As Venezuela endured one of its worst blackouts in recent memory this week, the government repeatedly claimed the widespread outage of power, phone and internet was due to a foreign cyberattack attempting to unseat its president. While the reality is that Venezuela’s blackout was most likely due to chronic underfunding of its electrical infrastructure and deferred maintenance, the idea of a foreign nation state manipulating an adversary’s power grid to force a governmental transition is very real.
The scenario is exactly the concept of “cyber first strike” in which governments would increasingly turn to cyberwarfare either on its own or as part of hybrid warfare to weaken an adversary prior to conventional invasion or to forcibly and deniably effect a transition in a foreign government.
Interrupting power and water supplies, disrupting traffic patterns, slowing or interfering with internet access, causing smart homes to go haywire and even remotely triggering meltdowns at nuclear power plants were all topics increasingly being discussed in the national security community at the time as legitimate and legal tactics to undermine a foreign state.
In the case of Venezuela, the idea of a government like the United States remotely interfering with its power grid is actually quite realistic. Remote cyber operations rarely require a significant ground presence, making them the ideal deniable influence operation. Given the U.S. government's longstanding concern with Venezuela’s government, it is likely that the U.S. already maintains a deep presence within the country's national infrastructure grid, making it relatively straightforward to interfere with grid operations. The country’s outdated internet and power infrastructure present few formidable challenges to such operations and make it relatively easy to remove any traces of foreign intervention.
Widespread power and connectivity outages like the one Venezuela experienced last week are also straight from the modern cyber playbook. Cutting power at rush hour, ensuring maximal impact on civilian society and plenty of mediagenic post-apocalyptic imagery, fits squarely into the mold of a traditional influence operation. Timing such an outage to occur at a moment of societal upheaval in a way that delegitimizes the current government exactly as a government-in-waiting has presented itself as a ready alternative is actually one of the tactics outlined in my 2015 summary.
On the other hand, outages are commonplace in Venezuela due to years of grid mismanagement. The country’s power grid does not need the help of the NSA to experience yet another shutdown. Indeed, last week’s outage was far more likely to have been just the natural result of poorly maintained generation and distribution equipment than to have been a targeted U.S. cyberattack.
Yet, this is precisely why cyberwarfare is so powerful as an influence tool. Most countries, including the U.S., have experienced concerns over their aging and increasingly overloaded utilities infrastructure. A power plant shutting down due to a malfunctioning piece of equipment or an overloaded transmission line failing are more likely to be chalked up to underinvestment than to a foreign cyberattack. A failed power line sparking a massive wildfire would be dismissed as poor preventive maintenance rather than deliberate foreign sabotage.
Influence operations are designed to silently nudge a country towards a particular outcome. Aging utilities infrastructures offer a perfect vehicle for such operations, since the blame for grid failures typically falls upon government officials for failing to adequately oversee that infrastructure, even when it is owned and maintained by private companies. Cyberattacks against utilities have the ability to disrupt all facets of modern life and generate mediagenic imagery without undue risk to the initiating country, making them an almost perfect weapon.
Putting this all together, it is extremely likely that this past week’s blackout in Venezuela was the simple result of the country’s own infrastructure problems rather than a targeted cyber action by the United States designed to oust President Maduro. Yet, the inability to definitively discount U.S. or other foreign intervention, whether deliberate or accidental, demonstrates the incredible power of using cyberattacks to target utilities. Such outages can quickly turn a population against its government while making it almost impossible to definitively prove foreign intervention.
In the end, regardless of what actually happened this past week in Venezuela, it is likely that cyber-based infrastructure attacks will continue to grow as a weapon of modern warfare.