OPINIE - BINNENLAND
Evolution of hybrid conflicts
What comes next?
DRS. W.R.F. MEESSEN (TNO) DRS. F.F. BEKKERS (HCSS) B. TOROSSIAN, MSC (HCSS)
Hybrid threats are one of the main security challenges Western democracies currently struggle with. Hybrid threats are in the news, mostly framed or wrapped in specific ‘hybrid’ phenomena like disinformation, foreign meddling in elections and cyber hacks. Countering these threats remains a demanding task as they evolve due to technological advances and new ways of hybrid campaigning. This article provides some of the most relevant trends and developments that shape hybrid threats, now and in the years to come, and that pose huge challenges for countering these threats.
Hybrid threats have always been present but have been intensified in recent years due to advancing information technology. Looking ahead, it is not hard to predict that hybrid threats are here to stay. Not in the least because large scale interstate armed conflict is (presently) considered too costly by friend and foe alike, and hybrid actions offer a relatively low-cost, high-gain alternative to pursue national interests. A new kind of arms race might be underway, between new capabilities, instruments and technology to be applied in hybrid threats and novel measures to counter these. Countermeasures can only be timely implemented by actively and constantly scanning and exploring trends and developments that generate new opportunities in hybrid conflicts.
Based on an open source literature review, media scanning, expert sessions and information exchanges with international peer institutes, TNO and HCSS recently completed a horizon scan, resulting in a list of trends and developments in hybrid threats which are amongst the most salient ones likely to influence hybrid threats, tactics and activities .
Globalization of hybrid threats
Since 2014 Russian hybrid campaigns against Europe have raised concerns over hybrid tactics. But Russia is not the only actor utilizing hybrid tactics to gain a strategic advantage over other states. Across different regions in the world, states seem to be more able and willing to bypass international norms of non-interference. This is especially true in the information domain. As of 2019, at least seventy states had executed some form of (foreign or domestic) disinformation campaign - a substantial increase from 2018 (48 states) and 2017 (28 states) . Hybrid threats are not only experienced in the West, nor is it a strategy exclusively employed by great powers. In Asia, China in particular is known to exercise hybrid influencing, e.g. China’s disinformation campaigns against Taiwan, thereby using foreign platforms such as Facebook, Twitter and YouTube. Latin America has also been infected by hybrid threats. Protests in October and November of 2019 in Bolivia and Chile showed signs of Venezuelan interference, which was supported by divisive information campaigns through Russian-owned media outlets Russia Today and Sputnik.
Massive protests in La Paz (Bolivia), being exploited for hybrid tactics
Private roles in public goods
Private entities are emerging as prominent actors within the context of hybrid conflict in two ways. First, the public goods that private companies provide have made them target for hybrid measures. Public social media platforms, mostly delivered by private companies, are now seen as critical for societies to exercise freedom of speech and freedom of assembly. The use of e.g. Twitter and Facebook as media for disinformation campaigns during elections have highlighted both the importance and the vulnerability of these platforms. Meanwhile this growing awareness has prompted several regulations on private companies and increased pressure on these companies to counter misuse themselves. Second, the private sector has taken on an expanded role in attributing attacks, and has become instrumental in tracing cyber incidents, exposing malicious actors, and communicating this information to the public . Some private sector entities have launched efforts, such as the Cyber Peace Institute, that are designed to monitor and expose large cyber events in a more systematic and extensive way. The idea of the private sector using its power and resources to hold actors accountable is not a new one. Way back in 1997, General Motors spurred the disinvestment of 125 foreign businesses from conducting business in South Africa during Apartheid.
Rise of lawfare
Lawfare, defined as the strategy of use or abuse of the law as a substitute for traditional military means to achieve an operational goal , is on the rise. Russia uses lawfare in combination with information warfare, providing the (quasi-)legal justification of Russia’s propaganda claims and aggressive actions. Examples of Russia’s lawfare actions are the use of the Western interventions in Kosovo and Libya as precedents for Russian interventions elsewhere; creating loopholes for OSCE-inspections for large-scale military exercises by reporting much lower numbers of military involved; and issuing a massive amount of passports for ethnic Russians in neighboring states. Inevitably, other powers are following suit and resorting to lawfare tools to lay claims on contested areas (China in the South- and East-China Sea) or to justify their presence in volatile regions (Iran in various countries in the region, Turkey’s involvement in Libya with claims on Mediterranean waters and resources in mind). The Middle East, Africa and Asia are particularly vulnerable to the application of lawfare, given the disputed nature of many state borders there.
