Introduction

What do effective counter-hybrid threat strategies look like? In Lieutenant Colonel Frank Hoffman’s Conflict in the 21st Century thesis – the paper which first coupled the term ‘hybrid’ with warfare (and similarly, threats) – he emphasises that the West can “no longer overlook our own vulnerabilities as societies, focus on preferred capability sets, or underestimate the imaginations of our antagonists”. Since then, spurred on by the significant hybrid threats of the 21st century, counter-hybrid threat strategies have been sought. These are often (though not always) reactionary, meaning a hybrid threat needs to be realised, before a coherent counter strategy can be implemented. This can be especially true when a hybrid threat is coupled with new technologies, such as the Russian cyber-attack against US election infrastructure in 2016.

The scope of hybrid threats is enormous, shown comprehensively below. As with other doctrines therefore, counter-hybrid strategy must be guided by principles before bespoke solutions can be put in place. This article explores how some of these principles have been used successfully, allowing actors within states and across societies to develop resilience.

Identify adversaries and their intentions

Identifying an adversary, and further still identifying their modus operandi is no easy undertaking. Whilst not exhaustive, the desired effect of an adversary will usually fall into one of five categories: extort (for money); provoke (to trigger a reaction which damages reputation or justifies a counter-reaction); intimidate (individual or group coercion); exhaust (to break an opponent's will and stop them pursuing an objective); or protract (to drain an opponent’s resources whilst preserving your own). Knowing the single or combination of desired effects is useful in developing a counter-hybrid strategy.

In 2016, following the mass migration of refugees from the MENA region a year earlier, the EU struck a well reported deal with Turkey to stem migration flow into Europe, known as theEU-Turkey deal. Part of the contract saw the EU give €6 billion to improve the humanitarian situation within its borders. In June 2021, a further €5 billion for Turkey, Jordan and Lebanon wasbeing debated to bolster the initial sum. Coincidentally, over the same period, RyanAir Flight 4978 was diverted to Minsk on its journey from Athens to Vilnius, and a dissident Belarusian journalist onboard arrested by the Belarusian authorities. This sparked a string of economic sanctions from the EU (adding to an already extensive list of sanctions imposed following the 2020 Belarusian elections). Following both events, Belarusian leader Alexander Lukashenko began trafficking refugees (predominantly from Iraq) into neighbouring EU states, specifically Poland, Latvia and Lithuania, using a series of trafficking routes operated by commercial third parties, and actively encouraging – even forcing – illegal migration across borders into the EU. European leaders were quick to identify this as a hybrid threat aimed to intimidate the EU in to renouncing sanctions, with some commentators suggesting Lukashenko also intended to use‘migrants as bargaining chips’, in order to extort the EU for financial humanitarian aid, citing the aforementioned EU-Turkey deal (and subsequent anticipated remunerations for Jordan and Lebanon) as a precedent.

The EU response was swift and bold. EU leaders moved quickly to reform policy and legislation on migration, allowing the quick construction of physical barriers on Baltic State borders with Belarus. EU leaders agreed they “won’t accept any attempt by third countries to instrumentalise migrants for political purposes”, and condemned “such hybrid attacks on EU’s borders”. An article by the International Centre for Migration Policy Development theorises how Lukashenko assumed the EU would respond ineffectually, banking on significant border collapses from which the dropping of sanctions and inevitable humanitarian aid from the bloc could be negotiated (on top of his already lucrative smuggling fees, estimated by DGAP to have run to €40 million). The EU did commit €700 million for humanitarian aid within Belarus, though this was carefully distributed; €200 million directly to the ICRC and the remainder implemented by EU partner organisations on the ground. The Commission made available an additional €3.5 million to support voluntary returns from Belarus to countries of origin, effectively undermining Lukashenko’s forced diasporas.

Furthermore, additional legislative action was proposed and actioned, blacklisting the airline providers which facilitated Lukashenko’s migrant smuggling operation. The new legal framework allowed the EU to adopt targeted measures against transport operators. Subsequently, direct flights from Baghdad to Belarus were suspended, and flights from Erbil transiting through third countries to Belarus were also stopped. Ultimately, Lukanshenko’s scheme was too transparent. The EU recognised the threat and the intentions behind it quickly, allowing a timely, collective response.

Diversify imports

Diversification is a vital tool in the arsenal of any counter-hybrid threat strategy. The war in Ukraine is showing all too clearly how dependencies on Russian liquified natural gas and Russian and Ukrainian wheat can cause catastrophic economic and humanitarian consequences. By controlling the sole production, logistic chain, or geopolitical choke-point, adversaries are able to leverage significant influence and exact an extort, intimidate, provoke, exhaust or protract agenda.

An interesting, contemporary case study to examine is Chinese and Taiwanese semiconductors. In 2011, Taiwan alone accounted for ~20% of the overall semiconductor industry worldwide and ~50% of the 20 leading semiconductor foundries, chief among them being the Taiwan Semiconductor Manufacturing Company (TSMC). The requirement for semiconductors since then has grown steadily, with chip demand soaring as the demand for smart devices increases. Annual semiconductor revenue increased exponentially; by 9% in 2020 and by 23% in 2021 – far above the 5% reported in 2019, with demand accelerating through the Covid-19 pandemic, as significant portions of the globe started working more remotely.

China’s increasingly threatening behaviour towards Taiwan has brought the reliance of Taiwanese semiconductor foundries into sharp focus. The process had already begun to naturally spread as the benefits of semiconductor production became clear, but the geopolitical implications of a potential conflict between China and Taiwan have accelerated the urgency for the West in particular to diversify their suppliers. US Commerce Secretary, Gina Raimondo,stated this year at the Aspen Security Forum in Colorado “our dependence on Taiwan for chips is untenable and unsafe”. In the last year, the US have recognised their over-reliance on Chinese and Taiwanese semiconductor imports and have significantly diversified their sources. As of 2023, the US produced 17% of its semiconductor demand, with 83% coming from Asia. China and Taiwan both show relative negative trend, with Thailand, Vietnam, India and Cambodia showing significant positive trend.

Private companies too have recognised the consequences of overreliance on a small number of sources. Samsung, one of the world's leading users of semiconductors, has been ramping up their diversification strategy since 2019, aiming to invest $116 billion by 2030 to boost its foundry operations. Similarly, the management consultancy firm Deloitte has offered four useful, transferable actions which help private companies create diversified, safer semiconductor sourcing, and mitigate the risk of adversaries taking advantage of a monopolised semiconductor market. Deloitte suggest, 1) bringing manufacturing closer to home – nearshoring or friendshoring – by building new foundries or expanding old facilities; 2) managing the risks and challenges that come with this localisation, 3) digitally transforming and digitising elements of the process such as financial planning, operations, order and supply chain management (this helps create more resilient processes as they can be achieved remotely); and 4) addressing and balancing the semiconductor talent equation to ensure a balance of homegrown experts at all stages of production. Similar models can be applied to other industries at risk of hybrid attack.

Control the narrative

Societies writ large are a very important element of hybrid threats, and often the target of such attacks. NATO describes the information, cognitive and social domains as the cornerstone of hybrid warfare. Influence operations such as those employed by Russia in 2016 during the US presidential elections and UK Brexit referendum epitomise this. Access to information is readily available to societies. Open source intelligence (OSINT) makes up between 80-90% of all intelligence activities carried out by Western law enforcement and intelligence agencies. Due to the expediency of information proliferation, staying ahead in the battle to control the narrative is a critical element of countering a hybrid threat.

Russia’s hybrid operation to seize the geopolitically strategic Crimean Peninsula in 2014 was successful in part to a well-constructed narrative, plausible deniability, and a weak Western counter-narrative. Through carefully designed lines of moral and legal pretext – including the citing of NATO’s intervention in Kosovo to create a Kosovan protectorate as precedent – followed by a veiled democratic election, Russia was able to seize the initiative and justify a land-grab which technically broke numerous treaties and charters, including the UN non-intervention charter, Helsinki Final Act of 1975, 1990 Paris charter, 1997 Treaty of Friendship between Russia and Ukraine, and the 1994 Budapest Memorandum of Security Assurances.

Russia’s annexation of Crimea was condemned by many in the international community, and a series of moderate sanctions were implemented. However, the West’s reaction to the event has been described as weak for the most part. Russia’s pretext and subsequent justification narrative raised political and policy challenges for the West, and the West’s quiet voice gave impetus for Russia to increase nationalist rhetoric. Russia’s campaign in Crimea was ultimately unchallenged internationally, and some would argue their latter actions in Syria and the Donbas were more brazen as a result.

By contrast – and clearly the differences between 2014 and 2022 are evident in that 2022 was a full scale military invasion – the West’s unified voice and competitive narrative around the war in Ukraine have proven far more effective at galvanising international response. An important part of the Western narrative strategy in 2022 (led by the US and the UK) has been their use of intelligence. Early on in the campaign, when Russia was suffering from a string of tactical defeats including the roadblock en route to Kyiv, Western intelligence agencies began to rapidly declassify intelligence and release it to the public, a communication strategy which hitherto had not been seen in the 21st century. Russia’s withdrawal from Kyiv, an evident failure, was explained by Russian President Vladimir Putin as a strategic pivot. Western intelligence made it clear that it was military misjudgement, and distributed this globally. Eugene Rumer, a former US Intelligence Official at the Carnegie Endowment for International Peace, explained how this strategy “underscores to the world the futility, the foolishness, the insanity of Putin’s approach to Ukraine [and] hopefully this will also reach the Russian public and will feed into the domestic Russian narrative”. The UK intelligence services too have adopted this strategy. UK officials cited the failure in not aggressively sharing intelligence prior to and during Russia’s annexation of Crimea, with one official saying, “It needs to be done because it makes it harder for Russia to deny what it is doing, which was a problem back in 2008 (Georgia), in 2014 (Crimea) and in Syria”.

Tim Weiner, journalist and author of The Folly and the Glory: America, Russia, and Political Warfare, 1945–2020, explained that this rapid percolation of intelligence isn’t new, but simply a reimagination of a strand political warfare, stating “the rapid declassification and publication of secret intelligence exposed and effectively blunted Putin’s plans to use disinformation and lies as instruments of war. Ultimately, this is a battle for the truth, and shaping people’s views of authoritarian regimes is part of the way political warfare is waged”.

Become resilient

Resilience, a buzzword often associated with counter-hybrid strategy, and a pillar of the EU’s approach to countering hybrid threats, is an encompassing term. Notably, a state’s critical infrastructure (civilian and military and across all domains including cyber) must have built-in resilience to withstand hybrid threats, with effective crisis response. NATO too acknowledges that resilience in infrastructure is a prerequisite for military effectiveness. 

In April 2007, following a catalytic event in which the Estonian authorities moved a controversial communist statue called The Bronze Soldier from the centre of Tallinn to the outskirts of the city, Estonia became the victim of a wave of cyber-attacks from Russian IP addresses, likely designed to ferment disruption across the city in an act of retribution. Online services such as banks, media stations and government infrastructure were swamped with unprecedented amounts of botnet activity, bringing the city to a stand-still. Cash transactions, online broadcasts and government emails were all affected. The event was a harsh reality-check for Estonia. NATO is ambiguous as to whether a cyber-attack would trigger an Article 5 response. At the same time, Estonia realised this would likely be a recurring 21st century threat. Interestingly, about a decade earlier, Estonia had already initiated a workforce e-revolution, beginning with its Tiger Leap Foundation, which was rolled out across Estonian schools during the 1990’s, followed by the Look@World Foundation, a public-private partnership which has raised digital awareness and popularised the internet, supported by the telecom and banking sectors. Between 2000 and 2016, the percentage of Estonia’s population using the internet jumped from 28.6% to 91.4%. Both projects have been instrumental in creating a baseline of cyber-attack resilience, and an internet-savvy workforce to draw from. Moreover, it has also energised computing across the Estonian population on a huge scale. So, when the 2007 cyber-attack hit, Estonia was able to mobilise at a remarkable pace, immediately setting up a voluntary Cyber Defence Unit aimed at protecting Estonian cyberspace, drawn from the country’s leading IT experts, who are security vetted and remain anonymous. Since then, they frequently run cyber-based scenarios exercises, jointly with other agencies, such as an attack on a vital service provider or utility. 

Estonians also vote and pay tax online, have access to their health records online and use online banking. They use a ‘personal access key’ (sometimes referred to as an online ID card) to access these services. Crucially, to ensure transparency, Estonians are able to monitor their own privacy digitally. As President Toomas Hendrik Ilves, the innovator behind Estonia’s digital revolution explains, the public can trace anyone who has tried to access their data by logging on to the state portal. There have been few cases where people have been sentenced for unethically accessing databases, such as medical professionals and the police. In effect, Estonia has its entire adult population frequently checking for abnormal behaviour within their own online realm, a hugely powerful reporting tool for any potential cyber-attacks. In 2021, Estonia ranked third in the Media Literacy Index, compiled by the European Policies Initiative of the Open Society Institute (OSI), behind Finland and Denmark, meaning that Estonia has one of the highest potentials for withstanding disinformation. The Estonian Digital Research Center and State Chancellery in partnership with an Estonian cyber-security company has also launched an online test which assesses disinformation detection skills. Estonia also houses ‘data embassies’ abroad, remoting their servers to allied countries further away from their adversaries, mitigating physical espionage. In 2008, they became the first country to use KSI Blockchain, allowing near-instantaneous threat detection.

Estonia has become a model for e-governance and a leader on digitisation. Since its digital reformation (and prompted by the 2007 cyber-attack), Estonia has shown how capable it is at countering cyber-attacks, to the point that it is able to withstand significant attacks with relative ease, such as the 2020 Killnet cyber-attack, thought to be in retaliation for Estonia removing a similarly controversial Soviet tank from a World War II memorial.

Target hybrid threat financing

Daniel L. Glaser, the Assistant Secretary for Terrorist Financing and Financial Crimes in the United States Department of the Treasury’s Office, stated during his tenure, “there can be no comprehensive response to a national security threat that does not include a strong financial component”. A feature of this financial component with respect to hybrid threats is to target adversarial finances, sometimes called counter-threat finance. Counter-threat finance is explained as “the activities and actions taken to deny, disrupt, destroy or defeat an actor’s ability to raise, move, use or store value”. Targeting threat financing is a strategy which has already been well refined in relation to terrorism, but is less developed and far less simple with more globalised threats, as the law of unintended consequences is amplified. Russia’s current stranglehold on Ukrainian grain exports (which in 2021 generated 41% of the country's total exports, amounting to $27 billion in revenue) is a clear example of how damaging it can be to restrict a state's income, with many African states suffering at the hands of the Russian blockade.

The application of sanctions, or the establishment of embargoes, is measured by NATO in terms of its practical value and its signalling value. Following Russia’s hybrid attack into Crimea, the West resolved to target the Russia economy, focusing on three practical areas: restricting access to Western financial markets for specific enterprises such as banking, energy and defence; an embargo on high-technology oil exploration and production exports to Russia; and an embargo on military exports to Russia (including dual use goods). These practical elements were in concert with the signalling value which can be interpreted as a measure of subjective effectiveness for a specific population. In this case, the signalling was hoping to achieve the following: 

• Coordinated action (by the EU and NATO, signalling unity to domestic and adversarial audiences).

• Specific agencies targeted within the Russian state (signalling responsibility and distinction to domestic and adversarial audiences).

• Designed to cause tangible economic damage (signalling credibility to domestic and adversarial audiences).

• Accepting a limited risk of economic pain domestically (signalling resolve to domestic and adversarial audiences).

The economic and financial assault on Russia following the annexation, specifically their energy sector, likely contributed to Russia’s faltering economy over that period. In 2019, Bloomberg compared Russia’s 5-year GDP forecast with its actual GDP, showing financial targeting had almost certainly had a degree of impact.

Integrate and cooperate

Perhaps most importantly, a developed counter-hybrid strategy must be integrated and in cooperation with allies, organisations and societies. Notwithstanding the primary responsibility to respond to hybrid threats or attacks rests with the targeted country, NATO recognises (as does the EU and individual nation-states) that a joint, integrated approach, built on activities including coherent, strategic messaging, shared intelligence, joint exercises and closer military-civilian cooperation is fundamental. Cooperative societies are also recognised as key to challenging hybrid threats. Threat-aware societies are able to recognise disinformation, absorb economic pressures, and shape sensible policy decisions, which can augment counter-hybrid threat strategies. This has been seen to work for Estonia with their media literacy index score.

An example of European integration against hybrid threats is the Hybrid Centre of Excellence (Hybrid CoE), an autonomous, network-based international organisation sponsored by Finland, which allows NATO and the EU to work more closely against hybrid threats. A ‘do-tank’ with a budget of €1.5 million, the centre helps NATO and the EU design the counter-hybrid threat playbook. The Hybrid CoE has facilitated learning through a series of regional seminars, and identified the need to develop a whole-of-government and whole-of-society approach, which includes engagement with the private sector, academia, and civil society.

Additionally, the Hybrid CoE has coordinated a number of joint exercises with EU and NATO audiences to stress-test hybrid threat responses, for example the “Harbour Protection under Hybrid Threat Conditions” exercise, which was run in 2018. The European Defence Agency Chief Executive, Jorge Domecq, noted the relevance and usefulness of these types of exercises, and the Director of the European Centre of Excellence for Countering Hybrid Threats, Matti Saarelainen, emphasised how exercises such as this are crucial, stating “as international interdependency increases, it is necessary to assess and develop security more comprehensively than in the past. Hence, all stakeholders should be equally aware of the nature of hybrid threats and share the level of awareness among them”.

