Abstract: Historically, warfare has occurred in various operating environments, traditionally referred to as domains: land; sea; air; and outer space. In recent times information and cyberspace have emerged as additional domains. National cyberspace can be categorized in six dimensions: military; political; economic; societal; technological; and citizen. Offensive cyber operations are increasing in diversity, sophistication and frequency. The availability of disruptive technologies to both attackers and defenders has heightened the complexity of these attacks and made attribution more challenging. This is particularly evident in Russia’s cyber operations in Ukraine.

Problem statement: How can Russian cyber operations be understood as part of hybrid operations?

So what?: Extensive international cooperation is needed to build national cyber resilience. Key organizations involved in this cooperation include NATO and the EU. For example, the EU Cyber Solidarity Act will enhance preparedness, detection and response to cybersecurity incidents across the EU. Cybersecurity should be viewed broadly as a theme that cuts across digital society, necessitating the integration of cybersecurity and cyber defence into a comprehensive security framework.

The paradigm has changed, and the change continues

In the traditional warfare model, nation-states engage in conflict for various reasons tied to their national interests. Warfare is understood as occurring in the diverse domains or operational environments where military operations take place. These activities can be divided into kinetic actions with physical effects and non-kinetic actions.

In the traditional warfare model, nation-states engage in conflict for various reasons tied to their national interests.

The non-kinetic environment has evolved over the last 100 years, transitioning from radio to computer technology and Artificial Intelligence (AI). It comprises largely undetectable silent technologies capable of inflicting damaging, debilitating and degrading physical and neural effects on unwitting targets.[1]

Cognitive warfare involves understanding and influencing human perception, cognition and behaviour to achieve strategic objectives. Emerging technologies such as AI, especially generative AI, and neuro-technologies enable highly accessible and efficient subversion within the cognitive domain of warfare. The mass production of data and automated content creation have led to an abundance of publicly available data that can be used for cognitive manipulation. Consequently, data and AI algorithms have become weapons of cognitive warfare.[2]

Understanding national cyberspace

Cyber threats are complex and asymmetrical because digital cyberspace is borderless and multidimensional. The national cyber environment consists of various actors and functional entities. The cyber environment differs from the traditional national operating environment, where an independent state has clearly defined geographical boundaries – land, sea and airspace – that determine its jurisdiction.

Political dimension

The political dimension of national cyberspace represents the policy processes, legislative frameworks and regulations designed to promote, direct and control cybersecurity. The political nature of cyber issues is increasingly emphasized in both national and international politics. Cybersecurity issues are being presented more broadly and with greater significance in international fora and organizations such as the EU, NATO and the OSCE.

Like other diplomatic efforts, cyber diplomacy involves building strategic partnerships with countries globally to enhance collective action and cooperation against shared threats. This includes assembling coalitions of like-minded nations on vital policy issues, sharing information and national initiatives, and confronting bad actors. Cyber diplomacy employs diplomatic tools and initiatives to achieve objectives in cyberspace. Its goals include minimizing the consequences of cyber aggression such as cyber espionage and offensive cyber operations carried out by state or non-state actors. Additionally, it aims to address international law and norms in the field of cybersecurity and undertake actions that build trust. Mutual understanding and common rules can reduce the threat of various conflicts.[3]

The EU has produced several key frameworks and policies, including the Diplomatic Response Framework (Cyber Diplomacy Toolbox, 2017), the Cyber Defence Policy Framework (2018), the EU Cybersecurity Act (2019) and the Council Decision (2019) concerning restrictive measures against cyberattacks threatening the Union or its member states. Furthermore, following the EU’s Cybersecurity Strategy for the Digital Decade, the bloc has introduced several acts and policy papers such as the NIS 2 Directive, the European Cyber Resilience Act, the Digital Operational Resilience Act, the European Cyber Defence Policy, the Strategic Compass of the European Union and the European Chips Act.[4]

Similarly, the EU Cyber Diplomacy Toolbox is a collective diplomatic response to malicious cyber activities. It is part of the EU’s approach to cyber diplomacy within the Common Foreign and Security Policy. Its goal is to contribute to conflict prevention, mitigate cybersecurity threats and promote stability in international relations.[5]

Military dimension

As part of their military strategy, several nations are developing their capability of conducting operations in cyberspace, alongside land, sea, air and outer space. At the strategic level of cyberwarfare, one state aims to influence the vital functions of another. Cyber operations are integrated with other military forces at the operational and tactical levels.

