“Hack the radar, then fire the missile.” The deliberate sequencing of digital and physical attacks to compound their strategic effect.
Executive Summary
Kinetic-Cyber Links refers to the operational integration of cyberattacks with physical (kinetic) military action to achieve combined effects neither could produce alone. Rather than treating cyber operations as a separate domain, modern militaries and state-sponsored actors sequence and synchronize digital intrusions, infrastructure disruptions, and communications blackouts with ground offensives, missile strikes, and drone campaigns. Russia’s war in Ukraine established the most extensively documented case study of this integration, and its lessons are being absorbed by militaries worldwide heading into 2025–2026.
The Strategic Mechanism
The integration operates across three temporal modes:
Pre-kinetic (Shaping):
- Cyber intrusions degrade C2 (command and control) networks before an offensive begins
- Disrupt early warning systems, air defense radars, and logistics software
- Classic example: Stuxnet’s destruction of Iranian centrifuges without a physical strike
Concurrent (Amplifying):
- Cyberattacks on power grids timed to coincide with artillery bombardments to prevent disaster response
- Jamming and spoofing GPS to degrade precision munitions effectiveness and force repositioning
- Disabling public alert systems to maximize civilian panic and slow military mobilization
Post-kinetic (Sustaining):
- Information operations and deepfakes to distort battle damage assessments
- Ransomware on supply chain software to impede logistics reconstitution
- Persistent access maintained in adversary networks for intelligence during ceasefire negotiations
Market & Policy Impact
- Critical infrastructure valuation: Industrial control system (ICS) and SCADA security has become a top-three board-level priority for utilities, ports, and refineries
- Cyber insurance re-pricing: Lloyd’s and major cyber insurers have repriced war exclusion clauses following kinetic-cyber nexus events in Ukraine
- NATO Article 5 threshold: Ongoing legal debates over whether a cyberattack alone meets the threshold for collective defense — with kinetic-cyber combinations making the question urgent
- Dual-use procurement: Defense contractors are increasingly designing weapons systems with integrated cyber-offensive and cyber-defensive capabilities from the outset
- Satellite vulnerability: The Viasat KA-SAT hack on February 24, 2022 — timed precisely to the Russian invasion — alerted commercial satellite operators to their role as military targets
Modern Case Study: Viasat Hack and Ukraine Invasion, 2022–2024
At 05:00 UTC on February 24, 2022 — the moment Russian ground forces crossed into Ukraine — a destructive cyberattack crippled the Viasat KA-SAT satellite network, disabling modems across Ukraine and disrupting Ukrainian military communications in the opening hours of the invasion. The attack, later attributed to Russian GRU by the U.S., UK, and EU, affected tens of thousands of users across Europe, disabling wind farm controls in Germany as collateral damage. It was not a standalone cyber event — it was a carefully timed operational component of the invasion’s opening strike package. Through 2023–2024, Russian forces repeatedly coordinated missile strikes on Ukrainian power infrastructure with simultaneous cyberattacks on grid management software, preventing automatic failover systems from functioning. The lesson was blunt: in modern warfare, the cyber domain is not a parallel theater — it is a synchronized layer of the physical battle.