The European External Action Service, including the EU Intelligence Analysis Centre, works closely with NATO, upholding the Joint Declarations of Warsaw and Brussels (2016 and 2018), which identifies fourteen agreements aimed at jointly tackling hybrid threats. It is equally important to recognise how EU-NATO cooperation is moving from agreements to actions. Two actions which deserve mention are the Technical Arrangement on Cyber Defence, which provides a framework for sharing best practices between NATO’s Computer Incident Response Capability (NCIRC) and the Computer Emergency Response Team of the European Union (CERT-EU), and Military Mobility 2.0, a system which allows NATO armed forces to quickly respond at scale to crises erupting at EU external borders. Additionally, since 2019, NATO has been trialling concept forces known as Counter Hybrid Support Teams, which give ad-hoc assistance to member state Armed Forces in the event of a hybrid crisis. These teams have been fielded and exercised since 2019. All of these actions are in their early developmental stages, but certainly serve as evidence of how a cooperative approach assists with developing coherent counter-hybrid strategies at scale across the European continent.

Conclusion

Principles pertaining to counter-hybrid strategies are clearly non-exhaustive. This article has identified some of the most important. The European Commission’s joint framework on countering hybrid threats helps to consolidate and direct future lines of operation for countering hybrid threats. Critical to positive outcomes is improving awareness using the aforementioned whole-of-government and whole-of-society approach, and establishing mechanisms to exchange information (including intelligence) and examples of good practice at various scales. Teija Tiilikainen, the Director of Hybrid CoE has written perceptively about the 10 steps for a resilient Europe which complement counter-hybrid strategies, the last of which is to ‘be imaginative’. This language is important, echoing Hoffman’s adage to ‘not underestimate the imaginations of our antagonists’. Tiilikainen is clear that hostile adversaries can and will transform anything they can into a tool of influence, and use that tool in multiple domains with the help of advances in techniques and technology. Therefore, the preparedness and response to these threats must be equally imaginative, novel and influential.

In the dynamic and evolving landscape of international politics, the ongoing rivalry between India and Pakistan has held political and cultural significance for decades. These neighbouring South Asian nations have been locked in a battle for supremacy through various strategies over the years. While overt confrontations have periodically occurred between the two nations, a subtler strategy that appears to have been employed is hybrid warfare, a combination of conventional and unconventional warfare tactics. This article delves into the psychological underpinnings of the hybrid nature of the conflict between India and Pakistan, and analyses the motivations and actions of the actors involved. It also aims to provide insights into the affective consequences of these actions on the warring parties and the population in these regions.

Foundations of distrust 

Following a tumultuous partition of centuries of shared history, the Indo-Pakistan relation was built on mass migration and immense bloodshed. The trauma and communal violence endured by both nations have created deep-rooted narratives of victimhood, perceived injustices, and a desire for retribution, fuelling the misperceptions that lay the ground for hybrid warfare and pervade present-day conflicts between the nations. 

The conflict between India and Pakistan extends beyond power and military strategy, involving individual perceptions, collective identity, and societal attitudes. Some of the theoretical frameworks relevant to understanding the dynamics between India and Pakistan are explained below.

Social Identity

Individuals define their identities in relation to their membership in social groups. This leads to ingroup and outgroup categorization, resulting in ingroup favouritism and outgroup hostility. In the case of India and Pakistan, individuals identify themselves as part of their respective nations, viewing their own country as the ingroup while considering the other as the outgroup. This sense of national identity becomes a powerful force, influencing how individuals perceive themselves and others, and driving their actions during conflict. The continuous cycle of hostility and conflict shapes the minds of citizens, creating a fertile ground for mistrust. As a result, a narrative of “the dangerous Other” is created. Such conditioning amplifies and perpetuates animosity, hampering meaningful dialogue and diplomatic resolutions. Under extreme circumstances, cognitive and affective biases emerging from societally reinforced stereotypes, or political propaganda can result in devaluing and dehumanizing members of the other group, which has been characteristic of India and Pakistan’s relations with each other.

Collective Identity

Collective identity encompasses the shared beliefs, values, narratives, and experiences that bind individuals within a particular group. It represents the entire group’s identity and is different from social identity, which is part of a person’s self-concept. Collective identity plays a significant role in shaping individual and group behaviour, by instilling a sense of solidarity, purpose and commitment towards one’s group. In India and Pakistan, collective identities are closely connected to history, religion, and nationalism. It substantially contributes to the complex intergroup relations in the dynamics between the two countries.

For instance, one of the central points of magnified mistrust between the countries is the territorial dispute over the region of Kashmir. Combined with its strategic and symbolic importance, authority over Kashmir has led to competing ideologies and has become a catalyst for psychological warfare (PsyWar). To India, the Muslim-majority region of Kashmir represents the collective identity of a secular nation where diversity can co-exist, and for Pakistan, it represents the essence of its nationhood and its objective to protect the Islamic way of life, aside from geostrategic factors. This paves the way for identity politics as a strategy of manipulation used by both parties to tamper with their rival’s national narratives.

The Security Dilemma

The security dilemma is a situation in international politics when one state takes action to increase its security, which causes a rival state to perceive a potential threat and react to the action. Therefore, the net effect is a decrease in security. Several experts agree that the issue of Kashmir and border violence are merely symptoms of adeep-rooted issue between India and Pakistan. The real problem is the lack of trust that the security and foreign policy establishments of both countries have about the other’s intentions and motives. For instance, real and perceived hegemonic ambitions in the region, as well as potential insecurity caused by restricting access to shared resources such as the Indus River, have been vulnerable points of contention for both parties, in their attempts to secure their own nation, leading to various points of a non-conventional security dilemma. Thus foreign policy rooted in distrust serves as a tool of political calibration between India and Pakistan.

Strategies of Hybrid Warfare

Information Operations

One of the crucial components of this psychological battlefield is Information Operations, which resorts to influencing perceptions and manipulating opinions with the aim of sowing discord within the adversary state. Both India and Pakistan have been accused of engaging in information operations carefully curated to exploit religious and ethnic fault lines and shape public opinion around historical as well as territorial disputes. 

Citing a report by EU Disinfo Lab in December 2020, Pakistan’s foreign minister and media  have accused  India of being involved in attempts to discredit Pakistan on the international stage through fake news outlets. The report by the European NGO exposed a 15-year operation by Shrivastava Group, a New Delhi-based entity, targeting the United Nations and the European Union with fake news to serve Indian interests against Pakistan. Although the report did not attribute the campaign to the Indian government or its intelligence agencies, and there was no evidence of the government’s involvement, this cyber disinformation campaign was instrumental in shaping international opinion, leading to Pakistan’s addition on the FATF grey list, with charges of financing violent extremism. 

India has also been accused of being involved with Coordinated Inauthentic Behaviour (CIB), based on propaganda trends on Twitter, including the use of hashtags such as #CivilWarInPak through fake as well as verified Twitter accounts and media outlets, during Tehreek-e-Labaik Pakistan’s protests in Lahore, in April 2021. This cyber meddling intensified Pakistan’s distrust of its neighbour. Pakistani media was quick to challenge the claims through fact-checks. It also raised allegations of attempts by India at inciting sectarian violence in an already volatile Pakistan, resulting in doubts and questions about the credibility of Indian media. It also reopened discussions about Indian media previously having “manufactured” a non-existent civil war in Karachi in October 2020 to portray Pakistan as a country torn by war and to diplomatically isolate the country from the international community by conveying an image of terror, violence, and human rights violations.  

India retaliated to these allegations by claiming that Pakistan is the “best example” of disinformation campaigns by referring to records of sheltering international terrorists and unsuccessfully trying to cover the tracks of the alleged mastermind behind the 26/11 Mumbai attack. Social media jihad by Pakistan has been discussed in academia and media on several occasions as aimed at appealing to religious ideologies by portraying insurgency as pious through misleading information. A report backed by the UK Government published in February 2023 as a part of its scheme to prevent terrorism highlighted how rhetoric from Pakistan was instigating extremism and stirring anti-India sentiments among the Muslim community in the UK. The report evinces how rhetoric can be a potent tool in manipulating emotions and swaying beliefs, attitudes, and actions of individuals or larger groups. By strategically employing such persuasive linguistic devices, actors in the political landscape instill a sense of fear and doubt towards the adversary while bolstering confidence, loyalty, and support for one’s own side.  

Efforts by Pakistan to cultivate false narratives through digital propaganda had also been observed after the abrogation of Article 370 from the Indian constitution. The article granted the region of Jammu and Kashmir a certain amount of autonomy as a “temporary clause” following its accession to India in 1947, which included a separate constitution and differential laws on permanent residence. By abrogating the article in 2019, the government of India sought to repeal Jammu and Kashmir’s special status and integrate it with the Indian constitution. The move was received by the opposition as a “calculated insult” and a humiliation for the citizens of the region, because the stakeholders were not consulted. It also evoked frustration in Pakistan surrounding the exposure of its proxy forces, which is discussed in the next section. Attempts by Pakistan to re-ignite hybrid war with India through separatists provoking violence within the region and conventional fire at the Line of Control (LoC) were unsuccessful due to deployment of Indian security forces and restrictions on electronic communication. Other hybrid threats initiated by Pakistan such as lowering of diplomatic and economic relations with India, stopping rail communication, and blocking air routes also turned out to be a disadvantage to Pakistan. The resulting resentment and exasperation led to the launch of an information warfare against India. Social media campaigns from Pakistan stigmatized Indian security agencies and accused counter-terror measures of violating the rights of  Kashmiri civilians, further fuelling bitterness within the region of Kashmir towards the government and security agencies. 

The information operations between India and Pakistan have gone beyond mere propaganda, exploiting the cognitive biases and emotional vulnerabilities of the target audience. Emotional appeals, selective framing, and strategic communal politics have heightened tensions by undermining the adversary’s credibility. For instance, even the nomenclature surrounding the territorial dispute, such as India referring to Azad Kashmir as Pakistan-Occupied Kashmir (POK) and Pakistan identifying the rest of Kashmir as Indian-Held Kashmir (IHK) highlights how perceptions can be shaped and emotions can be evoked through the use of language. A scrutiny of the media and literature disseminated by the countries reveals that both parties have attempted to reinforce nationalistic sentiments and strengthen support for their respective governments’ policies and actions, while polarizing public opinion about the adversary, through a blurring of lines between fact and fiction. As doubts, ambiguity, and mistrust fester, the rival nation becomes a caricature of malevolence in the eyes of the general public.

Proxy Warfare

Proxy warfare refers to the use of non-state actors, armed groups, or insurgent organizations to carry out operations on behalf of their benefactors. When rival countries attempt to destabilize each other by operating through intermediaries, proxy warfare becomes a hybrid threat. By employing proxies, India and Pakistan have been exploiting existing fault lines and stoking ethno-religious tensions within rival territory, shielding themselves from direct confrontation and maintaining elements of ambiguity as well as deniability. From a psychoanalytic perspective, proxy warfare can be seen as a means for externalizing aggression and preserving a sense of moral superiority by distancing oneself from the direct consequences of one’s actions. Feelings of insecurity and fear are perpetuated among the target population, fostering support for the proxy forces, and undermining the legitimacy of the rival government. 

The first instance of Indian engagement with proxy warfare against Pakistan can be traced back to its support toward the Bangladesh Liberation Force, known as the Mukti Bahini, during the fight for independence of East Pakistan in 1971. Presently, allegations of India’s involvement in the long-standing Baloch separatist movement in Pakistan’s Balochistan province, through financial, political, and logistical support exemplify proxy relations. The arrest of a former Indian naval officer, Kulbhushan Jadhav, by Pakistani authorities in 2016, on charges of espionage and terrorism intensified friction surrounding the Balochistan issue. With India arguing that Jadhav was innocent and no longer in service, and against Pakistan’s death sentence, the case sparked a diplomatic dispute between the countries. 

In the same year, the Prime Minister of India, Narendra Modi, responded to Pakistan’s continued intrusion in India-administered Kashmir through a speech that expressed gratitude towards the people of trouble-prone areas in Pakistan such as Gilgit, Balochistan, and PoK for thanking him for his support in their struggle. This remark about the country’s indigenous conflict was driven by the objective of sending a message to Pakistan that any sort of conventional or nonconventional intervention in Indian domestic affairs would be met with retribution. The remark placed Pakistan on high alert, confirming its suspicions of India’s medical and possibly logistical aid to Baloch insurgents. Later in 2020, a comment by Indian-army veteran Major Gaurav Arya claiming that he has connections with Baloch freedom fighters aggravated doubts about India’s role in Baloch insurgency. 

Pakistan has long been accused of supporting various militant groups operating in Indian-administered Kashmir. These groups, such as Lashkar-e-Taiba (LeT) and Jaish-e-Mohammed (JeM), have been involved in acts of insurgency in the region, carrying out attacks against Indian security forces and civilians, striking the population with terror and insecurity. Pakistan’s support for these proxies is viewed as a method to destabilize Kashmir and keep the region’s agitation dynamics active, by creating an ethnic and sectarian divide and triggering a communal backlash. The move is also an attempt to portray the issue as an international flashpoint and exert pressure on India. The series of coordinated terrorist attacks in Mumbai in 2008 and several attacks across the LoC also heightened tensions between the two countries, with India accusing Pakistan of supporting and sponsoring terrorists involved in the attacks, despite the latter denying involvement. Records of Pakistani sleeper cells in India further point to terrorism as a possible means of proxy warfare in the India-Pakistan conflict. 

The psychological consequences of this form of warfare are significant for both countries. The target population in the affected regions experiences trauma, fear, and a constant sense of insecurity due to acts of terrorism carried out by proxy forces. The presence of terrorism can lead to heightened levels of anxiety, post-traumatic stress disorder (PTSD), and a breakdown of social trust within communities. Attempts at weakening the adversary by destabilizing them from within have proven effective several times in the case of India and Pakistan. Furthermore, individuals may develop cognitive biases and prejudices, as well as harbour resentment and animosity towards the opposing country, which can hinder prospects of peacebuilding and reconciliation. The reinforcing of deep-rooted divisions keeps the cycle of violence going and makes it challenging to establish cooperation between the two nations.

Escalation and Retaliation

One of the recurring themes in the conflict between India and Pakistan is escalation and retaliation. A crucial factor perpetuating the conflict is that acts of aggression or hostility by one side lead to retaliatory measures by the other. Such a cycle fosters a sense of urgency, and a desire to maintain a position of strength among decision makers and security institutions of both nations. This creates a dynamic where each action provokes a response, fuelling a continuous cycle of escalation. The constant threat of escalation and anticipation of retaliatory actions intensify the anxieties experienced by individuals living in these regions. It leads to a climate of tension, fear, and insecurity among the populations of India and Pakistan. 

The occurrence of standoffs, border skirmishes, and surgical strikes such as the events of 2019 adds another layer to the psychological dimensions of the conflict. These military actions can evoke feelings of anger, and revenge among the populations, aggravating hostility. The affective consequences of such events are often utilized as a tool to rally public support, strengthen nationalistic sentiments, and justify further military action. Through low-level and non-military provocations, the cycle also leaves room for manipulating the narrative and portraying the adversary as the aggressor by claiming that the retaliation was uncalled for.

Another factor to be taken into consideration in this context is public opinion. The voice of the public often shapes the response of political leaders of these democracies directly or indirectly, as they must navigate the expectations and demands of their respective populations, who are often emotionally invested in the conflict and desire retribution. This exerts a pressure on leaders to respond forcefully, escalating the tensions between the two nations. 

Perceptions and misperceptions further contribute to the cycle of escalation and retaliation. Each side’s interpretation of the other’s actions, intentions, and capabilities can be influenced by biases, preconceived notions, and historical narratives. This becomes an important driver of the cycle, considering the history of distrust that India and Pakistan share. Perceptions, whether accurate or distorted, can lead to misjudgements, and have a profound impact on decision-making processes, as they shape the strategies, responses, and justifications adopted by both nations. 

Calibration, which refers to the careful management and adjustment of actions, responses, and strategies to maintain a delicate balance and avoid unintended escalation in interactions, is a significant element in the India-Pakistan dynamics. It involves the continuous assessment of the situation, understanding each other’s thresholds, and the fine-tuning of policies to prevent the situation from spiralling out of control. It requires a nuanced understanding of the psychological, political, and strategic factors at play to navigate the complex relation to minimize the risk of miscalculation. Calibration constitutes various components, including the management of rhetoric, military deployments, and responses to incidents and provocations. Decision makers in both countries must carefully calibrate their statements and actions to avoid inflammatory rhetoric or provocative gestures. Establishing direct lines of communication and confidence-building measures can help prevent misunderstandings and provide an avenue for de-escalation in times of heightened tensions. Between India and Pakistan, calibration is particularly important due to the presence of nuclear weapons and scope for misinterpretation.

Nuclear Deterrence

The psychological implications of the presence of nuclear weapons in India and Pakistan have created a unique security environment that poses challenges to traditional deterrence theories. The doctrine of Mutual Assured Destruction (MAD), which assumes that the threat of nuclear devastation prevents major conflicts, may not be applicable to the India-Pakistan dynamic. The lack of clear red lines to prevent the accidental tipping of nuclear thresholds, the involvement of non-state actors or proxy forces, the history of deep-rooted distrust, and a lack of mutual understanding increase the risk of miscommunication and misperception.

Ambiguity and uncertainty surrounding deterrence are further compounded by the long-standing Kashmir conflict. The disputed territory is closely tied to the political legitimacy of both countries, making it a highly sensitive issue. The Pakistani military establishment, which has control over the country’s nuclear strategy, uses the ‘India threat’ rhetoric to maintain domestic legitimacy and justify unwarranted military action. This perpetuates tensions and raises the stakes in any crisis or conflict between the two nations.