Assassinations, in flagrant contradiction with agreed norms, are back as a tactic
Special Operations operatives
The 2018 assassination attempt of Sergei and Julia Skripal, conducted by Russian so-called ‘traveling special ops operatives’, illustrates that assassinations, in flagrant contradiction with internationally agreed norms, are back on the table as a tactic. The threat of assassinations on European soil also stems from China and Iran. In the Russian case, assassinations fit in a wider range of illegal activities on foreign soil. A recent example are the activities of Unit 29155, which has been associated with destabilization campaigns, poisonings, coups and assassinations in Moldova, Bulgaria, Montenegro and the UK. The activities of this unit are of significant concern, given the context of hybrid threats and increasing tensions between NATO and Russia, especially after the Skripal affair. The activities of Unit 29155 reflect significant operational budget increases for Russia’s military intelligence agencies since 2008 . With the Skripal affair as a catalyst, concerns over the threat of ‘domestic special ops operatives’ in ‘sleeper cells’ in Europe and the US have also increased. Sleeper cells, small collections of spies who remain dormant in target societies until activated, are a traditional cornerstone of Russian (Soviet) military intelligence. Sleeper cells are also associated with Iran and with Iran-backed Hezbollah. This kind of threats is problematic because over the past decades NATO countries have significantly downsized and underfunded their counterintelligence functions.
Military exercises and intrusions as ‘Psychological Warfare’
Military exercises have been increasing in size and scale over the last ten years, but their underlying intentions are more relevant. For example, in October 2019 the suspicion of forthcoming Turkish operations in North-Eastern Syria prompted Iran to conduct unannounced military exercises near the Turkish border. Earlier in the year, Iran used the potential tension of these exercises reversely, by stating that US naval deployments near Iran were a part of ‘psychological warfare’.
Threatening signals are also being portrayed through the unlawful incursion of military platforms entering the territories of other states. In the seas and skies, foreign aircraft and vessels are increasingly violating sovereign territory, leaving targeted states unsure how to react. In protest of Japan’s ownership of three of the Senkaku Islands, China has been relentlessly intruding on Japan’s contiguous zone since September 2012. The use of these practices appears to have been increasing, on par with a growing power competition. States are using exercises and intrusions as a provocative communication tool, creating distrust in the international order and fostering further tensions.
Economic sticks, carrots and sledgehammers
Economically coercive tools include sanctions, manipulation of trade flows (including energy), and interdictions of goods and people. These tools are being increasingly utilized by states to maximize their power and influence abroad. Russia’s 2019 ban on direct flights to and from Georgia was a retaliation to anti-Russian protests in Georgia. The ban heavily affected Georgian tourism and business sectors that are dependent on flight routes via Russia. There was no attempt made by Russia to mask the use of this tactic. Using economic coercion as tool for inflicting damage on a target state cannot be considered as a new tool for power projection, as it has been part of war planning, and of influencing throughout peacetime for decades. However, the overtness of employing these tools, like the open and public trade war between US and China demonstrates, is unorthodox and challenges the status quo of the international system.
ZAPAD-17, joint Russian and Belarus military exercise in Belarus and Kaliningrad
Chinese State-Owned Enterprises are involved in developing the Port of Haifa
Hiding behind proxies
If states wish to influence and engage in armed conflict, but hope to distance themselves from the consequences, they may employ proxy actors as a shield against attributions. Intelligence and security services have historically infiltrated private groups; note the activities of football hooligan paramilitaries in the Yugoslav wars. However, the increased sophistication of the use of these groups and their capabilities does present a sense of novelty. Recent examples of proxy activities show complex patterns of dependency between state and non-state actors. In Ukraine, Russia uses criminal gangs to destabilize the political domain. In Taiwan, criminal groups with links to China have been engaged to aggravate pro-democracy protests. The Wagner group, a private military company operated by the Kremlin has been spotted in several countries, such as Ukraine, Syria, Sudan, the Central African Republic and Libya. Proxies are also employed for gaining influence with the potential to exploit this influence when needed in the (near) future. China’s state-owned enterprises involved in building, funding and operating maritime ports in Asia, Africa and Europe may be used for leverage by China . Chinese port operations or ownership pose immediate risks to Western interests, potentially allowing China to extract intelligence, to block NATO vessels from accessing services, and to use ports to dock military vessels.
