Cyberwarfare has always suffered from a category error. We talk about “cyber” as if it were a domain like land, sea, air and space. In practice, cyber is more like a delivery mechanism: Sometimes it is espionage, sometimes sabotage, sometimes coercive signaling, sometimes propaganda, and sometimes—rarely, but decisively—it is a method of warfare whose effects are functionally indistinguishable from kinetic force. You know — blowing stuff up.

That is why the recent reporting around the U.S. government’s alleged use of a secret system President Trump called the “Discombobulator” during the January 2026 raid that captured Nicolás Maduro matters, even if the underlying capability remains opaque. The public record—at least what has been reported—is a familiar pattern in the modern law of armed conflict: A state hints at a novel capability; commentators reverse-engineer it as “probably” some mix of cyber and electromagnetic effects; and lawyers are left to apply LOAC (the Law Of Armed Conflict) to a weapon we cannot see and an “attack” that may not leave rubble.

The “Discombobulator” as a LOAC Problem, Not a Sci-Fi Problem

The Associated Press reported that President Trump described “The Discombobulator” as a “secret pulsed energy weapon” used to disable Venezuelan equipment during the operation, including (per the account) air defense or missile systems, and he also alluded to effects on Caracas’s electrical grid. This could be a Pulse-Modulated High-Power Microwave (HPM) system combining electronic disruption with human physiological effects (invoking the Frey effect and “Havana Syndrome” speculation. Indeed, in Minneapolis, ICE officials have been seen with ultrasonic “weapons” designed to permanently damage the hearing and temporarily disorient anyone within range.

The “discombobulator” may or may not be a weapon of cyberwarfare. For our purposes, a cyber weapon is something that either uses or targets a cyber infrastructure – computers, hardware, software, or access to information, either directly or indirectly. It can also target electronic devices that control other things – C&C, SCADA, etc. Making centrifuges misbehave. Blowing up pagers. Disrupting electrical grids. The main differences between cyberWAR and cyberTERRORISM is the entity that does it, the impact, the motive, and, frankly, whether it is or is not combined with a kinetic attack. Fry a data center with a discombobulator – terrorism or crime. Do so as part of an invasion – cyberwar. Do so as part of a junta or government overthrow in a Latin American country? A law enforcement action?

Low Ack

Under the Law Of Armed Conflict (LOAC, pronounced Low Ack), if a capability is used in an armed conflict (or as part of hostilities governed by LOAC), and it is employed as a “means or method of warfare,” the core rules apply regardless of whether the mechanism is shrapnel, code, microwaves, or “a discombobulator” International Humanitarian Law (IHL) applies to cyber operations – so “direct attacks against civilians and civilian objects are prohibited, including when using cyber means or methods of warfare,” and that cyber capabilities that qualify as weapons and are “by nature indiscriminate are prohibited.” That’s why, just as you can’t carpet bomb a city like Dresden, you can’t launch a discombobulator that is indiscriminate and targets both military and civilian populations, or that indiscriminately impacts both. Under customary IHL, parties must distinguish between civilians and combatants and may direct attacks only against combatants and military objectives. The attack must be “proportionate,” “targeted,” and feasible steps to avoid and minimize incidental civilian harm must be taken. Electrical grids are classic “dual-use” infrastructure, and proportionality/precautions analysis becomes the whole case.

Tallinn 2.0

The Tallinn Manual provides a framework for understanding how traditional principles of sovereignty, the U.N. Charter, and the Law of Armed Conflict apply when the instrument of coercion is code rather than bombs. It recognizes that cyber operations do not occur in a legal vacuum: states may violate sovereignty through cyber effects that intrude into another nation’s territory or governmental functions; coercive cyber campaigns may constitute unlawful intervention even without physical damage; and cyber activity can cross the threshold into a prohibited “use of force” or even an “armed attack” when its consequences resemble kinetic violence.

When, as with the “discombobulator” a potential “cyber” weapon is used in support of a kinetic attack, the same principles apply to a cyber weapons as to any other —distinction, proportionality, and precautions—requiring cyber operations to be directed at military objectives and to avoid excessive incidental harm to civilians, even when the harm comes through cascading failures of power, communications, or critical infrastructure. There also must be attribution and state responsibility,

You Realize, Of Course, That This Means War!

