The Cyber Fallout: How Operation Rising Lion Rewrote Modern Warfare

Photo by Adi Goldstein on Unsplash

Vladimir Tsakanyan
13 June, 2025

I. Introduction: The Dawn of Integrated Warfare

Operation Rising Lion, launched by Israel on June 13, 2025, against Iranian military and nuclear facilities, marked a critical and unprecedented escalation in the long-standing shadow conflict between the two nations.¹ This extensive military action was publicly declared by Israeli Prime Minister Benjamin Netanyahu as a “targeted military operation to roll back the Iranian threat to Israel’s very survival”.¹ Netanyahu emphasized the preemptive nature of the strikes and vowed to continue the operation “for as many days as it takes” to neutralize the perceived threat.² The sheer scale of the kinetic component was substantial, involving over 200 Israeli fighter jets that successfully struck approximately 100 sites across Iran.⁷ These targets included Iran’s primary uranium enrichment facility at Natanz, various military bases, and high-ranking Iranian military commanders and nuclear scientists.³

The justification for this operation stemmed from Israeli intelligence assessments indicating Iran’s accelerating nuclear capabilities. Reports suggested that Iran had accumulated sufficient enriched uranium for at least nine nuclear weapons and was rapidly approaching a critical breakout point.⁸ This perceived existential threat underscored the urgency behind Israel’s decisive action.

Operation Rising Lion transcends the definition of a mere conventional airstrike; it is distinguished by an unprecedented integration of advanced air power with meticulous clandestine sabotage and covert infiltration.¹⁴ This fusion of cyber, covert, and kinetic elements represents a significant evolution in warfare, moving beyond traditional distinctions to a truly hybrid and multi-domain approach. It underscores a fundamental shift in how nation-states might conduct high-stakes military operations in the 21st century. The consistent emphasis on the “preemptive” nature of Operation Rising Lion, coupled with the detailed accounts of its multi-domain execution, points to a profound doctrinal evolution. This is not simply a kinetic preemptive strike, akin to historical doctrines against weapons of mass destruction, but a comprehensive, integrated preemptive strike. The decision to act was based on a perceived “imminent threat,” which was then addressed through a combination of intelligence gathering, deception, cyber-physical sabotage, and conventional kinetic force.¹ This indicates a new strategic framework where a nation-state feels justified in launching a highly integrated, cross-domain preemptive strike, blurring the lines between traditional intelligence operations, covert actions, and overt military force, all under the umbrella of national survival. This redefines the concept of “imminent threat” in the digital and hybrid age, potentially lowering the threshold for cross-domain military action and raising complex questions about international legal interpretations of self-defense, particularly when non-kinetic elements contribute significantly to the perceived threat or the response.

II. Historical Cyber Campaigns: Laying the Digital Groundwork

The landscape of modern warfare has been irrevocably shaped by a series of groundbreaking cyber campaigns that laid the foundation for integrated operations like Operation Rising Lion. These historical precedents demonstrated the destructive potential of digital tools and the critical role of intelligence gathering in the cyber domain.

A. Stuxnet and Operation Olympic Games (2006-2010): The Genesis of Cyber-Physical Sabotage

Stuxnet, a sophisticated malicious computer worm, was first publicly identified in June 2010, although earlier versions had been circulating since at least 2009.¹⁶ It was widely suspected, and later confirmed, to be targeting Iran’s uranium enrichment program at the Natanz facility.¹⁶ This cyberweapon was part of a covert, joint US and Israeli intelligence operation known as “Operation Olympic Games,” initiated under President George W. Bush in 2006 and significantly accelerated under President Barack Obama.¹⁸ The primary objective was to gain access to Natanz’s industrial computer controls and covertly manipulate its centrifuges.¹⁹

The technical intricacies of Stuxnet were remarkable. It exploited an unprecedented four zero-day vulnerabilities to infiltrate air-gapped networks, typically through infected USB flash drives.¹⁶ Once inside, it specifically targeted Siemens industrial control systems (SCADA/PLCs), manipulating the frequency of motors (between 807 Hz and 1,210 Hz, a range common for gas centrifuges) to cause them to overheat and physically degrade or self-destruct.¹⁶ Crucially, Stuxnet simultaneously sent false feedback to monitoring screens, concealing the damage from plant personnel, ensuring that Iranian scientists watching their displays would perceive everything as normal even as equipment self-destructed.¹⁷ The malware also used stolen digital signatures to install its drivers undetected, further enhancing its stealth.¹⁶

The impact of Stuxnet was significant. It reportedly destroyed approximately 1,000 centrifuges at Natanz, representing about 11% to 20% of the total installed at the time.¹⁶ This disruption significantly delayed Iran’s nuclear program, potentially by about a year.²⁰ Stuxnet’s enduring significance lies in its status as the “world’s first digital weapon” to cause physical destruction, establishing a precedent for attacking another country’s infrastructure through malware.¹⁷ Stuxnet transcended traditional malware by directly translating digital instructions into kinetic effects, physically damaging industrial machinery. Its success in destroying centrifuges demonstrated that cyber operations could move beyond mere data theft or network disruption to achieve tangible, real-world destruction of critical infrastructure. This established the foundational concept of cyber-physical warfare and provided a blueprint for future integrated operations, making it a direct and influential precursor to Operation Rising Lion’s multi-domain approach. It proved that “escaping the digital realm to wreak physical destruction” was possible. This achievement validated the strategic utility of cyber operations as a tool for covert, non-kinetic sabotage against hardened targets, profoundly influencing subsequent military and intelligence doctrines and paving the way for more complex hybrid attacks.

B. Evolution of Cyber Espionage: Duqu (2011) and Flame (2010-2012): Tracing the Lineage

Following Stuxnet, the evolution of cyber capabilities continued with Duqu and Flame, demonstrating a strategic emphasis on intelligence gathering and reconnaissance.

Duqu (2011): Discovered in September 2011, Duqu was identified as closely related to Stuxnet, with strong similarities in architecture and code suggesting it was created by the same authors or by those with access to Stuxnet’s source code.²¹ Like Stuxnet, it exploited zero-day Windows kernel vulnerabilities and utilized stolen digital signatures to remain undetected.²² However, Duqu’s primary purpose was information gathering, not destruction, specifically seeking intelligence useful for future attacks on industrial control systems.²² It functioned as a remote access trojan (RAT) and keylogger, collecting data from compromised computers and networks.²² Duqu samples were configured to automatically remove themselves after 36 days, limiting their detection window.²²

Flame (2010-2012): Identified in May 2012, Flame (also known as sKyWIper) was an exceptionally large (20 megabytes) and complex modular malware, widely regarded as one of the most sophisticated cyber-espionage tools in history.²¹ It had been operating undetected since at least February 2010, with some components observed as early as December 2007.²⁶ Flame was a comprehensive toolkit for information stealing, capable of recording audio, screenshots, keyboard activity, network traffic, and even Skype conversations.²⁶ It could transform infected computers into Bluetooth beacons to extract contact information from nearby devices.²⁶ A “huge majority” of its targets were located in Iran, including governmental organizations, educational institutions, and private individuals.²⁶ It was linked to an April 2012 attack that compelled Iranian officials to disconnect their oil terminals from the internet.²¹ Flame also leveraged a fraudulent Microsoft security certificate to spread.²⁶ Similar to Duqu, it included a “kill” function to eliminate all traces of its presence upon command.²⁶ A new version, “Flame 2.0,” was discovered in 2019, indicating its continued evolution.²⁶

