Silicon Targets: The First War Against Data Centers

Iran's strikes on Gulf AI infrastructure mark the dawn of a new era in military conflict — and expose a $100 billion strategic vulnerability

Executive Summary

Iran's drone attacks on Amazon Web Services facilities in the UAE and Bahrain on March 1 represent the first military strikes against cloud computing infrastructure in history, disrupting banking, commerce, and digital services across the Gulf.
The Gulf states' $100+ billion bet on becoming a global AI hub — anchored by partnerships with Nvidia, OpenAI, Oracle, and Amazon — now faces an existential question: can critical digital infrastructure survive in a conflict zone?
With 70+ operational data centers, 557-738 MW of live IT capacity, and 90% of Europe-Asia internet traffic transiting through Gulf submarine cables, the region's digital architecture has become a strategic target rivaling oil refineries in importance.

Chapter 1: The Invisible Targets

When Iran launched its retaliatory strikes against Gulf Arab states on February 28, the world's attention fixed on burning refineries and cratered runways. But in the predawn hours of March 1, a different kind of target was hit — one that revealed how fundamentally the nature of strategic infrastructure has changed in the 21st century.

Three Amazon Web Services data centers were struck by Iranian drones: two in the United Arab Emirates and one in Bahrain. The attacks were not accidental overshoot or collateral damage. On March 12, the Islamic Revolutionary Guard Corps issued an explicit warning naming Google, Microsoft, Palantir, IBM, Nvidia, and Oracle — declaring their Gulf facilities legitimate military targets.

The immediate consequences were prosaic but revealing. Customers of Abu Dhabi Commercial Bank lost access to online banking. The business news outlet Enterprise went offline. Users of the Careem ride-hailing app couldn't order a taxi or a meal. Emirates NBD, one of the region's largest banks, experienced service disruptions. Snowflake, the cloud data platform, saw operations interrupted. Policybazaar UAE went dark.

"Incidents of this scale typically generate tens of millions of dollars in combined operational losses when infrastructure repair, service downtime, and mitigation costs are included," noted Matvii Diadkov, a technology investor advising Gulf businesses. The damage wasn't catastrophic — but it was unprecedented. No military force had ever deliberately targeted cloud computing infrastructure in an armed conflict.

Chapter 2: The Post-Oil Wager

To understand why Iran chose these targets, one must understand what the Gulf states have been building — and what's at stake.

The Gulf's pivot from oil to technology is not rhetoric. It is a multi-generational, multi-hundred-billion-dollar strategic transformation. The UAE and Saudi Arabia are leading a race to become the world's next great technology hubs, leveraging three advantages that are difficult to replicate elsewhere: geographic position between Europe and Asia, virtually unlimited energy supply, and sovereign wealth capital measured in the trillions.

The UAE has built its AI ambitions around G42, a conglomerate chaired by Sheikh Tahnoon bin Zayed — simultaneously a member of the royal family and the country's national security advisor. G42's partnership with OpenAI and Microsoft has made Abu Dhabi a major node in the global AI development chain. In May 2025, Trump's four-day Gulf tour produced a cascade of AI and energy agreements: OpenAI, Nvidia, and Oracle committed to building a massive data center complex in Abu Dhabi in partnership with G42.

Saudi Arabia launched Humain, backed by the Public Investment Fund (PIF) with its $925 billion in assets, directed by Tareq Amin, the former head of technology at Aramco. Amazon became Humain's primary partner. The kingdom's Vision 2030 explicitly identifies AI as a pillar of economic diversification away from oil dependence.

In December 2025, the United States championed Pax Silica, an international agreement among 10 nations — including the UAE and Qatar — establishing a framework for the economic security of AI infrastructure. Under Secretary of State Jacob Helberg declared: "If the 20th century was based on oil and steel, the 21st century is based on computing and the minerals that power it."

The irony is bitter. Just months after the world formally recognized Gulf data centers as critical infrastructure equivalent to oil fields, Iranian drones proved the point by attacking them.

Gulf AI Infrastructure	Scale
Operational data centers	70+ facilities
Live IT capacity	557-738 MW
Projects under development	$30+ billion
Cloud regions (AWS, Azure, Google, Oracle, Alibaba)	10
Submarine cable systems	~20
Internet exchange points	13 active
Share of Europe-Asia data traffic	~90%

Chapter 3: The Doctrine of Digital Targeting

Iran's decision to target data centers was not random — it reflects a calculated strategic logic that Mohammed Soliman, senior fellow at the Middle East Institute and author of West Asia: A New Grand Strategy for the Middle East, articulated precisely: "Data centers are the backbone of the Gulf's post-oil economic strategy, and Iran knows it. Attacking them was an attempt to sow doubt about whether the Gulf is a safe bet."