As part of their military strategy, several nations are developing their capability of conducting operations in cyberspace, alongside land, sea, air and outer space.

NATO has long considered cyber defence a key component of its overall defence strategy. NATO’s strong focus on cyber defence began at the 2002 NATO Summit in Prague. NATO and its allies are responding to cyber threats by enhancing their ability to detect, prevent and respond to malicious cyber activities. Strong and resilient cyber defences are crucial for NATO and its allies to fulfil the Alliance’s three core tasks: deterrence and defence; crisis prevention and management; and cooperative security.[6]

At the 2023 NATO Summit in Vilnius member nations endorsed a new concept to enhance the contribution of cyber defence to NATO’s overall deterrence and defence posture. They also launched NATO’s Virtual Cyber Incident Support Capability (VCISC) to support national mitigation efforts in response to significant malicious cyber activities.[7]

Defence forces need efficient cyber resilience, non-kinetic power convergence, and the capability of operating in and through contested and congested cyberspace. Two factors, cyber power and cyber deterrence, unite the military and political dimensions of cyberspace. The National Cyber ​​Power Index describes a nation’s ability to operate in a global cyber environment.[8] Cyberspace deterrence aims to influence an adversary’s behaviour, discouraging them from engaging in unwanted activities.[9]

Societal dimension

The current decade of digitalization and data economy transformation is changing the world. This change affects us all, as digitalization and data are part of everyday life in every sector of society. This is reflected in new types of services, operating models, technologies and skill requirements. Digitalization covers virtually every area of welfare, including social services, the education sector and healthcare services.

The current decade of digitalization and data economy transformation is changing the world.

The asymmetrical threat posed by cyberattacks and the inherent vulnerabilities of cyberspace constitute a serious security risk. In the cyber world one of the most important threats focuses on critical infrastructure (CI). CI includes the structures and functions vital to society’s uninterrupted functioning, comprising both physical facilities and electronic functions and services such as political decision making, internal and external security, logistics, the economy, energy, telecommunications, and food production. In recent years, attacks against CI, critical information infrastructures and the internet have become increasingly frequent and complex as perpetrators have become more professional. Attackers can inflict damage on physical infrastructure by infiltrating the digital systems that control physical processes, damaging specialized equipment and disrupting vital services without a physical attack.[10]

A focus in the social dimension is Critical Infrastructure Protection (CIP), which involves actions taken to prevent and mitigate the risks resulting from the vulnerabilities of critical infrastructure assets and to facilitate recovery in the event of an attack.

Citizen dimension

Digital technologies have become deeply integrated into human life. The operational reliability of information and communications technology is essential for the smooth functioning of modern society, the security of its infrastructure and the wellbeing of its citizens. It is also crucial for maintaining public trust in societal operations. In a digital society citizens need to act safely and responsibly in the face of digital threats. Digitalization offers significant benefits, making life more efficient and enabling global communication. However, it also has impacts on citizens’ private, social and public lives, influencing their privacy, autonomy and security.[11]

According to the EU Digital Compass, “Digital technologies should protect people’s rights, support democracy, and ensure that all digital players act responsibly and safely. People should benefit from a fair online environment, be safeguarded against illegal and harmful content, and be empowered when interacting with new and evolving technologies like artificial intelligence. The digital environment should be safe and secure for all users, from childhood to old age, ensuring empowerment and protection.”[12]

The digital skills targets set by the Digital Decade are still far from being achieved, with only 55.6 per cent of the EU population having at least basic digital skills. Member states are progressing towards the target of making all key public services and electronic health records accessible to citizens and businesses online, as well as providing them with secure electronic identification (eID). However, achieving 100 per cent coverage of digital public services for citizens and businesses by 2030 remains challenging.[13]

Economic dimension

Cybersecurity Ventures is a prominent industry research and media organization recognized for its authoritative insights and contributions to cybersecurity. Based on its report, global cybercrime costs will increase by 15 per cent annually over the next five years, reaching USD 10.5 trillion per year by 2025. This would represent the largest transfer of economic wealth in history. Cybercrime costs encompass a range of issues, including damage to and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, disruption to normal business operations following an attack, forensic investigation, data and system restoration and deletion, and reputational damage.[14]

Global cybercrime costs will increase by 15 per cent annually over the next five years, reaching USD 10.5 trillion per year by 2025.

