Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela

On 3 January 2026, US forces conducted Operation Absolute Resolve – a multi-domain operation to capture Venezuelan President Nicolás Maduro. The operation followed months of military buildup and escalating pressure, including the seizure of oil tankers carrying Venezuelan crude. Chair of the Joint Chiefs of Staff, General Dan Caine, noted in the press conference that as they approached Venezuelan shores in the early hours of 3 January, forces began ‘layering different effects’ provided by Space Command, Cyber Command and other agencies to ‘create a pathway’ for the operation.

President Trump added that the ‘lights in Caracas were turned off due to a certain expertise we have.’ These two brief mentions, albeit vague, were enough to trigger speculation of cyber capabilities to create the blackout. We lack detail on what Cyber Command actually delivered – reconnaissance, disruption, or both.

This commentary argues that analysing Operation Absolute Resolve through a cyber effects lens alone is insufficient. The operation's lessons emerge only when situated within Venezuela's precarious infrastructure, the strategic calculus of how cyber plays into multi-domain operations, and the broader political objectives – particularly oil – that shaped US decision-making.

On the Blackout: Exploiting Strategic Vulnerabilities?

Any assessment of a potential cyber effect’s role must reckon with a basic fact that Venezuela's power infrastructure has been failing for years.

The country invested heavily in hydroelectric power to preserve oil reserves for export, with the Guri dam suppling approximately 70-80% of the country’s electricity. Yet this concentration created fragility. Hydroelectric power requires diversification to account for natural unpredictability and Venezuela never built that redundancy, making it a considerable chokepoint to national power supply.

Earlier with Chavez in 2010 and again in 2013 and 2016 with Maduro, the government declared state of emergency and implemented planned blackouts and reduced the working week to two days with the purpose of cutting down consumption during droughts that had led to severe power outages. On all occasions, the government blamed the opposition; but corruption, lack of maintenance and lack of diversification of energy sources have been the main underlying causes of power cuts across the country.

However, the 2019 blackout was different and so was Maduro’s response. Between 18 and 23 states lost power. Reports indicated 26 deaths, including six children, as hospitals struggled to maintain life-saving equipment. Telecommunications and internet access were down. Not only was this reportedly the most critical power outage in Venezuela but Maduro accused the United States of an ‘electromagnetic attack,’ claiming the Pentagon and US Southern Command had executed a ‘cyber-attack against the electrical, telecommunication and internet systems.’ He asked Venezuela's supreme court to also investigate opposition leader Juan Guaidó for alleged involvement in ‘sabotage’.

Most experts dismissed these accusations and attributed the 2019 blackout to infrastructure decay – specifically, a fire that destroyed transmission lines from the Guri dam to Caracas. Despite Maduro's accusations being widely dismissed they make for an important precedent. They highlight that Venezuela views cyber operations as part of the US coercive toolkit, and it was the first time Caracas made this attribution to Washington.

Regardless of whether cyber was used in Operation Absolute Resolve to produce the power outage, the lack of maintenance and instability of Venezuelan infrastructure already makes it hard to distinguish deliberate cyber effects from systemic failure. It operationally presents both an opportunity and a challenge in thinking about calibrating cyber effects in such context. The grid was already a strategic vulnerability, exploiting it would not require sophisticated capabilities than targeting well-maintained infrastructure – primarily good timing. Yet this degradation creates a paradox where systems may be easier to compromise, but effects are harder to calibrate and contain due to unpredictable failures across inadequately maintained systems.

The same uncertainty applies to Venezuelan air defences. Despite claims of Russian and Chinese-supplied systems, their operational status and capacity remains unclear. If these systems were degraded or poorly maintained, disabling them may have required less than reports suggest – whether through cyber means, jamming, or kinetic strikes.

While the story of previous blackouts is distinct from the context of the blackout in Operation Absolute Resolve – which relied on kinetic (jamming and graphite bombs) and possibly cyber effects combined – it provides important background that raises the question of the reliability of Venezuela’s infrastructure and highlights the precedent Maduro set by calling out the US’s cyber capabilities (albeit with no supporting evidence whatsoever).

On the Use of Cyber Capabilities: What Can We Actually Assess?

Cyber Command could have performed at least two roles in Operation Absolute Resolve, neither mutually exclusive: intelligence collection to support operational planning, and/or delivering effects to disrupt power or communications and enable the mission. Moreover, these effects, rather than unilaterally produced, would have been delivered in coordination with other capabilities – the ‘layered effects’ – such as the EA-18G Growler electronic warfare aircraft potentially used for jamming Venezuelan radars and air defences as well as the Blu-114 bomb, also called ‘graphite bomb’ that is used to disable electrical grids.