The presence of nuclear weapons can also create a paradoxical situation where both countries may engage inlow-level military provocations. Brinkmanship, for instance, involves the use of psychological tactics to push the adversary to the edge of conflict while stopping short of direct confrontation. The strategy relies on psychological factors such as intimidation and the manipulation of risk perceptions to gain leverage and maintain a strategic advantage. Because India and Pakistan trust that the opponent’s fear of nuclear escalation will constrain retaliation to such provocations, the likelihood of dangerous escalation increases if both sides misjudge the risks of crossing nuclear thresholds. Furthermore, India’s consideration ofpreemptive strike capabilities against Pakistan’s weapons adds an alarming dimension to the scenario. In 2003, India’s External Affairs Minister Yashwarnt Sinharemarked that “India has a much better case for preemptive action” against Pakistan, which was taken seriously byinternational actors to prevent the situation from getting out of hand. The fact remains that India could try to strike first if it believed that it was the only way to permanently stop infiltration. Meanwhile, if Pakistan sensed India’s real or perceived motive to strike first, Pakistan would have the incentive to initiate an attack. Either way, the nuclear-armed atmosphere in the already volatile South Asian subcontinent has much scope for misinterpretation, potentially heightening the risk of a catastrophic escalation.

Implications for Global Security

The hybrid warfare between India and Pakistan extends beyond national and regional boundaries, and the countries’ attempts to balance relations with South Asian neighbours and other state actors results in implications for South Asian politics and international security. Positioned at a geostrategic location, in the midst of rising Chinese activities and the Global War on Terrorism (GWOT), elements of the Indo-Pakistan dynamics, including the cycle of escalation and retaliation, nuclear deterrence, and brinkmanship, are prominent in the larger security landscape. India and Pakistan’s strategic interaction with each other and their South Asian neighbours posits a case for how hybrid threats can influence the threat perception of other nations as well. Similarly, the adoption of strategic neutrality by both countries following Russia’s war on Ukraine, aiming to sustain relations with major global powers and safeguarding their own interests while balancing each other’s influence, holds significance  for understanding their role in global geopolitics. 

The protracted conflict between India and Pakistan involves a complex interplay of psychological factors that perpetuate a cycle of problematic interactions. Driven by national pride, the desire for revenge, mistrust, and a hostility for the outgroup, various individual and institutional actors of both countries contribute to the propagation of insecurities and terror among the affected populations. Additionally, the presence of nuclear arsenal compounds the complexity of the conflict. Nuclear deterrence creates a psychological barrier that prevents direct confrontation, but at the same time increases anxieties, misperceptions, and tensions between India and Pakistan. Brinkmanship tactics, proxy war, and disinformation campaigns make it challenging to establish trust between the countries and engage in meaningful diplomacy.   

Despite the recent calls for peace, the absence of serious diplomatic relations between India and Pakistan, and the age-old mistrust make reconciliation appear unlikely in the near future. The public pressure on decision-makers to prioritize the ‘Kashmir cause’ creates additional obstacles for peace negotiations, especially in light of the upcoming national election in Pakistan and the Indian general elections scheduled for 2024. In Pakistan, public sentiment regarding Kashmir often plays a significant role. Candidates who emphasize a hardline approach or nationalist and communal rhetoric regarding Kashmir may attract support from segments of the population who value assertive action on the issue. Conversely, candidates advocating for dialogue, diplomacy, and conflict resolution may resonate with those seeking a peaceful resolution. In the Indian context, however, the weight of the Kashmir issue on the outcomes of elections varies significantly between constituencies. While it remains an important topic, other factors such as economic development, national security, and political ideologies may have a more substantial influence on electoral outcomes. Nevertheless, a candidate’s stance on Kashmir can still impact their popularity and electoral prospects, and the perceived handling of the Kashmir issue by political leaders can sway public opinion as voters tend to align themselves with candidates who prioritize their collective national interests.

Understanding the motivations, decision-making processes, and potential consequences of the cycle of hybrid war between India and Pakistan plays a major role in informing potential solutions. Recognizing the psychological dimensions at play in the issue highlights the need for effective communication and conflict resolution mechanisms. This could include establishing sustained and meaningful dialogue by engaging in diplomatic discussions at various levels, including government officials and civil society representatives, to foster understanding. Implementing confidence-building measures is vital in reducing tensions and enhancing trust. Encouraging cultural exchanges, people-to-people interactions, trade cooperation and joint projects in areas of mutual interest can bridge the communal divide and lead to positive engagement. Engaging neutral mediators such as international and regional actors can possibly create an environment conducive to negotiations. Furthermore, promoting media literacy, fact-checking initiatives, and responsible reporting can counter false narratives and combat disinformation campaigns that perpetuate hostile sentiments between the countries. Finally, efforts to address underlying grievances and prejudices to break the cycle of conflict by providing platforms for genuine representation, respecting human rights, and addressing social disparities, particularly in Kashmir, could perhaps pave the way for a more stable and peaceful relationship between the nations, and instill hope for stability in South Asia.

The growing role of state actors in influencing, artificially creating and facilitating irregular immigration in order to achieve political objectives, such as destabilising the European Union (EU), is an urgent issue on the European legislative agenda. A watershed event that drew particular attention to the matter was actions taken by the Belorussian government with regard to migration: in May 2021 President Lukashenko stated that he would allow migrants to enter Western Europe unhindered. According to reports by the EU, these migrants were being sourced by the regime and flown to Belarus from the Middle East, since Belarus is not a country under migratory pressure and is also not on any known migration route. The growing migratory pressure on European borders has caused growing tensions with Belarus’s neighbouring states, including Poland, Latvia and Lithuania. This has resulted in not only the deployment of troops to the border, but also Poland constructing fortified barriers along large sections of land. A third victim of the crisis is the migrants themselves: they are being pushed into European territory by the Belarusian government and consequently expelled by European authorities, resulting in them spending prolonged periods of time without shelter or access to basic humanitarian services.

The instrumentalization of migrants has been generically referred to by the EU as a political power game, and further sources suggest that the scope of the allegedly orchestrated migratory crisis is to destabilise the union, and in general the target state. The precise motivations of governments such as Belarus are unclear, but it is apparent that the instrumentalization of migrants is a strategy that is gaining in popularity and deserves to be examined. 

What is migrant instrumentalization?

The instrumentalization of migrants specifically refers to activities in which a perpetrator will exploit and strategically influence migration flows in order to achieve a specific goal, or even to destabilise another state.  This practice generally involves the manipulation and exploitation of vulnerable migrants and refugees without regard for their well-being or human rights and is often carried out for the benefit of specific individuals, institutions or groups. Migrants often lack formal rights while they are in transit, and therefore are forced to remain and work in both transitory and destination countries, facing “institutional exclusions that violate human dignity.” There are a variety of ways that migrants can be exploited and used for specific gains but two predominant distinctions can be made between migration manipulation with a “coercive intention”, where migrants are used as a foreign policy tool to apply pressure to other states, or economic motivations with financial gain as the final goal. 

The instrumentalization of migrants is not a new practice and, over the last decade, it has been the subject of a growing number of reports, particularly in the European context. Episodes such as the Turkish government sending over 13,000 people over the border to Greece in 2020, or in May 2021 when Morocco permitted the entry of 10,000 irregular migrants into Ceuta, a Spanish territory bordering Morocco, are prime examples of how migration can be politically weaponized. In these specific examples, the ultimate goal was to achieve concessions from the EU, which can be considered a form of political blackmail. This strategy is particularly attractive to perpetrators due to its low-cost nature: migrants are easily exploitable due to their vulnerable nature and hence they can be redirected or exploited in order to “destabilise or coerce a target state.”

Paradoxically, the migrants can be instrumentalized also by the receiving country: radical parties within Europe have been quick to harness the migration crisis to perpetuate pre-existing stigmas, inequalities, xenophobia and racism towards certain migrant groups. In this case, migrants can be used to advance specific national agendas, and by presenting them as a threat to national identity and stability, support can be raised for certain parties or ideologies. The 2016 migration crisis that occurred in Italy, which saw a distinct rise in populism correlated with an increased influx of migration, indicates that migrants can be instrumentalized both by external states to push their policy agendas, but also by domestic groups. 

Another aspect to consider is the instrumentalization of migrants for economic gain. Migrants often do not have the right of free choice when it comes to employment, making them dependent on their employers and thus vulnerable to abuse. Human trafficking can be a by-product of migrant instrumentalization, and it is an incredibly lucrative business, generating more than $150 billion in profits across the globe yearly. Hence, it is convenient to exploit crises globally in order to gain access to the cheap, flexible workforce that migrants represent. The imbalance in relations gives employers the power to exploit migrants and therefore use them as economic tools. 

Migrant instrumentalization for both political and economic gain results in increased marginalisation and poor treatment of migrant workers. Migrants and refugees begin being viewed as commodities and a means to an end, which is a problem in the grand scheme of the often severe humanitarian crises that produce large quantities of migrants. The handling of the instrumentalization of migrants in the previously mentioned case of Belarus is a prime example of this, as the EU and NATO only collectively acted once the crisis was out of hand and thousands of migrants were already freezing to death. The EU failed to act due to a lack of agreement on a common migration policy, and although the EU imposed sanctions on the individuals responsible for the crisis, Polish border guards continued using tear gas and water cannons to deter people from entering. Effectively, the instrumentalization of migrants, in this case, created a scenario where, as noted by members of Human Rights Watch, the EU acted in solidarity with its Member States, but also allowed a humanitarian crisis to unfold. The provision of humanitarian aid and respect for human rights can be hampered by uncertainty about the nature of migration or even the motive of foreign actors. This means that the instrumentalization of migrants can ultimately result in the exacerbation of humanitarian crises. Therefore, the cycle becomes perpetuating, in that there are more migrants available to exploit. 

Migrant instrumentalization: the case of the Middle East

The phenomenon of migrant instrumentalization is not a singularly European one, but most discourse at the academic, social and political levels occurs in the European sphere. Nevertheless, another region of interest is the Middle East and North Africa (MENA), as increased evidence is arising regarding the phenomenon of migrant instrumentalization there. For instance, Turkey has been recorded as a provocateur, manipulating the Syrian refugee crisis to obtain leverage in bargaining with the EU. More specifically, in February 2020 President Erdogan unilaterally suspended the EU-Turkey statement, sending approximately 20,000 migrants to the border with Greece, along with demands for additional EU funding. In fact, the weaponization of refugees has been reported as a “fundamental feature in the definition of the interactions between Turkey and Europe.” The weaponisation of refugees by Ankara has enabled Turkey to occupy an important place on the European political agenda. The use of migrants as a geopolitical tool puts the receiving countries in a position where they either respond with force or play into the hands of the countries responsible for instrumentalising migrants. In both cases, insufficient safeguards to uphold the fundamental rights of the migrants are being established.

These examples still assess the instrumentalization of migrants in a political sense, but migrants can be instrumentalized in ways beyond the political and economic. There has been a studied pattern of the militarization of migrants within the Middle East. The vulnerable nature of migrants means there are increased chances of refugee radicalization. Factors such as overcrowding, poverty, local crime, and hunger increase the risk of refugee alienation as well as radicalization. Studies have proven that refugees displaying more extremist beliefs are less willing to emigrate to the West. For instance, in the case of Lebanon, the more extremist Syrian migrants studied in a report by the US Department of Homeland Security are approximately 50% less likely to want to move to the West compared to wanting to move back to Syria, due to negative perceptions of the West. This indicates that the dangers of migrant radicalization and instrumentalization for extremist purposes are more likely to be felt within the MENA region itself, posing a substantial security risk to nations within the region. 

The success of radicalization attempts does depend on the receiving nation’s capacity and willingness to combat the influence of external actors. In the context of the MENA region, the receiving nations often do not have the resources to properly deal with this issue, allowing for the increased spread and danger of radical ideologies. Even when international organisations and foreign entities do become involved with deradicalization and disengagement efforts, it is difficult to determine the appropriate measures necessary to not only protect refugees, but also build community resilience to migrant instrumentalization as well as targeting the root source of refugee vulnerabilities. The main approach of many states is to control borders in order to deter irregular migration, but it is acknowledged that the focus should instead be on building resilience, stability and development in nations that produce large numbers of refugees, in order to reduce mass migration altogether. Providing aid specifically in the MENA region can be challenging, as the security climate is constantly changing and it can be difficult for policymakers to determine where and how to provide aid for long-term development purposes. This matter is complex and would require policymakers to re-evaluate how they assess systemic issues and, consequently, how they respond to them. 

Migrants within the MENA region are also facing the risk of militarization. The most common perpetrator is Iran, and the example of the Liwa Fatemiyoun proxy group is indicative of the scale of the problem. This specific group is formed primarily of migrants of the Shiite ethnic group from Afghanistan, and these migrants were recruited by the Iranian army during their transit away from the civil wars in Afghanistan. This recruitment was not always voluntary, although in some cases they were offered money. The Iranian regime’s guards were able to exploit the migrants’ vulnerability to militarise them and include them in Tehran’s military conflicts. Cases like these demonstrate that the instrumentalization of migrants can constitute not only a threat in terms of political bargaining, but also a more traditional form of threat to physical security. 

Additionally, there is the phenomenon of host community fatigue, which further destabilises host countries. In Jordan, for instance, this means that not only is the quality of life of migrants and refugees diminishing, but opportunities for the national community are also being compromised. Jordan is one of the countries that hosts the most refugees per capita in the world. In 2020, Jordan was hosting about 760,000 refugees, accounting for about 7% of its population. Since the outbreak of the conflict in Syria, Jordan’s economic situation has gradually deteriorated, and according to the IMF, it has lost 1% of its GDP each year of the crisis. This data indicates how heavy the refugee burden can be on the Jordanian economy and society. An example of the strain can be felt in the health sector, where the increased population places a strain on the quality and availability of care. At the same time, receiving countries can instrumentalize migrants by exaggerating the quantity of refugees they receive, in order to receive increased quantities of foreign aid. Examples from countries in the MENA region, but also from the rest of Africa, indicate that officials inflate the number of refugees under their protection, resulting in the loss of millions of dollars in aid. Furthermore, the aid provided does not always translate into improved conditions for migrants; in fact, aid providers tend to exploit migrants more in these cases. This refers back to an earlier point about the exploitation of migrants being a self-perpetuating cycle, where those who take advantage of migrants create the most opportunities for exploitation through their predatory behaviour. Since 2005 the Middle East’s migrant population has more than doubled, creating spaces for increased migrant exploitation as well as exploitation of the humanitarian crisis and both these situations fundamentally harm the vulnerable migrants. 

Conclusion

In essence, the phenomenon of migrant instrumentalization is not new, but rather appears to be developing as a foreign policy tool. The MENA region in particular continues to face unprecedented levels of population displacement, and as the ramifications of the ongoing war in Ukraine, the COVID-19 pandemic, and climate change continue to challenge governance in the region, opportunities to exploit and instrumentalise migrants will continue to grow and develop. Growing evidence of migrants being recruited for military purposes, such as Iran’s use of migrants as proxies, continues to raise concern about the ethical and human rights implications of migrant exploitation. These trends point to a growing need for international attention and a more decisive legislative and practical response, both domestically and internationally, in order to safeguard the rights of migrants globally. 

The EU has labelled the instrumentalization of migrants a hybrid threat, and the overarching question is how to deal with it. There is an acknowledged difficulty when it comes to the conflict of interest between trying to help mitigate a humanitarian crisis and putting emphasis on national security. One approach could be legislative, as the EU is doing, and attempt to normalise border procedures between target states, in order to enhance information sharing and securitize borders while decreasing harm to migrants. Alternatively, the approach could be more humanitarian, by increasing the involvement of international organisations and relief associations in direct access to migrants to ensure that their rights are respected. Either way, solutions are not straightforward and involve multiple stakeholders, requiring cooperation to address the issue. Overall, the instrumentalization of migrants presents a significant security concern and can be considered an aspect of hybrid warfare, but it is important to acknowledge that the foundation of this strategy is a humanitarian crisis, meaning that utmost importance must be attached to safeguarding fundamental human rights.

Hybrid warfare involves traditional and non-traditional means of subverting an enemy, incorporating the use of military force, political and economic pressure, proxies, extremist groups, and disinformation campaigns among other tactics. One medium which provides countless opportunities and is increasingly used for hybrid campaigns is cyberspace. 

The online world is expanding at a pace both impressive and worrying. In 2022, the number of devices connected to the Internet – the Internet of Things (IoT) – stood at 14.4 billion, almost twice the world’s population. The digitisation of virtually every aspect of our socio-economic space, both in the public and private sector, brings countless opportunities for automation and optimization; however, if this trend is not followed by a strengthening of the security of these devices, it renders users – including state actors – more vulnerable to a plethora of risks. 

The security of data and intellectual property is one of the most critical issues that stem from this situation. Digitization of state archives and communication between and within state agencies as well as storage of classified data and trade secrets on online databases pose significant risks to the public and the private sector alike. With the continued development and increasing reliance on cloud services, data and intellectual property security will only become more crucial. It is estimated that by 2025, 100 zettabytes will be stored in cloud services, or 100 trillion gigabytes of data. For that reason, one of the most notorious yet overlooked hybrid threats is cyber espionage, massively used first by the US following the September 11 attacks under the programme Total Information Awareness (TIA). This term refers to the use of cyber means to obtain unauthorised access to, monitor, and collect sensitive data stored or transmitted electronically, usually to influence or gain a competitive advantage over a rival state, even in peacetime.