While Stuxnet demonstrated the kinetic potential of cyber operations, Duqu and Flame represent the critical intelligence-gathering and reconnaissance arm of sophisticated state-sponsored cyber warfare. Duqu’s explicit purpose was to collect information for future attacks on industrial control systems, and Flame served as an extensive espionage toolkit primarily targeting Iran. This indicated a strategic shift from immediate sabotage to a long-term, multi-stage approach where comprehensive intelligence gathering, including reconnaissance, vulnerability mapping, and target profiling, precedes and informs subsequent destructive or disruptive operations. This “pre-positioning” of intelligence and access is crucial for the precision and effectiveness observed in later hybrid operations like Operation Rising Lion, allowing for highly tailored and impactful strikes. This highlights the extended and often invisible timeline of modern cyber warfare, where operations can span years of covert intelligence collection and access establishment before a kinetic or overt phase, making detection and defense against such long-term campaigns particularly challenging for targeted nations.

C. Duqu 2.0 (2015): Expanding the Scope to Diplomacy

The evolution of cyber operations continued with Duqu 2.0, a sophisticated variant of Duqu (and by extension, Stuxnet), reported in 2015 to have infected computers in hotels in Austria and Switzerland that were hosting international negotiations with Iran concerning its nuclear program and economic sanctions.³¹ The malware specifically targeted individuals and companies linked to the P5+1 negotiating parties (the five permanent member states of the UN Security Council plus Germany).³² Believed to be the work of Israel’s Unit 8200, Duqu 2.0 utilized three zero-day exploits and was described by Kaspersky as possessing a “philosophy and way of thinking… a generation ahead of anything seen in the advanced persistent threats world”.³¹

The specific targeting of diplomatic negotiation venues by Duqu 2.0 represented a crucial expansion of cyber operations beyond industrial sabotage and general espionage. It demonstrated the direct application of cyber capabilities to influence diplomatic processes, gather leverage, or gain real-time insights into sensitive political discussions. This elevated cyber from a purely military or intelligence tool to a direct instrument of statecraft and foreign policy, capable of shaping the very terms of international agreements. This was a form of “preparing the battlefield” not just for kinetic action, but for achieving strategic diplomatic outcomes. This development raised significant concerns about the integrity and confidentiality of international diplomacy, as cyber espionage can undermine trust, fairness, and the very foundation of negotiations, making future diplomatic efforts more vulnerable, complex, and potentially less effective.

III. The Inherent Limitations of Cyber-Only Approaches

While cyber capabilities have proven to be powerful tools in modern conflict, purely cyber-only approaches face significant limitations that often necessitate integration with other forms of warfare, as demonstrated by Operation Rising Lion.

A. The Attribution Conundrum: A Persistent Challenge

A fundamental challenge in cyber warfare is the persistent difficulty in attributing attacks. Cyber attacks frequently lack clear attribution, as they are often executed through intermediaries, making it exceedingly difficult to trace the origin and definitively assign responsibility to a specific nation or state entity.³⁴ Adversaries deliberately employ sophisticated techniques such as third-party systems, proxy servers, VPNs, or even “false flags” to obfuscate their operations and maintain plausible deniability.³⁴ This lack of clear evidence linking an attack to a particular state complicates legal and diplomatic responses.³⁴

This complexity fundamentally undermines deterrence by generating doubt about the perpetrator’s identity, which is essential for credible and proportionate response options.³⁴ The legal standard of evidence required for lawful countermeasures is notably higher than what is needed for political responsibility, further exacerbating the challenge.³⁴ The persistent “attribution conundrum” is not merely a technical hurdle but a fundamental strategic vulnerability that adversaries actively exploit. It allows them to operate effectively in a “grey zone” of conflict, testing thresholds and probing defenses with a degree of deniability that prevents clear legal red lines from being crossed.³⁴ This inherent anonymity in cyberspace favors the aggressor, as it renders deterrence by punishment (the threat of retaliation) largely ineffective. Without “absolute certainty” of the perpetrator, kinetic retaliation becomes too risky due to the high potential for misattribution and unintended escalation.³⁵ This limitation restricts the utility of purely cyber deterrence and compels states to consider alternative, often more integrated, response options. The difficulty in attributing cyberattacks reliably forces states to consider broader, often more escalatory, responses that combine cyber capabilities with kinetic or covert elements when cyber-only actions are insufficient or deniable. This dynamic can contribute to an overall increase in regional instability and the likelihood of cross-domain conflict.

B. Physical Barriers and Target Resilience: The Enduring Challenge

Even highly sophisticated cyber operations face inherent limitations against physically robust targets. While Stuxnet demonstrated that air-gapped networks (deliberately disconnected from the internet) can be breached, typically via infected USB drives, this does not negate the challenge posed by hardened physical infrastructure.¹⁷ Deeply buried and reinforced facilities, such as Iran’s Fordo enrichment plant (located inside a mountain) or new tunnels constructed near Natanz, present significant challenges to conventional kinetic strikes.³⁹ Penetrating such sites requires specialized, heavy bunker-buster munitions and often multiple impacts at the same aiming point.⁴⁰

Furthermore, subterranean environments inherently limit the effectiveness of cyber operations by severely degrading communications, Position, Navigation, and Timing (PNT) technologies, and traditional electromagnetic spectrum signals.⁴³ This makes it difficult to conduct or sustain cyber operations in such physically constrained settings. Iran has also invested in built-in resilience, including the expansion of redundant centrifuges and the construction of new enrichment facilities in secure, invulnerable locations, further complicating any single-domain attack strategy.⁴¹ Despite the success of Stuxnet in breaching air gaps, Iran’s continued investment in deeply buried, hardened, and redundant nuclear facilities demonstrates a clear strategic understanding that physical resilience remains a critical defense against both kinetic

and cyber attacks. The inherent limitations of cyber operations in subterranean environments further underscore that purely digital means may struggle to achieve decisive, sustained, or verifiable effects against physically robust and isolated targets. This necessitates a combined approach, as exemplified by Operation Rising Lion, where covert physical infiltration and kinetic strikes complement cyber efforts to overcome these inherent physical and operational barriers. This suggests that for high-value, hardened targets, a purely cyber approach is often insufficient to achieve strategic objectives, reinforcing the need for cyber-kinetic integration to ensure comprehensive and decisive impact. This also highlights the continuous arms race between offensive capabilities and defensive hardening.

