War is now a business operations problem

When Iran went to war with the US and Israel earlier this year, it didn't limit its targets to military assets. Iranian drones and missiles struck two Amazon Web Services (AWS) data centers in the UAE and a third in Bahrain, the first time a country has deliberately targeted commercial cloud infrastructure in wartime, along with oil refineries and tankers in the Persian Gulf, civilian airports, aluminum smelters responsible for a meaningful share of the world's primary aluminum supply, and desalination plants that much of the Gulf depends on for drinking water. AWS said in May that fully restoring the affected region would take several months; those facilities are still degraded. This is a business operations problem now, a board-level liability problem, and soon a regulatory and communications problem, whether or not most companies have started treating it as one.

The Wall Street Journal investigation published this weekend maps the scope of this, and its conclusion is effectively that the infrastructure many companies built was designed for cost efficiency, not for withstanding a military attack, and defending it now increasingly calls for the kind of protection that used to be an exclusively government / military responsibility.

The fight taking shape is over cost and liability as much as it is security. In Germany, private-sector and municipal utility associations are pushing back on new physical protection standards, warning the requirements could bankrupt smaller operators. In New Zealand, industry groups are fighting a proposal to fine companies and their directors over cybersecurity breaches. In the US, CISA (created in 2018 specifically to help protect private-sector infrastructure) has lost roughly a third of its staff and close to $500 million in budget this year. In April, the FBI and CISA jointly warned that Iran-linked hackers were exploiting internet-connected control systems at American water and energy facilities. In every case, the line between what a private company must defend and what a government is responsible for deterring hasn't really been fully drawn.

The organizational response is already moving faster than most comms functions have caught up to. In May, a group of resilience specialists and academics made the case in Harvard Business Review for a dedicated Chief Resilience Officer role, arguing that the scale of potential liability from infrastructure disruption now demands board-level ownership, much like the CFO role gained standing after the financial shocks of the 1990s. CrowdStrike, Goldman Sachs, Novo Nordisk, and Allianz have all created the role already. Noel Hacegaba, CEO of the Port of Long Beach which moves $300 billion in cargo annually and opened its own cyber defense operations center in May has said for months that ports now sit "at the intersection of trade, geopolitics, climate and technology," every force reshaping the world converging on a single piece of infrastructure. Vodafone made a similar argument to European policymakers in a January report, urging governments to treat secure connectivity as a strategic security asset rather than a commodity, and to build real incentives for the companies investing in resilience rather than leaving them to absorb the cost alone.

Your CEO is likely to face a version of this question before the year is out whether its from investors, from board members, from large clients, possibly from regulators. So, it's worth finding out which of your company's buildings, vendors, and data actually count as "critical infrastructure" under the new rules governments are writing, and who's supposed to be keeping track of that. If nobody is, that's your chance to grab that job before someone else does it for you.

Second, before anyone hands you an org chart that's already decided this without asking you, go make the case for why resilience communications should sit with your team, not legal, not risk, not some brand-new Chief Resilience Officer role that gets created around comms.

And third, write the brief before you need it: a simple, BOD-ready summary of what your company is actually doing to protect itself, so that when a big client, an investor, or a reporter asks, you already have something ready to hand them instead of scrambling to write it on the spot.

OpenAI wants a government stake and the comms problem is what comes next

OpenAI has offered the US government a 5 percent ownership stake in the company, worth around $42.6 billion at OpenAI's current $852 billion valuation, as part of becoming a normal for-profit business instead of a nonprofit. The Financial Times broke this, and CNBC and TIME have both confirmed it. Sam Altman has also floated the idea that Google, Meta, and Anthropic could give up similar stakes through a shared fund, modeled on how Alaska pays residents from its oil money but none of those companies have said yes.

Obviously, nothing's final. This could fall apart, get scaled back, or take years. But treat this as the first real test case of something bigger which is governments taking ownership stakes in companies as a new way to manage them, instead of just regulating or taxing them. That's a massive shift in how government relations works, and it's not just a legal or lobbying question but also a communications question too, for reasons that go past "would we ever do this."

Here's the part that actually matters for you, even if your company is nowhere near this deal:

If the government ends up owning pieces of a handful of AI companies but not others, that's picking winners. But it hands every company left out a gift. Companies that don't take government money get to say "we compete because we're better, not because we cut a deal in Washington." That's a real, usable message, and whoever says it first and most convincingly owns that territory. If you're one of the companies that didn't take a stake like this, start thinking now about whether "independent" might be part of your story because a competitor will get there if you wait.

If your company ever does take money like this, you need an exit story before you take the money, not after. Go back and look at what happened to General Motors, AIG, and Chrysler after the 2008 financial crisis bailouts. All three took years to shake the "the government owns us" label, partly because none of them had a clear, public answer for how and when that would end. GM eventually ran ads specifically about paying back its loans, because "when do we become independent again" turned out to be a question that needed its own answer, not just a footnote. Any company considering a deal like OpenAI's needs that same answer ready before the announcement; not the deal terms, the actual story of how this stops being permanent.

If you're not near this kind of deal, don't ignore it, decide now whether "we're independent" becomes part of how you talk about your company, before someone else claims that space. If your company is even loosely in these conversations, make sure someone is asking the "how does this end" question out loud before the deal gets signed, not after a reporter asks it for you.

Keep Reading