Multiple claims regarding the use of cyber attacks have circulated in the aftermath of the US’ Absolute Resolve military operation in Venezuela earlier this month.
What ignited this?
Joint Chiefs Chair General Dan Caine, in the first press conference following the US operation, said that as the US extraction force aboard helicopters began approaching Venezuelan shores the US Cyber Command, and Space Command and other US entities “began layering different effects”. Trump had slightly more to say on this: “The lights of Caracas were largely turned off due to a certain expertise that we have”.
What followed these statements was an effort to explain the surgical nature of the US operation by emphasising the success of US cyber attacks. Therefore, the apparent sub-optimal response of the Venezuelan military, including the Russia-supplied S-300 air defense batteries and China-supplied radars was ascribed to sophisticated US cyber attacks.
It is also interesting how accounts quoted here rarely venture into what exactly happens when electricity supply is turned off in a targeted fashion. While sudden but coordinated power cuts may cause confusion and hamper ancillary military systems, armed forces usually plan for such scenarios and build redundancies in their command and control, communications and air defense systems. How much of Venezuela’s military infrastructure was prepared for power failures is unclear at this moment.
Based on the accounts published in the New York Times, Politico, and the Globe and Mail it is likely that cyber means were employed for targeted grid manipulation. The latest New York Times report by Julian E. Barnes and Anatoly Kurmanaev on this subject notes:
The cyberattack that plunged Venezuela’s capital into darkness this month demonstrated the Pentagon’s ability not just to turn off the lights, but also to allow them to be turned back on, according to U.S. officials briefed on the operation.
Hacking an adversary’s electricity grid is not unprecedented, and it is something that Russia and even the US have been previously accused of in the past. Back home in India, Chinese intrusion into India’s electricity grid has been widely reported as well.
Anything that goes beyond claiming grid intrusion through cyber means is venturing into potentially speculative territory.
Dan Goodin, writing for Ars Technica, has presented a cautious view on the role cyber intrusions played in power cuts. Dan has argued that “there’s reason to withhold final judgment”. Read his reasoning here.
Barnes and Kurmanaev also mention that air defense radars are targeted via cyber means:
The U.S. military also used cyberweapons to interfere with air defense radar, according to people briefed on the matter, who discussed sensitive details of the operation on the condition of anonymity.
But there is not much information Barnes and Kurmanaev provide to substantiate this claim. Information that substantiates such claims may never come out as well.
Check these stories in the South China Morning Post, New York Times and RUSI for some explanations on why the Venezuelan air defense systems did not work.
Based on what is known publicly, here are some preliminary assessments:
There was likely a cyber aspect in Caracas going dark but the role (and the extent of it) that poor grid infrastructure played cannot be ascertained with certainty.
It is unlikely (but not impossible) that cyber means alone succeeded in suppressing Venezuela’ air defense systems. Electronic/kinetic means and the sub-optimal deployment condition of air defense systems may have helped. But assistance rendered by factions within the Venezuelan military/political elite cannot be ruled out. The way the US is approaching Venezuela’s Interim President Delcy Rodríguez hints that some understanding was reached before Operation Absolute Resolve.
Cyber likely played a role in gathering intelligence, especially information required to extract Maduro.
Russia and China would closely study Operation Absolute Resolve to understand (and potentially replicate/defend from) the cyber aspects.
If the state of ambiguity around cyber means festers, then countries may draw worst-case-scenario assessments about US’ cyber capabilities — this may shape cyber deterrence equations that the US has with its adversaries.