Abstract: This paper will demonstrate how the dependence on cyberspace and bad actors’ ability to use it to magnify the cumulative effects of certain activities can result in a hybrid effect. The aforementioned phenomenon has the capability to further evolve into a security threat. In particular, the links between cyberspace’s characteristics and the emergence of a hybrid threat consequential enough to constitute of a new type of threat will be assessed. Such an event would additionally complicate the ever-advancing security environment.
Comparatively, the similarities as well as the differences between cyber and hybrid threats will be highlighted. One of the main conclusions is that cyber threats are essentially a fragment of hybrid ones. Further along, it will be evidenced that the threats in discussion are best tackled by elaborating and implementing a fully societal/state approach to enhance national security. Finally, by reducing its constituents into simple, non-technical concepts and definitions, this article attempts to clarify the hybrid/cyber threat discussion.
Bottom-line-up-front: The ubiquitous nature of and access to cyberspace is a force multiplier for activities that might, on their own and when viewed discreetly, seem less consequential.
Problem statement: The following questions will be explored in this paper:
- How can cyber threats as an element of hybrid attacks and warfare be tackled from a government perspective?
- How are cyber and hybrid threats interlinked?
- What are the similarities and differences between the two types threats?
So what?:
- The development of a fully societal/state approach
- The creation and maintenance of digital resilience
- International cooperation as a means to counter threat
Source: shutterstock.com/DeymosHR
Hybrid threats
In general
Hybrid threats[1] refer to the methods and tools utilized by individual state or non-state actors to enhance their interests, strategies and goals. The range of methods and activities involved is vast, for instance influencing information and propaganda, logistical weaknesses like energy supply pipelines as well as economic and trade-related blackmailing. Among others are undermining international institutions by rendering rules ineffective together with terrorism.
Hybrid threats are methods and activities that are targeted towards the vulnerabilities of opponents. Vulnerabilities themselves can be created by various factors including historical memory, legislation, old practices, geostrategic influences, strong polarization of society, technological disadvantages, and ideological differences. If the interests and goals of the party employing hybrid methods and activities are not achieved, the situation could escalate into hybrid warfare whereby military and violence will significantly increase.
Hybrid threats are a fairly common combination of activities that lead to consolidated impacts that encompass two or more domains. Likewise, they leverage both the conventional and non-conventional means of attacks or instruments.
Accordingly, the Hybrid Center of Excellence (CoE) characterises hybrid threats as follows:
- Coordinated and synchronised actions that deliberately target democratic states and institutions’ systemic vulnerabilities through a wide range of means.
- Pursuits that exploit the thresholds of detection and attribution in accordance with different interfaces (war-peace, internal-external, local-state, national-international, friend-enemy).
- Activities that aim to influence different forms of decision-making at the local, state, or institutional level to favour or gain the specific agent’s strategic goals while undermining or hurting the target.
Based on experience, hybrid influencing can roughly be divided into two parts: the priming phase and the operational phase. During the priming phase, the adversary continuously monitors the situation and exercises reasonably subtle means of influence while gradually improving its assets.
If decided, it may initiate a more severe hybrid operation whereby measures become stronger, which implies more violence as plausible deniability decreases.
In that way, hybrid activities have become a frequent feature of the European security environment. Their intensity increases with growing concerns over elections being interfered with, disinformation campaigns, and malicious cyber activities. Perpetrators of hybrid acts that attempt to radicalize vulnerable members of society as their proxy actors or act together with terrorists are similarly a cause of concern. In this way, European security has become a negotiated, contested and combatted issue involving non-state and state actors”.[2]
The hybrid threat toolkit:[3]
Propaganda/Fake news Campaigns of foreign propaganda have often been directed inside as well as outside a given country’s national borders. Modern social media platforms or state-sponsored news from the influential state/non-state actor’s perspective are often utilised.
Strategic leaks – Information and documents obtained through cyber or traditional espionage can be leaked to influence public opinion, perception and discourse. Consequences range from damaging security to undermining trust in political/social systems and/or its leadership.[4]
- On March 16, 2016, WikiLeaks launched a searchable archive for over 30,000 emails & email attachments sent to and from Hillary Clinton’s private email server during her time as Secretary of State. In hindsight, this fact had a tremendous influence on the US-elections from 2016.[5]
- During the French presidential elections in 2017, more than 20,000 emails related to Emmanuel Macron’s campaign were leaked two days before the final vote. WikiLeaks shared the emails through social media sites such as Twitter and Facebook.
