The darkness that swept over the Venezuelan capital in the predawn hours of Jan. 3, 2026, signaled a profound shift in the nature of modern conflict: the convergence of physical and cyber warfare. While U.S. special operations forces carried out the dramatic seizure of Venezuelan President Nicolás Maduro, a far quieter but equally devastating offensive was taking place in the unseen digital networks that help operate Caracas.
The blackout was not the result of bombed transmission towers or severed power lines but rather a precise and invisible manipulation of the industrial control systems that manage the flow of electricity. This synchronization of traditional military action with advanced cyber warfare represents a new chapter in international conflict, one where lines of computer code that manipulate critical infrastructure are among the most potent weapons.
To understand how a nation can turn an adversary’s lights out without firing a shot, you have to look inside the controllers that regulate modern infrastructure. They are the digital brains responsible for opening valves, spinning turbines and routing power.
For decades, controller devices were considered simple and isolated. Grid modernization, however, has transformed them into sophisticated internet-connected computers. As a cybersecurity researcher, I track how advanced cyber forces exploit this modernization by using digital techniques to control the machinery’s physical behavior.
Hijacked machines
My colleagues and I have demonstrated how malware can compromise a controller to create a split reality. The malware intercepts legitimate commands sent by grid operators and replaces them with malicious instructions designed to destabilize the system.
For example, malware could send commands to rapidly open and close circuit breakers, a technique known as flapping. This action can physically damage massive transformers or generators by causing them to overheat or go out of sync with the grid. These actions can cause fires or explosions that take months to repair.
Simultaneously, the malware calculates what the sensor readings should look like if the grid were operating normally and feeds these fabricated values back to the control room. The operators likely see green lights and stable voltage readings on their screens even as transformers are overloading and breakers are tripping in the physical world. This decoupling of the digital image from physical reality leaves defenders blind, unable to diagnose or respond to the failure until it is too late.
Today’s electrical transformers are accessible to hackers.
GAO
Historical examples of this kind of attack include the Stuxnet malware that targeted Iranian nuclear enrichment plants. The malware destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false “normal” data to operators.
Another example is the Industroyer attack by Russia against…