C. Uncertainty of Effects and Battle Damage Assessment: The “Black Box” Problem

The inherent nature of cyber operations means that the intention behind an attack can be far less unequivocal to a victim, largely due to concealed traces and the often-ambiguous origin of malware.⁴⁵ This ambiguity can lead to significant confusion and misinterpretations about the attack’s objective and scope.⁴⁵ Cyber operations also tend to be slower to plan and stage, and more uncertain in their ability to execute precisely timed effects compared to conventional warfare.⁴⁶ This temporal mismatch complicates their integration into fast-paced military campaigns.

A significant limitation is the difficulty in predicting and verifying the real-world impact of cyber capabilities, both before (ex ante) and after (ex post) an operation. This uncertainty impedes accurate battle damage assessments (BDA), which are essential for any deterrence calculus and for determining if strategic objectives have been met.³⁶ Furthermore, the act of revealing cyber capabilities often renders them impotent, as adversaries quickly patch vulnerabilities or adapt defenses. This limits the repeated use of successful cyber tools, making sustained pressure difficult.³⁶ The inherent ambiguity, unpredictability, and difficulty in assessing the real-world effects of cyber operations create a fundamental “black box” problem for military planners and policymakers. Unlike kinetic strikes where damage is often immediately visible and verifiable, cyber effects can be subtle, delayed, or even misinterpreted, making precise battle damage assessment profoundly challenging. This pervasive uncertainty complicates decision-making, risk management, and the ability to confidently determine if strategic objectives have been achieved. It also makes it harder for states to signal intent or de-escalate effectively, as the adversary might not fully grasp the true impact or purpose of a cyber action. This limitation drives the need for multi-domain operations, where kinetic strikes can provide clearer, more immediate, and verifiable effects and BDA, thereby reducing strategic uncertainty and enabling more decisive action. It suggests that purely cyber operations, while potent, may not be sufficient for achieving objectives that require unambiguous, measurable outcomes.

IV. Anatomy of Operation Rising Lion: A Hybrid Blueprint

Operation Rising Lion stands as a blueprint for modern hybrid warfare, meticulously integrating diverse capabilities to achieve strategic objectives. Its success was predicated on a clear strategic imperative, sophisticated covert operations, and precise cyber-kinetic synchronization.

A. Strategic Imperative: Iran’s Nuclear Trajectory

Operation Rising Lion was a direct response to Israel’s assessment that Iran was rapidly accelerating its nuclear program, moving closer to a nuclear weapon breakout capability, posing a perceived “clear and present danger to Israel’s very survival”.¹ As of early February 2025, Iran had significantly advanced its centrifuge technology and deployment capabilities. It had installed 13,555 advanced centrifuges, including IR-2m, IR-4, and IR-6 models, with the IR-6 being its most powerful, each boasting an enrichment output more than four times greater than the older IR-1 centrifuges.⁴⁷

A critical IAEA report from May 31, 2025, confirmed that Iran had accumulated enough enriched uranium for at least nine nuclear weapons, with a significant portion (one-third) stockpiled within the three months prior to the report.¹³ This rapid advancement translated into drastically reduced breakout timelines: as little as 4.5 months to produce enough weapon-grade uranium for one nuclear weapon if JCPOA-type limits were hypothetically re-imposed, or a mere 25 days if Iran retained its 20% and 60% enriched uranium stocks.⁴⁷ Further exacerbating concerns, Iran had announced plans to launch a third secure enrichment facility and upgrade its centrifuges at the underground Fordo site, signaling continued expansion despite international pressure.⁴¹ Iran’s status as a “nuclear weapons threshold state,” characterized by rapidly shrinking breakout times and advanced centrifuge deployment, directly created the strategic imperative for Israel’s preemptive, multi-domain action. This demonstrates that the perceived proximity to nuclear weaponization, rather than actual possession, can be a critical trigger for integrated cyber-kinetic operations. The “threshold” itself became a flashpoint, demanding a multi-faceted response to delay or disrupt the adversary’s progress, especially when traditional diplomatic or purely cyber approaches were deemed insufficient for the urgency of the threat.⁴ This highlights the increasing instability in regions where states approach nuclear thresholds, as it creates strong incentives for preemptive, hybrid military action to prevent proliferation, potentially leading to broader regional conflicts.

B. Covert Infiltration and Deception: The Invisible Hand

Operation Rising Lion was the culmination of meticulous planning that reportedly spanned at least eight months.⁸ A critical component of its success was the extensive covert operations conducted by Mossad, involving the smuggling of precision weapons, drones, and commandos deep into Iranian territory.⁷ Israeli operatives deployed camouflaged weapon platforms, disguised as civilian vehicles, across Iran. These seemingly innocuous cars functioned as mobile launch systems that were remotely activated at the outset of the air campaign to disrupt and destroy key components of Iran’s air defense network, effectively paving the way for unimpeded bombing runs by Israeli jets.¹⁴

A secret Mossad drone base was established just outside Tehran, from which explosive-laden kamikaze drones were launched to target critical missile sites, including the vital Esfejabad base.¹⁴ Simultaneously, elite Mossad commando teams, operating clandestinely deep inside Iran, had pre-installed precision strike devices near surface-to-air missile (SAM) batteries. These devices were remotely activated in perfect synchrony with the aerial assault, destroying missile defenses.¹⁴ Deception tactics played a crucial role, with Israeli authorities deliberately misleading the public and framing a cabinet meeting as focused on Gaza hostage talks, when its real agenda was to greenlight Operation Rising Lion.³ This deception allowed them to catch Iran off guard and maximize the strike’s initial impact.³ The detailed accounts of Mossad’s covert infiltration, the pre-positioning of assets (drones, precision strike devices), and their synchronized activation with kinetic strikes reveal a highly sophisticated and multi-layered “kill chain.” This chain integrated intelligence, covert action, cyber-physical sabotage, and kinetic force into a seamless operational flow. Each element was designed to enable and amplify the next, maximizing surprise, minimizing risk to Israeli forces, and ensuring the decisive impact of the kinetic phase. This goes beyond simple coordination; it represents a mature form of hybrid warfare where the traditional boundaries between intelligence gathering, special operations, and conventional military action are virtually non-existent, forming a continuous spectrum of engagement. This model of integrated operations poses immense challenges for target nations, as it necessitates comprehensive, multi-layered defense capabilities that can detect and counter threats across all domains simultaneously, from deep infiltration and digital pre-positioning to cyber-enabled kinetic strikes. It demands a holistic approach to national security that transcends traditional organizational and doctrinal silos.