Support/Funding – this means the broad spectrum of supporting/funding parties/institutions/NGO’s/ individuals/something/someone for one’s own interest.
- Since 2015, China is a sponsor of a Chinese think-tank called “Institute for China-American Studies (ICAS[6]) which seeks to spread its views and policies among US legislators so as to improve the perceptions of China in the West.
- Similarly, Russia sponsors several organisations across the EU. For example, Russian oligarchs launched the “Dialogue of Civilisations Research Institute (DOC[7]) in Berlin to support pro-Russian policies and defend Russian law and methods.[8]
- The Russian Institute for Strategic Research (RISS [9]), – a Moscow think tank with offices across Europe, has been suspected of endeavouring to prevent Montenegro’s integration into NATO, influencing Bulgaria’s national elections and thwarting Sweden’s efforts to strengthen its ties to NATO countries.
- The Kremlin also aims to exert influence through political parties in foreign nations that have close ties with or are funded by Russia. Take for instance France’s far-right National Front which received loans from Russian banks and was linked to supporting Le Pen’s 2017 presidential candidacy.
Cyber tools – While not the newest tool, cyber threats are a form of hybrid threat that maintain their position as the most difficult to conceptualise.
Economic leverage – Economic levers can exist in the form of foreign aid assistance, sanctions or the application of loaned resources as bargaining chips to exert pressure on a foreign government. Despite not being a new tool, they are a highly effective method for influencing decision-maker/politicians/parties.
- Economic sanctions much like the current one imposed from the West against Russia due to the invasion of Crimea in 2014.
- US sanctions against Iran as a result of their atomic program.
- Russia’s sanctions starting in 2013 on gas delivery to Ukraine as a way to deter the latter from integrating into the EU.
- China’s sanctions against South Korea for accepting the US anti-missile system: Terminal High Altitude Area Defense (THAAD).
Proxies – Proxies can be explained as an instrument that gathers intelligence and exercises political influence in a foreign country. In general, proxies either hold views favourable to those of a foreign state or their own interests align them with that particular state. They range from organised states and paramilitary organisations to political parties, movements and individuals.[10]
- During the Cold War, the USA and USSR undertook sacrifices to assure that their troops never directly confronted each other. As such, most conflicts between the two parties were by proxy – mostly in Africa, Asia, Central and South America.
- Russia’s “Night wolves”, – a biker club and ultranationalist gang that has been linked to the incumbent president. The club that was active in the region of Crimea sought to provide a “free and fair referendum” in 2015 along with assistance to the local population in fighting local fascists.
Asymmetric warfare [11] – principally, asymmetric warfare describes a situation in which one side disposes of political, social, economic and military superiority whereas the other tries to decide its fight. Primarily it is the way to uncover and utilise the opponent’s blind spots, trying to find the Achilles’ heel of their supply (information- and technologically advanced networked communities, societies and states). Essentially, this type of conflict is nothing new as it was first evidenced in the bible. According to the Old Testament, David’s duel against Goliath or the Maccabees are examples of asymmetric wars. More recent cases of asymmetric warfare include the Vietnam War and the activities Mujahideen groups undertook against Soviet armed forces in Afghanistan. In modern literature, Mao Zedong wrote about asymmetric warfare by drawing upon Sun Tzu’s findings.
According to a comparative war-study of Ivan Arreguín-Toft [12]
- the weaker parties won in more than 30% of the examined wars
- there is a tendency for these to become increasingly victorious.
Entities that use asymmetric methods and activities are usually classified under weak actors or states seeking to avoid openly declared war.
The term is also frequently used to refer to “guerrilla warfare”, “insurgency”, “counterinsurgency”, “irregular warfare”, “unconventional warfare”, “rebellion”, “terrorism” or “counterterrorism”.
Endless examples of asymmetric wars from historical and present times can be highlighted. For instance, during ancient periods the Varus Battle or the on-going conflict between Israel and some Palestinian organisations (Hamas and Islamic Jihad).
Military centric warfare – or conventional warfare – is a form of warfare conducted by using conventional weapons and battlefield tactics between two or more states in an open confrontation. It involves the classic use of large military units from different branches (tanks, artillery, infantry) and domains (army, air force, navy). Their goal is to annihilate the opponent’s combat strength with the most excellent possible protection of non-military persons and property. The forces on each side are well-defined. Conventional warfare’s general purpose is to weaken or destroy the opponent’s military. In forcing capitulation however, one or both sides may eventually resort to asymmetric warfare tactics.[13]
- World War I (1914 – 1918) was a mainly conventional war.