Chinese ownership of Western ports poses immediate risks to Western interests
The Brexit referendum in the UK and the 2016 US presidential election revealed the complex and multidimensional nature of political interference, as the ‘attack’ was not executed through a single disinformation campaign or cyberattack. Instead, a comprehensive campaign that combined lobbying, disinformation, corruption and cyberattacks was carried out . Some observers  note that, even without possible external interference, some political campaigns are already riddled with dubious, if not outright false, information. This makes the life of hybrid actors easier; they only inflate what is already there. Although there is nothing inherently new about states interfering with the political affairs of another state, social media and technological developments that enable and encourage the mass dispersion of information means that actors can influence public life in foreign states with greater ease than ever before. Over the last four years, Europe has been continuously targeted with political interference campaigns, e.g. during the Catalan Independence Referendum, the French presidential elections, the EU Parliamentary elections and the Austrian elections. The financing of religious organizations (e.g. of koran schools and mosques) could also be a part of such campaigns. This trend is being progressively recognized by EU member states, as the threat posed by influencing and political interference is becoming codified in strategic foresight and security documents .
Disinformation is an evolving phenomenon. While today internet bots are a matter of concern, it is virtual impersonation and social dialogue distortions that will emerge as key threats over the next few years. States are increasingly utilizing digital disinformation capabilities to influence, interfere with, and disrupt other states. Whilst bots are still relevant, new technologies have emerged on the horizon and are expected to have a disruptive impact on disinformation technologies. At the core of this concern are deep fakes. Produced by deep-learning algorithms, deep fakes are highly realistic and difficult-to-detect depictions of real people doing or saying things they never said or did. Whilst the use of this technology is still experimental and does require a level of technological sophistication, currently cheap fakes, created by simple editing tools, are already omnipresent.
A 3D digital twin rendered with incredible detail in real-time during TED2019
How to regulate disinformation in a period where deep fakes and cheap fakes are being doctored and distributed will be especially challenging for societies that value freedom of speech and freedom of expression. In 2019, US President Trump shared a cheap fake video of Nancy Pelosi, speaker of the US House of Representatives, appearing to give a speech while she was intoxicated. Facebook refused to remove the cheap fake video of Pelosi, given that the content did not violate the company’s ‘community standards’.
Formation of digital islands
Early 2020, Russia finished a series of tests to disconnect the country from the worldwide internet. The goal was to test if the country's national internet infrastructure, known as RuNet, could function without access to the global domain name (DNS) system and the worldwide internet. The experiment was deemed a success, according to the government. Russia’s effort towards a national internet, fashioned after China’s national internet, is driven by the doctrine of internet sovereignty, or the right of states to govern the internet in line with its domestic laws. These laws, which were originally applied to traditional media forms, became equally applicable to content online. Introducing national segments of the global internet has two security consequences. First, such a national internet is more difficult to attack. Second, a cyberattack launched from such an internet is more difficult to attribute and counter. A national internet therefore makes it easier to threaten or attack other’s internet infrastructure because attribution and retaliation is made more difficult. This development is not confined to Russia and China. As the most recent Freedom on the Net report purports, ‘as governments recognize the importance of the data flowing in and out of their countries, they are establishing new rules and barriers in the name of national sovereignty, allowing officials to control and inspect such information at will’ . This said, it would be a mistake to exclusively link internet sovereignty to authoritarian regimes.
Wannacry spread ransomeware to computers in 150 nations creating massive disruptions
Cyberspace: the fragile underbelly of society
Few threats are more closely associated with hybrid warfare than cyberattacks. Targeting critical infrastructure from a distance through cyberspace constitutes an attractive method for undermining states. Continuous reconnaissance and cyberattacks on critical infrastructure are increasing. In the absence of comprehensive rules and regulations, or even agreed-upon regulatory frameworks, at the international level, this domain remains a risk for the international system. Examples of this can be seen in the attacks of WannaCry, which spread ransomware to computers in 150 countries, creating massive disruptions for businesses and critical infrastructure, such as hospitals, and causing global financial damage of four billion Euros. Against a backdrop of Russian-US tensions, the US has begun attempting cyberattacks in Russian energy grids. These attacks are symptomatic of a growing trend toward the strategic targeting of critical sectors . Considering modern society’s increasing dependence on cyberspace, new opportunities for cyberattacks are arising. The digitization of our societies - from the digitization of citizens’ identity documents to the automation of everyday infrastructure such as ‘smart doors’ - means that malicious actors have ever-increasing systems to target for ransom, espionage, disruption and hacking. As interstate military competition increases, more cyberattacks are expected to be carried out by states, though the covert nature of cyberattacks, the use of proxy actors and the development of national internets pose an additional threat as cyberattacks may be executed more effectively whilst attribution will be avoided.