Methods of data interception

The modus operandi of cyber spies can take many forms. The most direct way of intercepting data is through fibre optic cable tapping. Western intelligence agencies like the US National Security Agency and the British GCHQ are known for tapping into undersea optical cables, allowing them to intercept millions of communications every day.  Usually, however, access to a target’s data requires infiltrating their local network, which can be done in multiple ways. Hackers may, for example, try to identify potential vulnerabilities in the software run by the devices connected to networks. As the number of IoT devices connected to the network increases, so does the likelihood that the software of at least one of them will have an unpatched vulnerability. These vulnerabilities, or flaws in the software’s code, may be then taken advantage of by an exploit – a carefully crafted program that triggers a response unanticipated by the software’s developer – to gain access to the network. Nowadays, a thriving grey market has emerged where zero-day exploits (exploits that the software manufacturer is not yet aware of) can be bought and sold for hundreds of thousands of dollars, depending on whether prior access to the network is needed (local exploit) or not (remote exploit) and whether the software in question is widely used.

Yet, despite all efforts to secure a network, it is often human error, if not insider threat, that allows the initial access – according to the 2022 Data Breach Investigations Report, 82% of breaches involved a human factor, notably when credentials of an employee with network access are compromised.  Phishing messages remain one of the simplest methods of password theft, but hackers often resort to more complex social engineering tactics to deceive their targets into giving up their login information. These include scareware (sending fake virus alerts and offering a program to "fix" the issue), impersonating colleagues or superiors through fake social media accounts, or tailgating (entering a physical area without authorisation to access its network), to name a few. In some cases, however, even “brute force” attempts to crack users’ weak passwords may be enough.

Initial network access is usually the first step. Unlike other forms of cybercrime, espionage typically involves maintaining persistent access to a system in order to extract data over an extended period, often spanning several months. That is because, besides collecting information stored on local or online databases, spyware often monitors the continuous use of a device, collecting keystrokes – including from smartphone touch screens by analysing fingers’ motion data – and mouse movement, webcam footage, GPS location, or capturing screenshots. The hacker groups responsible for these prolonged network infiltrations are typically referred to as Advanced Persistent Threats, or APTs, although their activities often go beyond passive espionage. The difficulty of detecting and mitigating cyber espionage lies in its passive nature; if no suspicious activity is being carried out, the intruder may remain unnoticed in the system for months. 

Motivations behind cyber espionage 

The hybrid nature of cyber espionage stems from the many economic, political, and geopolitical implications and numerous advantages it can bring to intelligence agencies. Of course, cyber spying is far from a monopoly of the state. In fact, industrial espionage by a company against its competitor often takes place in the cyber dimension. However, this profit-driven spying, accounting for most cyber espionage incidents, does not in itself meet the criteria for hybrid warfare. This changes when critical industries of another state are targeted, and when the attacker is state-affiliated. Intellectual property theft allows countries with fewer resources or R&D capabilities to bridge the gap between their respective industries. 

One particularly sensitive case involves intellectual property theft against defence contractors. A recent example would be the 2018 theft of US Navy plans by hackers allegedly linked to the People’s Republic of China, notoriously accused, alongside Russia, Iran, and North Korea, of cyber espionage against Western countries. Since defence markets are a monopsony, with the state as the only domestic buyer, espionage against them directly jeopardises the national security of the state. When weapon blueprints and other highly sensitive information are stolen or leaked, it can have a profound impact on the targeted state's military capabilities and narrow the military technology gap between opposing forces. This can result in a loss of strategic advantage and compromise the state's ability to effectively defend itself or project its power. 

Beyond its use in stealing intellectual property, cyber espionage can also be utilised as a means to monitor the geopolitical strategies of another state and interfere in its national politics. This can involve accessing confidential government communications, surveilling the online activity of civil servants such as diplomats and politicians, including heads of state, gathering intelligence on defence capabilities, or attempting to manipulate public opinion through disinformation campaigns. One of the most notorious consequences of spying on the domestic politics of other states is electoral interference. The 2016 US Democratic National Committee email leaks, purportedly carried out by Russian APTs Cozy Bear and Fancy Bear linked to the national intelligence agency GRU, represent a striking illustration of this phenomenon. In these instances, cyber espionage acts as a precursor to more disruptive covert actions.

States are well aware of the strategic advantage cyber espionage can bring. In fact, data collection by cyber means has become a staple element of national intelligence agencies around the world. For example, the US technical intelligence body National Security Agency (NSA) employs roughly 30,000 people and is said to be the largest employer of mathematicians in the world. One of the most advanced malware used for espionage and attributed to the NSA’s Tailored Access Operations unit (TAO) was Flame, which the US has used to spy on multiple Middle Eastern countries throughout the past decade. Its most controversial use involved a more than two-year-long spying campaign against Iran’s oil ministry and main export terminal, collecting information that was then used to launch a wiper attack in 2012, erasing data from the organisations’ network and disrupting the country’s oil industry. Only after the malware  was discovered following the oil terminal incident was a “kill switch” activated, effectively erasing any trace of the virus from over 1,000 infected devices in Iran and beyond. 

This kill switch, often added to the more advanced malware, is just one of the reasons why it is so difficult to find enough forensic evidence to attribute a cyber espionage campaign to a particular state. States can easily avoid the consequences of their actions by invoking plausible deniability, distancing themselves from the sponsored proxy groups. In many cases, the culpability of states in cyber espionage is only proven through leaks of sensitive state documents. These leaks, notably the 2013 Snowden leaks, can reveal many more worrying trends regarding cyber espionage.  As the classified documents revealed, the extensive use of cyber espionage by the US following the 9/11 attacks extended to its allies like Germany’s then-Chancellor Angela Merkel. Otherwise, the increasing commercialization of spyware, as illustrated by the NSO Pegasus, implies that these tools may become more and more accessible and adept at penetrating security measures over time. In authoritarian regimes like Ethiopia, UAE, or Saudi Arabia, Pegasus has made spying on human rights activists, lawyers, and the domestic opposition easier than ever before.

Prevention and mitigation recommendations

Protecting information systems from cyber espionage is a challenging task, and it is unlikely that any network will ever be completely secure. However, there are numerous preventive and reactive measures that both states and businesses can consider implementing. While some measures are specific to countering espionage, many others can be extended to provide broader protection against various cyberattacks.

No company or agency can be safe without a comprehensive cybersecurity strategy addressing different types of cyber threats. There exist numerous frameworks companies could follow to reduce their exposure to cyber risks such as cyber espionage. The two most important international standards are ISO 27001 and ISO 27002, created by the International Organization for Standardization. The former stipulates requirements for managing cyber risks through an Information Security Management System (ISMS), providing necessary guidelines and policies for asset protection. The latter is a collection of guidelines and best practices for the implementation of an effective ISMS. In the US, the go-to model is the National Institute of Standards and Technology (NIST) Cybersecurity Framework. It emphasises the division of cyber risk management into the following segments: 1) identification of equipment, software, and data; 2) protection of the network; 3) detection of intruders; 4) planned response to the crisis; and 5) recovery after the attack. The European Union has its own cybersecurity certifications framework, introduced by the EU Cybersecurity Act, which aims to strengthen and harmonise the cyber risk management systems across the member states. 

In the case of cyber spying, regardless of the framework chosen, espionage risk exposure of different sectors and positions within an organisation needs to be carefully evaluated. To limit access to sensitive data to only those employees who need it to perform their duties, it might be necessary to redefine the authorisation policy. Regardless of the position in the company, however, all employees should receive security education about the dangers of social engineering attacks and the necessity of strong password protection and multi-factor authentication. More generally, the cybersecurity team must ensure that the software running vulnerable systems is regularly patched, and authorise network access only to a limited number of limited trusted critical third-party applications.

As previously mentioned, simply gaining access to a network is not enough for hackers to be able to monitor all the information. As a result, the impact of espionage campaigns can be reduced even if the attackers manage to bypass the network's security measures. Organisations should consider using an advanced encryption method to render the contents of the most sensitive documents inaccessible to unauthorised users even if the files themselves get compromised. Finally, given that espionage activities tend to occur over extended periods, regular monitoring for unusual network traffic is essential.

Economic pressure is nothing new in global politics: trade wars, sanctions, and economic diplomacy have been a cornerstone of the international system since at least the Napoleonic Wars. While the threat may not be new, economic pressure has grown in significance in the post-Cold War world, and particularly in the past decade.

This series on hybrid threats has attempted to illustrate the huge diversity of channels which states can use to compete with one another on and off the battlefield. The term ‘hybrid threats’ is a broad one, characterised as threats involving both military and non-military pressure which blur the lines between war and peace. Within this categorisation, economic coercion is perhaps the broadest of all, encompassing everything from tariffs on barley to the suspension of states from the global banking system. Following the American Congressional-Executive Commission on China, economic coercion (or pressure) is taken to mean the “threatened or actual imposition of economic costs by a state on a target with the objective of extracting a policy concession”.

This article will instead focus on the largest weapon in the economic arsenal: sanctions. In recent years, two case studies have especially highlighted the power of economic sanctions. Firstly, the comprehensive response by Western states to Russia’s February 2022 invasion of Ukraine; and secondly China’s trigger-happy approach to economic pressure for states which have even minor disagreements with Beijing. The aim here is to demonstrate how contemporary economic pressure operates, whether it works, and what to expect moving forward.

A Brief Overview of Sanctions

Broadly defined, sanctions refer to effectively any commercial penalty imposed on a state or individual. Sanctions can be divided along several axes:

• Economic or political: some forms of sanctions clearly fall under the remit of economic statecraft, such as protectionist tariffs. Others are explicitly political as when sanctions are imposed due to human rights violations or to punish aggressive state behaviour. The division between economic and political sanctions has been harder to maintain in the era of hybrid threats. Strategic and economic interests increasingly go hand-in-hand, as visible in the CHIPS and Science Act which bolsters the competitiveness of American chip production for economic as well as geopolitical purposes.

• Comprehensive or smart: sanctions can be sweeping across an entire state (comprehensive) or targeted to specific individuals (smart). The effectiveness of comprehensive sanctions is hotly disputed on both strategic and humanitarian grounds: civilians are often disproportionately victimised, while regime leaders have the resources to not only evade the sanctions but also to enrich themselves through smuggling operations. Smart sanctions have been more popular by policymakers recently, particularly against Russian oligarchs. Comprehensive sanctions over conflict-related goods such as banning the sales of arms is also a common response.

• Trade power or node power: sanctions traditionally involve cutting trade off from the targeted state, but since the end of the Cold War there has been a rise in a different style of sanction in which states are denied access to the infrastructure on which the international financial system is built. For example, the United States controls economic ‘nodes’ such as the global reserve currency as well as the SWIFT financial messaging service. Excluding target regimes from the perks of these nodes can also be a powerful economic force.

There is considerable disagreement about just how effective sanctions are at coercing target states. Evidence suggests that comprehensive sanctions are marginally better than smart sanctions for coercive purposes, although at considerable humanitarian cost. Nevertheless, the effectiveness of sanctions in general is questionable: scholars differ in their interpretation of the data, with the success rate of sanctions varying from 34% to as low as 4%. Given the potential weakness of sanction pressure, it is not surprising that some policymakers have dismissed sanctions as a tool primarily of rhetoric: Veteran diplomat Sir Jeremy Greenstock has described how sanctions are primarily used to send a stern message to the target regime: “there is nothing else between words and military action if you want to bring pressure upon a government.” Ultimately, sanctions are rarely used in isolation and are usually part of a wider response to states’ behaviour.

To help illustrate the current global climate around sanctions, it is beneficial to turn to two recent case studies. Firstly, there are the sanctions imposed on Russia in 2022 and 2023. And secondly China, in the context of delivering sanctions against unfriendly trading partners rather than being the recipient.

Russia: An Economic Manhunt 

The sanction response to Russia’s 2022 invasion of Ukraine was unprecedented. Perhaps the most radical sanction of all was the freezing of $300 billion in Russian central-bank reserves held abroad – an unheard-of tactic. Russia was also disconnected from SWIFT, the critical messaging service for the international economy. The US, UK and EU issued a flurry of smart sanctions targeting politicians, oligarchs, and pro-Kremlin propagandists. Embargoes on arms and a plethora of Russian imports were imposed, decoupling Russia from western trade outside of hydrocarbons.

Economic warfare requires economic thinking. In December 2022, G7 states implemented a price cap on Russian Urals crude oil, and then in February a cap was introduced for refined oil. The price cap was an economist’s solution to the weakness of using a standard embargo: if Western states simply refused to purchase Russian oil, non-sanction-abiding nations could easily step in as new buyers and Russia’s revenue would be unchanged while Western economies suffered in the transition away from Russian imports. Instead, the price cap prevents firms which sell Russian oil from receiving insurance on their oil tankers if  oil is being sold for more than the cap permits. G7 states comprise around 90% of shipping insurance providers (the UK alone accounts for 60% of global protection and indemnity insurance). As a result, the thinking behind the cap is that Russian oil must either be sold at a discount to compensate buyers for the unavailable or more expensive insurance, or otherwise Russian oil must be sold at below cap levels to warrant access to Western insurers. Either way, the outcome would be cutting the Putin regime’s funds. States such as India which are explicitly neutral in the Russia-Ukraine War are nevertheless incentivised to follow the price cap for their own self-interest: the price cap forces Russian oil to sell for cheaper in order to gain access to tanker insurance, offering New Delhi discounted oil. As the graph below indicates, preliminary evidence suggests the price cap has had some success at cutting Russian state revenue whilst avoiding a spike in demand for Russian oil exports.

Debate has continued around the effectiveness of the sanctions in general against Putin’s regime. It’s clear that the sanctions have been less effective than was first assumed. While the rouble initially crashed, it has since rebounded higher than pre-invasion levels, and unemployment is recorded at an all-time low. Luckily for Putin, Russia’s budget has also been boosted by high energy prices since the invasion began. However these figures have been heavily massaged by the Russian state, and much of the data is questionable: the official statistics do not include a variety of hidden forms of unemployment, and when accounted for the corrected Russian unemployment rate is comparable to the worst points of the financial chaos of the 1990s. Even if the Russian budget has been propped up by higher hydrocarbon prices, this boom is unsustainable given the regime’s revenue from sources other than oil and gas exports has dropped by 20% – a startling amount.

China: An Economic Gunslinger

Economic warfare relies on a large economic base. As China’s economy increasingly rivals the United States, the bite behind Beijing’s sanctions has grown stronger. China imposes significant tariffs, sanctions, or embargoes on trading partners who deal with Taiwan, support democratic Hong Kong, call out human rights abuses in Xinjiang, or mention the suppression of Tibet.

China has embraced the reality of hybrid threats and now wields economic pressure as its primary response to international snubs. For opening a Taiwanese embassy in the Lithuanian capital of Vilnius, China banned the import of Lithuanian goods including EU goods that contained Lithuanian parts. Non-state actors and businesses are also vulnerable to China’s strong-arm tactics. Marriot Hotel’s website was put offline for a week following the mention of Taiwan on their website, and the American National Basketball Association was heavily sanctioned after a player for the Houston Rockets tweeted “Fight for freedom, stand with Hong Kong”. Even Norwegian salmon was heavily restricted from entering China after the Oslo-based Noble Prize Committee awarded the 2010 Peace Prize to a Chinese dissident.

Some states have stood up to China’s economic pressure and survived. Australia did just that after a trade war starting in 2020. Sanctions are always a double-edged sword: cutting trade ties injures both parties, but the power of sanctions lies in the assumption that the target will suffer more. While Australia was deeply exposed to Chinese economic influence (37% of Australian exports were to China), it turns out the relationship went both ways and Beijing eventually had to back down after an 80% tariff on Australian barley hurt Chinese beer-makers more than anyone else.

China is certainly not the first nation to use punitive sanctions, but what is novel is how freely they use their economic power for authoritarian and even petty ends. In the Australia episode, Beijing’s justification for their sanctions included a complaint that Australia’s parliament were openly criticising the Chinese Communist Party and that Australian media was especially hostile to Beijing. Not every state is large enough to weather the sanctions, and a significant portion of the world could easily be bullied by Chinese economic might. 

Sanction Saturation

Looking ahead, there are consequences to the overuse of sanctions. Targeted states will innovate new economic channels to avoid dependence on rivals who weaponize their trade against them. This concern was voiced as early as the 1990s when President Bill Clinton warned that the US had become “sanction happy” and that the overuse of economic tools for strategic purposes would breed global resentment.

Some strategists have argued that given China’s frequent use of economic pressure, the natural response is to form an anti-coercion coalition: Norway may not be able to fight back against China’s sanctions, but a united coalition which includes the G7 could counter-sanction Beijing and thereby deter any economic pressure in the first place. Decoupling between the United States and China is a further potential consequence of sanction overuse. Economic pressure turns business into a security issue, resulting in states reducing their exposure to one another, as could potentially be the case between China and the US.

By weaponizing control over the global financial system and America’s status as an economic superpower, the US has pushed Russia and China away from the dollar’s dominance towards alternative global financial models. China has experimented with the digital renminbi as a counter to the dollar, and members of the Shanghai Cooperation Organisation (a trading bloc that includes Russia, China and India) have increasingly relied on bilateral currency swaps which evade the dollar altogether. China has also constructed the Cross-Border Interbank Payment System (CIPS) as an alternative to the SWIFT messaging service. As the developing world becomes increasingly integrated into the global economy, they will face a choice between remaining with SWIFT and the America-led global economic order – or moving to an international financial system with Chinese characteristics.