This represents a new chapter in the evolution of military targeting doctrine. Since World War II, strategic bombing theory has evolved through several phases:

Phase 1: Industrial targeting (1940s-1950s) — Factories, rail yards, ball bearing plants. The logic of destroying an enemy's means of production.

Phase 2: Energy targeting (1991 Gulf War) — Electrical grids, oil infrastructure, refineries. Disabling the energy systems that power both military and civilian life.

Phase 3: Network targeting (2000s-2010s) — Communications infrastructure, command-and-control nodes. Severing information flows.

Phase 4: Digital ecosystem targeting (2026) — Cloud computing centers, data infrastructure, AI development facilities. Attacking the platforms on which entire economies now operate.

The shift from Phase 3 to Phase 4 is significant. When the U.S. bombed Iraqi telecommunications in 1991 or 2003, the targets were national military assets. When Iran strikes an AWS data center in 2026, it is simultaneously attacking a private American corporation, the financial services of a third country (UAE), and the digital operations of companies across dozens of nations. The blast radius of a single drone is measured not in meters but in service disruptions spanning continents.

This is precisely what happened on March 3, when follow-up strikes on two AWS facilities cascaded through the region's digital economy — disrupting banking applications, stock market activity, and commercial operations across the UAE.

Chapter 4: The Submarine Cable Chokepoint

The Gulf's digital vulnerability extends far beyond data centers. Approximately 90% of all internet traffic flowing between Europe and Asia passes through submarine cable routes supported by around 20 undersea cable systems and 13 active internet exchange points in the Gulf region.

This makes the Gulf a digital Strait of Hormuz — a chokepoint whose disruption would not merely affect regional users but degrade global internet performance. Unlike oil, which can be rerouted (albeit expensively) around the Cape of Good Hope, internet traffic routed through the Gulf has limited alternatives. The latency increases from rerouting through alternative submarine cable paths would impact:

Financial trading systems dependent on millisecond-level execution
Cloud-hosted enterprise systems (ERP, supply chain management, billing) used by companies from India to Europe
Real-time communications including video conferencing and VoIP
Time-sensitive data synchronization for global operations

"Undersea cables and regional network hubs represent latent risk, not because of constant attack, but because temporary outages or rerouting can degrade performance, increase latency and destabilise time-sensitive digital services across continents," warned a senior executive at a global advisory firm.

Iran has not yet targeted submarine cables — but the IRGC's explicit threat list against tech infrastructure and the demonstrated willingness to strike data centers means the risk is no longer theoretical. The precedent has been set.

Chapter 5: The Great Migration Begins

The immediate corporate response has been predictable: run. Hyperscale cloud operators including Microsoft Azure and AWS are actively exploring shifting workloads from data centers in Dubai, Abu Dhabi, and Oman to safer hubs — primarily India and Singapore.

This workload migration, if sustained, would represent a fundamental blow to the Gulf's technology ambitions. The entire value proposition of Gulf data centers rested on three pillars: location, energy, and capital. The war has introduced a fourth variable that overwhelms the others: security.

The historical parallel is instructive. When Beirut was the financial capital of the Middle East in the 1960s and early 1970s, its banks served as the intermediary between European capital and Gulf oil wealth. The Lebanese Civil War (1975-1990) destroyed that role permanently. Bahrain initially captured some of the business, but it was ultimately cities far from conflict — London, Singapore, Hong Kong — that absorbed Beirut's financial functions. Beirut never recovered its position.

The question is whether Gulf data centers face a Beirut scenario. Mohammed Soliman of MEI argues they do not: "Iran's miscalculation is thinking that sovereign wealth funds with 50-year investment horizons will be scared off by a drone attack." The Gulf's structural advantages — energy costs 40-60% below European and Asian rivals, sovereign capital willing to subsidize development for decades, and geographic centrality — remain intact.

But corporate risk officers operate on quarterly timelines, not 50-year horizons. And insurance markets, the ultimate arbiter of risk, are already repricing. Data center operators in the Gulf face the same war risk premium explosion that has paralyzed maritime shipping through the Strait of Hormuz.

Chapter 6: Scenario Analysis

Scenario A: Temporary Disruption, Accelerated Hardening (30%)

Premise: The war ends within 4-8 weeks. Gulf states invest heavily in data center hardening — physical fortification, distributed architectures, redundant systems. The Pax Silica framework is expanded to include military protection guarantees for digital infrastructure.

Historical precedent: After the 2019 Abqaiq drone attack on Saudi Aramco, the kingdom invested billions in air defense for energy infrastructure and was producing at full capacity within weeks. Data centers are smaller, more numerous, and potentially easier to protect than sprawling refinery complexes.