The global financial system depends increasingly on digital infrastructure. The economic impact of cyberattacks includes not only the direct costs to organizations but the long-term effects on national economies and the expenses related to enhancing cybersecurity at various levels. Preparing for cyberattacks can also influence taxation and public expenditure if additional resources are needed for cybersecurity in the public sector. Developing cybersecurity thus requires careful consideration from both economic and societal perspectives.[15]

Regulatory mechanisms can improve cybersecurity but also come with their own set of challenges. For example, preventive regulations, post-incident obligations and information access requirements provide various benefits and costs. The NIS 2 Directive is an example of such a regulatory approach because it provides legal measures to boost the overall level of cybersecurity in the EU. Political, societal and economic dimensions all play a role in achieving economic and financial stability. Effective public administration is crucial for maintaining democracy and ensuring societal welfare.

Technological dimension

Information and communications technology (ICT) encompasses a range of fields related to computer systems, software, hardware, and data processing and storage. One of the primary goals of ICT tools and systems is to enhance how individuals and organizations create, process and share data and information. ICT plays a crucial role in various areas, including business, education, healthcare, defence and leisure activities.[16]

Digital tools and software streamlining processes in business reduce manual operations and enhance online customer service. They enable businesses to automate tasks, improve efficiency and productivity, protect customer information, and build an information ecosystem. Digitalization also brings new threats, however. The cyber world attracts criminals seeking opportunities to steal, exploit and sell information. Cybersecurity solutions must be smart and effective to protect both citizens and organizations from these emerging threats.

Digital tools and software streamlining processes in business reduce manual operations and enhance online customer service.

Trust is a fundamental aspect of a digital society. Trust must be established and upheld for a digital society to fulfil its purpose and maintain social stability.

Cyber operations as part of hybrid operations

Hybrid operations incorporate several elements of cyber operations, aiming to remain below the threshold of armed conflict. Intentional instability can be maintained through cyber operations in both peacetime and wartime. Russia’s hybrid warfare strategy can be described as a creative application of force that combines a broad spectrum of military and non-military tools and vectors of power across an extensive multidomain battlespace.

According to the NATO Washington Summit Declaration (2024), “Russia’s full-scale invasion of Ukraine has shattered peace and stability in the Euro-Atlantic area and gravely undermined global security. Russia remains the most significant and direct threat to Allies’ security.”[17]

Political dimension

Russia is employing hybrid measures to influence the politics and policies of countries in the West and beyond. This strategy represents a significant challenge for Western governments. Russia aims to ensure that political outcomes in targeted countries are aligned with its national interests. Countries with weak legal and anti-corruption frameworks, or where domestic groups share Russia’s interests or worldview, like Moldova, are particularly vulnerable. The Kremlin is capable of influencing elections and other political outcomes beyond its borders. The Russian theory of strategic culture explores and explains Russian offensive cyber operations such as cyberattacks and cyber espionage. Elements of Russian strategic culture related to these operations include asymmetric means of warfare and the denial, deception and concept of tactical truth. Russia’s ongoing aggression in Ukraine highlights its continued threat to the rules-based international order. It is assumed that Russian offensive cyber capabilities are now being developed to achieve the same performance in these Western tactics, techniques and procedures.[18], [19]

The Russian theory of strategic culture explores and explains Russian offensive cyber operations such as cyberattacks and cyber espionage.

