The Code is More Dangerous Than a Bullet: Cyber and Drone Warfare in the Middle East

The digital transformation in the Middle East accelerated over the past two decades through artificial intelligence, cloud computing, advanced communications, drones, and commercial satellites. This transformation reshaped the regional security landscape on two interconnected levels: intelligence (expansion of collection and analysis sources, and the emergence of the private sector as a key information provider), and strategy (the expansion of the scope of power into cyberspace and drones, and changes in deterrence equations and costs). Events in the region, from Stuxnet and Shamoon to the threats of drones to navigation in the Red Sea, demonstrate how technology has simultaneously become both a force multiplier and a new source of vulnerabilities.

Features of Technological Transformation in the Region

In recent years, Gulf countries in particular have witnessed a leap in digital and cloud infrastructure: Microsoft launched a cloud region in Qatar in 2022, and Google Cloud launched the Dammam region in Saudi Arabia in 2023, alongside expansions for data sovereignty. Additionally, Amazon Web Services (AWS) inaugurated regional zones in Bahrain since 2019, and in the UAE since 2022. This means the localization of sensitive data, alongside expanding governmental and economic reliance on the cloud, creating both productive benefits and cybersecurity sovereignty risks.

This coincided with national strategies for artificial intelligence (UAE 2031) and Saudi Arabia’s data and AI strategy (NSDAI, 2020), which consolidated the integration of AI into government, security, and economic services. However, this integration raises questions about governance, security, and rights. On the communications front, GSMA reports show the accelerating adoption of 5G in the Middle East and North Africa, enabling data-intensive services (industrial IoT, smart cities) and creating new attack surfaces.

Finally, the flourishing of commercial satellite imaging markets has led to an unprecedented democratization of satellite images (Maxar, Planet), allowing governmental and non-governmental entities, media outlets, and researchers to monitor the effects of conflicts in near real-time. This transformation has altered the environment for transparency and verification, clearly seen in documenting the destruction and displacement during Israel’s war on Gaza from 2023 to the present.

Cybersecurity and Infrastructure: Lessons from Attack Histories

Early on, the region became a testing ground for attacks on industrial infrastructure. The 2010 Stuxnet attack on the Iranian nuclear reactor marked a turning point with its ability to manipulate industrial control systems, marking the beginning of the era of weaponizing malicious software against sensitive facilities. This was followed by the 2012 Shamoon attack, which disrupted around 30,000 computers at Aramco, and subsequent waves of attacks in 2016-2017, highlighting the vulnerability of institutional networks when infrastructure protection is isolated from the IT environment. Technical journalistic coverage and investigations provided details on the damage, its scale, and recovery, with implications for insider/third-party threats. Yet, the risk to infrastructure remains, particularly during wartime, as evidenced by the bombing of paging devices and other communication equipment in Lebanon.

In 2017, the TRITON/TRISIS malware targeted industrial safety systems (SIS) at a Saudi petrochemical facility, marking a more dangerous attack as it went beyond mere disruption and posed the potential for severe industrial accidents. Western official and security agencies later documented connections between the attack and foreign governmental actors. In the combined kinetic-cyber domain, the 2019 Abqaiq and Khurais attack with drones and cruise missiles on Saudi facilities revealed the ability of low-cost systems to create strategic impacts (temporarily halting a large share of oil production and triggering price shocks), with attackers benefiting from small radar signatures and complex flight paths.

These cases reveal three patterns: (a) the blending of cyber and industrial attacks, (b) the shift from data theft to physical sabotage, and (c) the widening cost gap between attack and defense, where a low-cost adversary can impose high costs on the defender in terms of protection and response.

Drones, Navigation, and the Gray Zone

Drones have created a leap in capabilities for both state and non-state actors in the region (governments and groups), ranging from precision strikes to low-cost reconnaissance. This was evident in the Houthi attacks on shipping in the Red Sea since late 2023, which combined drones, ballistic missiles, and naval drones, causing global logistical disruptions and prompting international military responses. Strategic assessments and official operational data document the nature of the threat and response paths but do not provide complete solutions, meaning the danger and high costs of response persist.

