[co-author: Michael Kurzer]
Behind the major headline of the U.S. capture of Nicolas Maduro earlier this year was the U.S. cyber operation which disabled power in parts of Caracas, ensuring safe passage of the Delta Force and other U.S. personnel. While such a cyber operation may sound ground-breaking, other nations and criminals have been using cyber intrusion tactics for many years to target the computer networks that support U.S. critical infrastructure, including energy grids, water systems, transportation, and communication systems. The Russian Foreign Intelligence Service cyberattack on SolarWinds, a ransomware attack on the Colonial Pipeline, and the cyberattack on the billing platform of American Water are notable examples. Companies tasked with securing networks supporting critical infrastructure are up against sophisticated and patient adversaries and must be up to speed on developing cyberattack tactics, techniques, and procedures. Given the threat to national security and U.S. economic dependence on critical infrastructure, this is not only an issue for the U.S. Government, but it is prudent for those in the private sector to understand the threat and to partner with and take advantage of federal resources focused on securing critical infrastructure.
On January 3, 2026, the United States military and federal law enforcement executed Operation Absolute Resolve in Caracas, Venezuela to capture and detain Nicolas Maduro and his wife, Cilia Flores.[1] According to reporting by the New York Times, the operation was extensively planned and involved a remarkable number of United States personnel and aircraft.[2] It was reported that the United States conducted a cyber operation to cut the power to parts of Caracas to allow the United States aircraft to approach without detection.[3] During a press conference following the operation, President Trump stated that “the lights of Caracas were largely turned off due to a certain expertise that we have.”[4] Other U.S. officials stated that the “operation combined land, air, space, and cyber elements.”[5]
The U.S. operation in Caracas was not the first time a cyber intrusion on systems supporting critical infrastructure was used to facilitate a miliary operation. A briefing for the European Parliament shared an extensive timeline of cyber-attacks by Russia against Ukraine starting in 2014.[6] The report states that Russia launched a distributed denial-of-service (DDoS) attack on computer networks in Ukraine days before a referendum vote on the status of Crimea.[7] Later, approximately an hour before Russia’s invasion of Ukraine on February 24, 2022, it launched a cyberattack on Ukraine’s communication system and satellite network.[8]
According to the March 2025 Annual Threat Assessment (ATA) of the U.S. Intelligence Community, which is published by the Office of the Director of National Intelligence, “Russia will continue to be able to deploy anti-U.S. diplomacy, coercive energy tactics, disinformation, espionage, influence operations, military intimidation, cyberattacks and gray zone tools to try to compete below the level of armed conflict and fashion opportunities to advance Russian interests.” (emphasis added).[9] The ATA report further states that, “Russia’s advanced cyber capabilities, its repeated success compromising sensitive targets for intelligence collection, and its past attempts to pre-position access on U.S. critical infrastructure make it a persistent counterintelligence and cyber attack threat.”[10]
Russia is far from the only threat to U.S. critical infrastructure. The ATA notes that “[a] range of cyber and intelligence actors are targeting our wealth, critical infrastructure, telecom, and media…” and “China stands out as the actor most capable of threating U.S. interests globally… .”[11] In describing the threat posed by China, the ATA report states that China: (i) “has demonstrated the ability to compromise U.S. infrastructure through formidable cyber capabilities that it could employ during a conflict with the United States”; (ii) “remains the most active and persistent cyber threat to the U.S. government, private-sector, and critical infrastructure networks”; and (iii) has instituted a “campaign to preposition access on critical infrastructure for attacks during crisis or conflict” known as Volt Typhoon, with China’s compromise of U.S. telecommunications infrastructure, referred to as Salt Typhoon.[12]