President Alexander Stubb of Finland has frequently addressed Russia’s hybrid influence in his speeches, maintaining that Russia aims to destabilize societies through various forms of attack. He has also noted that modern conflicts often involve a mix of conventional and hybrid warfare and cyberwarfare, with hybrid attacks occurring frequently. In a speech at the Hertie School in Berlin on 8 May 2024, Stubb remarked, “Hybrid attacks are commonplace in peacetime, and they rarely come with a declaration of war. Traditional war is also complex and multifaceted. Conventional warfare still exists – as evidenced in both Europe and the Middle East – but the instruments and methods extend beyond mere shells and trenches.”[20]

Military dimension

The use of cyber tools as a military strategy to target enemy forces and capabilities can be categorized similarly to other military operations. Cyber tools can be employed in conventional operations such as those observed in Ukraine or in more specialized operations like the Stuxnet attack against Iran. In these hybrid warfare operations methods are used to achieve specific objectives, often in a covert manner that, like special operations, falls below the threshold of traditional armed conflict. In war the objective of conflating kinetic tools and non-kinetic tactics is to optimally inflict paralysis and damage on an opponent’s environment.[21]

Russia’s invasion of Ukraine highlights the significant role cyber capabilities play in modern warfare, demonstrating how cyber tools can complement conventional military strategies. The Russian approach includes notable operations that have affected targets beyond Ukraine, as well as various aspects of Ukrainian infrastructure, government and civilian networks. The CyberPeace Institute has recorded 2,258 cyberattacks and operations, 666 of which were targeted at Ukraine, and 2,258 at other countries. These cyber incidents targeted 23 different critical infrastructure sectors, affecting Ukraine and some 49 other countries.[22]

The CyberPeace Institute has recorded 2,258 cyberattacks and operations, 666 of which were targeted at Ukraine, and 2,258 at other countries.

At an event in Canada in June 2024 NATO Secretary General Jens Stoltenberg remarked: “The challenge is that we are threatened by something which is not a full-fledged military attack, which are these cyber, hybrid is below Article Five, as is often referred to, threats, and that is everything from meddling in our political processes, undermine the trust in our political institutions, disinformation, cyber-attacks, we have seen across Europe and how many sabotage actions against critical infrastructure, and so on.”[23]

Societal dimension

The development of cybersecurity requires a focused long-term effort. Risks can materialize rapidly, and the operating environment is constantly evolving. In recent years attacks on critical infrastructure, including information systems and the internet, have become more frequent, complex and targeted as attackers have grown more professional. They can inflict damage on or cause disruptions to physical infrastructure by infiltrating digital systems that control physical processes, damaging specialized equipment and disrupting vital services without a physical attack. These threats continue to evolve in their complexity and sophistication.

Russia may target cyberattacks against critical infrastructure to create uncertainty and mistrust among citizens and demonstrate its capability of paralysing essential societal functions. Even as Russia focuses on cyber operations related to the Ukrainian conflict, it remains a persistent global cyber threat. For example, goals have been the telecommunications sector (Triolan and Vinasterisk ISP, Ukrtelecom, Kyivstar), broadcasting companies, media, transport and logistics providers, data centres, the energy sector, and border protection.[24], [25], [26]

Moscow uses cyber disruptions as a foreign policy tool to influence other countries’ decisions. It is continuously refining its espionage, influence and attack capabilities against various targets. Russia can target critical infrastructure, including underwater cables and industrial control systems, both in the United States and in allied and partner countries. During 2024 Russia’s cyberattack targets have:[27]

• focused on German political parties and German military officials;
• launched an espionage campaign against the embassies of Georgia, Poland, Ukraine and Iran and a ransomware attack against Sweden’s digital service provider for government services;
• hacked Microsoft corporate systems and 65 Australian government departments and agencies, stealing 2.5 million documents in Australia’s largest government cyberattack; and
• hacked residential webcams in Kyiv to gather information about the city’s air defence systems before launching a missile attack on Kyiv.

Citizen dimension

The citizen dimension emphasizes the impact of information. Attackers can systematically spread disinformation through targeted social media campaigns to radicalize individuals, destabilize society and control the political narrative.

Russia’s disinformation and propaganda ecosystem encompasses various official communication channels, social media, proxy sources and unattributed platforms used to create and amplify false narratives. This ecosystem consists of five main pillars: official government communications; state-funded global messaging; the cultivation of proxy sources; the weaponization of social media; and cyber-enabled disinformation. The Kremlin employs these tactics and platforms as part of its strategy of weaponizing information. Such disinformation and propaganda organizations include:[28], [29]

• The Strategic Culture Foundation, an online journal registered in Russia directed by Russia’s Foreign Intelligence Service (SVR);
• Global Research, a Canadian website that is part of Russia’s disinformation and propaganda ecosystem;
• New Eastern Outlook, a pseudo-academic publication of the Russian Academy of Science’s Institute of Oriental Studies that promotes disinformation and propaganda focusing primarily on the Middle East, Asia and Africa;
• News Front, a Crimea-based disinformation and propaganda organization providing an “alternative source of information” for Western audiences;
• SouthFront, a multilingual online disinformation site registered in Russia that focuses on military and security issues;
• Katehon, a Moscow-based quasi-think tank focusing on anti-Western disinformation and propaganda; and
• ru, a platform for Russian ultranationalists that spreads disinformation and propaganda targeting Western audiences.

