Week of Sunday, March 15, 2026

The United States has struck more than 6,000 targets across Iran since February 28. Iran's missile volume is down 90%. Its one-way attack drone capability is down 95%. The US Navy has sunk 51 Iranian naval vessels, including 16 minelayers near the Strait of Hormuz. On March 13, US forces struck military targets on Kharg Island, the tiny coral outcrop that handles 90% of Iran's crude exports. The oil infrastructure was deliberately spared, but President Trump warned Tehran he would "immediately reconsider" that decision if Iran continued interfering with commercial shipping.

Iran responded asymmetrically. On March 12, a drone strike on the Ruwais industrial complex in Abu Dhabi forced the shutdown of the region's largest oil refinery. Three more commercial ships were struck by projectiles in the Strait of Hormuz the same day. Seven US service members have been killed in action since the operation began. Approximately 200 have been wounded, with 170 reportedly returned to duty.

The cyber dimension is accelerating in the opposite direction of the kinetic one. As Iran's conventional military capacity degrades, its cyber and proxy operations are expanding. Handala, a group linked to Iran's Ministry of Intelligence and Security, conducted a destructive wiper attack against Stryker Corporation on March 11. On the same day, the group claimed it breached Hebrew University of Jerusalem, wiped more than 40 terabytes of data, and compromised all servers. Cyber Islamic Resistance claimed a breach of an Israeli cybersecurity firm and published exfiltrated data. The 60 hacktivist groups that activated in the first days of the conflict are not slowing down. They are shifting from temporary disruption to lasting damage, moving beyond distributed denial-of-service attacks to destructive wiper operations that erase data permanently.

Iran has not closed the Strait entirely. A senior military spokesman told state television that vessels linked to the United States or Israel would not be allowed to pass, while other traffic could continue. In practice, the policy is selective. China-flagged vessels have passed freely, reportedly because of Beijing's supportive stance. A Turkish LPG tanker transited after broadcasting that it was "Muslim-owned and Turkish-operated." More than 170 container ships are still anchored outside the strait. On March 11, the oil tanker Skylight was struck by a projectile north of Khasab, Oman, killing two Indian crew members. Three more ships were hit the following day. The message is clear: Iran is deciding who trades and who doesn't.

The Strait handles roughly 20% of global oil supply. The international benchmark price for crude oil is trading near $99 per barrel, up from $70 before the war began. The International Energy Agency coordinated a release of 400 million barrels from strategic reserves across 32 member countries. Goldman Sachs models project prices averaging $98 through April.

The disruption extends beyond shipping lanes. Airspace closures across Iran, Iraq, and the Gulf have grounded more than 46,000 flights since February 28, stranding over a million passengers. Airlines are rerouting around the conflict zone, adding one to three hours per flight and burning significantly more fuel. Jet fuel prices have nearly doubled, from roughly $85 per barrel before the conflict to between $150 and $200. Cathay Pacific announced it would double fuel surcharges starting March 18. Dubai International Airport, the world's busiest for international passenger traffic, has been affected by Iranian retaliatory strikes on the UAE.

On the ground, the Institute for Supply Management reported that just-in-time delivery for semiconductors and electric vehicle batteries is severely disrupted, with components stranded in the Gulf. Shipping carriers are implementing surcharges on every route that touches the region. Nearly two-thirds of companies surveyed expect to lose revenue, and post-disruption cost-to-serve has surged 40% on average. If the Strait remains contested for more than 30 days, economic modelers are flagging recession risk for major importing economies.

Stryker's 56,000 employees were told to power down everything. Order processing, manufacturing, and shipping stopped. In its 8-K filing with the Securities and Exchange Commission, Stryker said it found "no indication of ransomware or malware" and believed the incident was contained, but acknowledged the timeline for full restoration is unknown and has not yet determined whether the incident is "reasonably likely to have a material impact."

Handala is not a hacktivist group. Palo Alto Networks' Unit 42 links it to Iran's Ministry of Intelligence and Security, specifically to a threat actor called Void Manticore. The hacktivist persona is a mask. The group claimed it exfiltrated 50 terabytes of company data. Some reporting suggests the attackers gained access to Stryker's Microsoft Intune environment and used the company's own device management tools to push an operating system reset across enrolled devices. If accurate, no traditional malware was needed. The weapon was Stryker's own infrastructure.

