Cyber isn’t the whole story in Venezuela—but it’s a key takeaway
29 Jan 2026|, and ASPI staff

For Australia and the Indo-Pacific, one of the more consequential and under-recognised takeaways from the United States’ operation in Venezuela is how cyber and digital effects were integrated alongside kinetic force.

After Operation Absolute Resolve, President Donald Trump openly suggested US ‘technical expertise’ was responsible for power and communications disruptions in Caracas. Senior US military leaders described the deliberate layering of effects across multiple domains, including cyber and space, to shape the operational environment.

There’s not yet a definitive public account of whether the outages resulted from cyber intrusion, electronic warfare, physical sabotage or some combination of those. Perhaps what matters more is the increasingly public acknowledgement that cyber effects were used as enablers of manoeuvre, reducing risk to US helicopters and ground forces. Cyber was integrated into the operation, degrading Venezuela’s ability to see, communicate and respond at critical moments.

This is not an isolated development. Following US strikes on Iranian nuclear facilities in 2025, Pentagon briefings acknowledged support from the US Cyber Command and Space Command as part of the strike package. We also saw cyber being used offensively against Iran during Barack Obama’s presidency. Cyber and space are being embedded as mission support, not parallel campaigns. Venezuela reinforces the same logic: preparing the battlespace now routinely includes digital terrain.

That said, we should avoid reviving the term ‘cyberwar’ in its more sensational form. Cyber does not replace kinetic force; it precedes and accompanies it. It’s used to degrade adversary awareness, compress reaction times, create localised windows of advantage and manage escalation through effects that are often reversible and deniable. Bots are not at war alone, but rather part of the force package.

In Venezuela, cyber capabilities may also be used in the coming months to pressure the Rodriguez administration if it resists US demands. Rather than escalating through further kinetic strikes, these tools offer ways to disrupt power, telecommunications and other critical services while staying below political and military thresholds. Cyber is reversible, non-lethal and plausibly deniable, providing decision-makers with a flexible pressure tool.

Some have argued that cyber is poorly suited for this purpose, the suggestion being that cyber lacks the visceral weight of military force, its effects are uncertain and capabilities are revealed after use. Most cyber operations are covert, lacking the ‘do this, or else’ clarity that effective coercive threats require. But in this phase of the crisis, that matters less. Force has already been used and still looms in the background, and Venezuela has limited cyber defence capability. Even if individual vulnerabilities are patched, the US may have enough access points to sustain pressure over time.

It’s more useful to think of this not as coercion aimed at a single dramatic capitulation, but as a pressure campaign that shapes a series of smaller decisions. This is no different to findings on economic sanctions: the success rate is highly sensitive to the policy goal. Cyber effects could keep Caracas tracking US preferences, rather than seeking regime change or surrender.

This means Venezuela doesn’t just demonstrate precision US cyber capabilities in a comparatively permissive environment, and the resultant ability to impose costs on China and Russia indirectly; it also shows how fundamentally different any head-on contest would be against capable, resilient adversaries such as Beijing and Moscow themselves.

For Australia, this matters because it frames how we should think about national systems and critical infrastructure. Venezuela is a reminder that power, telecommunications, cloud services and industrial control systems are operational terrain—potential targets used to shape decision-making and constrain response options in a crisis.

It also sharpens the case for taking ‘assume compromise’ seriously. This approach treats system compromise as a baseline condition, shaping cyber defences around continuous monitoring, damage limitation and rapid recovery. Sophisticated cyber actors are not noisy or impatient. They are persistent, well-resourced and often pre-positioned long before disruption occurs. Some cyber security experts have already suggested the uncomfortable questions that follow: how long could an advanced actor persist without detection? Are we actively hunting, or merely waiting for alerts? Could we operate if primary systems went dark?

In this context, resilience becomes a form of deterrence. Out-of-band communications, manual fallbacks and rehearsed degradation scenarios reduce the payoff of coercive cyber effects and complicate adversary planning. Resilience is not just about recovery; it shapes calculations before a crisis begins.

For its part, Australia’s posture is moving in the right direction. The Department of Home Affairs, through the Security of Critical Infrastructure framework, has encouraged owners and operators of critical infrastructure to think beyond baseline cyber hygiene and towards continuity under stress. The National Cyber Security Coordinator reflects recognition that infrastructure-scale incidents are national security events. The Australian Signals Directorate continues to emphasise intelligence-led defence: finding patient adversaries, not just blocking commodity threats.

Infrastructure operators are increasingly testing degraded-mode operations—how systems function under stress, disruption or partial failure—alongside assume-compromise scenarios. This reflects a growing recognition, as we see with Venezuela, of how political and strategic leverage can be accumulated in advance of overt confrontation, rather than achieved through a single decisive act.

Beijing and Moscow—which have both invested in and supported Venezuela while hardening their own systems against similar offensive cyber effects—will study these events closely but will likely draw different lessons.

China is likely to see the operation in Venezuela as confirmation of an approach it’s already refining: synchronising cyber, electronic warfare, information operations and military manoeuvres to compress decision-making timelines. This aligns with Beijing’s coercive activity around Taiwan, where cyber pressure has repeatedly coincided with military exercises and political signalling. Beijing’s takeaway will be about timing and integration rather than spectacle.

Russia’s calculus will likely be different. Moscow has long treated civilian and economic infrastructure as legitimate pressure points, favouring persistent, deniable and corrosive activity over rapid dominance. Events in Venezuela have reinforced that US effects can overwhelm permissive adversaries quickly, but Russia is more likely to persist in responding indirectly through sabotage, disruption and influence operations rather than symmetrical confrontation. For Moscow, grey-zone cyber remains a cost-imposing tool designed to wear systems down over time.

Among deeper takeaways from the US operations in Venezuela is that the pace of offensive cyber capability development demands sustained effort, mature threat hunting and frank acceptance that digital systems are now embedded in strategic competition. Cyber is not the whole story. But it is unmistakably a key part of it.

 

This article draws on similar content that has been published separately in Lawfare.

Author

Jason Healey is a senior research scholar at Columbia University’s School for International and Public Affairs. He helped to create the world’s first cyber command in 1998, the US Joint Task Force for Computer Network Defence, and later served as a director for cyber policy at the White House. James Corera is director of ASPI’s Cyber, Technology and Security program. Jason Van der Schyff is a fellow with ASPI’s Cyber, Technology and Security program. His research focuses on sovereign industrial capability, secure hardware, and the resilience of critical technology supply chains.

 

Image: burcu demir/Getty Images.

 

AI contributed no ideas to this article—Jason Healey, James Corera and Jason Van der Schyff.

Tags
Share

The Strategist — The Australian Strategic Policy Institute Blog. Copyright © 2026