C. Cyber-Kinetic Synchronization: The Force Multiplier

The initial phase of Operation Rising Lion focused on achieving air superiority by systematically destroying Iranian air defenses.⁷ Israeli aircraft targeted a range of Iranian air defense systems, including SA-63, SA-68, SA-69 (S-300 derivative), and SA-71 batteries.⁷ This crucial “softening up” was directly facilitated by the covertly deployed assets that disrupted and destroyed air defense components, creating temporary air corridors for the subsequent aerial assault.¹⁴

Following this, over 200 Israeli fighter jets executed precision strikes, deploying some 330 munitions against approximately 100 strategic sites across Iran.³ Key targets included the Natanz enrichment complex, missile sites, and military installations in various cities such as Tabriz, Tehran, Hamadan, Qom, Isfahan, Markazi, and Kermanshah.³ The strikes were also designed to decapitate Iranian leadership and cripple their ability to coordinate a defense or retaliatory response. At least 20 top Iranian military leaders and nuclear scientists were killed, including Major General Mohammad Bagheri (Chief of Staff of Iran’s Armed Forces) and Hossein Salami (Commander-in-Chief of the Islamic Revolutionary Guard Corps).³ The success of the kinetic airstrikes in Operation Rising Lion was not merely coincidental with, but directly

enabled by, the preceding covert and cyber-physical actions that “softened up” Iranian air defenses. This established a clear causal relationship: the digital sabotage and pre-positioned devices neutralized critical defensive capabilities, creating temporary air corridors, and ensuring the unimpeded success of the aerial assault.³ This highlights a sophisticated doctrine where cyber and covert operations are not just parallel efforts but intrinsic

enabling functions for conventional kinetic power, significantly increasing its effectiveness, precision, and reducing risk to attacking forces. This integrated approach maximized the impact of kinetic strikes by degrading the adversary’s ability to respond effectively, setting a new standard for precision and efficiency in high-stakes military operations. It suggests that future conflicts will increasingly rely on this multi-domain synergy to achieve decisive outcomes against well-defended targets.

Table 1: Integrated Components of Operation Rising Lion

Component Type	Specific Actions/Tools	Purpose/Effect
Covert Infiltration & Sabotage	Mossad infiltration; Smuggled precision weapons, drones, and commandos; Pre-installed precision strike devices near SAM batteries; Remote activation of devices.	Neutralize air defenses; Clear air corridors; Degrade enemy’s ability to respond; Maximize surprise.
Cyber-Physical Disruption	Secret Mossad drone base outside Tehran; Explosive-laden kamikaze drones targeting critical missile sites (e.g., Esfejabad base); Disruption of air defense networks via camouflaged vehicle-based mobile launch systems.	Cripple missile capabilities; Create temporary air corridors for jets; Degrade retaliatory capacity; Enable unimpeded aerial assault.
Kinetic Air Strikes	Over 200 Israeli fighter jets; Deployment of over 330 precision munitions; Targeting of Natanz enrichment complex, military sites, and installations in Tabriz, Tehran, Hamadan, Qom, Isfahan, Markazi, Kermanshah.	Destroy nuclear infrastructure; Eliminate key military and scientific personnel (e.g., Gen. Mohammad Bagheri, Gen. Hossein Salami, nuclear scientists); Disrupt command & control; Cripple nuclear ambitions.
Strategic Deception	Deliberately misleading public and framing cabinet meeting as Gaza hostage talks; Ministers signing confidentiality agreements.	Catch Iran off guard; Maximize initial strike impact; Maintain secrecy of operation.

V. The Cyber-Kinetic Nexus: Evolving Doctrines of Warfare

The success of Operation Rising Lion underscores a profound evolution in military doctrines, where the traditional boundaries between cyber and kinetic domains are not merely blurred but actively integrated to achieve synergistic effects.

A. Israel’s Doctrine of Integrated Power: Beyond Traditional Boundaries

Israel’s military doctrine, as articulated in its 2015 IDF Strategy Document, explicitly acknowledges the rise of nonconventional threats, including cyber threats, and emphasizes the need to build multi-dimensional defense capabilities and conduct simultaneous attacks across multiple fronts.⁴⁹ This reflects a strategic shift towards comprehensive, integrated warfare. The conflict between Israel and Hezbollah serves as a prime example of Israel’s advanced integration of Cyber-Electromagnetic Activities (CEMA). In this context, Israel coordinated cyber attacks and electronic jamming to disrupt Hezbollah’s radar and communication networks, creating crucial tactical advantages that enabled precision airstrikes.⁵¹

Israel further leverages AI-driven data analytics to merge cyber intelligence with electromagnetic spectrum (EMS) surveillance, facilitating real-time decision-making and significantly enhancing operational effectiveness.⁵¹ The nation benefits from close industry-military ties and a fluid workforce movement between its military units (like Unit 8200) and the civilian tech sector, fostering a unique ecosystem of talent and expertise that directly contributes to its advanced cyber capabilities.⁵² Operation Rising Lion aligns with and significantly expands upon the “Begin Doctrine” (preemptive strikes on nuclear facilities), demonstrating a mature application of this doctrine through a deeply integrated cyber-kinetic approach.⁴ The concept of Cyber-Electromagnetic Activities (CEMA) is not merely a theoretical framework but represents Israel’s practical and highly effective operationalization of the cyber-kinetic nexus. By explicitly linking cyber attacks and electronic jamming to achieve tangible tactical advantages for kinetic strikes, Israel demonstrates a mature, integrated approach where cyber is not a separate domain but an intrinsic enabler and force multiplier for conventional military operations.⁵¹ This goes beyond simple coordination to true “synchronization” and “fusion” of capabilities, reflecting a deep understanding of multi-domain warfare and a strategic imperative to achieve overwhelming advantage. Nations seeking to emulate this capability must invest heavily in bridging the technical, doctrinal, and organizational gaps between their cyber and conventional forces, fostering a seamless operational environment. This requires not just technology but also a cultural shift towards integrated planning and execution.

B. U.S. “Defend Forward” Strategy: Proactive Cyber Posture

The U.S. Department of Defense’s 2018 National Cyber Strategy introduced the “Defend Forward” concept, which fundamentally shifts the U.S. cyber posture from reactive defense to proactive disruption. It aims to disrupt or stop malicious cyber activity before it reaches U.S. targets.⁵³ This strategy involves U.S. Cyber Command (USCYBERCOM) physically deploying “Hunt Forward” teams abroad to work alongside the cyber forces of partner nations. These teams operate in selected networks to detect and disrupt attacks in their early stages, preventing them from impacting the U.S. homeland.⁵⁴ “Defend Forward” emphasizes an offensive mindset, advocating for acting proactively and with purpose—based on intelligence—to anticipate and disrupt threats, rather than merely reacting to them.⁵³ While “Defend Forward” is articulated primarily as a cyber strategy, its proactive nature and emphasis on disrupting threats

before they reach the homeland position it as a critical enabler for broader cyber-kinetic operations. By operating in adversary networks, it can gather intelligence, pre-position capabilities, and degrade enemy systems, thereby setting conditions for potential kinetic strikes or mitigating their impact. This aligns conceptually with the “preemptive” and “integrated” nature of Operation Rising Lion, suggesting a shared strategic philosophy of proactive engagement across domains. The shift from passive defense to actively engaging adversaries in their networks fundamentally redefines the scope of engagement in peacetime. The “Defend Forward” doctrine, when combined with kinetic capabilities, could lead to more frequent and aggressive preemptive actions in cyberspace, potentially escalating tensions in the “grey zone” of conflict, as it blurs the lines between intelligence gathering and active military engagement.

