Electronic warfare, drone operations, and cyber intrusions now function as a single integrated weapon system, with adversaries timing digital attacks to coincide with physical strikes for maximum effect. This convergence represents a fundamental shift from traditional hybrid warfare concepts, where cyber operations served as supporting elements rather than synchronized components of kinetic force. The electromagnetic spectrum has become contested ground, with jamming and spoofing operations affecting not just military targets but civilian aviation, shipping, and navigation systems hundreds of miles from active conflict zones.

The 2026 Iran-Israel conflict and ongoing operations in Ukraine illustrate this integration in practice. Iranian-aligned groups launched spear-phishing campaigns, ransomware attacks, and infrastructure intrusions against energy systems, airports, and government networks while missiles and drones struck physical targets. In Ukraine, the cost imbalance is stark: drones costing $500 can destroy tanks worth $12 million, forcing both sides to flood the battlefield with unmanned systems while electronic warfare crews work to jam control links. The jamming intensity has driven Ukrainian developers to frequency-hopping radios and eventually fiber-optic guided drones that trail hair-thin glass filaments, eliminating radio emissions entirely.

The interference extends well beyond military operations. In January 2026, 13 European nations and Iceland issued joint warnings about GPS jamming and spoofing affecting maritime safety and commercial shipping. Aviation faces similar disruption, with the UK Defence Secretary's flight from Estonia jammed for its entire duration in May, forcing crews to rely on inertial navigation. These attacks exploit fundamental vulnerabilities in civilian systems like ADS-B aviation surveillance, which broadcasts aircraft position and identity without authentication, allowing adversaries with commodity hardware to inject false data that appears identical to legitimate signals.

Critical infrastructure faces the most serious long-term threat through pre-positioning operations, where adversaries establish quiet access to energy grids, water systems, and industrial control networks months or years before launching visible attacks. More than one-third of global energy and utilities infrastructure is estimated to have already experienced such pre-positioning by state-aligned actors and AI-assisted adversaries. Legacy operational technology in industrial environments compounds the risk, as these systems were designed for reliability rather than security, making them difficult to patch, poorly segmented, and challenging to monitor for intrusions.

Organizations should treat this convergence as an operational risk rather than a purely military concern. Security teams need to map dependencies in operational technology environments, implement network segmentation between IT and industrial control systems, and establish monitoring for unusual access patterns that might indicate pre-positioning. Supply chain security requires particular attention, as interdependencies mean a single compromise can cascade across multiple organizations. Aviation and maritime operators should prepare backup navigation procedures that do not rely solely on GPS, while critical infrastructure providers must assume adversaries already have some level of access and focus on detection and containment rather than prevention alone.

Source: https://socradar.io/blog/modern-hybrid-warfare-cyber/