US Space Force and cyber forces were described as 'first movers' in the February 2026 Iran strikes — creating electromagnetic corridors and disabling Iranian command systems before a single conventional weapon was released.
The most consequential battles of 2026 are not being fought with missiles or tanks. They are being fought in the electromagnetic spectrum — in the frequencies that GPS satellites transmit, that radar systems emit, that military drones rely on for navigation and control. And they are being fought in industrial control systems buried inside water treatment plants, power grids, and hospitals across three continents.
When the US and Israel launched Operation Epic Fury against Iran on February 28, 2026, the first moves were not kinetic. US Space Force and cyber forces were described by Pentagon leaders as the “first movers” — creating electromagnetic corridors, blinding Iranian radar systems, and disrupting command-and-control networks before a single bomb fell. Within hours, more than 60 Iranian-aligned hacktivist groups had activated on Telegram, launching retaliatory cyberattacks against US industrial control systems, Israeli infrastructure, and Western companies. Iranian hackers breached Stryker Corporation — a US medical devices firm — and wiped thousands of computers, paralyzing the company’s global operations.
Iranian-linked actors also struck three Amazon Web Services data centers hosting Anthropic’s Claude AI infrastructure, temporarily taking down global access to the system. Israeli intelligence, for its part, reportedly maintained long-term access to Tehran’s traffic camera networks and mobile phone infrastructure — feeds used to support targeting of senior Iranian leaders, including the strike that killed Supreme Leader Khamenei.
This is what modern warfare looks like. The bombs are the visible part.
Electronic Warfare: Owning the Spectrum
Electronic warfare (EW) — the use of the electromagnetic spectrum as both a weapon and a target — has evolved from a support capability into the decisive first-phase tool of every major conflict in 2026.
The three pillars of modern electronic warfare are Electronic Attack (EA), Electronic Protection (EP), and Electronic Support (ES).
Electronic Attack encompasses jamming — flooding an enemy radar’s receiver with electromagnetic noise to prevent detection — and spoofing — transmitting fake signals to deceive rather than block. Modern Digital Radio Frequency Memory (DRFM) technology takes jamming to a new level: these systems intercept enemy radar signals, store them, and retransmit manipulated versions that appear authentic to the original sensor, creating phantom aircraft formations or distorting a real aircraft’s apparent position until the final moments of approach.
Electronic Protection involves counter-countermeasures: frequency hopping (rapidly cycling transmission frequencies so jammers cannot lock on), spread-spectrum signaling (distributing signals across a wide band to resist narrowband jamming), and anti-jam GPS receivers that filter out spoofing signals.
Electronic Support — passive receivers that detect, identify, and locate enemy emissions — builds what EW planners call the Electronic Order of Battle: a real-time picture of every active radar, communications system, and electronic emitter on the battlefield.
The most significant recent innovation is Cognitive Electronic Warfare — AI-driven EW systems that sense, learn, and respond to new threats in real time. Traditional EW systems operate on pre-programmed responses: if an adversary changes frequency, the jammer must be reprogrammed. Cognitive EW systems adapt automatically, using machine learning to identify new threat signatures and generate countermeasures in milliseconds. The electromagnetic spectrum has become a machine-speed battleground where algorithms compete against algorithms — with humans setting the strategic parameters but unable to participate in tactical exchanges that unfold faster than human reaction time.
GPS Warfare: When Navigation Becomes a Weapon
The most widely used electronic warfare technique in 2026 is also the most underreported: GPS jamming and spoofing.
GPS signals are extraordinarily weak by the time they reach Earth — an inherent physical vulnerability that makes them relatively easy to disrupt. GPS jamming overwhelms receivers with electromagnetic noise, denying position information entirely. GPS spoofing is more sophisticated and more dangerous: an attacker transmits counterfeit satellite signals that mimic legitimate ones, giving victims a confident but false location reading. Ships appear to navigate in perfect circles. Aircraft show up hundreds of miles from their actual position. Precision-guided munitions miss their targets.
The scale of GPS disruption in 2026 is staggering. Poland alone recorded 2,732 GPS jamming incidents in January 2025. Russia has been jamming GPS continuously across Ukraine, the Baltic region, and Finland since 2022 — with jamming zones detected over Norway, Sweden, and NATO airspace regularly. In December 2024, an Azerbaijan Airlines plane crashed near Chechnya after GPS spoofing caused navigational failure, killing 38 people. In the Strait of Hormuz, GPS spoofing of commercial shipping has been documented since the outbreak of the Iran conflict, with vessels appearing to jump across maps, drift miles inland, or trace impossible circular patterns.
In April 2026, reports emerged that Ukrainian F-16 pilots were being trained by the Royal Air Force to fly without GPS entirely — using low-altitude visual navigation and terrain-based orientation as backup methods. The lesson from four years of Russian jamming in Ukraine is that GPS cannot be assumed reliable in any high-end conflict. Drone strike accuracy in Ukraine drops below 10% under heavy jamming conditions — transforming expensive precision munitions into expensive unguided ones. Ukraine’s counter: AI-driven autonomous navigation that uses onboard cameras and computer vision to navigate without GPS at all. When Russia deployed fiber-optic-connected drones immune to electronic countermeasures, Ukraine responded with visual autonomy.
