Whether you love, hate, or simply donāt understand it, cyber deterrence is having something of a renaissance. The forthcoming 2026 U.S. Cybersecurity Strategy is widely expected to reflect a significant policy shift in favor of offensive cyber operations and more a traditional deterrence by punishment approach as part of a seemingly more assertive overall cyber posture. The digital dimension of the recent U.S. operation in Venezuela and the consideration of cyber tactics in Iran are reinvigorating interest in how Washington views and employs digital technologies in pursuit of its interests.
Cyber deterrence is not at all a new concept or approach, whether in the United States or elsewhere. But it is one that generates debate and even eyerolling. As noted in a 2025 Stimson Center report on the topic, āThere has been a long-standing debate about the feasibility of applying traditional concepts of deterrence to the cyber domain. While initially this was a popular approach, especially among academic and policy experts, over time it has become clear that the primary characteristics of cyber operations and capabilities have rendered traditional approaches to deterrence inadequate or inapplicable. The prevailing wisdom has been that a better framework for understanding the cyber domain is āpersistent engagementā in an āagreed competition.ā Deterrence in cyberspace has largely been pursued through denial tactics and discouraging adversaries by building strong defense.
So-called offensive cyber capabilities ā which many would argue cannot always be neatly distinguished from their defensive counterparts ā are often linked to cyber deterrence strategies because of their potential to create a credible threat of punishment or retaliation. NIST defines offensive operations as ācyberspace operations intended to project power by the application of force in or through cyberspace,ā but there is no universally agreed-upon definition. Sometimes, offensive cyber is used interchangeably with related terms like ācyber effectsā or āactive defense,ā whether by media or in strategies.
We have taken a somewhat alternative view in arguing that cyber accountability can and should act as a powerful deterrent. Our 2025 report describes that in recent years, there have been a greater number of efforts to impose consequences for malicious cyber activity through cyber-related sanctions, attributions, and responsive action. Yet, despite these efforts, threat actors operate with relative impunity. āThis speaks to the accountability gap in cyber ā even when cyber operations and activities clearly run counter to agreed norms or principles of international law, the responses to such violations vary widely and are applied inconsistently.ā As we argue, effective deterrence can play a role in closing the accountability gap that currently shields aggressors from meaningful consequences.
From Ambiguity to Acknowledgement
To some extent, this aligns with remarks delivered by National Cyber Director Sean Cairncross at the Aspen Instituteās Cyber Summit in November 2025. In previewing the forthcoming strategy and broader approach of the second Trump administration to cybersecurity, Cairncross emphasized that the administrationās top priority will be āshaping adversarial behavior by imposing real costs on malicious actors through sustained, collective action.ā
What those āreal costsā may be remains unknown; these and other details may be further defined and refined in the forthcoming cyber strategy. This is not the first time the U.S. has said it would be more aggressive in using cyber tools to deter adversaries; several actions taken by Trump in his first term and aspects of cyber strategies developed under former President Biden also leaned in this direction, but did not fully follow through.
What feels different in 2026 are the hints at a greater willingness from the U.S. to publicly acknowledge its offensive cyber capabilities ā and more openly deploy them.
Recent events have put offensive cyber, or at least the public perception of what that might look like, into mainstream attention. When commenting on Operation Absolute Resolve in Venezuela, President Trump noted that “The lights of Caracas were largely turned off due to a certain expertise we have.” This has been widely interpreted as a reference to cyber capabilities, even if no formal admission or verification of ācyber weaponā use has been made. Joint Chiefs Chairman Gen. Dan Caine later said that U.S. Cyber Command and Space Command helped pave the way for the operation by “layering different effects,ā with a Cyber Command spokesperson later stating that the command was “proud to support” the operation. A more recentĀ New York TimesĀ article explainsĀ that U.S. Cyber Command shut down the transmission towers that allowed the Venezuelan militaryās hand-held radios to work, in addition to taking some radar off-line and turning off the power.Ā
Coming on the heels of Venezuela, the brutal crackdown against protesters and a government-imposed internet shutdown in Iran prompted statements from President Trump about possible U.S. intervention. Trump administration officials briefed the President on cyber and psychological operations as alternatives or complements to military strikes. The menu of options reportedly included attacks on regime infrastructure, efforts to restore internet access shut down by Tehran, and potential deployment of satellite connectivity to help protesters communicate. At the time of writing, the internet blackout continues ā among the longest government-imposed internet shutdowns in history ā and pressure is mounting in the United States to find ways to restore access, including through US-based company SpaceX, which provides satellite internet through Starlink.
Some have argued that Venezuela and Iran signal the end of an era of deliberate U.S. silence about its offensive cyber capabilities, although others caution that this is hype. At a minimum, it may signal a move away from a preference for āstrategic ambiguityā about cyber capabilities to ālayered ambiguity,ā in the words of one expert. At a minimum, the Venezuela operation demonstrates how cyber has evolved from a standalone capability into an integrated element of multi-domain warfare, and highlights a greater openness for “gray zone” strategy ā using cyber interference against economic and civilian infrastructure as sustained pressure rather than isolated strikes. This approach leverages the unique characteristics of cyber actions: Effects can be reversible, deniable, and calibrated over time, allowing nations to cause disruption and pursue objectives without crossing thresholds that trigger conventional military escalation. āThe integrated approach represents the future of cyberwarfare,”Ā notesĀ Katherine Sutton, Assistant Secretary of War for Cyber Policy.