Russia’s disinformation and propaganda ecosystem encompasses various official communication channels, social media, proxy sources and unattributed platforms used to create and amplify false narratives.

Economic dimension

Without dedicated action the global financial system will become increasingly vulnerable as innovations, competition and disruptive technologies continue to drive the digital revolution. While many threat actors are motivated by financial gain, a growing number of state-sponsored attackers are also launching disruptive and destructive attacks against financial systems.

Cybersecurity is crucial for maintaining economic and financial stability. For example, Russia seeks to influence European politics both directly and indirectly and has used energy as a tool of foreign policy. Cyber operations targeting critical infrastructure and economic systems can further destabilize economic and financial stability. As an MP, Rishi Sunak analysed possible Russian hybrid attacks in December 2017, saying, “Sabotage of undersea cable infrastructure is an existential threat to the UK. The result would be to damage commerce and disrupt government-to-government communications, potentially leading to economic turmoil and civil disorder.”[30], [31]

Russia seeks to influence European politics both directly and indirectly and has used energy as a tool of foreign policy.

The effective protection of the global financial system is primarily an organizational challenge. While efforts to strengthen defences and tighten regulations are important, they are insufficient to keep pace with the growing risks. Unlike many sectors, the financial services community generally has the necessary resources and technical capabilities. The key challenge is to coordinate cybersecurity protection across governments, the financial authorities and industry, as well as to leverage existing resources effectively and efficiently.[32]

Technological dimension

An attack vector is a path or means by which an attacker can gain unauthorized access to a computer, network or IT/OT infrastructure to deliver a payload or malicious action. Attack vectors allow attackers to exploit system vulnerabilities.[33]

Between December 2021 and March 2022 US CYBERCOM’s joint forces, in close cooperation with the government of Ukraine, conducted defensive cyber operations alongside Ukrainian Cyber Command personnel. This effort was part of a broader initiative to enhance cyber resilience in critical national networks. The teams implemented a threat-hunting operation in Ukraine, as well as remote analytic and advisory support, using innovative techniques. They also conducted network defence activities aligned to critical networks. They identified 90 instances of malicious code the Russians had created to disrupt Ukrainian infrastructure. The teams also gained a valuable insight into adversaries’ tactics, techniques, procedures, plans, capabilities and tools.[34]

Russian cyber threat activity against Ukraine has been carried out by various actors associated with the three main Russian security services: the Federal Security Service (FSB); the Foreign Intelligence Service (SVR); and the Main Intelligence Directorate (GRU). These cyber actors have engaged in various threat activities against Ukraine, including disruptive and destructive cyber operations.

Prosecutors at the International Criminal Court (ICC) are investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes. ICC prosecutors are working with Ukrainian teams to investigate attacks that endangered lives by disrupting power and water supplies, cutting connections to emergency responders, or disabling mobile data services that transmit air raid warnings.[35]

Towards cognitive warfare

Hybrid threats aim to exploit a country’s vulnerabilities and often seek to undermine fundamental democratic values and liberties. The digital cyber world can be divided into six interacting dimensions, with human beings at the core of each. In these dimensions people act as politicians, decision makers, operators, soldiers, developers, citizens and more. Cognitive superiority and cognitive warfare permeate all these dimensions, indicating a shift from purely kinetic approaches towards subversion.

The digital cyber world can be divided into six interacting dimensions, with human beings at the core of each.

The internet and social media are today among the most powerful tools in cognitive warfare, targeting key figures, niche groups and the public. Social media platforms have become crucial battlegrounds, influencing and manipulating public perceptions, opinions and behaviours. Artificial intelligence has the potential to revolutionize cognitive warfare by enabling more sophisticated and effective strategies.