When one nation is dealing with another upstart nation, and chooses to deploy cyber weapons, we currently do not have the appropriate vocabulary to distinguish between weapons or war, weapons of intelligence, weapons or propaganda, weapons of inconvenience, and weapons of disinformation or confusion. One reason public debate about “cyberwar” is incoherent is that we use one word to describe four different state activities.

Cyber intelligence (espionage) is about clandestine access and collection, not immediate effects. Think of long-dwell intrusions into government or defense networks where the objective is to read, map, and persist. In LOAC terms, espionage is generally not an “attack” because it does not (by itself) cause destruction or injury. It may still violate sovereignty or domestic law, but it usually sits outside the core IHL targeting rules unless and until it becomes part of hostilities. The practical point is that cyber intelligence becomes warfare when the access is weaponized.

Cyber disruption is coercion by impairment: DDoS, ransomware-style paralysis, wipers, and operational interference that may not destroy hardware but can shut down essential services. Estonia’s 2007 DDoS campaign is a canonical example of politically motivated disruption at a national scale, and NATO’s CCDCOE materials place it in a broader information-warfare context. In armed conflict, disruption operations can become IHL “attacks” if they are expected to cause injury, death, or physical damage, or if the foreseeable knock-on effects (for example, hospitals losing power) cross that line.

Cyber propaganda and disinformation campaigns are influence operations: shaping perceptions, eroding trust, and manipulating behavior, often through social platforms and synthetic media. The legal framework here is not primarily LOAC; it is a mix of domestic law, platform governance, election law, human rights norms, and—at the state-to-state level—countermeasures, attribution policy, and diplomacy. CISA’s materials describe how disinformation actors “use a variety of tactics to influence others,” and emphasize the practical goal: behavioral effects without needing kinetic force.

Let Loose the Robo-Dogs of War

AI supercharges this category because it industrializes scale, personalization, and plausibility. ODNI’s Annual Threat Assessment has repeatedly warned that adversaries use influence operations and emerging technologies to undermine democratic institutions; the 2025 report specifically discusses foreign influence threats in a technology-accelerated environment. NATO similarly notes that AI and deepfakes can amplify hostile information operations and “undermine public trust.” See NATO. Target selection and exploitation can move at the speed of AI, rather than the speed of humans.

AI collapses categories that lawyers have tried to keep separate. A single campaign can begin as AI-assisted propaganda, pivot to credential theft (intelligence), then to disruptive ransomware-like impairment, and finally to wartime cyber effects against infrastructure. This is not hypothetical; it is the modern kill chain with better language models.

Bottom line

The Discombobulator story—whether it is ultimately validated as a single device or understood as shorthand for a bundle of cyber/EW capabilities—illustrates the central legal reality of modern conflict: LOAC regulates effects, not mystique. Stuxnet proved that code can destroy physical systems. NotPetya proved that “targeted” operations can metastasize into global collateral damage. Ukraine’s grid incidents show how cyber operations can directly and foreseeably harm civilian life. And AI ensures that propaganda, espionage, and disruption are no longer separable phases but overlapping layers of one continuous campaign.

If we want cyberwar to be governed by law rather than folklore, we have to stop asking whether a tool is “cyber” and start asking the LOAC questions that actually matter: who and what is being targeted; how certain are we about the effects; what is the foreseeable civilian harm; what precautions were feasible; and are we building weapons whose operational footprint is inherently indiscriminate. Or we can simply stop worrying and learn to love the discombobulator.

Recent Articles By Author

• Give a Mouse a Cookie – California Court Partially Dismisses Cookie Tracking Case Against Capitol One Under “No Harm, No Foul” Doctrine
• Perry Machine and the Case of the Privileged Prompt – Courts Consider Whether AI Legal Advice is Privileged
• “Hey Rocky, Watch Me Pull a Rabbit Out of My Hat!”. Is This the Year the Federal Government Passes Comprehensive Privacy Legislation?

More from Mark Rasch