C. Redefining the Battlefield: The Blurring of Boundaries

The cyber domain is fundamentally different from conventional domains (sea, land, air, space), with the intention behind cyberattacks often being less unequivocal due to concealed traces and ambiguous origins of malware.⁴⁵ This inherent ambiguity complicates traditional understandings of conflict. However, cyber capabilities are increasingly perceived as vital for understanding and shaping interstate conflict and escalation dynamics in the 21st century.⁴⁵ Operation Rising Lion’s seamless blend of cyber, covert, and kinetic elements exemplifies the new reality of multi-domain integration, where cyber and electronic warfare are closely linked (CEMA) to deliver operational advantage.⁵¹ This integration fundamentally blurs traditional boundaries, making it harder to distinguish between states of war and peace, or between military and non-military targets, as civilian infrastructure can be dual-use and targeted for military advantage.⁴⁵ Operation Rising Lion’s multi-domain nature reinforces the concept of an “always-on” battlefield where conflict is not confined to distinct phases or domains. The continuous intelligence gathering (exemplified by Duqu and Flame), pre-positioning of assets, and synchronized multi-domain strikes suggest a strategic philosophy of “persistent engagement” that transcends traditional definitions of war and peace. This fundamentally redefines the battlefield as a fluid, interconnected, and continuously contested space where actions in one domain (e.g., cyber) have immediate and profound implications for others (e.g., kinetic), demanding constant adaptation and response. This necessitates a constant state of readiness, continuous intelligence collection and analysis, and deeply integrated command and control across all domains. It challenges traditional military structures, resource allocation models, and the very concept of “peacetime” versus “wartime” operations, moving towards a continuous competition continuum.

VI. Legal and Strategic Ambiguities in Modern Warfare

The emergence of integrated cyber-kinetic operations like Operation Rising Lion introduces significant legal and strategic ambiguities, challenging existing frameworks and increasing the complexity of conflict management.

A. International Law and the “Armed Attack” Threshold: A Shifting Landscape

International law, particularly Article 2(4) of the UN Charter, prohibits the threat or use of force, while Article 51 recognizes the inherent right to individual or collective self-defense if an “armed attack occurs”.³⁴ A primary legal uncertainty in the cyber era is determining whether a cyber attack, in isolation, constitutes an “armed attack” sufficient to trigger Article 51.³⁴

The Tallinn Manual 2.0, an influential document, defines a “cyber attack” under International Humanitarian Law (IHL) as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects” (Rule 92).⁵⁹ A majority of experts involved agreed that “loss of functionality of an object may also constitute damage”.⁵⁹ The Manual states that cyber operations executed in the context of an armed conflict are subject to the law of armed conflict.⁶¹

The ICRC Position concurs that if an object is disabled, it is immaterial whether this occurred through kinetic means or a cyber operation for it to be considered an “attack” under IHL.⁵⁹ The ICRC emphasizes that IHL applies to cyber operations in armed conflict, strictly prohibiting targeting civilians and civilian objects, the use of indiscriminate weapons, and disproportionate attacks.⁶³ However, it notes ongoing questions regarding whether civilian data enjoys the same protection as civilian objects, and whether cyber operations that disrupt systems without causing physical damage definitively amount to “attacks” under humanitarian law.⁶³

UN Experts (Group of Governmental Experts – GGE) reaffirm that international law and the UN Charter apply in their entirety to cyberspace, and that international humanitarian law applies in the context of armed conflict.⁶⁵ There is an emerging consensus that a cyber attack causing physical damage, loss of life, or injury to persons would fall under the prohibition of force in Article 2(4).⁵⁷ Some states, such as France, the Netherlands, and Norway, allow for the possibility that cyber operations with no physical effects could qualify as a use of force if certain qualitative and quantitative criteria (seriousness, reach, military nature) are met.⁵⁷

While international legal discourse is evolving, there remains a critical ambiguity regarding whether purely disruptive cyber operations, without clear physical damage or casualties, meet the “armed attack” threshold for self-defense under UN Charter Article 51.⁵⁷ This ambiguity creates a strong incentive for states to

ensure that their actions, or the effects they produce, involve clear kinetic outcomes or cyber effects that undeniably lead to physical damage or loss of life, if they intend to invoke self-defense. Operation Rising Lion’s combination of cyber and kinetic strikes, resulting in the physical destruction of nuclear facilities and the killing of military and scientific personnel, provides a clear, undeniable basis for claiming self-defense under Article 51.¹ This strategy effectively circumvents the legal “grey zone” of purely disruptive cyberattacks, providing a more robust legal justification for the action. This legal ambiguity, particularly regarding non-physical cyber effects, may inadvertently encourage states to escalate to kinetic responses or integrate kinetic elements into their operations to ensure their actions meet the “armed attack” threshold for legal justification, thereby increasing the overall violence and destructive potential in conflicts.

B. The Escalation Lattice vs. Ladder: A Nuanced Understanding of Conflict Dynamics

Traditional conflict escalation theory often relies on the “ladder” metaphor, implying a linear, vertical movement of increasing intensity.⁵⁵ However, in the context of cyber warfare, a more appropriate conceptualization is the “escalation lattice,” which accounts for both vertical (intensity) and horizontal (spillover to other domains or inclusion of additional participants) movement.⁵⁵ This lattice model highlights the inherent ambiguity about whether a specific action is escalatory or de-escalatory, as it can simultaneously appear one way in one domain and the opposite in another.⁵⁵

The risks of miscalculation and unintended escalation are significant due to the covert, fast-paced, and often opaque nature of cyber attacks, coupled with the difficulty in discerning attacker intent or the full extent of effects.³⁴ For instance, a cyber operation intended for limited local effects might be perceived by the target as aiming for global or systemic disruption.⁵⁵ The “escalation lattice” concept reveals a profound paradox in hybrid warfare: actions that might be chosen as a “pressure release” to

avoid a larger, more destructive conventional war (e.g., a massive cyberattack instead of a ground invasion) can simultaneously be highly escalatory in another domain or perceived differently by the adversary. Operation Rising Lion, framed as a preemptive strike to prevent Iran from acquiring nuclear weapons and thus a larger conflict, simultaneously involved significant kinetic and covert escalation. This suggests that states might opt for “less conventional” but still highly impactful hybrid actions to manage tensions, yet these actions carry substantial, often unpredictable, escalation risks and can be misinterpreted, leading to unintended consequences or a broader, more complex conflict. The ambiguity in intent and effect makes traditional de-escalation signals less reliable. This complex escalation dynamic makes crisis management significantly more challenging, as traditional signals of intent may be ambiguous or contradictory across domains, increasing the risk of miscalculation and unintended conflict expansion. It necessitates a new framework for understanding and communicating escalation in multi-domain environments.