Conclusion

Sanctions and economic pressure turn international trade into a weapon, and as a result, the line between beneficial trade and potential vulnerabilities is blurred. Economic power may not be a magic bullet against rival states, but sanctions are not useless – especially against smaller states or to complement other forms of pressure. Sanctions have grown more sophisticated with experience and are much more widely used in the 21st century than ever before. The power of economic pressure on commercially weaker states such as Russia is significant, even if sanctions have not been as successful as was initially assumed at the start of the war. However, the same method of sanctioning will not work on an economic juggernaut like China which can turn around and apply the same pressure back. As the economic battle between China and the United States continues (in the semiconductor industry and beyond) we can expect China to develop parallel financial institutions to avoid American node power, and for greater decoupling as the private sector increasingly becomes a security issue.

Throughout history, ambiguity and clandestine methods in geopolitical manoeuvres have consistently attracted attention. As early as 1948, U.S. diplomat George Kennan highlighted the existence of political warfare in a policy memo, defining it as the application of a nation's resources, excluding direct war, to achieve its national aims. Similar notions, namely “hybrid threats” and the “grey zone” currently dominate dialogues within this context. However, as underscored in our introductory piece, these concepts do suffer from a lack of clear definition, creating a challenge in formulating a uniform framework for comprehension and breeding passivity when it comes to formulating effective responses.

According to our understanding, grey zone coercion is a critical element of the broader concept of "hybrid threats". More precisely, the grey zone can be envisioned as the strategic domain that extends beyond ordinary statecraft but consciously avoids escalating into open conventional warfare. But both concepts can overlap, as their boundaries are rather fuzzy. Therefore, when diplomatic endeavours falter, and conventional warfare seems unlikely to yield the strategic cost-benefit balance aspired to, the grey zone presents itself as an alternative. The appeal lies in the inherent ambiguity for strategic effect and deniability regarding legal contexts that the grey zone can provide. 

Grey zone activities may comprise a diverse range of tactics, all forming an essential part of the “hybrid toolkit”. These tactics can include cyber operations, ranging from infiltrations into critical infrastructure to the theft of sensitive data or orchestration of destructive attacks on a target nation's digital infrastructure. Economic coercion, where states manipulate their economic strengths to destabilize an adversary, is another popular activity. This could take the form of trade wars, financial manipulations, or other forms of economic pressure, which are often strategically employed to maximise plausible deniability. Equally prominent is the use of (dis)information campaigns or political interference. Such campaigns strategically craft narratives to misdirect public sentiment, sow discord or seek to directly influence voting behaviour. They aim to breed confusion, and–most crucially–erode trust in public institutions, including the democratic process. Essentially, the aim is to alienate people from trusting and utilising their own governmental apparatus, thereby turning public sentiment against the institutions meant to serve them. Aided by the proliferation of digital media, these campaigns can propagate rapidly, increasing their potential for disruption. Proxy wars and the use of ambiguous forces, both long-standing tools of geopolitical influence, are also part of grey zone activities. They involve the deployment of third-party actors to engage in conflicts, allowing the sponsoring power to avoid direct confrontation. Lastly, targeted assassinations represent another facet worth mentioning. These are covert operations aiming to remove specific individuals, often key political or military figures, all the while not triggering a full-scale conflict, with the hopes of critically disrupting enemy forces from the top down.

In the grey zone, the boundaries between peace and war are purposefully obscured. Grey zone activities aim to complicate the identification of the real perpetrator, classification of the action, as well as the determination of an appropriate response. However, as the lines of routine statecraft are undoubtedly trespassed when stepping onto grey zone territory, crafting an adequate response is not impossible, should the political will to do so be pivotal. Frequently though, they lead to a paralysis in the decision-making processes of the target nation. The resulting hesitance is a quintessential effect of the grey zone and further buffers the arena of plausible deniability and sub-threshold conflict that capitalises on risk aversion.

The Role of Narrative

The arguably most prolific and primary actors in the grey zone, namely China and Russia, do not conform to the Western terminology of “grey zone”. This distinction perhaps serves as a further testament to the inherent vagueness of these concepts and demonstrates the vital role narrative plays in cultivating the pivotal ambiguity from which the grey zone derives its impactfulness.

Russian tactics that would be defined as "grey zone activities" in the Western context trace back to the Russian Revolution and the necessity to construct a Soviet Sphere of Influence. Throughout the Cold War, the Soviet Union was perceived as a proficient practitioner in the grey zone domain, and Russia, has maintained a similar reputation, especially following the annexation of Crimea in 2014. However, Russia's resort to overt, large-scale conventional force in Ukraine in early 2022, after years of operating in what we call the grey zone, may very well demonstrate the limitations of such activities in achieving tangible strategic success. Moreover, the measures of success in grey zone warfare remain nebulous.

Coincidentally, Russia also rejects the umbrella-terms “hybrid warfare” or “hybrid threat”,  nor does it correspond with Western phase-based classifications of escalation–as opposed to seamless progression. This has not only ramifications for the “sub-conventional” grey zone but also for the “supra-conventional” nuclear dimension. Significantly, despite exploiting the opportunities offered by the grey zone, Russia has coincidently abandoned its long-held, albeit widely distrusted, no-first-use nuclear doctrine. Instead, it has adopted an approach of "escalate to de-escalate", which includes the potential for nuclear "de-escalation" strikes even during the early stages of conflict. 

China, too, does not use the term “grey zone” but refers to “Military Operations Other Than War” (MOOTW). While the grey zone is seen in the West as an ambiguous, coercive tactic that lies beyond the bounds of ordinary statecraft and diplomacy, China regards MOOTW as a seamless extension of statecraft and a legitimate facet of exerting state power, not unlike Russia's mindset. China has frequently utilised MOOTW that fall below the level of armed conflict in recent years, primarily against Taiwan, Vietnam, India, and the Philippines. Though recent developments have seen the People’s Liberation Army (PLA) of China grow into a highly capable Anti Access/Area Denial (A2AD) force. As a consequence, China is now more likely to co-deploy lower-level military means of expressing disapproval, exerting overt pressure, or countering perceived threats–particularly from the U.S. and its allies in the East and South China Sea. Such measures include sophisticated naval exercises that mimic the blockade of the Taiwan strait, increasingly aggressive flyovers or patrols close to and entering Taiwanese airspace and, most recently, the drills of joint precision strikes on Taiwan, like the “United Sharp Sword” exercise from April 2023.

To sum up, it's not only the terminology and narrative that varies across nations, but also the understanding of what is considered "below the threshold" of conventional warfare. The perception and understanding of grey zone activities play a crucial role in determining their significance and threat level, and critical thresholds are never truly rigid, and may shift depending on domestic politics, threat perceptions, and levels of risk aversion.

The Nuclear Connect

The shifting landscape of global politics has not only brought strategies such as hybrid threats and grey zone warfare back to the foreground of discussion but has also necessitated a pressing re-examination of nuclear issues. As the geostrategic attention pivots from West to East, America's prolonged conventional military superiority has possibly acted as a catalyst for both Russia's and China's moves toward means of non-conventional grey zone methods and an emphasis on nuclear modernisation. Just as there is an overlapping and ambiguity surrounding the boundaries of grey zone warfare, a parallel hazardous confusion is emerging between conventional and nuclear warfare. This is perceptible not only in the increasing deployment of grey zone-style tactics but also in the prominence of dual-use systems, and the co-location of nuclear and conventional weaponry, aiming to enhance ambiguity.

Both the grey zone and nuclear warfare circumvent the domain of conventional warfare. It is therefore not surprising that the most influential grey zone actors in recent years - Russia and China - are also nuclear powers. Russia, a nuclear peer of the U.S., has devoted the 2000s to modernising and diversifying its nuclear arsenal to achieve tactical nuclear superiority over U.S. forces. Meanwhile, China, an economic rival of the U.S., has forsaken its longstanding commitment to minimal deterrence and is rapidly accelerating its own nuclear modernisation efforts.

These developments could suggest a complex intertwining of grey zone tactics and nuclear strategies. The implications of this are significant and necessitate further investigation to fully understand the new realities of global security. The emergence of a multifaceted warfare environment marked by ambiguity–both in the grey zone and in the realm of nuclear capabilities–warrants a comprehensive revision of our understanding of security threats, deterrence mechanisms, and the intricacies of tactic and strategy, as well as their relation.

A Look Towards the Future

As we grapple with the intricacies of tumultuous international relations, the future trajectory of grey zone activities–defined by their inherent ambiguity, deniability and induced passivity when it comes to responding effectively–presents a mix of (de-)escalation strategies. Formulating effective strategies to maintain stability becomes pivotal in such a scenario, as, in the wake of the fast-evolving “hybrid” facet of warfare, grey zone activities are adept at challenging established security architectures, further undermining already fragile (nuclear) deterrence frameworks. The population and popularisation of the grey zone is creating another layer of complexity, steadily reshaping the exercise and contestation of power. Establishing criteria to assess the severity of grey zone tactics and develop a hierarchical risk-based framework for response could streamline the management of such threats. Prioritising investments in intelligence, surveillance, and reconnaissance infrastructure, along with enhancing regional cyberdefence capabilities, can enhance situational awareness, and better attribute activities to specific actors. In the same vein, as technological advancements transform the nature of grey zone tactics, they too, may empower the perpetrators, but also offer potential solutions to combat such threats. Innovations in cyber defence, artificial intelligence, analytics, and machine learning can aid in detecting and neutralising grey zone activities. Cyber-attacks on critical infrastructure or disinformation campaigns can have global implications but may very well be mitigated with capable technological defences in place.

Great powers are increasingly leveraging grey zone activities to shape power dynamics on the world stage. While these actions often target the most transparent political and economic systems–i.e., democracies and open markets–, the growing exchange of information brought about by a globally hyperconnected environment could also serve as a potent deterrent for grey zone activities due to the increased risk of detection. Countering grey zone threats thus necessitates a collaborative, informed, and long-term strategic approach. Engaging in dialogue on grey zone scenarios with key allies and partners can illuminate these concerns and aid in devising capable counterstrategies. Furthermore, evolution in international norms and laws to define and penalise such actions could potentially shape the development of grey zone activities.

However, the complex nuclear landscape marked by multiple great powers with sizable, and growing, nuclear arsenals and varying perspectives on nuclear strategy adds another ever present shade of complexity to this issue. Russia's substantial non-strategic nuclear arsenal and China's recent ICBM silo expansion underscore the evolving–more so deteriorating–nuclear dynamics, as we move onto the Third Nuclear Age. Thus, comprehending and countering grey zone threats must also factor in this broader context of shifting power dynamics and nuclear arsenals.

The grey zone, characterised by its complexity and constant evolution, will continue to shape the future of warfare and international relations. As we chart our course through this uncertainty, understanding the grey zone, its tactics, implications, and devising the necessary countermeasures becomes increasingly critical.

Irregular warfare is a dynamic conflict where state and non-state actors engage in a violent struggle to gain legitimacy and exert influence over pertinent populations. It strays from the traditional norms of warfare and employs diverse tactics such as insurgency, terrorism, and guerrilla warfare. Understanding irregular warfare is crucial in today's world, as it presents an enduring and effective means of achieving political goals. It challenges conventional warfighting notions by blurring the lines between war and peace and employing diverse methods.

Irregular warfare can disrupt businesses by disrupting supply chains, damaging infrastructure, and harming consumer confidence. NGOs have been pivotal in providing humanitarian aid to conflict-affected communities, but they too have faced obstacles. Irregular warfare can prolong and complicate conflicts by creating multiple, shifting factions, alliances, and grievances, challenge conventional military superiority and can impact diplomatic relations by creating tensions and mistrust between actors.

Insurgency and Counter-Insurgency

Insurgency

An insurgency is a violent, armed rebellion by small, lightly armed groups practising guerrilla warfare against a larger authority, primarily from rural base areas. Insurgencies have political objectives and use propaganda or intimidation to gain population support. They are often motivated by ethnic, religious, or ideological causes, and avoid direct confrontation by relying on hit-and-run tactics, ambushes, sabotage, and terrorism.

The Taliban Insurgency

Examining significant conflicts of the 21st century across the globe reveals an array of insurgencies that have deeply impacted various regions. The Taliban insurgency in Afghanistan emerged as a critical conflict in the early 21st century. Removed from power by a US-led invasion in 2001, the Taliban commenced an insurgency against the newly established Afghan government and the NATO-led International Security Assistance Force (ISAF). 

The insurgency of the Taliban in Afghanistan between 2001 and 2021 had significant implications for the country's population, supply chains, companies, and NGOs. The population faced numerous hardships during this period, including increased violence, displacement, and a general climate of fear. According to data from the UNHCR, the insurgency led to the internal displacement of approximately 2.9 million people by the end of 2019.  Education and public health services were also severely impacted, with many schools and healthcare facilities being shut down or restricted in areas under Taliban control.

Supply chains in Afghanistan were severely disrupted as well. Roadside bombings and attacks on convoys made the transportation of goods hazardous, leading to shortages and increased prices of essential commodities. Many rural areas were particularly affected, as their economies are largely dependent on agriculture and livestock, and they were often cut off from the larger marketplaces due to the conflict. The World Bank reported a marked slowdown in economic activity in areas affected by the insurgency, during the COVID-19 pandemic, leading to food and fuel shortages, increased prices, and widespread unemployment.

Moreover, the conflict resulted in an increasingly challenging environment for businesses and NGOs operating in the country. The Afghan Chamber of Commerce and Industry noted a significant drop in business investment, particularly from foreign sources, due to security concerns. NGOs faced a particularly complex challenge, as they had to navigate the intricate tribal and political dynamics of the region while also dealing with threats and attacks from insurgent forces. For example, Médecins Sans Frontières (MSF) was forced to close a trauma centre in Kunduz in 2015 after it was bombed, leading to the loss of 42 lives.

Boko Haram

Boko Haram's insurgency has caused significant disruption and upheaval in Nigeria, primarily in the northeastern regions of the country. The group's activities have resulted in the displacement of over two million people, causing a severe humanitarian crisis. Large numbers of people have been forced to flee their homes, leading to a surge in internally displaced persons (IDPs) and refugees. This massive population displacement has strained resources and infrastructure and  increased the demand for humanitarian aid.

In terms of supply chains, the insurgency has led to disruptions and insecurity along key transport and trade routes, especially those connecting Nigeria to its neighbours in the Lake Chad region. Frequent attacks have made it challenging to transport goods and services safely across the country, which has had a knock-on effect on the availability and prices of goods in affected areas.

Companies operating in regions affected by the insurgency have faced significant challenges, including physical damage to assets, disruption of operations, and risks to personnel safety. Some companies have had to shut down operations or move to safer regions, while others, mainly multinational firms with greater resources, are operating with increased risk assessment and mitigation. This has not only affected the companies themselves but also their employees and local communities who rely on these businesses for employment and economic stability.

Counter-Insurgency

Counter-insurgency refers to the actions or programs taken by a group, army, or government to combat insurgencies. Its objectives include restoring peace and minimising civilian deaths, using a combination of conventional military operations, propaganda, and psychological operations. Counter-insurgency involves military and public authorities, requiring a comprehensive and coordinated approach that addresses the root causes of the insurgency, isolates the insurgents from the population, and strengthens the legitimacy of the government.

The U.S. and the Coalition Counter-Insurgency in Iraq (2003–2011)

After the U.S.-led invasion of Iraq in 2003 that toppled Saddam Hussein's regime, an insurgency emerged composed of different factions, including former regime elements, Islamists, and ethnic groups. The U.S. and its allies implemented a counter-insurgency strategy to combat it, which included combat operations, training of Iraqi forces, and efforts to win the “hearts and minds” of the Iraqi population. The "Surge" of additional American troops in 2007, a controversial action, is often credited with reducing the level of violence, even though it exacted a heavy toll.

The United States and their Allies' counter-insurgency operations in Iraq had significant effects on the population, supply chains, companies, and NGOs. One of the most immediate effects was the direct impact on the civilian population. Data from the Iraq Body Count project, a human rights project which maintained a database of violent civilian deaths during and since the 2003 invasion, showed an estimated 185,000-208,000 civilian deaths from violence from 2003 to 2011, inflicted both by US-led coalition forces and Iraqi insurgents.

The implementation of counter-insurgency strategies often led to disruption in supply chains. In a bid to cut off supplies to insurgents, stringent checkpoints and road closures were enforced, leading to delays and sometimes complete standstills in the transportation of goods. For example, in 2007, a report by the Special Inspector General for Iraq Reconstruction (SIGIR) highlighted that significant amounts of construction materials intended for infrastructure projects were delayed or lost due to these restrictions.

NGOs were also deeply impacted. The NGO Coordination Committee for Iraq (NCCI) noted that many NGOs faced escalating security threats, with kidnappings and attacks on aid workers becoming increasingly common. Additionally, with the country's infrastructure crumbling and financial systems unstable, NGOs struggled to get much-needed aid to the people who needed it the most. For instance, in 2010, only 30% of Iraq’s humanitarian aid was met, as charities and NGOs simply could not get the aid into the regions it was needed.

The Revolutionary Armed Forces of Colombia

While conflict between the Revolutionary Armed Forces of Colombia (FARC) and the Colombian Government began in the mid-20th century, the 21st century saw significant counter-insurgency efforts by the government, with considerable U.S. support under Plan Colombia. The counter-insurgency operations eventually culminated in a peace agreement in 2016, which led to the demobilisation of FARC as a militant group, although dissident factions remain active.

For the population, the impacts of the counter-insurgency have been multifaceted. The conflict has led to large-scale displacement, with UNHCR data estimating that 6.8 million people had been internally displaced by the conflict by the end of 2022. The violence has also had a significant impact on human rights, with the army engaging in extrajudicial killings to boost statistics and armed groups forcibly recruiting children and adolescents. Public health has also been affected; in conflict zones, access to healthcare became limited as a result of the violence, hampering the health of the population.