What can U.S. companies do to prepare for these threats? The principal agency charged with protecting U.S. critical infrastructure is the Cybersecurity and Infrastructure Security Agency (CISA).[13] CISA is the “nation’s cyber defense agency and national coordinator for critical infrastructure security” and “helps critical infrastructure and other stakeholders build resilience against all types of threats – both cyber and physical.”[14] CISA offers a number of valuable free resources, including publication of advisories to help defend against cyber threats and assistance if a company experiences a cyberattack or other malicious activity.[15] Notably, CISA expressly asks that victims report cyberattacks and intrusions to CISA and the Federal Bureau of Investigation (FBI).[16] The FBI is the lead federal agency in investigating cyberattacks and intrusions.[17] The FBI not only collects information on cyberattacks but also shares intelligence and engages with victims while working to identify those committing malicious cyber activities.[18]
Any interruption or disruption of computer networks supporting U.S. critical infrastructure could mean significant harm to businesses operating in the U.S. For the private sector, developing strong and ongoing partnerships with CISA and the FBI, along with advice from counsel, can be critical to understanding threats, information sharing, and the ability to quickly and effectively respond in the event of an incident. While it is understandable that some companies may be reticent to share information with federal agencies unless absolutely necessary, when it comes to protecting critical infrastructure, the stakes are very high. Information security policies should reflect the latest guidance from CISA, the FBI, the DOJ and applicable regulators on ways to detect and reduce the risk of a cyberattack or intrusion. It is therefore prudent for companies and municipalities supporting critical infrastructure to seek advice of knowledgeable counsel when updating information security policies or in the event of a suspected cyberattack.
[1] Alexander Ward, Alex Leary, Dustin Volz, Vera Bergengruen and Shelby Holliday, Inside Operation Absolute Resolve, the U.S. Incursion That Deposed Venezuela’s Maduro, Wall St. J. (Jan. 3, 2026), https://www.wsj.com/politics/national-security/inside-operation-absolute-resolve-the-u-s-incursion-that-deposed-venezuelas-maduro-fa812617?gaa_at=eafs&gaa_n=AWEtsqdB_koLuRPUxS7ogmf_I-TLLD0M3Guw6D7Czvs5cE7MycVl2YyxdMoA726LUxg%3D&gaa_ts=6967d87f&gaa_sig=Yb9L37bfH5AxrkEnkYEKtovzoxtMdI3JZ4120dmEAH6oXOw_m3wSww6oBPTdNkC0dBEosmwVN-FKqZKDjoJtHA%3D%3D.
[2] Adam B. Kushner, The Venezuela Takeover, N.Y. Times (Jan. 4, 2026), https://www.nytimes.com/2026/01/04/briefing/the-venezuela-takeover.html.
[3] James Rundle, Venezuela Raid Highlights Cyber Vulnerability of Critical Infrastructure, Wall St. J. (Jan. 8, 2026), https://www.wsj.com/articles/venezuela-raid-highlights-cyber-vulnerability-of-critical-infrastructure-28aed054?gaa_at=eafs&gaa_n=AWEtsqdu6ia25gFVfg2m9VUkz7nblJURTl8CrrrMhu37pJ7IOQhjeqd9_YyfK5LozWg%3D&gaa_ts=697fa5f3&gaa_sig=Smghjr65NuUhA0pYOppicAH0Y0oHnacA9G9uZ7-AI91y_d8tBOyNXy2eY_NmGp5roQU8H8d_-70IDm2rVgtMAg%3D%3D.
[4] Supra note 1.
[5] Supra note 3.
[6] . Jakub Przetacznik and Simona Tarpova, Russia’s war on Ukraine: Timeline of cyber-attacks, European Parliamentary Research Service, (June 2022), https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/733549/EPRS_BRI(2022)733549_EN.pdf.
[7] Id. at 3.
[8] Id. at 1-2.
[9] Office of the Director of National Intelligence, Annual Threat Assessment of the U.S. Intelligence Community (Mar. 2025), https://www.dni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf, at 16-17.
[10] Id. at 19.
[11] Id. at 4 and 9.
[12] Id. at 9-11.
[13] Cybersecurity & Infrastructure Security Agency, Nation-State Threats, https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors.
[14] Id.
[15] Id.
[16] Id.
[17] Federal Bureau of Investigation, What We Investigate, Cyber, https://www.fbi.gov/investigate/cyber.
[18] Id.
[View source.]