Nations should counter hybrid influence, especially in the cyber environment. States should ensure that activities in cyberspace and national policies are designed and implemented to support a comprehensive and systemic approach to cybersecurity and cyber defence. They should improve dialogue, cooperation and information exchange about national, regional and global cybersecurity. Building societal resilience against hybrid threats and cognitive warfare operations requires cooperation between all relevant civil society organizations, the private sector, academic communities and NGOs. Finally, extensive and interdisciplinary research, education and training are needed in cyberspace and the cognitive environment.

 

---

Dr Martti Lehto (Military Sciences), Col. (GS) (ret.) works as a Research Director at the University of Jyväskylä in the Faculty of Information Technology. His research areas are cybersecurity and cyberwarfare. He served for 30 years in the Finnish Air Force as a developer and leader of C4ISR Systems. He is also an adjunct professor at the National Defence University in air and cyberwarfare. He has more than 200 publications, research reports and articles on areas of cyber policy, cyberwarfare, cybersecurity education and critical infrastructure protection. The views contained in this article are the author’s alone and do not represent the views of the University of Jyväskylä.

---

[1] Martti Lehto and Gerhard Henselmann, “Non-kinetic Warfare: The new game changer in the battle space,” 15th International Conference on Cyber Warfare and Security, 2020, Old Dominion University, Norfolk, Virginia, USA, 316–325.

[2] Alonso Bernal, Cameron Carter, Ishpreet Singh, Kathy Cao, and Olivia Madreperla, “Cognitive warfare: An attack on truth and thought,” NATO and Johns Hopkins University report, Fall 2020.

[3] EU parliament, “Insights, Understanding the EU’s approach to cyber diplomacy and cyber defence,” European Union, May 28, 2020, https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2020)651937.

[4] Annegret Bendiek and Matthias C. Kettemann, “Revisiting the EU Cybersecurity Strategy: A Call for EU Cyber Diplomacy,” SWP comment, no. 16, February 24, 2021, https://www.swp-berlin.org/10.18449/2021C16/.

[5] Cyber Risk GmbH, “The Cyber Diplomacy Toolbox,” https://www.cyber-diplomacy-toolbox.com/.

[6] NATO Cyber Defence, Factsheet, April 2021, https://www.nato.int/nato_static_fl2014/assets/pdf/2021/4/pdf/2104-factsheet-cyber-defence-en.pdf.

[7] NATO, “Cyber defence,” last updated: September 14, 2023, https://www.nato.int/cps/en/natohq/topics_78170.htm.’

[8] Julia Voo, Irfan Hemani, and Daniel Cassidy, “National Cyber Power Index 2022,” Harvard Kennedy School, Belfer Centre Report, September 2022, https://www.belfercenter.org/publication/national-cyber-power-index-2022.

[9] Chris Jaikaran, “Cybersecurity: Deterrence Policy,” January 18, 2022, https://crsreports.congress.gov/product/pdf/R/R47011.

[10] Martti Lehto, “Cyber-attacks Against Critical Infrastructure,” in: Cyber Security: Critical Infrastructure Protection, in Computation Methods in Applied Sciences series, ed. M Lehto and P Neittaanmäki (Springer 2022), 3–42, ISBN: 978-3-030-91293-2.

[11] Anne Gardenier, Rinie van Est, and Lambèr Royakkers, “Technological Citizenship in Times of Digitization: An Integrative Framework,” Digital Society, Volume 3, Issue 2: 21 (2024), https://doi.org/10.1007/s44206-024-00106-1.

[12] EU, “Europe’s Digital Decade: Digital targets for 2030,” https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_en.

[13] European Commission, “Second report on the State of the Digital Decade calls for strengthened collective action to propel the EU’s digital transformation,” July 02, 2024, https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3602.

[14] Steve Morgan, “Cybercrime to Cost the World $10.5 Trillion Annually by 2025” (Special Report, November 13, 2020), Cybercrime Magazine, https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/.

[15] ENISA, “Cybersecurity as an Economic Enabler,” March 2016, https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/cybersecurity-as-an-economic-enabler.