Emerging technologies amount to new capabilities
Developments in science and technology have the potential to transform the character of warfare and conflict. Most major innovations no longer originate from government-controlled military laboratories, but from commercial markets. Due to the nature of hybrid threats, which span multiple domains including the military, the economic and the information domains, the list of potentially relevant technologies to employ in hybrid conflict is large. It comprises technologies that enable the use of extended and virtual reality, internet-of-things, autonomous systems, additive manufacturing, satellite interference (jamming, spoofing and hacking), offensive cyber and micro targeting. Many of these enabling and emerging technologies (and capabilities) exhibit some or all of the following characteristics that make them particularly attractive as hybrid tools: they can be largely used anonymously, i.e. it is difficult to attribute their use to a specific actor; they can be employed remotely; they exploit today’s global hyperconnectivity and ICT-related vulnerabilities.
The 'Nibbler', a 3-D printed drone by the US Marine Corps
From the above, three overarching trends can be observed. The first is that new parties are emerging as prominent proxies in hybrid conflicts. Although in the (Western) media and literature examples of hybrid activities often point to Russia or China as the source, smaller states as well as a variety of non-state actors (whether as proxies or not), are advancing in the use of a wider range of hybrid instruments. The second overarching trend pertains to the widening geographical scope of hybrid conflict. Russia, China, Iran and North-Korea will remain as the source of hybrid challenges to the West. However, hybrid threats and conflicts will manifest worldwide. The final general trend is the way in which new technologies, like Artificial Intelligence (AI) and the Internet-of-Things, will intensify and revolutionize hybrid conflict.
To counter hybrid threats governments should be able to implement timely countermeasures
It is to be expected that hybrid threats and tactics will remain a dominant shaper of competition and conflict for at least the next five to ten years and will continue to add complexity to world affairs. To counter hybrid threats, a permanent function that scans and explores new trends and developments that will or might be exploited for hybrid threats and tactics, is required. This is a prerequisite for the ability of governments and societies to be able to implement countermeasures against existing and emerging hybrid threats in a timely fashion.
1. 'A Horizon Scan of Trends and Developments in Hybrid Conflicts set to Shape 2020 and Beyond', Rick Meessen, Bianca Torossian, Frank Bekkers, February 2020. 2. Samantha Bradshaw and Philip Howard, ‘The Global Disinformation Order: 2019 Global Inventory Of Organised Social Media Manipulation’, Working Paper, Oxford Internet Institute, 2019. 3. Sasha Romanosky and Benjamin Boudreaux, ‘Private Sector Attribution of Cyber Incidents: Benefits and Risks to the U.S. Government’, Working Paper, RAND Corporation, 2019. 4. Charles Dunlap Jr., ‘Lawfare Today: A Perspective’, Yale Journal of International Affairs, no. Winter 2008 (1 January 2008). 5. As of 2016, this budget was said to be rising by 15-20% annually. Victor Madeira, ‘Supplementary Written Evidence’ (Parliament of the United Kingdom, 25 March 2016). 6. Jonathan Hillman, ‘Influence and Infrastructure: The Strategic Stakes of Foreign Projects’, CSIS report, January 2019. 7. Robert Mueller, ‘Report On The Investigation Into Russian Interference In The 2016 Presidential Election’, Washington D.C., USA: U.S. Department of Justice, March 2019. 8. Samantha Bradshaw and Philip Howard, ‘The Global Disinformation Order: 2019 Global Inventory Of Organised Social Media Manipulation’, Working Paper, Oxford Internet Institute, 2019. 9. Hugo Van Manen, Lucas Fagliano, and Marek Baron, ‘In the Eye of the Beholder? An Assessment of Global Security Perceptions’, Strategic Monitor 2019-2020, The Hague Centre for Strategic Studies, 14 January 2020. 10. Adrian Shahbaz, ‘Freedom of the Net 2018: The Rise of Digital Authoritarianism’, Washington D.C.: Freedom House, October 2018. 11. Tania Latici, ‘Cyber: How Big Is the Threat?’, Brussels, Belgium: European Parliamentary Research Service, July 2019.