Electronic Warfare, Drones, and Cyber: Inside Modern Hybrid Warfare

Electronic warfare, drone warfare, and cyber operations all depend on the same foundation, the electromagnetic spectrum and the digital networks built on top of it. Anyone who can contest that foundation can blind sensors, hijack platforms, and corrupt the data that physical systems rely on to function. That overlap is the mechanism behind modern hybrid warfare.

You can trace the convergence as one escalating chain. A drone costing a few hundred dollars can destroy a tank worth millions, so both sides flood the sky with them, and the scramble to jam those drones turns the electromagnetic spectrum into contested ground.

That jamming does not stay at the front. It bleeds into the GPS that civilian airliners and cargo ships rely on, possibly hundreds of miles from any fighting. And when a state wants maximum effect, it fires the cyberattack and the missile as one move, timing the strike for the moment the network goes dark. None of this takes a superpower’s budget anymore, which is precisely why it has stopped being someone else’s problem.

This article breaks down how electronic warfare, drones, and cyber operations fit together, what the current threat landscape looks like, and why the convergence has become an organizational risk rather than a purely military one.

What Is Hybrid Warfare?

Traditionally, hybrid warfare means using many kinds of attacks at the same time. The term was coined by Frank Hoffman in 2007 to describe adversaries who are flexible and smart, choosing whatever methods fit their goal; the root of the concept was prior to the term. There is no single agreed-upon meaning, but it usually mixes regular fighting, irregular fighting, and cyberattacks with other tools like fake news, diplomacy, legal pressure, or meddling in elections. By combining real physical attacks with quieter, hidden ones, the attacker hopes to avoid getting blamed or punished.

But the wars of the last few years have pushed the idea past the textbook. As cyberspace keeps evolving, the term gets stretched to cover more and more, and the digital side has moved from a side note to the center of it.

Where Cyber Meets Kinetic Force

Hybrid warfare is the deliberate mixing of military force with non-military tools to land a coordinated blow. The toolkit runs from cyberattacks and electronic warfare to disinformation, economic pressure, and sabotage, used alongside or instead of conventional troops. The trick is not that digital operations are present. They are timed to physical ones, so each makes the other hurt more.

A kinetic effect is physical: a missile, a shell, a drone strike. A cyber effect manipulates data and software, often leaving no visible mark at all. Hybrid warfare welds them together. Iran – Israel & US War that started in early 2026 showed how tightly.

Airstrikes ran in parallel with cyberattacks, information operations, and psychological pressure against nuclear, military, and digital targets. In what Israel called the largest cyberattack in history at thebeginning of the assault.

Then there is the ambiguity, which is the second half of the design. Hybrid operations love proxies, criminal affiliates, and deniable assets, because attribution that is slow and contested is attribution that buys time. A target that cannot confidently name its attacker cannot confidently hit back. The fog is the weapon.

Analysts saw the seams dissolving years ago. A 2016 NATO Cooperative Cyber Defence Centre of Excellence paper byKim Hartmann and Keir Giles argued that the lines between cyber attack, electronic attack, and kinetic action were already blurring past the point of usefulness, and that in practice, it did not matter how you lost control of a system, only that you had. A decade on, that observation has become the basic logic of how wars are fought.

Hybrid Warfare Examples: Iran–Israel 2026 and Ukraine

The synchronized campaign is the convergence in its purest form, cyber and kinetic, fired as one operation. Early 2026 in the Middle East, fit the template down to the details.

Iranian-aligned groups ran spear-phishing, ransomware-style attacks, data theft, and malware against energy systems, airports, banks, and government networks, all while missiles and drones flew. Much of it moved through proxies, aimed at destabilizing societies, snarling supply chains, and applying geopolitical pressure.

For various attacks, total destruction is rarely the actual goal. The point is to scramble command, cut civilian communication, and erode public trust while the physical operation does its work. In a synchronized operation, cyber confuses, electronic warfare blinds, and kinetic force walks through the gap.