- Another classic conventional war was the Falkland war between Argentina and Great Britain in 1982. Although surprised by the Argentine attack, Britain was superior thus the islands remained in British hands.
After the detonation of the first atomic bombs against Japan at the end of World War II (1939 -1945), it became necessary to differentiate between conventional and atomic or nuclear warfare, which is a chapter of its own and will not be covered here since the term speaks for itself.
Among crisis, asymmetric and conventional warfare, the lines are blurred and at times exhibit undefined boundaries.
What differentiates cyber and hybrid threats from each other?
Simply put, a cyber-attack is an attack launched by one or more computers against another computer, multiple computers or networks. It can be classified into two broad types: attacks where the goal is to disable the target computer and respectively knock it offline, or attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it.[14]
Provided that one of the above-stated goals can be achieved, endless possibilities of attacks could take into effect.
Nevertheless, the distinction between peace and war is rather unclear. Neither unconditional surrenders nor unqualified victories are likely to be realised. Hybrid and cyber threats always present a hazard to critical infrastructure whereby no ministry or other institution can act on its own right against them. A mindset that spans across multiple portfolios together with being networked and cooperative is a fundamental prerequisite for both functional and national crisis management.
Nowadays, it is a challenge to separate civilian and military functions as well as public and private measures in the cyber world. A fully employed government approach (without losing sight of constitutional and legal foundations), leads to the development of national cyber strategies as a foundation for cyber crisis management.
To this day, not a single European nation has been able to develop an extensive government approach to counter hybrid threats which are, undoubtedly, here to stay.
Even a mainly conventional war can possess hybrid elements such as cyber-attacks, biohacking, disinformation campaigns and nano-applications.[15]
One of the main differences is at that cyber threats have led to the development of a full government approach. Concerning hybrid threats, the answer must be a fully societal or state approach, where threat and vulnerability assessment become starting points.
Conclusions
Below are some battles in cyberspace, including hybrid ones that have occurred over the last few months:
Israel and Iran pointed to the future of cyber battles with their unusual attacks against each other’s critical infrastructures lasting from April to July in 2020. A closer look suggests that cyberwarfare is transforming into a new phase where new rules of engagement and deterrence are in the process of development. Hack, hack-back, back-hack-back, etc. is on the order of the day.
A closer look suggests that cyberwarfare is transforming into a new phase where new rules of engagement and deterrence are in the process of development.
Alternatively, the most decisive factor from the recently ended war between Armenia and Azerbaijan were the drones that were controlled via the Cyberspace.
Another example is the US Cyber Command, which neutralised a bot network in order to prevent any disruptions in the US Presidential elections.
Thus, it has become clear, especially during 2020, that state and non-state actors use hybrid operations and related cyberattacks to enforce their own strategic goals and interests. Nevertheless, in an escalation, the old military rule remains – hard military power with “boots on the ground” is still a necessity. It is now about using a broader spectrum of skills and possibilities, a gray area / zone that is accordingly less visible while the boundaries between the two blur.
Several nations with global or regional ambitions no longer strictly use cyber power for defense, rather to also develop offensive capabilities. Here three areas should be noted with respect to the fact that they are also represented within the armed forces:
- The use of the most modern technologies to improve one’s weapon systems. For example, the Azerbaijani command and control system was further developed and used to control the drones which demoralized the Armenian armored defence and ultimately almost destroyed it.
- The second area includes the protection of critical infrastructures. Almost all communication networks (mobile and fixed line), water, electricity, fuel supply, control of traffic by land, sea and air, the bank system and nearly all military systems require a perfect connection to cyberspace. To disturb the functions of critical infrastructures, attacks of this kind were witnessed between Israel and Iran during the summer of 2020. But also, the so-called “SolarWinds-Attacks” from Russia against the US, discovered early 2021.
- The third area deals with defending hybrid influencing operations through computer network defense attacks. Gen Nakasone’s US Cyber Command successfully showcased it during the 2020 US Presidential election.
Cyber-attacks are very much related to hybrid threats and are quite often a part of hybrid operations. Only one domain is created by human beings, cyberspace, which is an inherent challenge given its complexity. Regardless, there are three points for consideration in order to combat the previously mentioned challenge.
