Asia, and Africa. With Iran’s closure of the Strait of Hormuz and renewed Houthi threats in the Red Sea, both critical data choke points are now in active conflict zones simultaneously. “Closing both choke points simultaneously would be a globally disruptive event,” Doug Madory, director of internet analysis at network intelligence firm Kentik, told the publication Rest of World. “I’m not aware of that ever happening.”
The strikes on the UAE and Bahrain data centers land at a particularly fraught moment for the Gulf’s ambitions to become a global hub for artificial intelligence. U.S. President Donald Trump’s tour of the region last May generated more than $2 trillion in investment pledges, including the planned Stargate UAE campus in Abu Dhabi—what would be the largest AI facility outside the United States. Amazon committed $5 billion to an AI hub in Saudi Arabia.
For now, the structural advantages that drew tech companies to the Gulf—cheap energy, abundant funding, and a strategic location—remain intact. But Winter-Levy warned that most recent attacks are unlikely to be the last.
Physical attacks on data centers “are only going to become more common moving forward as AI becomes more and more significant,” he told Rest of World. Speaking to the Financial Times, he called the strikes “a harbinger of what’s to come” and warned that such attacks would not be limited to the Middle East.
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: fortune.com