Companies operating in Colombia also faced challenges due to the conflict. Particularly in the mining and energy sectors, infrastructure sabotage became a common form of attack by the FARC. This resulted in significant production losses and delays, resulting in financial losses for these sectors. For instance, in 2014, FARC violence cost Columbia’s oil sector roughly $400 million by July of that year.

Humanitarian workers have often been targeted by both FARC and government forces, either through intimidation tactics or by violent methods, limiting their access and ability to provide aid. This significantly hampered their operations. In 2022 alone, medical missions in Colombia were attacked 426 times.

Mitigation Strategies

Addressing the myriad obstacles in counter-insurgency efforts necessitates a multifaceted approach. One must first gain a deep understanding of the root causes and motivations driving both the insurgents and the general population. It is essential to pinpoint and sever the connection between insurgents and their sources of support, though this is notoriously difficult to do, while simultaneously managing the complexities of dealing with various insurgent groups.

A balanced application of force and restraint is crucial, as well as efficient coordination among the different actors involved in the counter-insurgency process. Adapting to ever-evolving dynamics and challenges is equally important.

To surmount these hurdles, strategies should focus on tackling the political, economic, social, and cultural greed and grievances that lie at the root of insurgency. Safeguarding the population from insurgent violence and crippling insurgent capabilities via intelligence-led operations is also vital. Strengthening the legitimacy and capacity of the host-nation government and security forces plays a key role in counter-insurgency.

Moreover, strategic communication and information operations are needed to combat insurgent propaganda. Finally, engaging in negotiations with moderate or cooperative insurgent factions may pave the way for a political resolution or enduring peace.

Guerrilla Warfare

Guerrilla warfare employs strategies such as ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility to combat larger and less-mobile traditional military forces. Key characteristics include reliance on local population support or political cause for sustaining fighters and providing intelligence, recruits, safe havens, and resources. Guerrilla warfare exploits terrain and surprise to harass and demoralise enemy forces, avoiding direct confrontation and pitched battles unless conditions are favourable. This type of warfare aims to inflict attrition on the enemy through small-scale actions, gradually eroding morale, supplies, and the will to fight, while adapting to changing circumstances and utilising various tactics and weapons to achieve objectives.

The Case of Myanmar

Myanmar has been in a state of turmoil since the military coup that occurred in February 2021. Following the coup, various resistance groups emerged, some of which formed the People's Defense Forces (PDFs). These groups began employing guerrilla warfare strategies in an attempt to push back against the military junta's control.

The conflict grew more severe when armed rebels declared war on the junta, which escalated the country's situation towards comprehensive urban warfare. This escalation has led to a cycle of human rights violations and abuses, trapping the people of Myanmar in a situation of poverty and displacement, according to the then-UN High Commissioner for Human Rights Michelle Bachelet. 

Throughout 2021, the military sought to consolidate its authority by ruthlessly killing and imprisoning its opponents. This intensified conflict, coupled with the COVID-19 pandemic, caused a significant humanitarian crisis with needs escalating dramatically.

As the conflict further escalated in early 2022, the country saw a heavy military presence, increased military checkpoints, and search and arrest operations. Noeleen Heyzer, the UN Special Envoy on Myanmar, mentioned that the political crisis had opened new frontlines that had long been at peace, further deepening and expanding the challenges in the country.

In response to the escalating situation, brutal assassinations became a common strategy by 2022, for both sides. One reported incident involved a rebel gunman who assassinated a government official by shooting him four times in the head. As a response, the Myanmar military took revenge on the population. For instance, the military was involved in one situation where they killed 17 people in two separate villages. The military has also launched hundreds of air strikes on opposition forces, resulting in the death of more than 300 civilians. Groups allied to the military have also been involved in extrajudicial killings, without facing consequences.

Guerrilla warfare's impact on businesses and economic development can vary depending on the context and nature of the conflict. One possible effect is the disruption of supply chains and markets, which can interrupt the flow of goods, services, and resources, creating shortages, delays, and increased costs. Another potential impact is damage to infrastructure and property, such as roads, bridges, factories, and shops. This can reduce productivity and profitability while increasing repair and maintenance costs.

Countering guerrilla warfare presents various challenges, such as the difficulty in identifying and locating guerrillas who blend in with civilians and use the terrain to their advantage. The asymmetry of the conflict, political and psychological aspects, and logistical and operational constraints faced by conventional forces add to the complexity.

To counter guerrilla warfare, developing a clear and realistic strategy, and employing flexible and adaptive tactics suited to the local context, while coordinating with other actors like local authorities, civil society, and international organisations can be effective. Protecting and engaging with the population by providing security, services, development, and justice, while disrupting guerrilla networks and sources of support, is crucial for a successful campaign.

Terrorism and Counter-Terrorism

Terrorism

Terrorism can be understood as the unlawful use of violence and intimidation, particularly against civilians, to pursue political aims. Definitions may vary across countries and organisations, but some common characteristics of terrorism include the use of violence or the threat of violence, targeting non-combatant subjects, and being politically motivated. Terrorist acts are typically planned and systematic, with groups like Al Qaeda, ISIL, and National Action employing different ideologies, motivations, and methods. By targeting civilians, public places, and symbolic locations, terrorism aims to create widespread fear and coerce governments and citizens to change their policies in favour of the terrorists' agenda.

The September 11 attacks in 2001, orchestrated by Al Qaeda, involved the hijacking of four planes, with two crashing into the Twin Towers of the World Trade Center, causing their collapse, another hitting the Pentagon, and the fourth being diverted and crashing in Pennsylvania. These attacks resulted in the deaths of nearly 3,000 people and prompted a global war on terror. Similarly, the London bombings in 2005 targeted the city's public transportation system, leaving 52 dead and around 700 injured, serving as a reminder of the enduring threat of terrorism in urban areas. Additionally, the terrorist attack on Garissa University in Kenya in 2015 revealed the targeted nature of extremist violence, resulting in the deaths of 148 individuals and highlighting that even places of education can be vulnerable to such acts.

Counter-Terrorism

Counter-terrorism encompasses political and military activities aimed at preventing or thwarting terrorism. The UK's counter-terrorism strategy (CONTEST) follows a strategic framework with four work strands: prevent, pursue, protect, and prepare. Counter-terrorism efforts rely on international legal cooperation and adherence to human rights standards, requiring collaboration and coordination between countries and organisations while respecting the rule of law and the rights of all people, including those suspected or accused of terrorism.

Operation Barkhane

Operation Barkhane initiated by France in August 2014, is a counter-insurgency operation in Africa's Sahel region aimed at combating extremist groups and replacing the earlier Operation Serval in Mali, within a broader international effort to stabilise the region. Its objective was to combat Islamist militants and provide support to local forces in Mali, Niger, Burkina Faso, Chad, and Mauritania.

Operation Barkhane had a mixed impact on the Sahel region. It led to several high-profile successes such as the elimination of top extremist leaders, including Abdelmalek Droukdel, the head of Al-Qaeda in the Islamic Maghreb (AQIM), in June 2020, and Adnan Abu Walid al-Sahrawi, the leader of the Islamic State in the Greater Sahara (ISGS), in March 2021. Through this operation, France also provided training and support to local military forces, significantly contributing to the G5 Sahel Joint Force, which, however, struggled due to insufficient funding and resources. Despite these successes, in 2020, the United Nations reported a sharp increase in violence in the tri-border region between Mali, Niger, and Burkina Faso, with the death toll doubling compared to the same period in 2019. Extremist groups proved to be resilient and adaptable, often regrouping after suffering setbacks. Meanwhile, inter-communal violence and conflicts over resources complicated the situation further, pointing to the fact that the issues at stake extend beyond what a military operation can address.

In some areas, the presence of foreign troops sparked large protests, as seen multiple times in Bamako, the capital of Mali, where thousands demanded the withdrawal of French forces. Reports of civilian casualties, whether in the crossfire or due to mistakes, further fueled anti-French sentiments. Moreover, the dependence on foreign military aid has been a source of concern for some, worrying that it undermines national sovereignty. Ultimately, French forces withdrew from Mali and the operation came to a close following coups in 2020 and 2021 in the country.

Counter-terrorism measures can affect businesses in several ways, including escalating security expenses, regulatory compliance, human rights issues, and opportunities for collaboration. Increased investment in security measures may impact profitability and competitiveness, while adhering to counter-terrorism regulations can introduce additional administrative burdens and market constraints. Ethical dilemmas or human rights risks may arise for businesses operating in areas where counter-terrorism measures are enforced.

Addressing terrorism involves overcoming numerous challenges and executing strategies such as defining and understanding terrorism, preventing and countering violent extremism, fortifying the legal framework and criminal justice system, boosting security and resilience, and encouraging dialogue and cooperation. Counter-terrorism endeavours should balance security and human rights concerns, target the underlying causes and drivers of terrorism, enhance international collaboration and coordination, and adapt to the evolving nature and tactics of terrorism. Employing human rights-based, preventive, multilateral, and adaptive approaches can lead to more effective and sustainable counter-terrorism outcomes.

Conclusion

This article delves into the intricate realm of irregular warfare, examining insurgency and counter-insurgency, guerrilla warfare, as well as terrorism and counter-terrorism. Key takeaways emphasise the significance of grasping the nature and dynamics of these unconventional warfare forms and their potential consequences on businesses and economies, including supply chain disruptions, infrastructure damages, and human capital losses.

Addressing these threats is crucial, as they can not only compromise business operations but also pose risks to global security and stability. Countering these challenges demands continuous innovation and adaptability, with governments, businesses, and civil society joining forces to devise and execute effective strategies.

Persistent innovation and collaboration are essential, given that hybrid threats are perpetually evolving and necessitate multi-faceted approaches that tackle the root causes and drivers of conflict while upholding the rule of law and human rights. This calls for the cultivation of a comprehensive and coordinated response that encompasses military, political, economic, and psychological measures, in addition to international cooperation and dialogue.

Amid these challenges, businesses must stay alert and proactive, adjusting to shifting circumstances and investing in risk management and resilience measures. This involves forging robust partnerships with governments, civil society, and other stakeholders to collaboratively mitigate the effects of irregular warfare and terrorism and foster peace and stability in affected regions.

Ultimately, addressing these threats is a shared responsibility among all members of society, as collective action is crucial to building a safer and more secure global community. Businesses play a vital role in this endeavour by endorsing responsible and ethical practices, investing in resilience, and supporting initiatives that address the underlying causes of conflict and terrorism.

As outlined in the first article of this series, hybrid threat refers to an action performed by a state or non-state actor to undermine or harm a target by influencing its decision-making at the local, regional, state or institutional level. Such actions tend to be coordinated and synchronised and purposefully attack democratic states’ and institutions’ weaknesses to cause damage below the threshold of overt aggression. Activities can take place in the political, economic, military, civilian or information arenas, using widely-encompassing means. They are an amalgam of coercive and subversive activities, conventional and unconventional methods, employed in a coordinated manner across a  plethora of avenues. 

Concerns about the effects of hybrid threats first appeared in NATO’s 2010 Strategic Concept and consolidated into the NATO Capstone Concept, which categorises hybrid threats as “those posed by adversaries, with the ability to simultaneously employ conventional and non-conventional means adaptively in pursuit of their objectives.” In light of Russia’s invasion of Ukraine and events in Iraq, the idea of hybrid threats has started to receive increased attention. 

Critical infrastructure as a target for hybrid threats

Contemporary critical infrastructure is a viable target in the hands of adversaries who are willing and able to use hybrid tools. The European Commission defines critical infrastructure as “an asset, system or a part thereof located in the Member States which essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in the Member States as a result of the failure to maintain those functions.” Thus, as reiterated in the recent NIS directive, the provision of essential services and their continuity are crucial. Regardless of the nature of the hostile actor (whether non-state or state), infrastructure, essential services and supply chains can be viable targets for disruption, intimidation and pressure.

The activities aim to:

1. Degrade the quality of goods and services offered (e.g., reduce availability, reliability),

2. Destroy key elements of an infrastructure,

3. Increase their operating costs,

4. Influence demand by putting pressure on the infrastructure,

5. Decrease/eradicate redundancies and cause unilateral dependencies on the hostile actor,

6. Acquire or limit access to key resources necessary for their operation (raw materials, technology, expertise, etc.).

Therefore, any tool capable of causing or exploiting a vulnerability in an infrastructure (home-grown vs injected vulnerabilities) and achieving any of these effects could be used in a potential hybrid toolbox. Vulnerability is often related to a specific sector, and can also have a temporal dimension (e.g., increased demand for a service amid a natural disaster, or service degradation due to normal ageing of the infrastructure), or be recurrent (cyclical) based on specific conditions.

The infrastructure domain can be considered a ‘mega-domain’, as it encompasses many sectors, including, but not limited to:

Cyber

Cyber plays an extraordinary and very specific role with regard to hybrid threats, and not only because every socio-political and military conflict will also take place in cyberspace. For national security planners, this includes cybercrime, propaganda, espionage, influence, terrorism, and even warfare itself. The nature of national security threats has not transformed, but cyberspace is a new delivery mechanism that can increase the speed, diffusion, and power of an attack, while ensuring anonymity and undetectability. The low cost of entry, anonymity, and asymmetries of vulnerability implies that small actors have a greater ability to exert power in cyberspace than in more traditional areas of global politics. This domain refers to the information environment, which comprises the interdependent network of information technology infrastructures (including hardware, software, data, and protocols), and information (including the internet, telecommunications networks, computer systems, and embedded processors and controllers). The tools that may be used by a hostile actor are intended to cause degradation, disruption or destruction of networks, or to access data and information. Access to information may also be an objective of a hostile actor to obtain intelligence and reduce detectability.

Space

Space-based services include navigation, communications, remote sensing, science and exploration. There is growing concern about activities related to hybrid threat activities in space, as a plethora of countries have been involved in developing counter-space capabilities with multiple state actors. The impact of hybrid operations in space not only affects the military/defence domain but can also cause a significant impact on civil commercial activities, as these increasingly rely on space capabilities.  Most tools that can target the space domain exploit the link between space assets and other domains, and the potential cascade effects if they are compromised, even temporarily. This domain is closely linked to the military/defence, economic, infrastructure, information and intelligence domains.

Furthermore, today’s societies are increasingly reliant on the smooth functioning of large and interdependent Critical Infrastructure systems. Few buildings can be heated by their own systems. Most are connected to a district heating system. Besides district heating systems, many other systems (distribution of fuels, fresh water, sewage) are dependent on the availability of electricity, as they are dependent on pumps. Communication systems need electricity for data transmission. The failure to generate and distribute electricity can lead to multiple failures elsewhere.

Previously, the investment and maintenance of critical infrastructure as well as the continued readiness of critical deliveries, were the responsibility of the state or the public sector. Since the end of the Cold War, governments have reduced their authority over these assets. This is the case, for example, with power generation companies, the electricity grid, telecommunications companies, national aviation companies, airports, airfields, seaports and even many other services that used to be run by the state, such as postal services, road building, shipping channels and pilotage, and health care services. Thus, from a resilience perspective, Western open-market systems have clear vulnerabilities: 

1. Based on the Just in Time delivery notion, the stock of all goods has been purposefully reduced. In the scenario of a major disruption of market-guided logistical systems, reserves near the used end would be scarce.

2. Globalisation implies longer distances for many goods. Fewer and fewer countries are  self-sufficient in the production of goods to maintain a basic standard of living.

3. Digital systems have become increasingly dominant. Thus, if IT systems fail, goods will be lost. This means that logistics is a potential target for a cyberattack.

4. Financial systems are increasingly vulnerable to cyberattacks. If payments cannot be made, goods will not flow, leading to  a shortage of food and basic necessities.

5. Societies are increasingly reliant on the proper functioning of large and interdependent critical infrastructure systems. Cyber or physical channels can be used to damage them.

6. All logistics and finance rely on telecommunications. Telecommunication systems are highly vulnerable to cyberattacks, but can also be paralysed physically by hitting key congestion points. Damage recovery would take time.

7. Domestic actors cannot counteract and remedy problems that occur abroad.  A serious disruption of the international market can lead to congestion in deliveries and financing. Such events can lead to serious damage where goods no longer arrive since they are not produced locally.

What are the appropriate countermeasures?

1. Increase the resilience of critical infrastructure to hybrid threats, which would also improve resilience to natural disruptions; 

2. Increase the likelihood of detecting breaches in systems and, if such a breach occurs, of successfully attributing the actors behind it; and

3. Facilitate the exchange of information and good practice within and between different areas of critical infrastructure.

Some of the necessary improvements can be achieved through education, training and process development. Others can best be achieved through improved standards and technical improvements. Critical infrastructure is mostly managed by private companies that are based on a commercial logic and aim to make marginal profits. They can be encouraged to propose mitigation solutions and companies can be part of the solution, with authorities having a responsibility to support and guide them. States can use regulations to counteract them. Careful consideration should be given to the functioning of open markets, regardless of national borders. When a state imposes costly regulations on one aspect of a business, this has an impact on the competitiveness of businesses in the country concerned. Thus, one should regulate them in a wider all-encompassing framework, such as the EU. States can also financially support the most vulnerable points of critical infrastructure. This may include support for critical equipment stocks, technical systems or certain types of vulnerable market functions. Moreover, states should formulate responses at EU and NATO-level. The developing RescEU mechanism should be viewed as a possible tool to help EU Member States (or neighbours) to cope with unlikely scenarios beyond national capabilities.