C. Nuclear Entanglement and Crisis Instability: The Existential Risk

The growing interconnection of critical infrastructure with digital networks, including military command structures, significantly amplifies national vulnerability to severe cyber disturbances.³⁴ Cyber operations that target nuclear-armed states, particularly their nuclear command, control, and communication (NC3) systems, could unintentionally pressure them into preemptively using their nuclear weapons.⁶⁶ This existential risk is heightened by the phenomenon of “nuclear entanglement,” where a state’s nuclear and conventional military forces are commingled, share components, or are considered dual-use in their functionality.⁶⁶ For example, if a state’s NC3 systems also direct non-nuclear military assets, a defensive cyber operation could be misinterpreted as an attempt to undermine its nuclear deterrent, potentially leading to inadvertent escalation.⁶⁶ The increasing emphasis on continuous cyber operations by states further raises the likelihood of such incidents and a deterioration of strategic stability.⁶⁶

The inherent uncertainty and volatility of cyberspace make operations susceptible to unpredictable effects and to ambiguity and manipulation of perception, increasing the risk of unintended responses that intensify conflict.³⁶ The difficulty in discerning timely and accurate attribution for cyberattacks can weaken deterrence by creating doubt about the perpetrator, undermining the credibility of response options.³⁶ This problem is compounded by the fact that the act of revealing cyber capabilities often renders them impotent, limiting their repeated use.³⁶ The potential for cyber operations to distort or degrade the ability of conventional or even nuclear capabilities to work as intended could undermine the credibility of deterrence due to a reduced capability rather than political will.³⁷ This creates a dangerous information asymmetry where a target state might be unaware its capabilities have been compromised, leading to miscalculations.³⁷ The risk of nuclear crisis instability due to cyber operations is a critical concern that current cyber doctrines by nuclear-armed states often fail to acknowledge, and may even actively undermine pathways toward strategic stability.⁶⁶ The inherent secrecy of cyber operations and the wide array of vulnerable targets create a justified fear among decision-makers that their nuclear deterrent could be compromised at any moment, leading to pressure for preemptive nuclear use in a crisis.⁶⁶ This highlights the urgent need for a more robust framework for managing escalation and ensuring strategic stability in an increasingly cyber-entangled world.

VII. Policy Recommendations

The complexities introduced by integrated cyber-kinetic warfare, as exemplified by Operation Rising Lion, necessitate a re-evaluation of international policy and strategic approaches.

A. Enhancing Legal Clarity and Attribution Mechanisms:

The persistent attribution conundrum in cyberspace demands a concerted international effort to develop clearer legal frameworks. States should develop and share their interpretations of the international law of State responsibility in the context of cyber operations, contributing to the progressive development of international law applicable to State conduct in cyberspace.38 International discussions on the standard of proof for attribution should continue, with states considering sharing their standards to define acceptable attribution practices and foster customary international law.38 Technical capacity for investigating cyber incidents, including evidence collection and custody, must be developed, with international cooperation mechanisms established to assist countries in building these capabilities.38 Attribution claims should be substantiated with multiple sources of reliable and objective evidence, prioritizing technical forensic analysis.38 Furthermore, discussions on an international attribution mechanism should be pursued in various forums to explore its benefits and pitfalls.38

B. Strengthening Crisis De-escalation and Strategic Stability:

Given the “escalation lattice” dynamic, new approaches to crisis management are essential. States should engage in dialogue before reacting with measures of retorsion or countermeasures, providing an opportunity for the allegedly responsible state to challenge attribution claims and offer rebuttal evidence.38 The self-imposed standard of proof for attribution should be commensurate with the gravity of the malicious cyber operation and the planned reaction, aiming for the highest possible standard to avoid misattribution and international strain.38 AI tools can play a crucial role in enhancing crisis management by leveraging real-time analytics, automation, and predictive modeling to improve decision-making and response coordination.68 AI-powered Geographic Information System (GIS) tools can generate immediate impact assessments, and AI-driven logistics platforms can optimize resource deployment.68 AI-driven simulation platforms can revolutionize disaster preparedness by providing realistic training environments and automated debriefings, fostering continuous learning and adaptability.68 Furthermore, AI-powered tools can identify and flag misinformation during emergencies, ensuring accurate and timely information sharing.68 International collaboration is vital to develop mutually beneficial technical safeguards and best practices to reduce the risk of catastrophic AI failures in military contexts, and to commit to restraint in the use of offensive AI-enabled capabilities where significant escalation risks exist.70

C. Investing in Civilian Critical Infrastructure Cyber Resilience:

The increasing vulnerability of critical infrastructure to cyber-physical threats necessitates substantial investment in resilience. A deeper partnership between the public and private sectors is required to fortify critical infrastructure.67 This involves establishing integrated Critical Infrastructure Performance Goals that define minimum viable delivery objectives for essential services, even during system failures.67 Leading indicator metrics should be established and measured, focusing on practices that mitigate future risks, rather than solely relying on lagging indicators.67 Radical transparency and stress testing, including simulations of internet failure and multi-point attacks, are crucial to understand the limits of resilience and encourage continuous improvement.67 Governments should fully resource Sector Risk Management Agencies (SRMAs) with greater capabilities to support cyber-physical resilience goals, and increase expectations for boards, CEOs, and other executives to contribute more time and resources to ensure infrastructure reliability and resilience.67 Promoting “Security-by-Design and -Default” principles, enhancing vulnerability disclosure programs, and publishing software bills of materials (SBOMs) are also critical for strengthening supply chain resilience.67

Conclusions

Operation Rising Lion represents a pivotal moment in modern warfare, demonstrating a sophisticated and unprecedented integration of cyber, covert, and kinetic capabilities. This operation was not merely a military strike but a manifestation of an evolving “preemptive hybrid war doctrine,” driven by the perceived urgency of Iran’s nuclear advancements. The historical trajectory of cyber campaigns, from Stuxnet’s cyber-physical sabotage to Duqu and Flame’s intelligence pre-positioning, and Duqu 2.0’s diplomatic espionage, laid the groundwork for this multi-domain approach. These precedents highlighted both the immense potential and the inherent limitations of purely cyber operations, particularly concerning attribution, physical barriers, and the uncertainty of effects.

The success of Operation Rising Lion underscores the operationalization of the “cyber-kinetic nexus,” where cyber and covert actions serve as critical enablers for kinetic dominance, effectively “softening up” defenses and maximizing the impact of strikes. This integrated approach aligns with and expands upon doctrines like the U.S. “Defend Forward” strategy, signaling a global shift towards “always-on” battlefields and persistent engagement across all domains. However, this evolution introduces significant legal and strategic ambiguities. The “physical effect” imperative for legal justification in hybrid warfare may inadvertently encourage kinetic escalation, while the “escalation lattice” dynamic complicates crisis management by creating a “de-escalatory escalation” paradox. Furthermore, the growing “nuclear entanglement” due to cyber vulnerabilities poses an existential risk of crisis instability. Moving forward, international efforts must prioritize enhancing legal clarity and attribution mechanisms, strengthening crisis de-escalation strategies through advanced AI tools, and investing robustly in the cyber-physical resilience of critical civilian infrastructure to navigate this increasingly complex and interconnected global security landscape.