Regionally, counter-drone capabilities (CUAS) are increasing through partnerships, exercises, and testing of multi-layered systems, as demonstrated by the recent US–Saudi “RED SANDS” exercise, which brought together industry and operations to identify the “best solutions” for monitoring, jamming, and neutralization. This reflects the shift of air defense toward systems that are more pervasive and adaptive to cheap and abundant threats. National policies keep pace with this reality by regulating drone airspace, such as Dubai Law No. 4 of 2020, aiming to balance innovation, safety, and security.

The Intelligence Dimension: Open-Source Revolution and Artificial Intelligence

The intelligence cycle has been radically transformed by the abundance of open sources (OSINT), from social media to commercial imagery and expert analyses, to the point where decision-makers increasingly rely on high-quality public products alongside classified intelligence. Studies and reviews indicate that Western agencies faced challenges in effectively integrating open sources, while machine learning tools advance in automatically identifying targets from imagery. This is a global trend, but it has particular significance in the Middle East due to the intensity of conflicts and the availability of commercial low-earth orbit satellite imagery.

Commercial satellite imagery has changed the economics of strategic monitoring, with media outlets and research labs using it to document, assess, and verify damage during the Gaza war, establishing a shift toward “forced transparency.” Simultaneously, the region is witnessing a race to automate intelligence analysis. Israel, for example, announced the “Cyber Dome” initiative, a data- and AI-driven approach to enhance national cyber-warning and defense. Regardless of implementation details, the concept reflects a global trend toward human–automation hybrid intelligence structures.

This intersects with the issue of commercial spyware, such as Pegasus, where Citizen Lab and Amnesty International documented intrusions targeting activists and human rights defenders in the region, systematically linking evidence and digital fingerprints. For any intelligence agency, this represents a private market for advanced tools—useful but carrying high political and rights-related costs and legitimacy risks.

The Strategic Dimension: Balances of Power, Deterrence, and Hybrid Threats

Regional experiences show that cyber deterrence is less stable than nuclear or conventional deterrence due to attribution challenges and horizontal escalation to other theaters. Nevertheless, major industrial cyberattacks and drone strikes can produce nonlinear strategic effects, as seen in Abqaiq and Khurais. Think tank analyses highlight the disparity in “cost reciprocity” between low-cost attacks and expensive defenses, prompting a race for flexible, multi-layered defense systems.

Normalization of relations and cyber cooperation under new regional arrangements, such as frameworks stemming from the “Abraham Accords,” has strengthened technical partnerships, training, and joint exercises, with emerging U.S. legislative interest in supporting this collaboration against shared threats. On the opposing side, Iran continues to enhance drone capabilities and deploy them via proxies, according to multiple assessments. The outcome is a technology-security competition that extends beyond conventional armaments to software platforms, data, and cloud economies.

In the Red Sea, targeting shipping with drones and missiles created a “logistical choke” on a global scale, triggering U.S. and U.K. military responses. This demonstrates that low-cost tools can affect the global economy and create negotiation leverage—a comprehensive example of hybrid warfare extending from digital platforms to maritime routes.

Governance and Law: Balancing Digital Sovereignty and Rights

Risks have prompted Arab states to enact cyber frameworks and data laws. In Saudi Arabia, the National Cybersecurity Authority issued core cybersecurity controls (ECC1:2018) as a baseline for national entities and approved the Personal Data Protection Law (PDPL) with executive regulations covering breach notifications and cross-border data transfers. In the UAE, Federal Decree-Law 34/2021 addresses combating rumors and cybercrimes, and in Qatar, Law No. 14 of 2014 regulates cybercrime. These frameworks reflect a move toward digital sovereignty but raise questions of proportionality, digital rights, and transparency in application.

In drone regulation, Dubai Law No. 4/2020 provides an early example of integrating safety and security while enabling commercial and governmental uses—a model replicated in other capitals. With growing reliance on public cloud services, issues of data residency and cross-border legal access emerge, driving the establishment of local cloud regions (Qatar, Saudi Arabia, UAE) and stricter contractual and standards-based requirements for service providers.

Media and Information: Influence Campaigns (Social Bots) and Deceptive AI

Influence campaigns have increasingly merged with generative AI tools and “deepfake” media, raising verification costs and enabling “cognitive disruption” during crises. Studies and reviews indicate that the proliferation of synthetic content expands the space for misinformation, making the information environment a structural part of the conflict arena. The 2017 hacking incident targeting the Qatari news agency illustrates this dynamic: U.S. officials attributed the attack in their assessments, while other parties denied it. Qatari press and official investigations documented the breach and refuted the fabricated statements. The lesson is clear: the fragility of a state’s information infrastructure and the impact of “narrative planting” on public and foreign policy.