[16] Martti Lehto, “Cyber-attacks Against Critical Infrastructure,” in: Cyber Security: Critical Infrastructure Protection, in Computation Methods in Applied Sciences series, ed. M. Lehto and P. Neittaanmäki (Springer 2022), 3-42, ISBN: 978-3-030-91293-2.

[17] NATO, https://www.nato.int/cps/en/natohq/official_texts_227678.htm.

[18] Arsalan Bilal, “Russia’s hybrid war against the West,” NATO Review, April 26, 2024, https://www.nato.int/docu/review/articles/2024/04/26/russias-hybrid-war-against-the-west/index.html.

[19] Martti J. Kari, “Russian Strategic Culture in Cyberspace,” JYU Dissertations 122, October 11, 2019.

[20] Alexander Stubb, “Comprehensive Security in the 21st century: The Finnish model,” May 08, 2024, https://www.presidentti.fi/en/speech-by-president-of-the-republic-of-finland-alexander-stubb-at-hertie-school-in-berlin-on-8-may-2024/.

[21] Arsalan Bilal, “Hybrid Warfare: New Threats, Complexity, and “Trust” as the Antidote,” NATO Review, November 30, 2021, https://www.nato.int/docu/review/articles/2021/11/30/hybrid-warfare-new-threats-complexity-and-trust-as-the-antidote/index.html.

[22] Stéphane Duguin and Pavlina Pavlova, “The role of cyber in the Russian war against Ukraine: Its impact and the consequences for the future of armed conflict,” EU Directorate-General for External Policies Policy Department, Workshop September 2023, https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/702594/EXPO_BRI(2023)702594_EN.pdf.

[23] NATO, “Speech by NATO Secretary General Jens Stoltenberg at event hosted by the NATO Association of Canada and the Canadian NATO Parliamentary Association,” June 19, 2024, https://www.nato.int/cps/en/natohq/opinions_226837.htm.

[24] ODNI, “Annual Threat Assessment of the U.S. Intelligence Community,” February 05, 2024, https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf.

[25] Stéphane Duguin and Pavlina Pavlova, “The role of cyber in the Russian war against Ukraine: Its impact and the consequences for the future of armed conflict,” EU Directorate-General for External Policies Policy Department, Workshop September 2023, https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/702594/EXPO_BRI(2023)702594_EN.pdf.

[26] CyberPeace Institute, https://cyberconflicts.cyberpeaceinstitute.org/threats/timeline.

[27] CSIS, “Significant Cyber Incidents,” https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents.

[28] DoS, “GEC Special Report: August 2020 Pillars of Russia’s Disinformation and Propaganda Ecosystem,” August 2020.

[29] Government of Canada, “Russia’s use of disinformation and information manipulation,” February 28, 2024, https://www.international.gc.ca/world-monde/issues_development-enjeux_developpement/response_conflict-reponse_conflits/crisis-crises/ukraine-disinfo-desinfo.aspx?lang=eng.

[30] NATO STRATCOM COE, “Russia’s Strategy in Cyberspace,” June 2021.

[31] Helmi Pillai, “Protecting Europe’s critical infrastructure from Russian hybrid threats” (Centre for European Reform, Policy Brief, April 25, 2023), https://mailings.cer.eu/publications/archive/policy-brief/2023/protecting-europes-critical-infrastructure-russian-hybrid#FN-25.

[32] Tim Maurer and Arthur Nelson, “The Global Cyber Threat” (IMF report, Spring 2021), https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm.

[33] Martti Lehto, “Cyber-attacks against Critical Infrastructure,” in: Cyber Security: Critical Infrastructure Protection, in Computation Methods in Applied Sciences series, ed. M. Lehto and P. Neittaanmäki (Springer 2022), 3-42, ISBN: 978-3-030-91293-2.

[34] Cyber National Mission Force, “Before the Invasion: Hunt Forward Operations in Ukraine,” November 28, 2022, https://www.cybercom.mil/Media/News/Article/3229136/before-the-invasion-hunt-forward-operations-in-ukraine/.

[35] Anthony Deutsch, Stephanie van den Berg and James Pearson, “ICC probes cyberattacks in Ukraine as possible war crimes,” June 14, 2024, https://www.reuters.com/world/europe/icc-probes-cyberattacks-ukraine-possible-war-crimes-sources-2024-06-14/.