Works cited

1. Israel strikes Iran’s nuclear sites and kills its top generals. Iran vows ‘severe’ retaliation, accessed June 13, 2025, https://apnews.com/article/iran-explosions-israel-tehran-00234a06e5128a8aceb406b140297299
2. What is Operation Rising Lion? Israel launches strikes to ‘counter Iranian threat’, accessed June 13, 2025, https://www.hindustantimes.com/world-news/what-is-operation-rising-lion-israel-launches-strikes-to-counter-iranian-threat-101749778881348.html
3. Operation Rising Lion unleashed: How Israel used deception, drones, and 200 fighter jets to cripple Iran’s nuclear ambitions – The Economic Times, accessed June 13, 2025, https://m.economictimes.com/news/defence/operation-rising-lion-unleashed-how-israel-used-deception-drones-and-200-fighter-jets-to-cripple-irans-nuclear-ambitions/articleshow/121828776.cms
4. Experts react: Israel just attacked Iran’s military and nuclear sites …, accessed June 13, 2025, https://www.atlanticcouncil.org/blogs/new-atlanticist/experts-react-israel-just-attacked-irans-military-and-nuclear-sites-whats-next/
5. Israel strikes Iran and braces for retaliation – NPR, accessed June 13, 2025, https://www.npr.org/2025/06/12/nx-s1-5431956/israel-strikes-iran-and-braces-for-retaliation
6. Iran-Israel conflict: How secret friends turned bitter enemies – The Economic Times, accessed June 13, 2025, https://m.economictimes.com/news/defence/iran-israel-conflict-nuclear-strikes-how-secret-friends-turned-bitter-enemies/articleshow/121823591.cms
7. Israel’s Operation Rising Lion: 6/13/25 Update – JINSA, accessed June 13, 2025, https://jinsa.org/wp-content/uploads/2025/06/Israel-Iran-Projectile-Tracker-06-13-2025-1.pdf
8. SPECIAL EDITION: 14 thoughts on Israel striking Iran. – Tangle News, accessed June 13, 2025, https://www.readtangle.com/special-edition-14-thoughts-on-israel-striking-iran/
9. Israel carries out strikes targeting Iran’s nuclear, military sites – Al Jazeera, accessed June 13, 2025, https://www.aljazeera.com/news/2025/6/13/sounds-of-explosions-heard-in-irans-capital-tehran
10. Iran Calls Israel Strikes ‘Declaration of War’, Trump Says He Was Warned: Live Updates, accessed June 13, 2025, https://www.newsweek.com/israel-iran-strikes-war-nuclear-sites-2084944
11. Who Are the Top Iranian Figures Killed by Israel? – Newsweek, accessed June 13, 2025, https://www.newsweek.com/who-are-top-iranian-figures-killed-israel-2084983
12. Operation Rising Lion: Maps Show Israeli Strikes On Iran – Newsweek, accessed June 13, 2025, https://www.newsweek.com/operation-rising-lion-israel-strikes-iran-map-2085072
13. Israel Justifies Iran Strikes as ‘Last Resort’ Against Nuclear Breakout, accessed June 13, 2025, https://www.nationthailand.com/news/world/40051207
14. How Israel Executed Operation Rising Lion: Mossad Smuggled …, accessed June 13, 2025, https://www.newsx.com/world/how-israels-secret-strike-pierced-iran-mossad-smuggled-drones-and-commandos-into-tehran-in-daring-operation-rising-lion/
15. Israeli Commandos Attacked Iranian Air Defenses With Drones From Inside The Country: Report – Yahoo, accessed June 13, 2025, https://www.yahoo.com/news/israeli-commandos-attacked-iranian-air-102744901.html
16. The Stuxnet Worm, accessed June 13, 2025, https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2012/Resources/presentations/topic9-final/report.pdf
17. Stuxnet Definition & Explanation – Kaspersky, accessed June 13, 2025, https://www.kaspersky.com/resource-center/definitions/what-is-stuxnet
18. Stuxnet – Simple English Wikipedia, the free encyclopedia, accessed June 13, 2025, https://simple.wikipedia.org/wiki/Stuxnet
19. Stuxnet – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Stuxnet
20. Operation Olympic Games – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Operation_Olympic_Games
21. Cyberweapon – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Cyberweapon
22. Duqu – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Duqu
23. Duqu Trojan Questions and Answers – Secureworks, accessed June 13, 2025, https://www.secureworks.com/blog/duqu
24. DuQu: Briefing Note – ENISA, accessed June 13, 2025, https://www.enisa.europa.eu/sites/default/files/all_files/DuQu_new.pdf
25. Duqu FAQ – Securelist, accessed June 13, 2025, https://securelist.com/duqu-faq-33/32463/
26. Flame (malware) – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Flame_(malware)
27. Flame Malware and SCADA Security: What are the Impacts?, accessed June 13, 2025, https://www.tofinosecurity.com/blog/flame-malware-and-scada-security-what-are-impacts
28. Flame: Trying to Unravel the Mystery of Spying Malware – YouTube, accessed June 13, 2025, https://www.youtube.com/watch?v=eZlmVCcw_6Y
29. Flame | F-Secure Labs, accessed June 13, 2025, https://www.f-secure.com/v-descs/flame.shtml
30. Flame – Radware, accessed June 13, 2025, https://www.radware.com/security/ddos-knowledge-center/ddospedia/flame/
31. Duqu 2.0 – Wikipedia, accessed June 13, 2025, https://en.wikipedia.org/wiki/Duqu_2.0
32. Duqu 2.0 | CFR Interactives, accessed June 13, 2025, https://www.cfr.org/cyber-operations/duqu-20
33. accessed December 31, 1969, https://www.sciencedirect.com/science/article/pii/S221421261400004X
34. The unintended consequences of deterring cyber attacks through nuclear weapons and international law | European Leadership Network, accessed June 13, 2025, https://europeanleadershipnetwork.org/commentary/the-unintended-consequences-of-deterring-cyber-attacks-through-nuclear-weapons-and-international-law/
35. Nuclear posture and cyber threats: Why deterrence by punishment is not credible – and what to do about it | European Leadership Network, accessed June 13, 2025, https://europeanleadershipnetwork.org/commentary/nuclear-posture-and-cyber-threats-why-deterrence-by-punishment-is-not-credible-and-what-to-do-about-it/
36. Transparent Cyber Deterrence – NDU Press – National Defense University, accessed June 13, 2025, https://ndupress.ndu.edu/Media/News/News-Article-View/Article/3197215/transparent-cyber-deterrence/
37. Cyber Threats and Vulnerabilities to Conventional and Strategic …, accessed June 13, 2025, https://ndupress.ndu.edu/Media/News/News-Article-View/Article/2680531/cyber-threats-and-vulnerabilities-to-conventional-and-strategic-deterrence/
38. Non-Escalatory Attribution of International Cyber Incidents – UNIDIR, accessed June 13, 2025, https://unidir.org/files/2022-01/UNIDIR_Non-Escalatory_Attribution_International_Cyber_Incidents.pdf
