Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Data centres new target in Iran conflict; 3 Amazon units hit by drones in UAE, Bahrain

March 03, 2026 4 min read Science & Technology International Relations Internal Security GS Paper 2 (International Relations) GS Paper 3 (Science & Technology Internal Security)
On This Page

What Happened

  • Three Amazon Web Services (AWS) data centre facilities in the UAE and Bahrain were damaged in drone strikes linked to Iran's retaliatory campaign following US-Israel joint strikes on Iran.
  • Two data centres in the UAE were "directly struck" by drones; a third in Bahrain was damaged by a nearby strike.
  • All three facilities remained offline following the attacks, disrupting cloud services across the region.
  • Consumer apps, payments platforms (Alaan, Hubpay), banks (ADCB, Emirates NBD), and enterprise software providers reported service outages.
  • Iran's Islamic Revolutionary Guard Corps (IRGC) reportedly targeted the Bahrain facility specifically due to Amazon's contracts with the US military — marking the first known military strikes against a major American cloud provider's physical infrastructure.
  • AWS advised customers to back up data, migrate workloads to other regions, and redirect traffic away from the UAE and Bahrain zones.
  • The attacks are part of a broader US-Israel-Iran conflict that began with joint strikes on Iran on February 28, 2026 (Operation Epic Fury / Operation Roaring Lion), which reportedly killed Iran's Supreme Leader Ayatollah Ali Khamenei.
  • The conflict has also triggered a wave of hybrid cyber-kinetic operations: over 150 hacktivist incidents were claimed in the week following the strikes, targeting government, financial, aviation, and telecom infrastructure across the region.

Static Topic Bridges

Critical Information Infrastructure Protection (CIIP)

Critical Information Infrastructure (CII) refers to computer resources whose incapacitation or destruction would have a debilitating impact on national security, economy, public health, or safety. In India, the Information Technology Act, 2000 (Section 70) empowers the government to designate any computer resource as a Protected System. The National Critical Information Infrastructure Protection Centre (NCIIPC), under the National Technical Research Organisation (NTRO), is India's nodal agency for CII protection.

  • NCIIPC was established in 2014 under Section 70A of the IT Act.
  • India's CII sectors include power, banking, telecom, transport, and e-governance.
  • The National Cyber Security Policy (2013) mandates a 24x7 National Cybersecurity Incident Response Team (NCERT).
  • Cloud infrastructure is increasingly recognised as CII globally, but regulatory frameworks vary.

Connection to this news: The drone strikes on AWS data centres demonstrated, for the first time, that cloud hyperscaler infrastructure can be targeted as a military asset. This directly challenges assumptions embedded in CIIP frameworks that physical data centre attacks would be state-level acts of war rather than routine security threats.

Hybrid Warfare: Convergence of Kinetic and Cyber Operations

Hybrid warfare refers to a strategy that blends conventional military force with irregular tactics, cyber operations, economic coercion, and information warfare. The concept has evolved significantly since Russia's 2014 operations in Ukraine and is now a central concern in strategic studies.

  • The Iran conflict demonstrated simultaneous kinetic (drone strikes) and cyber operations (DDoS, defacement, data breaches) targeting the same adversary's infrastructure.
  • Palo Alto Networks' Unit 42 reported a sharp escalation in Iranian-linked cyber threat activity following the strikes.
  • Iran has previously used AI tools to enhance phishing campaigns and accelerate the building of hacking tools, per Google's Threat Intelligence Group.
  • The "dual-threat" model — missiles and malware — is now considered the baseline for state-level conflicts.

Connection to this news: The AWS attacks exemplify hybrid warfare in practice: drones (kinetic) targeted data centres that simultaneously serve commercial and military cloud clients, creating cascading economic disruption alongside strategic signalling.

Internet Governance and Digital Sovereignty

Internet governance refers to the development and application of shared principles, norms, rules, and decision-making procedures that shape the evolution of the internet. Digital sovereignty refers to a state's right to govern its own digital infrastructure, data flows, and cyberspace within its territory.

  • The Internet Governance Forum (IGF) operates under UN auspices; India is an active participant.
  • India's Data Protection Act (2023) and proposed National Data Governance Framework emphasise data localisation as a form of digital sovereignty.
  • The concentration of global cloud infrastructure in a handful of hyperscalers (AWS, Azure, Google Cloud) creates systemic geographic vulnerabilities.
  • The OECD and ITU have both flagged the geopolitical risks of cloud infrastructure concentration.

Connection to this news: The vulnerability of AWS data centres in a conflict zone underscores the systemic risk of over-reliance on centralised foreign cloud providers — a key argument for data localisation policies and investments in domestic cloud infrastructure.

Key Facts & Data

  • Three AWS facilities affected: two in UAE (directly struck), one in Bahrain (collateral damage).
  • Services disrupted include Careem (delivery/taxi), Alaan, Hubpay (payments), ADCB, Emirates NBD (banking), Snowflake (enterprise software).
  • US-Israel joint strikes on Iran began February 28, 2026 (Operation Epic Fury / Operation Roaring Lion).
  • NCIIPC (India): established 2014 under Section 70A of IT Act, 2000; nodal agency for CII protection.
  • Over 150 hacktivist incidents logged in the week following the strikes.
  • AWS is a key contractor for the US Department of Defense's cloud services (JEDI/JWCC contracts).
  • This marks the first confirmed physical military strike on a major American hyperscaler's infrastructure.