Countering hybrid threats

Countering hybrid threats tends to be primarily a responsibility of the affected state, but the EU is helping to facilitate cooperation between Member States to find policy solutions and share best practice. There are two major policy documents in this regard: the EU’s 2016 Joint Framework on Countering Hybrid Threats and the 2018 Joint Communication on increasing resilience and bolstering capabilities to counteract hybrid threats. The EU policy on countering hybrid threats is based on the following pillars:

1. Situational awareness: this is fundamental to ensuring that Member States are aware of the challenges, make informed decisions and develop a common strategic culture.

2. Resilience: the concept of EU resilience implies its ability to help prevent, build resilience and recover from crisis, including multidimensional hybrid attacks. Member States develop their resilience to such attacks and can use the CSDP mission for this purpose.

3. Cooperation: the EU participates in the fight against hybrid threats in liaison with stakeholders and international organisations, as well as with other civil society bodies. It is essential that any mitigation efforts are not only undertaken at national or regional level, but also at international level.

In the Strategic Compass for Security and Defence, Member States intend to build the EU Hybrid Toolbox, which would include prevention, cooperation, stability enhancement, containment and support measures. It focuses on identifying complex and multifaceted hybrid campaigns, and coordinating tailored and cross-sectoral responses to these campaigns Acting as an overall framework, it would bring together other relevant response frameworks and instruments, such as the EU Cyber Diplomacy Toolbox and the proposed Foreign Information Manipulation and Interference (FIIMI) Toolbox. It would help improve the effectiveness and coherence of a range of actions and improve the EU’s capabilities to mitigate hybrid threats.

The analysis of the challenges posed by hybrid threats has led to the evolution of a comprehensive approach that combines all actors and policy instruments: military forces, diplomacy, humanitarian aid, political processes, economic development and technology. The EU adopted its own comprehensive approach in December 2013. However, it is also essential to understand that adjustments to a security scenario afflicted by hybrid threats can have long-term implications for the stability of the international order and can potentially influence global power shifts. Thus, in this regard, a multitude of policy trends are important:

1. Conceptual trends: Comprehensive government-led approaches now tend to be coupled with whole-of-society strategies aimed at managing risks and building resilient societies. This emphasis on resilience helps mitigate risks that could potentially cause hybrid conflicts in the future (for instance, over energy or access to water), and improved related resource-management practices.

2. Material trends: Resources to help counter hybrid threats are held by a plethora of stakeholders, i.e. governments, civil society, the private sector and individuals within  society. This shared ownership is reflected in the public-private cooperation on security and development. Moreover, governments have taken steps to increase and modernise their civilian and military capabilities.

3. Legal trends: Some existing legal concepts and frameworks may be anachronistic and generally do not adequately address the issue of hybrid threats. This can lead to the incoherent application of the existing rules, whereby states use treaties and conventions selectively to justify their positions. The choice between the status quo and new instruments could increase the need for other means of dealing with the issue, such as confidence-building measures, law enforcement cooperation and mutual legal assistance.

4. Institutional trends: Many countries have adapted to hybrid threats by expanding the serving purposes of already existing institutions (i.e. new powers for intelligence agencies, facilitating EU strategic communication) or creating new organisations (for instance, the Ministry of Truth in Ukraine)

Conclusion

Countering hybrid threats is one of the most difficult challenges facing the EU and its Member States. An effective response involves building situational awareness capacity, boosting resilience in all critical sectors, ensuring recovery and response in times of crisis, and cooperating with other countries and organisations. While efforts should be made at the national level to build resilience and detect, prevent, and respond to these threats, efforts at the regional or EU level should support national efforts. Given the cross-border nature of hybrid threats and their EU-wide targeting, coordination at EU level, integrating the external and internal dimensions in a seamless flow and in conjunction with the whole-of-government and whole-of-society approaches at national levels, are pivotal to counter them effectively.

Although considerable effort has been made, more emphasis needs to be placed on raising awareness and understanding of hybrid threats, on improving resilience and the ability to recover quickly from and respond to such attacks, and on the ability to deter and respond to malicious cyber activity. To counter the increase in cyber threats activities aimed at influencing the outcome of democratic elections, more frameworks must be deployed; one such existing framework is the European Democracy Action Plan. In addition, the international element is highly pivotal as the security environment has changed considerably. Cooperation with partner countries is essential in this regard. Lastly, the COVID-19 pandemic has shown how a health crisis triggered the employment of specific hybrid techniques by attacking critical infrastructures and spreading misinformation through digital media to achieve political objectives. There is therefore a need to counter misinformation and strengthen strategic communication.

It is important to consider the limitations of these countermeasures. Firstly, there may be disagreements over what is understood and categorised as a hybrid threat. Different stakeholders may have different notions of hybrid threats, making it difficult to develop a common approach to countering them. Moreover, most mitigation measures focus on the military or strategic dimensions of these threats, thus neglecting economic and financial considerations. A comprehensive response should be holistic and multifaceted, addressing the different areas affected and involving coordinated efforts. Most importantly, it is important that responses are international as these threats tend to be transnational and not localised. Any response that is restricted to a single area would not be effective in combating most of these threats. 

Psychological warfare may, in some respect, seem an outdated term. Instead, specific concepts such as information manipulation or, conversely, broader terms such as foreign influence operations are increasingly more prevalent. What is often less understood is that while these are important threats to take into account, they generally exclude a potent human quality open for targeting - emotion. Unlike information manipulation, which targets cognitive processes and perceptions, psychological warfare aims to dig deeper, exposing the most basic of human emotions (anger, fear, hatred) and seeking to transform them into something stronger for political, ideological, and security reasons. So, what is the state of psychological warfare today? What are states and other entities doing to combat it, and are their efforts sufficient? This article explores these questions, seeking to assess the prominence of this hybrid threat, and what can be done in defence.

A brief overview of psywar

Psychological warfare has a long history, dating back to Ancient times, although such an explicit label was most likely not available. However, its use really took off during the two World Wars, where targeting the morale of enemy soldiers played a key role in numerous battles. The effects were two-fold: first, the intended effect was to demoralise the enemy, and break his will to fight; second, a common by-product (whether intended or not) was often greater mistrust, confusion and uncertainty within enemy circles. This is due to the fact that, as our previous article mentioned, psychological warfare “is designed to target deeper feelings and processes outside of perception, many of which are difficult, if not impossible to control”, rendering not only the results, but also the source of attack unspecified. As the subsequent section argues, these blurred lines are becoming increasingly difficult to discern properly as both state and non-state entities leverage new technologies and tactics to aim at an ever-wider range of targets.

Targeting modern hearts and minds

Psychological warfare today comprises a range of tactics and actors, including media propaganda, pamphlet distribution, false flag operations, and information warfare. Apart from its historical use, psychological warfare (or ‘psyops’, as it is more readily known in contemporary military circles) has been a standard feature of military doctrine in countries such as the United States, the United Kingdom, Russia, China, Iran, as well as a more diverse set of actors such as Estonia. While its tactics continue to be used in foreign conflicts, they are also increasingly incorporated into domestic defence planning. In other words, countries are not only interested in developing offensive capabilities to strike an enemy and demoralise him psychologically, but also to ensure that the same enemy does not succeed in using such tactics against them domestically. A number of contemporary examples demonstrate the international and domestic security implications psychological warfare continues to bring.

The Russo-Ukrainian war

Since the beginning of the war on Ukraine, Russia has been using disinformation, propaganda, and false flag operations to target the psychological state of Ukrainian armed forces and political and military leadership. Starting with the build-up of troops on and around the Ukrainian border for almost a month, Russia's objective from the outset went beyond mere military preparation for an invasion - an equally important objective of these actions was to intimidate Ukraine and break its will to resist even before the fighting began. Similarly, continuous and coordinated propaganda narratives (fascistic nature of Ukrainian leadership, genocide in Donbas and other human rights violations, development of biological weapons, surrender of President Zelenskyy, and anti-refugee sentiments among others) aimed at domestic and international audiences proliferated.

Russia’s chief method of psychological warfare has been social media, with reports of fake accounts and groups spreading information favourable to the Russian view. Their usage of Facebook, Twitter, but also relatively recent forms of social media, such as TikTok, has increased with the war’s progression. Another common source of dissemination is foreign news outlets favourable to the Russian stance, besides domestically controlled state media and their international branches. These include Chinese state media such as CGTN and Beijing News.

The objectives are varied but converge on a few common goals: first, to demoralise Ukraine, its leadership and armed forces, and break their will to resist; second, to turn Russian, Ukrainian and international public opinion against Ukraine and in favour of Russia. The latter goal is, nevertheless, also associated with political ruling regimes in these countries - the populations most favourably disposed towards the Russian narrative are those whose political leadership entertains (hopes of) positive relations with Russia.

Russia and the Baltic states

Russian psychological operations warrant another section, since outside of Ukraine (as well as Georgia), the Baltic states are also a frequent target. As former Soviet republics and current members of the North Atlantic Treaty Organization (NATO), modern-day Estonia, Latvia and Lithuania occupy a particularly important position in Russia’s foreign policy and on its list of target countries for psyops. Despite a significant shift in cultural and political leanings and the fact that Russian ability to influence their populations has been decreasing, the Baltic states continue to be home to a substantial Russian or Russian-speaking population. This linguistic legacy allows Russia to utilise the same, or similar tactics, narratives, and methods as it might otherwise only be possible domestically. Among the most prevalent narratives are the usual ideological triggers, such as WWII, the USSR, and anti-Western sentiment.

In terms of methods, the primary source of propaganda tends to vary from country to country. In Estonia and Lithuania, Russian social media such as VK (V Kontakte - In Contact) tend to be prevalent, while Latvian audiences turn to Facebook. The salience of the above-mentioned topics also varies accordingly.

The goals of these psyops evolve constantly. Besides continuously evoking a nostalgic image of the ‘good old days’ and the Soviet past, Russian psyops also primarily target fear - fear of Western influence and even invasion. Nevertheless, as noted above, its influence has been decreasing steadily. This is a result of geopolitical as well as domestic developments within the Baltic states themselves. First, unlike Ukraine, the Baltics have been quite successful in separating themselves from Russian influence politically and economically after the fall of the USSR. They were furthermore aided in this endeavour by their early admission into NATO and the European Union (EU). Finally, Russia’s own activity domestically (Chechnya in 2004 in particular) and in former Soviet republics, Georgia and Ukraine (2008 and 2014 respectively) has stoked fears in the Baltics of a possible invasion of their own territories, and thus served to alienate much of the now Western-oriented political and social establishments along with the wider population.

France in Mali

The French military operations in Mali (Operation Serval and a later, broader Operation Barkhane in particular) present further examples of the use of psychological warfare during a time of conflict. The motivations for it are complex and steeped in geopolitical interests and considerations of France, the UN, and a number of West African countries. In the former case, France engaged in psyops against separatist rebels during a coup in 2013, an operation which aimed to discredit the Islamist narratives taking over the country. The latter was in many ways a continuation and an extension of these objectives, continuing at least into 2017. The aims of the second operation included further crackdown on Islamist ideology and terrorist activity, as well as boosting the image of France to justify and legitimise the operation.

The methods France used in these two operations were both psychological and information-based and supported by direct action on the ground. In the case of Operation Serval, French intervention forces were deployed and consolidated in Bamako, the capital of Mali, within three days. While often overlooked in studies of psychological warfare, such quick consolidation and response often serves to demoralise the enemy in addition to particular pieces of information, since it creates a specific image of the operation - speed, mobility, efficiency. Mobility was especially important, with French troops being on the move almost constantly between 12 January and 11 May 2013. The second set of methods, more typical of Operation Barkhane, consisted primarily of influence operations through social media, Facebook in particular. At the same time, French military personnel posting as locals were attempting to conduct counter-influence operations against Russian disinformation in the country (which carried certain grassroots elements prompted by the Russian government).

The success of the former methods and tactics is considered substantial, and a prime example of effective integration of psyops into operational strategy. Falling under the responsibility of the Centre Interarmée des Actions sur l’Environnement (CIAE), France’s psychological warfare doctrine follows closely from NATO regulations and instructions about psyops integration. Nevertheless, most actions after the conclusion of Operation Serval have not been considered particularly effective, and have rather been cited as the source of regional destabilisation in the Sahel. France ended up withdrawing its troops into Niger in August 2022.

United Kingdom and the United States

Another set of influential players in the domain of psychological warfare are the United Kingdom (UK) and the United States (US). Besides using various tactics and methods of psyops for the purposes of safeguarding domestic security and national interests, they also contribute significantly to the psyops strategy and capabilities within NATO. Falling under the organisation’s guidelines the chief focus of psyops as used by the two countries is on studying the target audience, various attributability categories and integration within operations in other domains.

In the UK, this is the task of the 77th Brigade - soldiers trained in special skills pertaining to information warfare, psyops, and influence operations. Furthermore, they are supported by the 15 Psychological Operations Group. These military units specialise in understanding the target audience, creating content for online distribution, as well as evaluating the success of previous operations by studying how particular content is received. Their work is evident in most operations in which UK troops are deployed, with some prominent ones involving operations in Iraq and other parts of the Middle East. They are also particularly used in counter-terrorism and counter-insurgency action.

In the US, psychological operations involve additional layers of training, including cultural sensitivity, interpersonal skills, and foreign language abilities. Besides various forms of media, the focus is on establishing strong relationships with the target audience, which is essential for subsequent influence. As in the case of the UK, US psyops are regarded as part of wider military strategy and therefore used in many situations, including to build pro-US sentiments in countries like Russia, China, and Afghanistan. Furthermore, US strategy includes economic considerations, such as discrediting influential businesses.

Nevertheless, there is a concern about the effectiveness of psyops originating from democratic countries, including the ones mentioned. The need for transparency, accountability, and freedom of speech, on which much of democratic legitimacy is based, poses certain challenges to governments and militaries seeking to leverage public media platforms for the purposes of psyops. For instance, social media platforms such as Twitter and Facebook have inadvertently identified and taken down US military-connected fake accounts whose purpose was to propagate psyops on these platforms, prompting an investigation by the Pentagon. At the same time, these same platforms can sometimes be cooperative in such efforts as well.

Countering psychological warfare

Despite the often adverse use of psychological warfare by various major geopolitical actors, there are a number of counter mechanisms available to those vulnerable to attack. The NATO psyops framework states: “Counter PSYOPS uses assets to analyse an adversary psychological activity and its effect on friendly populations, uncommitted audiences, and NATO forces.” Subsequently, counter-narratives and other methods are deployed to discredit psyops by an adversary and to provide accurate information. Methods include content analysis, evaluation of adversarial motives, cultural significance and audience analysis. At the same time, NATO’s counter-psyops can only be deployed in consultation with other units, such as those specialising in information warfare.

Outside of organisations specialising in issues of international security, supranational entities such as the EU have also explored the threats posed by psychological warfare and the potential means by which to leverage or counter its impact. Although there is no central doctrine on the role of psyops in the EU, it is closely modelled on NATO’s example, and its use has been explored in early crisis management missions. More recently, with the psychological warfare efforts of Russia in Ukraine and beyond, the EU has taken to more focused labelling and banning of disinformation sources. Understanding local culture and history is crucial in this process, since the values associated with these social aspects tend to be targeted. Without sufficient understanding, they would thus be impossible to identify and counter efficiently. Additionally, certain countries, such as the usually heavily-hit Estonia, have developed their own frameworks, centred around collecting detailed information about adversarial targets, strategy, and tactics. Countering psychological warfare therefore involves much of the same methods and skills as the offensive attack,  the difference being the overall objective.

Conclusion

Psychological warfare is difficult to predict, plan, execute, and counter as it involves mental and emotional processes of which the intended victim might not be aware. Modern-day strategies and tactics incorporate psychological warfare, making use of all forms of traditional and social media platforms and sources. With the spread of information technologies and the multidimensional prospects of new ones, such as AI tools, the scope and reach of psychological operations may soon encompass unprecedented domains and uses. Both state and non-state entities must thus work towards incorporating such hybrid threats into their organisational frameworks and ensure a full understanding of their potential consequences. Countering the threat of psychological warfare in such an environment must furthermore take increasing priority, especially given its elusive nature, and these disproportionate consequences. Ensuring a thorough understanding of the target audience, methods, effects, and capabilities of adversaries, and countering them using these same methods should not, however, come at the expense of democratic values and citizens’ rights. As such, democratic states have a particularly fine line to tread.

The significance and vulnerability of energy to hybrid threats goes beyond what is generally recognised. Ensuring energy security is fundamental for the sustenance of technologically advanced societies and nation-states. Energy security is defined as “the uninterrupted availability of energy sources at an affordable price.” It is important to keep this definition in mind because hybrid warfare, which involves the use of traditional and non-traditional instruments of warfare against an enemy, could disrupt the availability of energy supplies and  increase their price.  

The energy sector’s broader economic and security implications are evident  in the context of hybrid warfare. For example, various hybrid threats have been employed by Russia against the energy policies, assets, or supplies of not only NATO allies, but also other nations. Furthermore, challenges posed by hybrid warfare to the energy sector can undermine the defence and development of a nation-state, both in times of peace and conflict. 

The ongoing reliance on fossil fuels or their substitutes creates a vulnerability in which major energy exporters can leverage their position to exert political, economic, and military influence over countries that are dependent on them for energy. 

Energy as a weapon in hybrid warfare

The current Russia-Ukraine War offers significant lessons on energy security, highlighting how geography remains a decisive factor for energy security and that  control over pipelines continues to yield economic and political leverage. Russia has utilised a blend of ‘’military, semi-military, and strategic communication’’ tactics to create instability in Ukraine. By confiscating Ukrainian energy assets and exerting pressure on gas prices, Russia has successfully integrated energy security into its strategy. 