39. The Coming Iranian Nuclear Challenge in 2025 | The Iran Primer, accessed June 13, 2025, https://iranprimer.usip.org/blog/2025/jan/13/coming-iranian-nuclear-challenge-2025
40. The Challenges Involved in Military Strikes Against Iran’s Nuclear Programme – RUSI, accessed June 13, 2025, https://my.rusi.org/resource/the-challenges-involved-in-military-strikes-against-irans-nuclear-programme.html
41. Iran announces a new nuclear enrichment site after UN watchdog censure – AP News, accessed June 13, 2025, https://apnews.com/article/iran-nuclear-iaea-sanctions-728b811da537abe942682e13a82ff8bd
42. Iran says it will create a new uranium enrichment facility after a vote at the IAEA – NPR, accessed June 13, 2025, https://www.npr.org/2025/06/12/nx-s1-5431395/iran-nuclear-enrichment-un-compliance
43. Large-Scale Combat Operations and the Subterranean Dilemma – US Army Nuclear and Countering Weapons of Mass Destruction Agency, accessed June 13, 2025, https://www.usanca.army.mil/LinkClick.aspx?fileticket=8LDr6_KWWtc%3D&portalid=114
44. Cyber Underground: Overcoming Obstacles to Cyber in Subterranean Warfare – Air University, accessed June 13, 2025, https://www.airuniversity.af.edu/Wild-Blue-Yonder/Article-Display/Article/2180393/cyber-underground-overcoming-obstacles-to-cyber-in-subterranean-warfare/
45. Stuxnet, revisited (again): producing the strategic relevance of cyber …, accessed June 13, 2025, https://www.tandfonline.com/doi/full/10.1080/23738871.2025.2492570
46. Narrow windows of opportunity: the limited utility of cyber operations in war | Journal of Cybersecurity | Oxford Academic, accessed June 13, 2025, https://academic.oup.com/cybersecurity/article/10/1/tyae014/7727352
47. Iranian Breakout Timelines Under JCPOA-Type Limits | Institute for …, accessed June 13, 2025, https://isis-online.org/isis-reports/detail/iranian-breakout-timelines-under-jcpoa-type-limits/
48. Israel’s strikes might accelerate Iran’s race towards nuclear weapons …, accessed June 13, 2025, https://www.chathamhouse.org/2025/06/israels-strikes-might-accelerate-irans-race-towards-nuclear-weapons
49. Israel Defense Forces Strategy Document | The Belfer Center for Science and International Affairs, accessed June 13, 2025, https://www.belfercenter.org/research-analysis/israel-defense-forces-strategy-document
50. Deterring Terror – Belfer Center, accessed June 13, 2025, https://www.belfercenter.org/sites/default/files/pantheon_files/files/publication/IDF%20doctrine%20translation%20-%20web%20final2.pdf
51. Navigating the Digital Battlefield – Joint Air Power Competence Centre, accessed June 13, 2025, https://www.japcc.org/articles/navigating-the-digital-battlefield/
52. Reinventing Cyber Defence: Why We Need a New Doctrine to Defend Our Nations – RUSI, accessed June 13, 2025, https://my.rusi.org/resource/reinventing-cyber-defence-why-we-need-a-new-doctrine-to-defend-our-nations.html
53. Defend Forward: A Proactive Model for Cyber Deterrence – Cybereason, accessed June 13, 2025, https://www.cybereason.com/hubfs/dam/collateral/ebooks/Defend_Forward_Proactive_Model_Cyber_Deterrence_ebook.pdf
54. Cyber Warfare and U.S. Cyber Command – The Heritage Foundation, accessed June 13, 2025, https://www.heritage.org/military-strength/assessment-us-military-power/cyber-warfare-and-us-cyber-command
55. Cyberspace Escalation: Ladders or Lattices? – CCDCOE, accessed June 13, 2025, https://ccdcoe.org/uploads/2020/12/3-Cyberspace-Escalation-Ladders-or-Lattices_ebook.pdf
56. Escalation Dynamics and Conflict Termination in Cyberspace – Air University, accessed June 13, 2025, https://www.airuniversity.af.edu/Portals/10/SSQ/documents/Volume-06_Issue-3/Lin.pdf
57. Use of force – International cyber law: interactive toolkit, accessed June 13, 2025, https://cyberlaw.ccdcoe.org/wiki/Use_of_force
58. International Legal Basis For The Right To Defense In The Cyber Era | Law and world, accessed June 13, 2025, https://lawandworld.ge/index.php/law/article/view/302
59. Cyberwarfare and international humanitarian law: the ICRC’s position, accessed June 13, 2025, https://www.icrc.org/sites/default/files/external/doc/en/assets/files/2013/130621-cyberwarfare-q-and-a-eng.pdf
60. lieber.westpoint.edu, accessed June 13, 2025, https://lieber.westpoint.edu/policy-approach-addressing-cyber-attacks-data-object-debates/#:~:text=Accordingly%2C%20Tallinn%20Manual%202.0’s%20Rule,reflected%20the%20only%20interpretation%20of
61. How Does the Tallinn Manual 2.0 Shed Light on the Threat of Cyber Attacks against Taiwan? – Academic Conferences International, accessed June 13, 2025, https://papers.academic-conferences.org/index.php/eccws/article/download/1294/1215/4442
62. A Policy Approach for Addressing the “Cyber Attacks” and “Data as an Object” Debates, accessed June 13, 2025, https://lieber.westpoint.edu/policy-approach-addressing-cyber-attacks-data-object-debates/
63. Cyber and information operations | International Committee of the …, accessed June 13, 2025, https://www.icrc.org/en/law-and-policy/cyber-and-information-operations
64. The principle of distinction – ICRC, accessed June 13, 2025, https://www.icrc.org/sites/default/files/wysiwyg/war-and-law/03_distinction-0.pdf
65. The UN GGE Final Report: A milestone in cyber diplomacy, but where is the accountability?, accessed June 13, 2025, https://cyberpeaceinstitute.org/news/the-un-gge-final-report-a-milestone-in-cyber-diplomacy-but-where-is-the-accountability/
66. Cyber Doctrines and the Risk of Nuclear Crisis Instability. Part 1: Issues with U.S. Cyber Strategy | Council on Foreign Relations, accessed June 13, 2025, https://www.cfr.org/blog/cyber-doctrines-and-risk-nuclear-crisis-instability-part-1-issues-us-cyber-strategy
67. Strategy for Cyber-Physical Resilience: – Biden White House, accessed June 13, 2025, https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/02/PCAST_Cyber-Physical-Resilience-Report_Feb2024.pdf
68. Integrating Artificial Intelligence into Crisis Management – Juvare, accessed June 13, 2025, https://www.juvare.com/integrating-artificial-intelligence-into-crisis-management/
69. Strengthening Cyber Crisis Response Through AI, accessed June 13, 2025, https://www.cyberdefensemagazine.com/strengthening-cyber-crisis-response-through-ai/
70. Reducing the Risks of Artificial Intelligence for Military … – CSET, accessed June 13, 2025, https://cset.georgetown.edu/wp-content/uploads/CSET-Reducing-the-Risks-of-Artificial-Intelligence-for-Military-Decision-Advantage.pdf