Stryker makes surgical equipment, implants, and medical devices used in hospitals worldwide. When its ordering system goes down, hospitals cannot get the implants they need for scheduled surgeries. The American Hospital Association said it was not aware of direct impacts to US hospitals as of March 12, but the longer the outage extends, the more likely supply chain effects will reach operating rooms.

Moody's published an analysis titled "From Silence to Stryker" calling this the first confirmed destructive cyberattack by an Iranian threat group against a major Western corporation. Their assessment: the most probable path to material insured losses is not one catastrophic event but many sector-specific attacks. Coordinated wipers, attacks on industrial control systems, ransomware across critical infrastructure. The question Moody's posed is whether Stryker is an isolated incident or the beginning of a broader campaign.

That question connects directly to what we reported last week about cyber insurance war exclusions. Lloyd's of London mandated that policies exclude state-backed cyberattacks. Handala is linked to the Iranian state. Your insurer may argue the exclusion applies. Your broker may not have an answer yet. The litigation will come later. The coverage gap exists now.

The strategy marks a shift from compliance-based cybersecurity to outcome-based accountability. The government is no longer asking whether you checked the boxes. It is asking whether your defenses actually work. It calls for post-quantum cryptography adoption, zero-trust architecture across federal networks, and state-by-state critical infrastructure pilot programs. The executive order directs the Attorney General to prioritize prosecutions of cyber-enabled fraud, citing $12.5 billion in consumer losses in 2024, and creates mechanisms for sanctions, visa restrictions, and expulsion of foreign officials tied to cybercrime.

The offensive posture is explicit. The strategy states the United States "will not confine our responses to the cyber realm," signaling that cyberattacks could trigger diplomatic, economic, or military consequences. That doctrine is not theoretical. Operation Epic Fury's opening hours included the largest offensive cyber operation in history. A new interagency operational cell spanning the Department of Justice, State Department, FBI, and Department of Defense will pair cyber operations with diplomacy, sanctions, and prosecutions. Several major companies and financial institutions welcomed the approach, particularly the shift toward measurable outcomes over compliance checklists.

Not everyone sees it the same way. The Center for Strategic and International Studies called the document "remarkable for what it lacks: a conversation about matching resources to these goals." The vast majority of critical infrastructure in the United States remains in private hands. The strategy tells the private sector to harden its own defenses but does not define how government and industry should coordinate when an incident happens, or what resources will be available when it does. That gap matters. Stryker was hit by a state-linked wiper attack this week. The strategy does not describe what a company in that position should expect from the federal government while it is under fire.

US tariffs on Chinese imports have pushed the production cost of network security appliances up 14 to 18 percent. That increase hits the same whether your organization spends $5,000 or $50,000 on a firewall. This is not your vendor inflating quotes. The cost increase traces back to raw materials and components.

The effects are already visible in procurement decisions. Enterprises are stretching hardware refresh cycles from the standard three to four years out to five or six years in cost-sensitive environments. Cybersecurity budgets grew just 4% in 2025, down from 8% the year before. Organizations are being asked to defend against an elevated threat landscape with older equipment and flatter budgets.

The dependency runs deeper than where you buy your equipment. American-made routers, firewalls, and encryption hardware rely on rare earth minerals that China controls. Beijing imposed two waves of export restrictions on rare earth elements in 2025, covering 12 of 17 critical minerals. Those restrictions are currently suspended under a trade agreement, but the suspension can be revoked. It does not matter whether your hardware is manufactured in the United States, Europe, or Asia. If the components inside it depend on Chinese rare earths, the supply chain risk is the same.

War on the Rocks published an analysis this month titled "Fighting an Economic War Without Fused Intelligence," arguing that the United States is deploying economic weapons, tariffs, sanctions, export restrictions, without fully evaluating the second-order effects on its own industries. The article documents how business intelligence and national security intelligence remain siloed, creating blind spots. The tariffs and the rare earth restrictions are both tools in a broader US-China economic competition. The second-order effect is that the cost of cybersecurity hardware is rising at the same time the threat level is elevated. Both dynamics are real. Both land on the same line item in your budget.