Energy Security and Hybrid Threats - A General Overview
The significance and vulnerability of energy to hybrid threats goes beyond what is generally recognised. Ensuring energy security is fundamental for the sustenance of technologically advanced societies and nation-states. Energy security is defined as “the uninterrupted availability of energy sources at an affordable price.” It is important to keep this definition in mind because hybrid warfare, which involves the use of traditional and non-traditional instruments of warfare against an enemy, could disrupt the availability of energy supplies and increase their price.
The energy sector’s broader economic and security implications are evident in the context of hybrid warfare. For example, various hybrid threats have been employed by Russia against the energy policies, assets, or supplies of not only NATO allies, but also other nations. Furthermore, challenges posed by hybrid warfare to the energy sector can undermine the defence and development of a nation-state, both in times of peace and conflict.
Global Energy Security Index (Source: Azzuni and Breyer, 2020)
The ongoing reliance on fossil fuels or their substitutes creates a vulnerability in which major energy exporters can leverage their position to exert political, economic, and military influence over countries that are dependent on them for energy.
Energy as a weapon in hybrid warfare
The current Russia-Ukraine War offers significant lessons on energy security, highlighting how geography remains a decisive factor for energy security and that control over pipelines continues to yield economic and political leverage. Russia has utilised a blend of ‘’military, semi-military, and strategic communication’’ tactics to create instability in Ukraine. By confiscating Ukrainian energy assets and exerting pressure on gas prices, Russia has successfully integrated energy security into its strategy.
With the advent of cyberspace, methods of aggression and disruption have become increasingly covert and indirect. The challenges of attribution in cyberspace add another layer of vulnerability. Cyberattacks, coupled with hybrid warfare and disinformation campaigns, have elevated the threats to energy infrastructure to an unprecedented level.
Hybrid threats targeting energy infrastructure are likely to persist as the shift from fossil fuels to renewable energy will introduce new vulnerabilities. While renewables can enhance energy security by reducing reliance on geopolitically sensitive oil and gas imports and pipelines, their intermittency requires sophisticated industrial control systems, distribution networks, and energy storage solutions, all of which are susceptible to cyberattacks.
Hybrid threats and businesses
Companies have long been susceptible to what is now referred to as hybrid threats. In contrast to military conflicts, there can be no true enemies in the business sector, as direct methods of confrontation cannot physically destroy or eradicate competitors. Rather, companies engage in extreme rivalry, which can result in an escalation of competitive tensions that endures over time.
Unlike the laws of war, business competition is governed by market regulation and societal codes of conduct applicable to international relations. Consequently, adversarial conduct within this competitive ecosystem is characterised as hybrid due to its clandestine nature, targeted objectives, and difficulty in attribution. In this context, states act in support of their domestic enterprises, amplifying the impact, breadth, and repercussions of hybrid tactics deployed.
In addition to competitors and state actors backing their domestic firms, the realm of possible hybrid aggressors includes other autonomous actors operating outside both public and corporate frameworks. Their actions can be either sponsored or independent. Non-state actors have a wider spectrum of agency, ranging from conscious to unconscious involvement in the planning or execution of hybrid actions or threats against a company. In some cases, these actors such as journalists, social media platforms, labour unions, NGOs, and other civil society groups affiliated with the business sector, are unwittingly influenced or manipulated by third parties. As a result, clients and providers can also constitute the origin of hybrid threats that impact a company.
The most common and affordable hybrid threats to businesses are cyberattacks. Their impact on businesses could be grouped into two categories. The first category is ‘’above the surface’’ impacts which are also known as cyber incident costs. These impacts include technical investigation, customer breach notification, regulatory compliance, attorney fees and litigation, post-breach consumer protection, public relations, and cybersecurity improvements. The second category is ‘’below the surface’’ impacts which are also known as hidden or less visible costs. These impacts include increases in insurance premiums, increased cost to raise debt, operational disruption or destruction, value of lost contract revenue, devaluation of trade name, loss of intellectual property, and lost value of customer relationship.
What can be done?
Ensuring the security of critical energy infrastructure requires more than defence or deterrence. Resilience is a more appropriate approach. A resilient energy infrastructure may even have a deterrent effect in itself, as attackers may be less likely to target it if their attacks are unlikely to achieve the desired impact.
The debate on this topic must acknowledge the importance of cyber and hybrid dimensions in the planning process. Allies and partners should also share their experiences in developing new legislative tools to counter hybrid actors, such as imposing restrictions on entities of certain countries purchasing national energy infrastructure. This will lead to the creation of a repository of knowledge that can help countries address and mitigate hybrid threats.
The military community also needs to establish stronger connections with academia and the corporate sector. It is essential to form ‘communities of trust’ through public-private partnerships that should allow different stakeholders to confidentially exchange information on security issues, including cyberattacks. For example, in the recent Russia-Ukraine War, various tech companies such as Microsoft, Amazon, Google, Starlink, Maxar Technologies and others played a strategic role in defence and security policy by assisting the Ukrainian government in implementing various counter-offensive measures against the Russian hybrid war.
Finally, managing and responding to hybrid threats must acknowledge the value of intelligence. Companies can employ intelligence tactics, techniques and procedures (TTPs) to detect potential threats at the planning stage. Given the digital nature of most hybrid threats against companies, cyber intelligence has proven to be the most effective tool for identifying, comprehending, and neutralising them.