The military implication is profound: the GPS-dependent military machine that the United States built over 30 years — where every system from a soldier’s radio to a carrier strike group’s targeting network assumes GPS availability — is operating in a world that has learned how to take GPS away.
The Iran Cyber War: What Actually Happened
The cyber dimensions of the 2026 Iran conflict are the most comprehensive real-world test of state-sponsored cyberwar capabilities ever documented in open sources.
When US and Israeli forces launched Operation Epic Fury on February 28, cyber and electronic warfare were integrated into the opening strike package. Electronic warfare assets — EA-18G Growler jamming aircraft, RC-135 reconnaissance platforms, ground-based jammers, and space-based systems — continuously monitored and suppressed Iranian air defense radars, missile guidance systems, and command networks. The opening phase blinded Iranian sensors and disrupted communications infrastructure before the first bombs fell. GPS and Automatic Identification System (AIS) disruptions affected over 1,100 ships in the Gulf region within the first 24 hours.
Iran’s cyber response was rapid and multidirectional. Within hours of the strikes, 60+ Iranian-aligned hacktivist groups activated on Telegram under a newly formed Electronic Operations Room — the largest single-event mobilization of this hacktivist ecosystem ever recorded, according to CloudSEK. The attacks fell into four categories:
Opportunistic disruption: DDoS attacks, website defacement, and data-wiping operations against Israeli government agencies, Western companies, and regional Middle Eastern infrastructure. The Stryker Corporation breach — which wiped thousands of computers and paralyzed global operations — was the highest-profile corporate victim.
Critical infrastructure targeting: IRGC-linked CyberAv3ngers and affiliated groups systematically targeted US industrial control systems, exploiting internet-exposed Programmable Logic Controllers (PLCs) across energy, water, and government sectors. CISA issued a formal advisory on April 7, 2026 warning that Iranian-affiliated APT actors had disrupted PLCs across multiple US critical infrastructure sectors — causing operational disruption and financial loss. Over 40,000 US industrial control systems are reachable on the public internet, many protected by default or no credentials.
Intelligence gathering: Iranian actors hacked FBI Director Kash Patel’s emails, breached an Israeli energy exploration company, and accessed Jordan’s fuel system controls. Israeli intelligence simultaneously maintained access to Tehran’s traffic camera network and mobile infrastructure to support kinetic targeting.
Information operations: After Israeli strikes damaged Iran’s state broadcaster IRIB, hackers hijacked at least two television channels and aired recorded speeches by Trump and Netanyahu calling on Iranians to rise against the regime. In a significant spillover event, Pakistani television channels Geo News, ARY News, and Samaa TV were hacked on March 1, 2026, during the early phase of cyber operations, with unauthorized pro-Israel messages displayed during broadcasts — an attack that Pakistan’s government stated had no connection to its own position on the conflict.
The CISA Problem: Defending Infrastructure While Gutting the Defenders
The most alarming aspect of Iran’s cyber campaign against US critical infrastructure is not the sophistication of the attacks. It is the state of American cyber defense.
Under the Trump administration, CISA (the Cybersecurity and Infrastructure Security Agency) has faced significant leadership changes, a partial government shutdown, and budget cuts — including an anticipated $707 million reduction in its latest budget proposal. The ODNI’s 2026 Annual Threat Assessment explicitly warns that US critical infrastructure faces escalating cyber challenges from state and criminal actors. The Acting Director of CISA has publicly stated that the agency “cannot perform outreach and preparatory activity necessary to counter cyber threats” in the current environment.
The result is a dangerous mismatch: Iranian cyber capabilities are expanding and diversifying — CSIS describes Iran’s approach as shifting from “episodic and symbolic” to “sustained and strategic”, pre-positioning access inside critical networks for future escalation — while the US agency most responsible for defending civilian infrastructure is operating with reduced capacity.
The World Economic Forum ranked “cyber insecurity” a top-10 global risk for 2026. More than 40,000 US industrial control systems remain exposed on the public internet. The Department of Energy issued its first-ever strategic plan to protect energy infrastructure from cybersecurity threats in February 2026 — an important step that is also an acknowledgment of how long the sector went without one.
Russia’s Electromagnetic Dominance in Ukraine — and Its Limits
Ukraine has been the world’s most intensive electronic warfare laboratory since February 2022. The lessons emerging from four years of sustained EW combat are reshaping every NATO defense doctrine.
Russia entered the conflict with significant EW superiority — layered jamming systems that “constantly change their location” to prevent Ukrainian counter-targeting, according to Ukraine’s former commander in chief. Russian EW assets have degraded Ukrainian drone accuracy, disrupted artillery targeting, and blocked communications. Russia deployed Krasukha-4 ground-based electronic warfare systems that can jam airborne radar at ranges up to 300 kilometers.
But Ukraine has adapted — and the adaptation has been faster and more creative than Russia anticipated.