Observers of Ukraine described the same recipe, the integration of cyber, electronic warfare, intelligence, propaganda, and kinetic measures, rather than any one of them used alone. That integration is the entire idea, and it is why hybrid attacks hit harder than the sum of their parts.

To see why, it helps to take the machinery apart, starting with the layer all of it depends on: the electromagnetic spectrum, and the drones that ride it.

Drones, Jamming, and the Battle for the Spectrum

Electronic warfare is the fight over the electromagnetic spectrum: the radio frequencies carrying communications, navigation, radar, and the control links of nearly everything that connects to anything. It breaks down into listening, attacking, and protecting your own use of the bands. Since almost everything modern leans on the spectrum, owning it has quietly become the precondition for owning the fight.

Two moves do most of the damage. Jamming buries a frequency in noise so the real signal never arrives. Spoofing is the sneakier cousin: it broadcasts a convincing fake that the target swallows as genuine, handing it false position or identity data while the operator notices nothing wrong. Against satellite navigation, both are now routine in contested airspace and waters.

A companion 2016 NATO CCDCOE paper traced how software-defined radio turned spectrum manipulation from a nation-state craft into something a cheap USB stick and free software could manage. Their warning was blunt: the advantage of obscurity that systems like aviation quietly relied on had become untenable, because unsophisticated actors could now reach the wireless channels that safety depends on.

The paper filed the whole merger of cyber operations and traditional electronic warfare under one label, Cyber Electromagnetic Activities, or CEMA. It is a useful term, because it names exactly the convergence this article keeps circling.

Drone Warfare and the Electronic Warfare Arms Race

Drones are where the spectrum fight grows a body. A modern uncrewed aerial vehicle is a flying computer with wings: a flight controller, communication links, GPS, and sensors, and increasingly an autonomy stack, every layer of it dependent on receiving correct data.

In Ukraine, the math is brutal: a tank worth roughly 12 million dollars can be killedby five FPV drones at about 500 dollars apiece. The same imbalance shows up in defense. While Russia was reportedly running multi-million-dollar systems to jam drones that cost a few thousand. Similar attack and defense cost imbalances are also observed between Israel and Iran’s ongoing conflict.

Drone hegemony over the no-man’s-land between Ukraine and Russiacreated a brutal adaptation loop, and at its core, that loop is electronic warfare. Jamming intensified, so Ukrainian developers switched to frequency-hopping radios and encrypted video. Russian electronic warfare crews countered each fix within weeks. The physics sat on the jammer’s side the whole time, because a jammer parked near a drone overpowers a transmitter sitting kilometers away.

One of the eventual answers was to throw out the radio link altogether. Fiber-optic guided drones trail a glass thread thinner than a hair that carries video and control, with no emissions for electronic warfare to find or jam. The spectrum fight got so vicious that the technology climbed off the spectrum to escape it.

Where it heads next is autonomy and mass. Autonomy sidesteps part of the jamming problem, since a drone that needs no live link cannot be cut off from one. It also opens a fresh set of doors in theAIitself, which becomes a much bigger deal the moment these systems show up in commercial hands.

GPS Jamming and Spoofing: When Military Interference Hits Civilian Systems

This is where the war starts echoing in other places. Military-grade interference leaks straight into civilian aviation, shipping, and logistics, often nowhere near the frontline.

In January 2026, 13 European nations and Iceland put out a joint warning over GPS jamming and spoofing in their shipping lanes, citing interference that endangers maritime safety and global commerce.

Aviation took the same hit. Navigational interference that used to be an occasional nuisance is now nearly constant, and on May 21, the plane flying the UK Defence Secretary home from Estonia had its satellite signal jammed for the whole flight, pushing the crew onto inertial navigation. The trouble has spread well past the Baltic into the eastern Mediterranean, Black Sea, Red Sea, and Persian Gulf. The physical layer is in play too, with undersea cables in the Baltic damaged, including a fiber line between Helsinki and Tallinn.