Where Iraq Stands in This Technological Advancement

And Its Impact on the Security and Strategic Environment

Iraq’s three mobile operators launched 4G services in January 2021, followed by upgrades to LTE-A, enabling growth in data-intensive services (limited local cloud computing, digital government platforms, and digital financial services). Regarding 5G, the Council of Ministers approved a license for Vodafone at the end of 2024, and in summer 2025, the government announced the establishment of the “National Mobile Services Company” in partnership with Vodafone to operate the network nationwide. This step reflects a structural shift in digital infrastructure and the state’s ability to assert regulatory sovereignty over networks.

Conversely, legislative progress on data protection remains slow. Although the Electronic Signature and Transactions Law No. 78 of 2012 exists, the country still lacks a comprehensive data protection law applied to the private sector. On digital governance, UNDP assessments and ESCWA workshops (April 2025) report gradual progress in measuring digital transformation and standardizing e-government across ministries, though institutional and coordination gaps remain.

The Legal–Knowledge Environment Online

In 2023, the Communications and Media Commission (CMC) attempted to pass “Digital Content Regulation No. 1,” which drew criticism from rights organizations (Access Now, Article 19) and similar observations appeared in Freedom House 2023–2024 reports regarding expanding restrictions and vague definitions. The security-political impact is dual: it facilitates combating hate speech but threatens the open-source environment, now integral to contemporary intelligence analysis.

Drones and Energy Infrastructure: Case Study of “Cormor” and Surrounding Areas

The Cormor gas field in Iraq’s Kurdistan Region suffered multiple drone attacks in January and April 2024, temporarily halting production and causing tangible regional electricity losses before partial resumption after reinforced protection. The field was targeted again in February 2025. These incidents highlight the vulnerability of critical energy nodes to low-cost tools and their compound effects on the economy and public services.

Subsequently, attacks extended to the Khormalah field near Erbil in July 2025 and the vicinity of Erbil Airport, where an explosive-laden drone was downed. Simultaneous strikes caused damage to radar systems and military bases in central Iraq, according to official statements and coverage by Reuters and AP. Strategically, targeting energy and radar nodes pressures command and control and reduces early-warning capabilities.

Intelligence Dimension: Balancing Proxy Deterrence and the Return of ISIS

On January 28, 2024, Iran-linked Iraqi armed factions, self-identified as the “Islamic Resistance in Iraq,” attacked Tower 22 in Jordan with a suicide drone, killing three U.S. soldiers. This prompted wide-scale U.S. strikes in Iraq and Syria against Quds Force-linked sites and allied militias. From an intelligence perspective, the incident underscores the need to integrate low-radar-footprint drone warning systems with rapid target attribution and analytical capabilities.

Concurrently, U.S. Central Command observed rising ISIS activity during H1 2024 (153 reported attacks in Iraq and Syria), followed by joint Iraqi–U.S. operations targeting cells, including the elimination of leaders such as “Abu Khadijah” in March 2025 (Washington Post). This necessitates Iraqi agencies to redistribute resources between countering armed proxies and containing renewed jihadist insurgency.

Institutionally, on January 19, 2025, the Iraqi Council of Representatives passed the “National Intelligence Service Law” to define tasks and authorities, a long-awaited step to formalize the agency’s legal role and modernize its mandate. This is expected to improve integration of open-source intelligence and technical capabilities into the national intelligence cycle.

Key Takeaways

Technological transformation in the Middle East produces a security environment that is both exposed and complex: exposed because abundant data and imagery make actions more verifiable, and complex because the diversity of tools—from software exploits to drones—opens new avenues for attack and defense. This environment requires redesigning intelligence structures to integrate open sources, AI, and private-sector capabilities, alongside data governance that balances digital sovereignty and individual rights. Strategically, Arab states, including Iraq, must address the low cost of attacks and the high cost of defense through flexible layered defenses, functional regional cooperation, and legal frameworks that reduce political and rights-related risks. Those who fail to master these transformations will be managed by them.