Trigger conditions: Ceasefire agreement, U.S. security guarantees for Gulf digital infrastructure, insurance markets normalizing war risk premiums.

Investment implication: Gulf tech investments resume with a security premium. Defense contractors providing data center protection systems (missile defense, drone countermeasures) see a new market emerge.

Scenario B: Structural Relocation to Asia (45%)

Premise: The war persists or ends inconclusively, leaving permanent uncertainty about Gulf security. Corporate risk assessments categorize the Gulf as a conflict-prone zone for 3-5+ years. Workload migration to India and Singapore becomes permanent. The Gulf retains energy-intensive computing (where cheap power matters most) but loses high-value AI development and financial services hosting.

Historical precedent: Hong Kong's gradual loss of financial hub status after the 2019-2020 protests and 2020 National Security Law. Despite retaining structural advantages (rule of law, capital pools, location), persistent political uncertainty drove a measurable shift to Singapore. Singapore's financial assets under management grew 16% in 2021 alone.

Trigger conditions: Continued IRGC threats, insurance market exclusion of Gulf data centers from standard coverage, major cloud operator announcing permanent capacity reduction in the Gulf.

Investment implication: Singapore REITs and data center operators (Keppel DC REIT, Digital Realty's Singapore assets) benefit. Indian data center developers (Adani Group's AdaniConneX, Reliance's Jio platforms) see accelerated growth. Gulf real estate and tech sector face sustained discounts.

Scenario C: Digital Sovereignty Fragmentation (25%)

Premise: The precedent of military strikes on data centers triggers a global reassessment of cloud concentration risk. Nations pursue "data sovereignty" with renewed urgency, mandating that critical data be stored domestically. The era of hyper-concentrated cloud computing gives way to a more distributed, less efficient, but more resilient architecture.

Historical precedent: The post-9/11 aviation security transformation. A single catastrophic event permanently altered the economics and architecture of an entire industry. Similarly, the Snowden revelations (2013) triggered European data localization requirements that reshaped the cloud industry.

Trigger conditions: Submarine cable attack or major multi-day cloud outage affecting European/Asian businesses, EU legislative response mandating data residency, insurance exclusions for conflict-zone hosting.

Investment implication: Edge computing and distributed infrastructure providers benefit (Fastly, Cloudflare, Akamai). Hyperscale cloud operators (AWS, Azure, Google Cloud) face margin pressure from forced geographic diversification. Sovereign cloud providers emerge as a new category.

Chapter 7: Investment Implications

The war's impact on the global technology sector operates through several channels:

Direct casualties:

Gulf-listed tech and real estate: Emaar Properties, Aldar, DFM-listed tech companies face sustained risk discount
Airlines dependent on Gulf hub model: Emirates, Qatar Airways connectivity disruption affects business travel and tech talent mobility

Indirect beneficiaries:

Singapore data center operators: Keppel DC REIT (SGX: AJBU), Digital Core REIT, Mapletree Industrial Trust
Indian digital infrastructure: Reliance Jio, Bharti Airtel's data center subsidiary Nxtra, Adani Group's AdaniConneX JV
Cybersecurity and physical security for data centers: Palo Alto Networks (PANW), CrowdStrike (CRWD), Rheinmetall (data center defense systems)
Edge computing / distributed architecture: Cloudflare (NET), Fastly (FSLY), Akamai (AKAM)
Submarine cable operators and redundancy providers: SubCom (private), NEC (TYO: 6701)

Structural shift:
The war risk premium for Gulf-hosted digital services will persist long after any ceasefire. Insurance, the invisible hand of capital allocation, will quietly redirect investment flows toward jurisdictions where data centers don't face military targeting. The Gulf's dream of becoming the world's AI hub isn't dead — but it now competes with a variable its sovereign wealth funds cannot buy away: geography.

Conclusion

Iran's drone strikes on AWS data centers will likely be remembered as a watershed moment — the point at which digital infrastructure crossed from "civilian" to "strategic target" in the grammar of war. The Gulf states understood that data centers were the new oil fields; Iran understood it too.

The deeper lesson extends beyond the Gulf. In a world where cloud computing underpins everything from banking to supply chains to national defense, the physical locations of data centers are no longer merely engineering decisions. They are geopolitical choices, subject to the same calculus of proximity, vulnerability, and deterrence that has governed the placement of military bases and energy infrastructure for centuries.

The 21st century's most valuable resource isn't stored in tanks or pipelines. It flows through fiber optic cables and resides in server racks. And as of March 2026, it has become a legitimate target of war.

Eco Stream