So why are civilian systems this soft? Because nobody built them for this fight. Core aviation surveillance protocols broadcast without authentication: ADS-B, for example, sends an aircraft’s position and identity withno authentication, so a fake aircraft can be injected with commodity gear and look identical to a real one at the link layer. Independent radar and multilateration catch the obvious fakes, yet the protocol offers no defense of its own.

These systems were built to be safe and reliable, not secure, and they’re slow and costly to change, so the gap stayed open just as the tools to attack them went cheap and mainstream.

Infrastructure, Supply Chains, and Cyber Pre-Positioning

For organizations, the convergence usually arrives through critical infrastructure, energy lines, and the supply chains wired into it. Critical infrastructure is the top cyber battleground, with ransomware, operational technology intrusions, and geopolitically driven campaigns piling up across utilities, manufacturing, healthcare, water, food, and logistics.

The quiet phase deserves as much attention as the loud one. More than a third of global energy and utilities infrastructure is expected to have already seen pre-positioning, meaning quiet access, data collection, and operational mapping by human and AI-assisted adversaries alike.

Pre-positioning is the digital version of moving forces into place before the shooting starts. The access is already there, sitting dormant, before anything visible happens.

Legacy operational technology makes the wound deeper, since industrial control systems were built for reliability and uptime rather than security, which leaves them hard to patch, badly segmented, and tough to watch. Then interdependence does the rest, turning one intrusion into everyone’s problem. Supply chain interdependency is the top ecosystem cyber risk in the World Economic Forum’s Global Cybersecurity Outlook 2026, and 65% of large organizations name supply chain vulnerabilities as their main barrier to cyber resilience.

The forward worry is the whole playbook going automated. Analysts expect hyper-scaled state and non-state actors to field autonomous AI agents that blend cyberattacks, misinformation, and kinetic effects, scaling reconnaissance and timing strikes to global events to muddy attribution…

The upshot is uncomfortable. Organizations are inside the blast radius whether or not anyone aimed at them.

How to Defend Against Hybrid Warfare: Best Practices for Organizations

Conflict rarely stays where it starts. The fighting between Iran, Israel, and the US pulled in Gulf States and the businesses operating there, and because the global economy is so tightly interconnected, the shock did not stop in the Middle East.

The logic behind cyber targeting is far more borderless. Hacktivist DDoS campaigns and APT operations do not wait for you to be a combatant, since a perceived stance or affiliation is enough to land an organization on a list. AI widens the gap further because AI-integrated tooling lets a small crew scale reconnaissance and attacks that once demanded a much larger team.

After government and military, the heaviest and most repeated targeting falls on a familiar set of industries: Financial Services, Transportation and Logistics, Energy and Utilities, Education, Technology, Telecommunications, Media and News, and Healthcare. If you operate in one of these, and especially if your brand carries a visible position or national association, assume you are in scope.

Small and Mid-Sized Organizations

For smaller organizations, the threat is real, but the landscape is too chaotic to chase every signal, and heavy-handed measures rarely pay off. These organizations tend to be hit opportunistically rather than deliberately: defacements against unmanaged websites and systems, or inclusion in a mass DDoS target list, rather than concentrated, hands-on attention.

The right investment is consistent security hygiene. Strong and unique passwords, multi-factor authentication everywhere it fits, and tested backups will absorb the large majority of what actually reaches you.

High-Risk Industries and Larger Enterprises

For organizations in the industries above, the bar rises to a proactive Cyber Threat Intelligence posture. That means monitoring the Dark Web for leaked credentials before they feed data-leak or ransomware operations, maintaining and continuously updating a digital inventory of your external footprint to close the unmanaged assets that invite unauthorized access, defacement, and malware deployment, such as wipers and ransomware, and preparing specifically for DDoS, which remains the single most common attack vector in these campaigns.

Large Enterprises and High-Profile Targets

For the largest and most visible organizations, everything above applies, plus the layers that scale with exposure. Brand Protection and VIP Protection guard against impersonation and targeted operations. Active reputational-risk management matters when fabricated or exaggerated breach claims surface, since the claim itself can do damage before it is verified. And third-party and supplier security becomes central, because interconnection means an attacker can reach you through the weakest vendor in your chain.