On June 18, 2026, Ondas Inc. (Nasdaq: ONDS) announced a definitive agreement to acquire Cyberhawk Holdings Limited for approximately $125 million, roughly 95% in cash, with Cyberhawk leadership rolling about $5 million of proceeds into Ondas common stock under a one-year lock-up. The deal is expected to close in the third quarter of 2026, subject to regulatory approval. The market filed it under recurring revenue and drone inspection. Read through a security lens, it is something else: the transfer of one of the largest private repositories of critical-infrastructure asset intelligence in the West into the custody of a U.S. defense contractor.
What Ondas Actually Bought
Cyberhawk does not sell cybersecurity software. It sells drone-based inspection, visual data management, and AI-enabled analytics through its cloud platform, iHawk, serving utility, energy, and industrial operators. The footprint is what matters: operations in 40 countries, more than 300 customers, over 500,000 infrastructure assets inspected, and more than 232 terabytes of proprietary inspection data. The customer list reads like a target deck for any adversary mapping Western energy systems — PG&E, Southern California Edison, Shell, SSE, ESB, Qatar Energy, and Bechtel. The financials are clean for a software-services business: north of $45 million in forecast revenue for the fiscal year ending March 2027, roughly 95% recurring, a $95 million backlog, and high-single-digit EBITDA margins management intends to push past 25% by 2030. The product is the inspection. The asset is the data layer underneath it.
The Data Is the Target
That 232-terabyte archive is precisely the class of information that state actors are spending years trying to steal. Volt Typhoon, the China-linked group pre-positioned inside U.S. critical infrastructure, spent 2025 shifting from IT-network espionage toward directly interacting with operational-technology devices and lifting sensor and operating data. In one documented case, intruders held access to a small Massachusetts electric utility’s OT network for close to a year — not to cause an outage, but to exfiltrate grid layout and operating procedures useful for planning a future physical attack. The recurring warning from infrastructure-security researchers is that geospatial and asset data can be weaponized for industrial-control-system intrusion. Cyberhawk has spent a decade voluntarily assembling exactly that: a high-resolution, asset-level map of grids, pipelines, substations, and energy plants across the West. Whoever holds it holds a reconnaissance database as much as a maintenance database.
Where Physical and Cyber Converge
The deal makes sense only if you accept that critical infrastructure protection is collapsing into a single problem. Physical inspection, counter-drone defense, intelligence-surveillance-reconnaissance, and OT/ICS security are no longer separate disciplines bought from separate vendors; they are one situational-awareness layer. Ondas brings the threat-facing half — counter-drone systems, ISR, loitering munitions, a roughly $457 million defense backlog, and a Palantir Foundry integration. Cyberhawk brings the asset-facing half — condition intelligence and the data that makes it actionable. Combined, the platform sits directly on the physical-cyber boundary of infrastructure defense. Detecting a hostile drone over a substation and assessing that substation’s structural condition become functions of the same console.
Custody, and Concentration Risk
The security read cuts both ways. The protective case is real: a strategically sensitive dataset of allied energy infrastructure is arguably safer under U.S., defense-grade custody than inside a standalone commercial vendor with a vendor’s security budget. The concentration case is equally real. Aggregating grid, pipeline, and energy intelligence for blue-chip operators across 40 countries into one platform turns that platform into a higher-value target, with the supply-chain and insider exposure that follows. It also enlarges the regulatory surface — NERC CIP in the United States, the 72-hour incident-reporting clock under CIRCIA, and NIS2 obligations across the European customer base. The value of this data to defenders and to attackers rises in lockstep. Centralizing it does not change that; it concentrates it.
The Market and the Tape
Capital is already moving into infrastructure defense. The consolidation in OT and critical-infrastructure security — Accenture taking a stake in Dragos and acquiring runZero and NetRise among them — signals where the money is going. The regulatory backdrop is mixed but directionally supportive: the March 2026 U.S. cyber strategy foregrounds critical-infrastructure security even as it trims compliance burden, while Europe pushes the other way through NIS2. Ondas frames a $3.7 to $4 billion infrastructure-intelligence market growing better than 20% a year. The buyer can afford the entry: first-quarter 2026 revenue of $50.1 million, more than ten times the prior year, a full-year target raised above $390 million, and roughly $1.48 billion in cash that funds this deal almost entirely without new equity. The offset is dilution already on the books. Shares outstanding ran from about 93 million at the end of 2024 to roughly 469 million by March 2026, alongside a warrant liability near $1.1 billion. Ondas is buying recurring revenue and a data moat on a balance sheet built from relentless equity issuance.
The Read
The press release calls it software, data, and AI. The cleaner description is a security event. The most detailed inventory of Western critical infrastructure in private hands just moved under a U.S. defense contractor — and that makes the data both safer and more dangerous at the same time. The only question that matters from here is whether Ondas can defend what it now owns better than the operators who generated it ever could.
Leave a Reply