With the advent of cyberspace, methods of aggression and disruption have become increasingly covert and indirect. The challenges of attribution in cyberspace add another layer of vulnerability. Cyberattacks, coupled with hybrid warfare and disinformation campaigns, have elevated the threats to energy infrastructure to an unprecedented level.

Hybrid threats targeting energy infrastructure are likely to persist as the shift from fossil fuels to renewable energy will introduce new vulnerabilities. While renewables can enhance energy security by reducing reliance on geopolitically sensitive oil and gas imports and pipelines, their intermittency requires sophisticated industrial control systems, distribution networks, and energy storage solutions, all of which are susceptible to cyberattacks. 

Hybrid threats and businesses 

Companies have long been susceptible to what is now referred to as hybrid threats. In contrast to military conflicts, there can be no true enemies in the business sector, as direct methods of confrontation cannot physically destroy or eradicate competitors. Rather, companies engage in extreme rivalry, which can result in an escalation of competitive tensions that endures over time. 

Unlike the laws of war, business competition is governed by market regulation and societal codes of conduct applicable to international relations. Consequently, adversarial conduct within this competitive ecosystem is characterised as hybrid due to its clandestine nature, targeted objectives, and difficulty in attribution. In this context, states act in support of their domestic enterprises, amplifying the impact, breadth, and repercussions of hybrid tactics deployed. 

In addition to competitors and state actors backing their domestic firms, the realm of possible hybrid aggressors includes other autonomous actors operating outside both public and corporate frameworks. Their actions can be either sponsored or independent. Non-state actors have a wider spectrum of agency, ranging from conscious to unconscious involvement in the planning or execution of hybrid actions or threats against a company. In some cases, these actors such as journalists, social media platforms, labour unions, NGOs, and other civil society groups affiliated with the business sector, are unwittingly influenced or manipulated by third parties. As a result, clients and providers can also constitute the origin of hybrid threats that impact a company. 

The most common and affordable hybrid threats to businesses are cyberattacks. Their impact on businesses could be grouped into two categories. The first category is  ‘’above the surface’’ impacts which are also known as cyber incident costs. These impacts include technical investigation, customer breach notification, regulatory compliance, attorney fees and litigation, post-breach consumer protection, public relations, and cybersecurity improvements. The second category is ‘’below the surface’’ impacts which are also known as hidden or less visible costs. These impacts include increases in insurance premiums, increased cost to raise debt, operational disruption or destruction, value of lost contract revenue, devaluation of trade name, loss of intellectual property, and lost value of customer relationship.

What can be done?

Ensuring the security of critical energy infrastructure requires  more than  defence or deterrence. Resilience is a more appropriate approach. A resilient energy infrastructure may even have a deterrent effect in itself, as attackers may be less likely to target it if their attacks are unlikely to achieve the desired impact. 

The debate on this topic must acknowledge the importance of cyber and hybrid dimensions in the planning process. Allies and partners should also share their experiences in developing new legislative tools to counter hybrid actors, such as imposing restrictions on entities of certain countries purchasing national energy infrastructure. This will lead to the creation of a repository of knowledge that can help countries address and mitigate hybrid threats.

The military community also needs to establish stronger connections with academia and the corporate sector. It is essential to form ‘communities of trust’ through public-private partnerships that should allow different stakeholders to confidentially exchange information on security issues, including cyberattacks. For example, in the recent Russia-Ukraine War, various tech companies such as Microsoft, Amazon, Google, Starlink, Maxar Technologies and others played a strategic role in defence and security policy by assisting the Ukrainian government in implementing various counter-offensive measures against the Russian hybrid war.  

Finally, managing and responding to hybrid threats must acknowledge the value of intelligence. Companies can employ intelligence tactics, techniques and procedures (TTPs) to detect potential threats at the planning stage. Given the digital nature of most hybrid threats against companies, cyber intelligence has proven to be the most effective tool for identifying, comprehending, and neutralising them. 

Hybrid threats collectively constitute a relatively new concept, their practice, however, is not so recent. At the same time, their definition, categorisation, and historical context remain relatively elusive, even as their use, and therefore the necessity of countering them effectively, increases. In this introductory article to the series ‘Hybrid Threats in the 21st Century’, we aim to set the foundation by tackling these exact questions.

The Concept of Hybrid Threats

Hybrid warfare was defined by Hoffman for the first time as a method of conflict that combines both traditional and non-traditional tactics, including irregular formations, terrorism, and criminal activity, used by both state and non-state actors to achieve political goals. The primary objective is to disrupt the target nation through a blend of tactics, rather than to progress through traditional phases of warfare. Hybrid warfare presents a complex challenge for defence planning in the modern era, as it challenges conventional notions of warfighting, by erasing the boundaries between what is war and what is not. Ambiguous and unpredictable in nature, it securitizes every aspect of politics and society as everything is susceptible to becoming a threat to states.

Definitions by different international organisations

NATO defines hybrid threats as a combination of  “military and non-military as well as covert and overt means, including disinformation, cyberattacks, economic pressure, deployment of irregular armed groups, and use of regular forces.” According to the Alliance, “hybrid methods are used to blur the lines between war and peace, and attempt to sow doubt in the minds of target populations.” The EU recognises the diversity of definitions of hybrid threats as well as the evolving nature of these threats and defines the concept in a similar fashion as NATO, as “the mixture of coercive and subversive activity, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare.” 

As encompassing as the concept of hybrid threats is, the UN does not have a formal definition of the concept due to the differing views of all Member States, which poses a problem in building consensus around the term and the steps that need to be taken to combat these threats. Similarly, the OSCE does not have a formal definition as such, but its Member States have discussed the issue in several meetings with the Secretariat, showing a common concern to counter them.

Types and categories

Hybrid threats take many forms, and the types and categories delineated below form a list that is by no means exhaustive. Their irregular and blurry nature, in fact, may contribute to the notion that even categorisation as such can remain elusive. Nevertheless, we attempt to describe and briefly evaluate some of the more common ones below.

Grey zones

Grey zones are operations between war and peace; in some circles, “military operations other than war”. These may range from election interference to the use of ambiguous forces. The broad scope of action that can be considered as a part of grey zone operations poses a two-fold problem: (1) there is difficulty in determining which operations are taking place in the grey zone, i.e. the definition problem; and (2) another difficulty lies in establishing criteria of prioritisation for countering threats in the grey zone.

Due to their shadow nature, the principal use of grey zone operations tends to be attributed to non-democratic states such as China and Russia, although, with the diffusion of digital technology, these tactics are available to any state and non-state actor. Nevertheless, democratic states are generally considered at greater risk due to their open and transparent system of governance. This furthermore extends to businesses based in democratic states, who may be the direct target through economic pressure, or be indirectly affected by quasi-military activities or fluctuating and polarised public opinion. At the same time, freedom of speech and cooperation can be leveraged as key tools for exposing threats from grey zone activities.

Economic pressure

Economic coercion and pressure are threats targeting the economic and business activities of a state, including tactics such as debt dependency, intellectual property theft, forced technology transfers and punitive trade disruption. As a result of unfair trade practices by China, for example, and the narrowing of the global free trade space, countries like the United States have increasingly resorted to retaliation measures in the form of sanctions and tariff imposition. 

Although it is unclear to what extent economic coercion helps states achieve their geopolitical goals or greater influence, it is clear that economic issues are increasingly understood as political and security issues as well. The implications for states and businesses alike need to be taken seriously. For all the dismissal of sanctions as ineffective, economic coercive measures and counter-measures are evolving towards more specific targeting, putting the pressure directly on businesses, their representatives, and individuals connected to the state rather than states as a whole. Furthermore, with a globalised and interconnected economy, the potential for secondary and tertiary impact remains high.

Cybersecurity

Cybersecurity is the practice of safeguarding computer systems, networks, and sensitive information from unauthorised access, theft, damage, or disruption. Governing cybersecurity is challenging due to the constantly evolving nature of cyber threats, the difficulty in attributing attacks to specific actors, and the absence of international norms and agreements on cyber warfare.

Cyberspace operates differently from the physical world due to the lack of physical boundaries. In cyberspace, information can be copied and disseminated instantly, and digital assets can be accessed and transferred without the need for physical presence or travel. This opens the door to attacks from anywhere in the world, with a lack of transparency and accountability. Cyberspace is also a relatively new domain of governance, and the existing legal frameworks, such as the Tallinn Manual, need to be updated accordingly. This legal uncertainty creates gaps and inconsistencies in the regulation of cyberspace and its treatment as a security issue.

Cybersecurity is an essential and cross-cutting component of hybrid warfare, as cyber-attacks can disrupt communications, steal sensitive information, and cause physical damage to infrastructure. This is directly linked to other hybrid threats such as critical infrastructure protection, management of dual-use technologies for Artificial Intelligence (AI) or strategies against disinformation: they require an adequate cybersecurity framework.

Disinformation and election interference

Disinformation, which can be defined as the deliberate dissemination of false or misleading information to deceive people, is a major security threat because it can manipulate public opinion, destabilise governments, undermine trust in international norms, and institutions, and incite violence. It can be used to interfere in elections and justify acts of aggression and even war crimes. Disinformation can achieve strategic objectives without resorting to direct military action, making it a cost-effective and low-risk tool for state and non-state actors. 

The subjective nature of information and perception, along with the horizontal and democratised nature of social media makes disinformation a risky matter to address. While censorship may appear to some as the easiest way to counter disinformation, it highly undermines the legitimacy of a state, as it raises complex ethical questions and debates, such as the lack of freedom of expression or media plurality, and the respect for civil rights and freedoms.

Psychological warfare

Psychological warfare is by no means a new tactic, however, its use as a hybrid threat has greatly evolved since its employment in historical conflicts such as WWII. In theory, psychological warfare constitutes operations targeting morale, exploiting the fears, dispositions and emotions of enemy troops and the wider population. In practice, however, the lines are blurred between what constitutes psychological warfare, information operations, or foreign influence operations more broadly. The uniqueness of psychological warfare is that it is designed to target deeper feelings and processes outside of perception, many of which are difficult, if not impossible to control. Its use is not restricted to a time of war, however, and psychological operations can be used to intimidate adversaries and delay or deter military action. Modern-day use of technology, and especially the psychological impact of social media algorithms, has also expanded its potential reach beyond its traditional boundaries.

Energy

Using energy as a coercive measure is often construed as a subset practice of economic coercion, however, as recent events in Europe have demonstrated, the manipulation of energy resources has the potential to cause damage in more than one way. The reliance of a number of basic human needs on energy is only increasing, making energy a potent instrument of war and peace. Furthermore, the scarcity of resources has been discussed as a security issue long before energy specifically emerged as their frontrunner. Another challenge facing the reality of scarce energy resources is the exacerbation of such needs by climate change.

At the same time, energy as a hybrid threat faces serious shortcomings, namely traditional supply and demand calculations, sourcing of secondary material, and crucially, the availability of energy transport infrastructure. Confronting these aspects is thus a key stepping stone for states, businesses, and other non-state actors to guard against energy exploitation. In other words, with the right tools and policies, the cause of mitigating this hybrid threat remains at least partially hopeful.

Transport and supply chains

Supply chains are key to the functioning of economies and national security, as the US-China trade war currently demonstrates. Governments can leverage their control over supply chains to achieve objectives such as promoting domestic industries, protecting national security or exerting political influence through tactics such as export controls, investment restrictions or favouring domestic companies.

Supply chains are vulnerable to hybrid threats because they rely on the fragmentation of production and manufacturing processes across different states. The comparative gains from diversification and fragmentation of supply chains also open the door to dependency and vulnerability, as states and non-state actors often use supply chains and their facilities to disrupt other states, organisations and private entities.

Supply chain disruptions often target critical infrastructures, such as maritime trade routes, airports, air traffic, power plants, energy transmitters, and cyber infrastructures. Sustained supply shortages can have a significant impact on the economy and stability of states, leading to major disruptions in public security and a lack of long-term access to commodities, as seen in the crisis that erupted following the loss of agricultural exports since Russia’s invasion of Ukraine. 

Critical infrastructure

The term “critical infrastructure” refers to those assets, systems, and networks, physical or virtual, whose disruption or destruction would have an effect on security, economic security, public health or safety due to their vital contribution to peace, security and safety. Critical infrastructure enables the normal course of daily life. The term is all-encompassing and subjective in nature, as what is critical and what is not is left to the discretion of states. The US government has so far considered 16 sectors that could meet this definition: chemical, commercial facilities, communications, critical manufacturing assets, dams, defence industrial base, emergency services, energy and power plants, financial services, food and agriculture, government facilities, healthcare and public health, information technology (ICTs), transportation systems, water and wastewater systems, nuclear reactors, materials and waste.

Identifying and understanding the interdependencies between infrastructure elements and sectors is important for assessing risks and vulnerabilities and for determining measures to increase security and resilience. Damage, disruption or destruction of one infrastructure element can have cascading effects, affecting the continued operation of another. Depending on the degree of interconnection between infrastructures, the effects of disruption may be different. Therefore, if the exposure to risk is different from one infrastructure to another, the response must also be addressed in a distinct manner, complicating the management, governance and security of critical infrastructure. 

Technology

States, state-sponsored groups, or self-funded terrorist groups, exploit many military technologies such as encrypted command systems, man-portable surface-to-air missiles, and other modern lethal systems. Nevertheless, technologies that had no original military use or purpose are now being transferred into the military domain: these are known as dual-use technologies and are key to understanding hybrid warfare and how traditional conflicts have changed.

Dual-use technologies have both civilian and military applications, blurring the line between the military and the non-military. They can be used for peaceful purposes such as transportation and communication or for military purposes such as weapon systems and intelligence gathering. Adversaries can misuse dual-use technologies in hybrid warfare. GPS technology, for instance, can guide missiles or drones to different targets, whether involved in a conflict or not, while social media platforms can spread propaganda or coordinate hybrid operations. 

While the export of some dual-use technologies is not prohibited a priori, it is subject to restrictive controls, usually in the form of a licensing requirement. However, some countries are subject to import or export restrictions. For example, since 2018, the United States has imposed semiconductor export controls on China, targeting those that can be used for AI and military capabilities.

Migration

Migration is a constant reality of an interconnected world, and despite inflaming rhetoric has been pretty much stable over the past fifty years. Nevertheless, states are slowly coming to the realisation that the movement of large numbers of displaced people, forcibly or otherwise, can be used to pursue nefarious political and security objectives. The talk of ‘weaponising’ migration has entered geopolitical discourse very recently, yet states have been using migration policy in this way for much longer. The chief threat of weaponised migration lies in its socio-economic implications, but also increasingly in public polarisation and political destabilisation, especially when coupled with securitising rhetoric. The latter is often the primary goal, but other objectives may include punishment for what an adversary perceives to be a previous offence, or use as a bargaining chip at the negotiating table, whether in bilateral or multilateral relations.

However, one must also be careful of the use of terms such as ‘weaponising’ migrants, as it comes at the expense of their individual humanity. Not only can migration be used as a hybrid threat, but it can also incite discourses of dehumanisation, polarisation, and political violence, which themselves threaten stability in the long run.

Historical Context and Perspectives - Continuity and Change

Hybrid threats or hybrid warfare might appear relatively recent, decidedly twenty-first-century concepts, and the terminology is certainly quite new. This does not mean, however, that the characteristics and tactics of hybrid warfare are completely without precedent. In fact, warfare has been a complex phenomenon throughout history, whether labelled ‘hybrid’ or not. A number of tactics and events in history have thus retrospectively been likened to instances of hybrid warfare. These range from the Soviet partisan movement in the early 1940s, to the whole of the Cold War, to developments in Chinese military strategy at the end of the 1990s. Certain hybrid threat theorists posit that it is possible to go even further into history with examples such as the Peloponnesian War (431-405 BC) or the American Revolution (1875-1883), where tactics of psychological warfare, economic pressure, and the deployment of irregular forces were used.

Historically speaking, the purpose of hybrid threats as tactics of warfare has been to exploit the vulnerabilities of adversaries, or, where possible, even turn a formerly perceived advantage into a vulnerability by the employment of irregular means. They have thus been used principally by parties that would normally be perceived as being at a disadvantage in traditional settings. However, without the systematic and doctrinal foundations that present-day hybrid threats possess, the manners of addressing them varied greatly depending on the tactics used, and the circumstances adversarial parties found themselves in. The extent to which lines become blurred with the introduction of hybrid threats into traditional methods and tactics of warfare has certainly increased. A partial reason for this is the perceived hegemony of the United States that emerged at the end of the Cold War, which led challengers to the new status quo to pursue new and irregular approaches, incorporating them to fit their strategic, historical, geographical, and economic circumstances, while maintaining the corresponding difficulty of attribution characteristic of hybrid threats. These must therefore each be explored accordingly, in order to form a full and detailed picture of the use, impact and possible countering of hybrid threats in modern conflicts, by states and businesses alike.

Aims of ‘Hybrid Threats in the 21st Century’ 

Such exploration is, in a broad sense, the overall aim of this project. Due to the uncertain and broad nature of hybrid threats, and the fact that they can be difficult to define properly, it is also challenging to counter them effectively. A series of articles is to follow, which thus aims to highlight a variety of hybrid threats, as presented above, ranging from disinformation, disruption and attacks on critical infrastructure, to impacts on supply chains, energy security, economic pressures and cyber attacks, among others. Furthermore, we endeavour to highlight the current and likely impacts on business, non-profit organisations, and conflict more generally. Based on such analysis, tools and frameworks for countering hybrid threats will also be presented and evaluated.