A New Era of Transparency?
These points and others were raised during a January 13 hearing of the Subcommittee on Cybersecurity and Infrastructure Protection, which examined U.S. offensive cyber capabilities as tools to deter and disrupt foreign malicious activity. Witnesses emphasized that current U.S. deterrence efforts, focused heavily on defense, resilience, or episodic operations, have not effectively altered adversary behavior, particularly that of China. While most witnesses and members seem to favor the U.S. taking more assertive action, such as through offensive actions, they also provided nuance, noting that offensive cyber can take many forms and should be paired with ongoing defense and resilience in addition to a greater alignment of responsibility across government. The role of private sector actors in conducting such operations and the unintended consequences that may result are questions that policymakers have yet to adequately address.
This extends beyond Washington. U.S. allies are similarly rethinking their approach to offensive cyber capabilities as geopolitical realities harden and traditional relationships evolve.
Yet, the convergence of the execution of cyber operations in Venezuela and the consideration of such action in Iran represents what may become an uncomfortable irony if the U.S. adopts tactics that it previously condemned. For example, American officials have long criticized Russia’s hybrid warfare playbook, particularly its willingness to target civilian infrastructure in Ukraine and elsewhere.
Often, cyber tactics are preferred to kinetic action because they are perceived as causing less damage. While the risks and impact can be lower than when using guns or bombs, they are not zero. Cyber operations against civilian infrastructure such as power grids, communications networks, and economic systems affect people and societies and may not always meaningfully change adversary behavior. Offensive operations can have unintended consequences and also cause collateral damage.
The path forward requires balancing assertiveness with accountability. Effective cyber deterrence depends not simply on demonstrating offensive capabilities, but on building predictable, rules-based consequences for malicious behavior. This means strengthening international norms, applying legal principles, and ensuring consistent attribution and response to violations.
A Coming-Out Party for US Cyber Deterrence?
By Allison Pytlak
Emerging Technology
When the lights went dark in Caracas and President Trump hinted at “a certain expertise” behind Venezuela’s blackouts, it marked a potential turning point in how openly America talks about its cyber capabilities. Shortly after, Iran’s internet blackout prompted discussions of U.S. intervention that included a possible role for cyber operations. With a new national cybersecurity strategy about to be released that is expected to emphasize “real costs” for adversaries, it can feel as though cyber deterrence, especially as pursued through cost imposition and retaliation, is having a renaissance. Yet this shift raises uncomfortable questions: The evolution from strategic silence and ambiguity to calculated disclosure may signal a new era in so-called ācyber warfareā and boost deterrence, but it also demands confronting the accountability gap between offensive capabilities and international norms.
Whether you love, hate, or simply donāt understand it, cyber deterrence is having something of a renaissance. The forthcoming 2026 U.S. Cybersecurity Strategy is widely expected to reflect a significant policy shift in favor of offensive cyber operations and more a traditional deterrence by punishment approach as part of a seemingly more assertive overall cyber posture. The digital dimension of the recent U.S. operation in Venezuela and the consideration of cyber tactics in Iran are reinvigorating interest in how Washington views and employs digital technologies in pursuit of its interests.
Cyber deterrence is not at all a new concept or approach, whether in the United States or elsewhere. But it is one that generates debate and even eyerolling. As noted in a 2025 Stimson Center report on the topic, āThere has been a long-standing debate about the feasibility of applying traditional concepts of deterrence to the cyber domain. While initially this was a popular approach, especially among academic and policy experts, over time it has become clear that the primary characteristics of cyber operations and capabilities have rendered traditional approaches to deterrence inadequate or inapplicable. The prevailing wisdom has been that a better framework for understanding the cyber domain is āpersistent engagementā in an āagreed competition.ā Deterrence in cyberspace has largely been pursued through denial tactics and discouraging adversaries by building strong defense.
So-called offensive cyber capabilities ā which many would argue cannot always be neatly distinguished from their defensive counterparts ā are often linked to cyber deterrence strategies because of their potential to create a credible threat of punishment or retaliation. NIST defines offensive operations as ācyberspace operations intended to project power by the application of force in or through cyberspace,ā but there is no universally agreed-upon definition. Sometimes, offensive cyber is used interchangeably with related terms like ācyber effectsā or āactive defense,ā whether by media or in strategies.
We have taken a somewhat alternative view in arguing that cyber accountability can and should act as a powerful deterrent. Our 2025 report describes that in recent years, there have been a greater number of efforts to impose consequences for malicious cyber activity through cyber-related sanctions, attributions, and responsive action. Yet, despite these efforts, threat actors operate with relative impunity. āThis speaks to the accountability gap in cyber ā even when cyber operations and activities clearly run counter to agreed norms or principles of international law, the responses to such violations vary widely and are applied inconsistently.ā As we argue, effective deterrence can play a role in closing the accountability gap that currently shields aggressors from meaningful consequences.