The tactical case for cyber effects in kinetic operations is often overstated. Cyber operations are notoriously difficult to scale and calibrate compared to kinetic options. Bombing infrastructure offers more certainty than cyber effects. If a military operation is already underway, bombing infrastructure offers certainty that cyber effects struggle to match.

Yet cyber excels in other domains. It creates fog during initial deployments – confusion and uncertainty that complicate adversary response. The GRU-linked Sandworm unit demonstrated this in 2022 by coordinating cyber-induced power disruptions with Russian missile strikes during the full-scale invasion of Ukraine, then deploying wiper malware to compound the damage. Cyber also provides superior reconnaissance value, enabling planners to understand target environments before committing kinetic assets.

If the US did use cyber capabilities to deliver the Caracas blackout, the public acknowledgement, however lacking in detail, is significant. Most governments do not disclose offensive cyber operations. Boasting about capabilities is not the usual game. Although the US Cyber Command was established in 2010, it was only in 2016 that they publicly acknowledged using offensive cyber capabilities to disrupt the operation of ISIS’s global media operations and propaganda (Operation Glowing Symphony). The UK similarly deferred any public acknowledgement until ;2018 – and, in this case, also against ISIS. Adversaries learn from disclosed tactics and access to compromised networks becomes harder to maintain once operations are revealed.

It is telling that Cyber Command, unlike Space Command, has remained silent. The operational logic favours secrecy – maintaining access, preserving future options, avoiding unnecessary disclosure about methods and targets. Yet this preference for silence may conflict with broader pressures – from Trump or other national security figures – to showcase multi-domain power projection, including cyber. The tension between operational security and political signalling might have aligned for a one-off raid, but it remains to be seen whether appetite to be bolder in communicating the use of offensive cyber will support or not operational delivery in the future.

In a context of an operation such as this, the US will seek to prepare for all possible outcomes and use all resources at their disposal – where cyber can be deployed to disrupt communications, delay deployments from the Venezuelan side, deliver direct power outage in locations beyond the perimeter of the effects delivered by jamming and graphite bombs, and/or be a backup plan to the disruption of the power grid in case existing (and preferred) options fail to fully disable air defences, to name a few.

Even if assuming cyber caused the blackout, this alone would not explain operational success. The mission depended on disabling air defences – achievable through jamming or kinetic means regardless of grid status. Large-scale cyber effects operations would also have risked exposing vulnerabilities previously exploited for access, burning capabilities that may prove more valuable for post-operation monitoring than for the operation itself.

On Strategic Gains: The Oil Game

Cyber capabilities cannot be analysed in isolation from the political objectives that shaped this operation. Trump made those objectives explicit and one of the primary ones is access to Venezuelan oil. Cyber operations, in this framing, are not discrete tactical tools but components of a broader campaign of economic and political pressure.

On 6 January, Trump announced on social media that Venezuela would ‘turn over’ up to 50 million barrels of oil to the United States, to be sold at market price. While the White House claimed a deal had been struck, Petroleos de Venezuela S.A. (PDVSA), the state-run oil and natural gas company, stated that negotiations remained ongoing. The gap between announcement and reality is characteristic of this administration – but the strategic intent is clear.

This context reframes earlier incidents. In December 2025, PDVSA suffered a cyberattack that took down its website and reportedly suspended oil cargo deliveries. The attack came one week after the US military seized the PDVSA tanker Skipper, carrying nearly two million barrels of Venezuelan crude destined for Cuba. PDVSA publicly attributed the cyberattack to the US government, though cybersecurity researchers and experts have not independently confirmed this attribution.

The tanker seizure, the cyberattack and Operation Absolute Resolve form a sequence: escalating coercive measures aimed at securing US access to Venezuelan oil.

Were such a cyber operation eventually verified, it would not be unprecedented in Trump administration practice. Back in 2019, the first Trump administration reportedly authorised the US Cyber Command to conduct attacks against Iranian intelligence in response to escalating tensions in the Strait of Hormuz following the downing of an American drone and two tankers (one carrying oil and another a cargo of chemicals). Despite cyber intrusions purportedly being a response conducted right after Trump called off a direct strike on Iranian targets – and thus seen as a measured retaliation for escalation management – and despite knowing that the context and objectives of that mission were distinct from the circumstances around operations against Venezuela, it still provides useful background on the use of cyber capabilities in Trump’s toolbox. The Venezuelan PDVSA case shows us that if the US used cyber capabilities, it is a public glimpse of the use of cyber across multiple political, military and economic objectives.