First, the development of a fully societal or state approach.
Second, digital resilience. It would be valuable to build national or international digital resilience so as to combat hybrid threats. Government institutions must make the necessary investments to manage digital infrastructure’s increasing complexity. The toughest challenge will most likely be finding enough cybersecurity professionals that can still comprehend the complexity of cyber space and act on it.
Third, international cooperation. To counter their authoritarian challengers (state and non-state actors), NATO and the EU could give member states competitive edge by supporting the development of a fully societal or state approach. In addition, the two parties could provide and support attainable goals in cyberspace for their security policy, especially for their armed forces.
In that regard, the “Supersize Cyber” initiative of NATO, published at the end of January 2021 is highly interesting.[16] It calls for a firm commitment from member states to provide 2% of their GDP towards cybersecurity and digital defence capabilities given that adversaries increasingly rely on hybrid attacks. Evoking the existing two percent guideline utilized by the Alliance for traditional defense expenditures. Some member states already have effective digital and information-centred answers while others unfortunately lag behind. Compared to conventional weapon systems, this includes relatively cost-extensive areas such as cyber defense, collective response, adequate protection of current and future weapon systems, digital integration or leveling up Joint Intelligence, Surveillance, and Reconnaissance (JISR). NATO already deals with a number of hybrid threats and has called on member states to provide resources for this purpose.[17]
Dr. Josef Schröfl, Colonel Austrian Army, is the Deputy Director CoI Strategy and Defence at the Hybrid Center of Excellence in Helsinki, Finland. His main areas of interest in research are cyber security and cyber defense. Equally, he previously headed the Austrian Cyber Security Strategy working group. It goes without saying that the views contained in this article are the author’s alone and do not aim represent those of the Austrian Ministry of Defense or the Austrian Armed Forces.
[1] This chapter is a summary of the content published on www.Hybridcoe.fi.
[2] European Commission, Joint Report to the European Parliament and the council on the Implementation of the Joint Framework on Countering Hybrid Threats – a European Union Response (Brussels, 2016), passim.
[3] The publication “Addressing Hybrid Threats”, which was created in collaboration between Swedish Defence University, the Center for Asymmetric Threat Studies and Hybrid CoE is an indispensable preparatory work for this study. I´m honored to having used some of the statements, descriptions, examples and definitions respectively to develop them. See: Gregory F. Treverton, Andrew Thvedt, Alicia R. Chen, Kathy Lee, and Madeline McCue, Addressing Hybrid Threats (Bromma: Swedish Defence University, 2018), 4.
[4] Treverton, Thvedt, Chen, Lee, and McCue, Addressing Hybrid Threats, 2018), 50.
[5] “Clinton’s email leak,” accessed January 21, 2021, https://wikileaks.org/clinton-emails/.
[6] https://chinaus-icas.org/.
[7] https://doc-research.org/.
[8] The german newspaper FAZ described it as an “instrument of Moscow´s hybrid warfare,” see also Ben Knight, “Instrument of Moscow´s Hybrid Warfare,” accessed January 21, 2021,
https://www.dw.com/cda/en/putin-associate-opens-russia-friendly-think-tank-in-berlin/a-19372110.
[9] https://en.riss.ru/.
[10] Gregory F. Treverton, Andrew Thvedt, Alicia R. Chen, Kathy Lee, and Madeline McCue, Addressing Hybrid Threats (Bromma: Swedish Defence University, 2018), passim.
[11] Josef Schröfl and Thomas Pankratz, Asymmetric Warfare (Wien: Peter Lang, 2011), passim.
[12] Ivan Arreguin-Toft, “How the Weak Win Wars,” International Security, No 1 (Summer 2001): 93- 128.
[13] Johann Schmid, The hybrid face of warfare in the 21th century, accessed January 21, 2021, https://www.maanpuolustus-lehti.fi/the-hybrid-face-of-warfare-in-the-21st-century/.
[14] Inspired from www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html.
[15] Sascha Bachmann and Hakan Gunneriusson, „Hybrid Wars: The 21st Century New Threats to Global Peace and Security,” Scientia Militaria, September 16, 2014, 77-98.
[16] https://www.atlanticcouncil.org/content-series/nato20-2020/supersize-cyber/ , accessed January 25, 2021
[17] The author would like to thank Johann Schmid, Catharina Candolin, Hanna Smith and Paul Dickson for their help with editing and shaping this paper.