From Ambiguity to Acknowledgement
To some extent, this aligns with remarks delivered by National Cyber Director Sean Cairncross at the Aspen Instituteās Cyber Summit in November 2025. In previewing the forthcoming strategy and broader approach of the second Trump administration to cybersecurity, Cairncross emphasized that the administrationās top priority will be āshaping adversarial behavior by imposing real costs on malicious actors through sustained, collective action.ā
What those āreal costsā may be remains unknown; these and other details may be further defined and refined in the forthcoming cyber strategy. This is not the first time the U.S. has said it would be more aggressive in using cyber tools to deter adversaries; several actions taken by Trump in his first term and aspects of cyber strategies developed under former President Biden also leaned in this direction, but did not fully follow through.
What feels different in 2026 are the hints at a greater willingness from the U.S. to publicly acknowledge its offensive cyber capabilities ā and more openly deploy them.
Recent events have put offensive cyber, or at least the public perception of what that might look like, into mainstream attention. When commenting on Operation Absolute Resolve in Venezuela, President Trump noted that “The lights of Caracas were largely turned off due to a certain expertise we have.” This has been widely interpreted as a reference to cyber capabilities, even if no formal admission or verification of ācyber weaponā use has been made. Joint Chiefs Chairman Gen. Dan Caine later said that U.S. Cyber Command and Space Command helped pave the way for the operation by “layering different effects,ā with a Cyber Command spokesperson later stating that the command was “proud to support” the operation. A more recentĀ New York TimesĀ article explainsĀ that U.S. Cyber Command shut down the transmission towers that allowed the Venezuelan militaryās hand-held radios to work, in addition to taking some radar off-line and turning off the power.Ā
Coming on the heels of Venezuela, the brutal crackdown against protesters and a government-imposed internet shutdown in Iran prompted statements from President Trump about possible U.S. intervention. Trump administration officials briefed the President on cyber and psychological operations as alternatives or complements to military strikes. The menu of options reportedly included attacks on regime infrastructure, efforts to restore internet access shut down by Tehran, and potential deployment of satellite connectivity to help protesters communicate. At the time of writing, the internet blackout continues ā among the longest government-imposed internet shutdowns in history ā and pressure is mounting in the United States to find ways to restore access, including through US-based company SpaceX, which provides satellite internet through Starlink.
Some have argued that Venezuela and Iran signal the end of an era of deliberate U.S. silence about its offensive cyber capabilities, although others caution that this is hype. At a minimum, it may signal a move away from a preference for āstrategic ambiguityā about cyber capabilities to ālayered ambiguity,ā in the words of one expert. At a minimum, the Venezuela operation demonstrates how cyber has evolved from a standalone capability into an integrated element of multi-domain warfare, and highlights a greater openness for “gray zone” strategy ā using cyber interference against economic and civilian infrastructure as sustained pressure rather than isolated strikes. This approach leverages the unique characteristics of cyber actions: Effects can be reversible, deniable, and calibrated over time, allowing nations to cause disruption and pursue objectives without crossing thresholds that trigger conventional military escalation. āThe integrated approach represents the future of cyberwarfare,”Ā notesĀ Katherine Sutton, Assistant Secretary of War for Cyber Policy.
A New Era of Transparency?
These points and others were raised during a January 13 hearing of the Subcommittee on Cybersecurity and Infrastructure Protection, which examined U.S. offensive cyber capabilities as tools to deter and disrupt foreign malicious activity. Witnesses emphasized that current U.S. deterrence efforts, focused heavily on defense, resilience, or episodic operations, have not effectively altered adversary behavior, particularly that of China. While most witnesses and members seem to favor the U.S. taking more assertive action, such as through offensive actions, they also provided nuance, noting that offensive cyber can take many forms and should be paired with ongoing defense and resilience in addition to a greater alignment of responsibility across government. The role of private sector actors in conducting such operations and the unintended consequences that may result are questions that policymakers have yet to adequately address.
This extends beyond Washington. U.S. allies are similarly rethinking their approach to offensive cyber capabilities as geopolitical realities harden and traditional relationships evolve.
Yet, the convergence of the execution of cyber operations in Venezuela and the consideration of such action in Iran represents what may become an uncomfortable irony if the U.S. adopts tactics that it previously condemned. For example, American officials have long criticized Russia’s hybrid warfare playbook, particularly its willingness to target civilian infrastructure in Ukraine and elsewhere.
Often, cyber tactics are preferred to kinetic action because they are perceived as causing less damage. While the risks and impact can be lower than when using guns or bombs, they are not zero. Cyber operations against civilian infrastructure such as power grids, communications networks, and economic systems affect people and societies and may not always meaningfully change adversary behavior. Offensive operations can have unintended consequences and also cause collateral damage.
The path forward requires balancing assertiveness with accountability. Effective cyber deterrence depends not simply on demonstrating offensive capabilities, but on building predictable, rules-based consequences for malicious behavior. This means strengthening international norms, applying legal principles, and ensuring consistent attribution and response to violations.
Recent & Related