If Cyber Command has maintained persistent access to Venezuelan networks – PDVSA, the power grid, communications infrastructure – the value of that access extends well beyond any single operation. Continuous monitoring of political instability, economic negotiations and potential resistance to US objectives may prove as strategically significant as the initial disruption. There is still a government in place and Trump has, for now, agreed that the interlocutor to engage with is still a regime-loyalist: vice president, Delcy Rodríguez.

Even so, the unpredictability of the Trump administration’s next steps makes it hard to assess what will unfold in the post-operation environment. Trump has not ruled out ‘boots on the ground’ in Venezuela. If further operations become necessary, pre-positioned cyber access to communications, infrastructure and strategic assets will be fundamental – both for operational planning and for assessing instability in real time.

Until Further Notice: Distinguishing Evidence from Inference

We can only speculate about which cyber capabilities were deployed in Operation Absolute Resolve and how they contributed to operational success. The available evidence permits several interpretations, and responsible analysis requires acknowledging that uncertainty. However, we can reflect on the following and use those to inform future analyses.

First, Venezuela's infrastructure was already a strategic vulnerability. The 2019 blackout demonstrated systemic fragility and exploiting that fragility in 2026 would not arguably require exceptional capabilities – the challenge lies in coordinating the timing, scale and layering of that exploitation in a strategic manner.

Second, the US almost certainly maintained access to Venezuelan networks for intelligence purposes prior to the operation. Whether that access was used to deliver effects, or reserved for reconnaissance and post-operation monitoring, remains unknown.

Third, even if cyber caused the blackout, the decisive factors in the operation lay elsewhere. Disabling air defences, coordinating multi-domain assets and executing the extraction of Maduro depended on capabilities that cyber could support but not replace.

Fourth, the political objectives of Operation Absolute Resolve – particularly oil access – suggest that cyber operations should be understood as part of a broader coercive campaign, not as isolated tactical tools.

Fifth, the tension between operational secrecy and political signalling will shape how much we ever learn. Cyber Command's silence is consistent with standard practice; Trump's suggestive comments are also in line with his preference for projecting strength. However, even if we cannot single out the cyber component of the operation, the ‘layering of effects’ mentioned by General Caine reminds us that deterrence is enabled by cyber rather than unilaterally ensured by it.

Sixth, the ‘Donroe Doctrine’ – the US reassertion of primacy in the Western Hemisphere – contextualises Trump's approach to Venezuela as part of his broader effort to project US power and interests over the region. Cyber is one tool among many to achieve this objective. In the same way that it would be unsurprising to discover that cyber delivered some effects in Operational Absolute Resolve and that the US was prepositioned in networks well before that, it would equally be unsurprising to see interagency groups drawing up potential scenarios for layered effects in other parts of the region. Whether cyber features prominently in future interventions is context-dependent, however, the Operation does reinforce the comeback of the ‘Monroe’ Doctrine with ‘a twist’ and the ‘peace through strength’ approach set out in this administration’s National Security Strategy.

Seventh, if the US and other allies were observing Russia’s use of cyber effects as a supporting element to its 2022 full-scale invasion of Ukraine, China and Russia are now paying attention to the use of cyber in this context as well: a short and contained raid. Not that they will use it in the same way but that they are taking note of the layering of effects delivered in crises such as this.

Many researchers, including myself, noted that cyber delivered less decisive effects than anticipated within a full-scale military invasion in 2022 but the key to pay attention here is not the unilateral decisiveness of cyber capabilities but precisely on how cyber can ‘create a pathway’ more effectively. Studying cases such as these will allow allies and adversaries alike to grasp how variables such as timeframe, scale, context and objectives of the operation determine greater/smaller outcomes from cyber capabilities and campaigns.

Operation Absolute Resolve offers a deceptively clear case study of overwhelming force, precise intelligence, multi-domain coordination and a degraded target that could not effectively resist. Yet the role that cyber capabilities might have played in this success remains opaque by design. The deeper lesson here is not about cyber capabilities themselves, but about how they function within specific contexts. Venezuela's precarious grid made any disruption strategically consequential. Its degraded air defences meant that cyber support to electronic warfare became difficult to distinguish from electronic warfare alone.

In assessing Operation Absolute Resolve's implications, we must resist the temptation to over-index on the role of cyber capabilities. The operation succeeds as a case study precisely because it publicly muddies rather than clarifies what offensive cyber can achieve in military contexts and that muddiness will shape how adversaries and allies learn and design their own defences and offensives moving forward.

© RUSI, 2026.

The views expressed in this Commentary are the author's, and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.

Have an idea for a Commentary you'd like to write for us? Send a short pitch to commentaries@rusi.org and we'll get back to you if it fits into our research interests. View full guidelines for contributors.