IT Essentials: War is IT's problem now, too

The power of a surgical cyber strike with physical force

The USA’s actions in Venezuela show the power of cyber in modern warfare. The UK should take those lessons to heart.

2026 is already off to a rocky start – the USA not even waiting until most of us were back at work to launch a short but impactful engagement inside Venezuela.

Cyber played a key role, and we should look at the USA’s (probably illegal – read this piece for more) actions in the context of another major cyber hotspot: the Russia-Ukraine conflict.

Ukraine and Russia have smacked at each other with the subtlety of a pair of drunken chimpanzees for years now, with Russia especially opting for quantity over quality. Ukraine has had no choice but to respond in kind, but neither has achieved a knockout blow.

In Latin America, by contrast, the USA’s CYBERCOM work with its allies in the physical space was like a well-rehearsed tango.

One example really sums up the power of that action: CYBERCOM turned off the lights in Caracas at precisely 2am. Helicopters landed at 2:01am. Accessing the computers controlling the power grid would have taken months of work, most likely through a low-and-slow type of attack unlikely to raise red flags.

The US has an obvious resource advantage compared to Venezuela – the disparity between attacker and defender is not normally so one-sided – but there are still lessons to take away.

First, critical national infrastructure providers have now got to take geopolitics into account when drawing up defence plans. Second, they need to scan systems regularly at all levels, not just in response to headlines.

Third, as seen in several local stories this week, it’s not only Venezuela’s public sector that needs reform to operate safely and effectively in the modern world.

The UK’s Cyber Action Plan aims to strengthen digital public services’ cyber posture, which is all well and good, but again hits that resourcing issue. The £210 million funding commitment is nowhere near enough to address the scale of the challenge.

This is one place where public private partnerships would really prove their worth, with an added benefit that it could significantly boost the UK’s own cyber sector – the US having started 2026 by proving, once again, that it is an unreliable ally.

What better way to start the year than a successful ERP migration? Champagne and Auld Lang Syne pales in comparison. A happy coincidence, then, that John Leonard recently spoke to three organisations – tobacco company Imperial Brands, Radisson Hotel Group and retailer QD Group – about their SAP transformations.

With the coming end of support for ECC and early versions of S/4HANA, large-scale SAP work is becoming more common. That’s why I talked to Nestlé’s head of IT platforms, Ralf Huebenthal, about its ongoing massive migration: 112 countries, and that’s only phase one of three.

Scale is an ongoing challenge for IT leaders, and in our first episode of Ctrl Alt Lead season 6 I talked to Rolf Krolke of Access Group about how his team has brought order to a sprawling IT estate shaped by decades of acquisitions.

On the subject of acquisitions, Qualcomm’s snapping up of open source darling Arduino didn’t exactly win hearts and minds last year. We spoke to CEO Fabio Volante about the move.

And finally, we're getting ready to celebrate 2025’s cybersecurity success. We’ve just released the shortlist for this year’s edition of the Security Excellence Awards, so be sure to check out the worthy finalists.