Ukraine developed fiber-optic-connected drones — systems that communicate through physical cables rather than radio signals, making them immune to electronic jamming entirely. When Russia jammed GPS, Ukraine developed visual navigation systems using AI and cameras. When Russia found frequencies to jam, Ukraine’s engineering teams changed frequencies and software configurations in real time, sometimes within hours of a Russian EW adaptation. Ukraine’s frontline workshops operate as a closed innovation loop: operators identify failures, engineers diagnose and fix them, and updated systems return to the field faster than Russian intelligence can respond.
The lesson Western militaries are absorbing: EW resilience is not primarily a hardware problem. It is a software and organizational agility problem. The side that can adapt its electromagnetic posture faster than the adversary can map and target it holds the decisive advantage.
Cognitive EW and the Algorithm War
The next phase of electronic warfare — already emerging in experimental systems — is fully cognitive: AI systems that autonomously sense the electromagnetic environment, identify threats, generate countermeasures, and adapt in real time without human intervention.
Traditional EW requires human-programmed responses to known threat signatures. Cognitive EW uses machine learning trained on vast libraries of signal data to recognize novel threats and respond to them autonomously. The electromagnetic spectrum becomes, in this model, an AI battlefield — algorithms from both sides competing to outmaneuver each other faster than any human could participate.
Tenna Systems — which raised $13.5 million in February 2026 — is building what its CEO calls “AccuWeather for electronic warfare”: a system that turns every existing sensor — phones, aircraft, satellites — into a live electromagnetic detector, providing real-time spectrum awareness across the entire operational area. R2 Wireless provides passive RF sensing that detects, classifies, and geolocates any wireless signal without emitting one — making it invisible to electronic support measures — and is now deployed with NATO forces.
The convergence of EW and cyber warfare is the defining trend. Traditional EW operates through the electromagnetic spectrum. Cyber warfare operates through networked computer systems. But modern military systems are networked computers that communicate through the electromagnetic spectrum — making the distinction increasingly artificial. What is emerging is unified electromagnetic-cyber operations: integrated attacks that simultaneously jam radar, spoof GPS, hack command systems, and manipulate displayed data on industrial control monitors — all in a coordinated campaign that is neither purely EW nor purely cyber but something new that existing legal and doctrinal frameworks were not designed to address.
Key Facts: Electronic & Cyber Warfare, May 2026
| GPS jamming incidents (Poland, Jan 2025) | 2,732 in a single month |
| Ships affected by GPS/AIS disruption (Iran war Day 1) | 1,100+ in Gulf region |
| Iranian hacktivist groups mobilized (Feb 28, 2026) | 60+ within hours of strikes |
| US ICS devices publicly exposed | 40,000+ (Forescout/Shodan data) |
| CISA budget cut | $707 million anticipated reduction |
| Stryker Corporation attack | Iranian hackers wiped thousands of computers globally |
| Ukraine drone accuracy under heavy jamming | Below 10% |
| Azerbaijan Airlines crash (Dec 2024) | GPS spoofing near Chechnya — 38 killed |
| IRGC CyberAv3ngers | PLCs compromised across US energy, water, government sectors |
| World Economic Forum cyber ranking | “Cyber insecurity” — top 10 global risk 2026 |
What This Means for the Next Conflict
The electromagnetic and cyber dimensions of the 2026 Iran conflict have established several realities that will define the next major military confrontation, wherever it occurs.
Space and cyber forces open every conflict. The kinetic phase of Operation Epic Fury was preceded by electromagnetic blinding, communications degradation, and network penetration. Any future peer-level conflict — Taiwan, Korea, the Baltic — will begin the same way, potentially weeks or months before the first missile is fired.
Critical infrastructure is the soft underbelly. 40,000 exposed US industrial control systems are not an abstraction. Iranian actors are actively pre-positioning access inside water, energy, and government networks — not for immediate use, but for activation during a future crisis. CSIS describes this as creating “latent risk inside networks that may only surface during moments of geopolitical crisis.”
GPS is no longer a given. Every military that still designs operations around GPS availability has a planning assumption that active adversaries have demonstrated they can invalidate. The transition to GPS-denied navigation — AI visual systems, fiber-optic drones, inertial navigation — is accelerating, but most existing systems have not made it.
The speed of adaptation determines survival. Ukraine’s EW success has been organizational as much as technological — the ability to modify systems and change frequencies faster than adversaries can map them. In the AI-driven cognitive EW environment emerging now, the adaptation cycle will compress from days to milliseconds. The militaries that survive in that environment will be the ones that have built systems designed to be updated continuously, not programmed once and deployed.
The invisible war is not a metaphor. It is the war that decides who wins the visible one.
Sources: Wikipedia (Cyberwarfare during the 2026 Iran war), CISA Advisory AA26-097A (April 7, 2026), CSIS Iranian Cyber Threat Analysis (May 2026), Palo Alto Unit 42 Threat Brief (April 2026), Georgia Tech / MissileStrikes.com, Jerusalem Post, Defense One, OP Innovate, Industrial Cyber, SOCRadar Iran-Israel Cyber Dashboard
About the Author
