Rupert Marais serves as a premier security specialist with a deep background in endpoint protection, network management, and the strategic defense of critical infrastructure. As global conflicts increasingly migrate into the digital realm, his expertise provides a vital lens through which to view the integration of cyber operations and physical warfare. In this discussion, we explore the evolving Iranian war doctrine, the tactical exploitation of ubiquitous hardware, and the way modern militaries are using digital “eyes” to guide physical strikes.
The conversation covers the strategic synchronization of camera breaches with missile launches, the persistent threat of unpatched vulnerabilities in multinational networks, and the rise of pro-state hacktivists acting as proxies. We also delve into the economic impact of logistics sabotage and the necessity of integrating cyber telemetry into physical defense protocols to stay ahead of hybrid threats.
Modern military operations are increasingly blending digital intrusion with physical strikes. How does the synchronization of IP camera breaches with missile launches change the concept of real-time battle damage assessment, and what specific operational advantages does this provide?
The integration of IP camera exploitation into kinetic strikes represents a fundamental shift in how a military confirms the success of an operation. By taking control of a street camera facing a target—as we saw when a ballistic missile struck Israel’s Weizmann Institute of Science—an adversary gains a front-row seat to the impact without risking reconnaissance aircraft or personnel. This provides an immediate, high-definition visual of the explosion, allowing commanders to perform “targeting correction” in seconds rather than hours. In the 12-day conflict in June 2025, this real-time feedback loop enabled attackers to adjust trajectories and assess structural damage instantly. It removes the “fog of war” by providing a low-cost, persistent surveillance asset that is already embedded in the target’s own infrastructure.
Many facilities continue to operate hardware with known vulnerabilities such as CVE-2017-7921 or CVE-2021-33044. What are the practical challenges in patching these devices across a multinational network, and what step-by-step measures should be taken to isolate these cameras?
The primary challenge is the sheer scale and geographical distribution of these devices, often managed by local teams who lack a unified security mandate. Many of these Hikvision and Dahua cameras are “set and forget” assets, often forgotten until a breach occurs, making the deployment of patches for bugs like CVE-2021-36260 or CVE-2023-6895 a logistical nightmare. To secure a multinational network, organizations must first conduct an automated discovery to find every IP-connected sensor, then immediately move these devices to a dedicated, isolated VLAN that has no outbound internet access. Following isolation, administrators should disable unnecessary services like UPnP and P2P cloud filming, and finally, enforce a strict “Zero Trust” policy where only specific, authenticated internal servers can pull video feeds. This layered approach ensures that even if a patch is missed, the camera cannot be used as a beacon for incoming missiles or a pivot point for a wider network intrusion.
Conflicts now involve a wide array of actors, including pro-state hacktivists who target industrial control systems and data centers. How does the involvement of these proxies complicate attribution during a crisis, and what are the primary risks when they pivot toward destructive operations?
Proxies create a “gray zone” that allows nation-states to maintain plausible deniability while escalating pressure, making it incredibly difficult for a victim to decide if a retaliatory strike is legally or politically justified. We have seen a surge in pro-Iranian Russian hacktivism targeting US-based SCADA systems and CCTV networks, which masks the direct involvement of the IRGC and complicates the diplomatic response. The danger reaches a breaking point when these actors shift from simple website defacements to destructive operations, such as wiping data centers or disabling power grids. Because these groups often operate with less restraint and oversight than formal military units, their actions can trigger an unintended kinetic escalation that neither government originally planned for.
We are seeing a shift where logistics hubs, such as grain silos and supply companies, are targeted via phishing and cyber sabotage. How do these hybrid tactics amplify economic pressure through increased shipping and insurance risks, and how should decision-makers respond?
When actors breach entities like the Jordan Silos and Supply General Company, the goal is rarely just data theft; it is the creation of systemic friction that ripples through the global economy. By sabotaging the digital logistics of food and fuel, attackers cause immediate spikes in shipping delays and insurance premiums, as the perceived risk of operating in a conflict zone skyrockets. Decision-makers must stop viewing cyberattacks as isolated IT incidents and start treating them as macroeconomic threats that require a “whole-of-government” response. This involves hardening the supply chain against phishing and ensuring that critical logistics hubs have offline contingencies to maintain operations even when their primary networks are compromised.
Patterns in camera-targeting activity are now viewed as early indicators of potential follow-on physical attacks. How can security teams better integrate cyber-threat telemetry into their physical defense protocols, and what specific data points should they prioritize?
To effectively bridge the gap between digital and physical security, organizations must treat a spike in unauthorized login attempts on perimeter cameras as a “red alert” for a physical event. Security operations centers (SOCs) should feed telemetry—specifically failed authentication logs and unusual outbound traffic from IoT devices—directly into the hands of physical security directors. Prioritizing data points like the geographical origin of the scanning IP and the specific vulnerabilities being probed (such as CVE-2025-34067) can help determine if the threat is a random botnet or a targeted state-sponsored reconnaissance mission. By establishing a “fast-track” communication channel between the IT team and the physical guards on the ground, a facility can move to a high-alert status the moment their digital “eyes” are tampered with, potentially saving lives before a single missile is launched.
Beyond missile guidance, cyber operations are being used to “blind” air defenses or conduct psychological operations. In what ways does this near-total blend of domains redefine the traditional “decisive battlefield moment,” and what metrics define success in such a campaign?
The era of a single “decisive battlefield moment” is being replaced by a continuous, integrated campaign where success is measured by the cumulative erosion of an adversary’s will and capability. In this new doctrine, winning isn’t just about a successful missile strike; it’s about blinding air defenses minutes before that strike and simultaneously flooding social media with propaganda to induce panic. Success metrics have shifted from “targets destroyed” to “domains dominated,” focusing on how effectively an actor can spike insurance risks, exploit cyber vulnerabilities, and manipulate the information environment. This multifaceted pressure forces decision-makers to act on incomplete or verified information, making the “moment of victory” a slow, grinding process of exhausting the opponent’s defenses across every possible front.
What is your forecast for the future of cyber-kinetic warfare?
The future of warfare is a “near-total blend” where the distinction between a digital packet and a physical projectile completely disappears. We will see the widespread adoption of “cyber-kinetic blueprints” by smaller nations and non-state actors, who will use low-cost hacking tools to achieve the same battlefield effects that once required expensive satellite constellations and stealth bombers. Autonomous systems and AI-driven targeting will likely become the next frontier, where compromised IoT sensors feed data directly into automated weapon systems without human intervention. For our readers, this means that the security of a simple office camera or an industrial sensor is no longer just an IT concern—it is a critical component of national and physical safety that must be defended with the same rigor as a physical perimeter.
