Working with NATO to Address Hybrid Threats

Globalization—the worldwide system of instant communication, finance and commerce—has given a dramatic boost to the phenomenon of hybrid threats, one of today’s central security challenges.


At NATO headquarters in January 2015, NATO and French flags fly at half-mast in honor of the victims of the terrorist attack at the office of the Charlie Hebdo magazine in Paris.

Today, state and non-state actors are challenging nations, institutions and private companies through a wide range of overt and covert activities targeted at their vulnerabilities. Both NATO and the European Union refer to these as “hybrid threats.”

Hybrid actors generally use subtle, far-reaching and opportunistic methods that seldom have a return address. In some cases, the attacks can be more brazen but take place in a gray zone in which the targeted entity has few good response options short of escalating the situation into armed conflict. These types of threats have been in existence for centuries, of course. What makes them different today is the fact that we have instant global communications and a globally connected system of finance and commerce.

Though many refer to it as “hybrid warfare,” thus militarizing it, the phenomenon is much broader and more complex, requiring a whole-of-government and whole-of-society approach to address effectively. Since 2015 NATO and the European Union have begun to focus on this problem, which is already impacting the alliance.

An Attack on Governance

Hybrid threats are best understood as an attack on governance, specifically democratic governance. As Prussian military philosopher Carl Von Clausewitz wrote: “War is nothing but a continuation of politics by other means.” He also said: “The aggressor is always a lover of peace; he would prefer to take over our country unopposed.” In other words, hybrid threats are not only a continuation of politics by other means; they also create opportunities to weaken or even topple a government without firing a shot. As we’ve seen recently in Crimea and the South China Sea, a hybrid approach lowers the political price for aggression, making regime change and territorial annexation possible “on the cheap.”

One example of a hybrid threat is a disinformation campaign. Creating false news reports or spreading inaccurate information can be relatively easy; it allows for deniability and can produce effective results for the aggressor. Such campaigns can sow mistrust and confusion between segments of the population, as well as between the people and their government, targeting a society’s deepest historical wounds to make them bleed once again. Or an adversary may leverage organized crime elements or ownership of private entities (such as ports). Using these levers, an adversary can disrupt a critical port facility via benign sabotage: workers go on strike, blocking entrance to port berths and shore facilities. Such tactics could slow or disrupt NATO’s ability to deploy and provide logistics support to allied forces in time of crisis.

Governments and public and private institutions with weak governance tend to be more susceptible to hybrid threats. Corruption, low levels of public trust, weak public and private accountability, ineffective law enforcement, poor border and port security, weak security protocols for critical infrastructure and a lack of cooperation between ministries, institutions and the private sector leave them vulnerable to these acts of aggression.

Countering hybrid threats requires member-states to focus on internal resilience. This calls for a cultural shift from the expeditionary-only mindset.

Not just public, but private entities may be targeted, as well. The majority of the world’s supply chain components, communication providers, financial systems and media outlets operate in the private sector. They are often the first targets of a hybrid campaign, and even when they are not the main target, their vulnerabilities can quickly threaten global economic security. For example, a cyberattack on the government of Ukraine in 2017 inadvertently affected Danish global shipping giant Maersk. As a result, Maersk’s global operations came to a halt as the company temporarily lost the ability to govern its fleet, and numerous other industries were also affected as the global supply chain was disrupted.

In many Western countries, 80 to 90 percent of all critical infrastructure is owned and operated by the private sector. Given NATO’s heavy reliance on the private sector to provide logistics and communications capabilities during a crisis, these vulnerabilities can have far-reaching effects.

The First Steps

In the wake of Russian aggression in Ukraine in 2014, NATO developed and adopted a Hybrid Warfare Strategy in December 2015. In early 2016, the European Union adopted its Joint Framework for Addressing Hybrid Threats. Both documents call for working to improve resilience, security and continuity of governance. Both documents call for greater NATO-E.U. cooperation in addressing hybrid threats.

And since June 2016, both organizations have agreed on dozens of areas in which to focus their efforts. To their credit, neither organization has fixated on an exact definition of hybrid threats, but instead concentrated on identifying the changes to their working methods and approaches that will best allow them to effectively address them.

Within both NATO and the E.U. there is general consensus on four steps to addressing hybrid threats: detection, attribution, response and recovery. Detection refers to the ability to detect a hostile state action in time to react and minimize any potential damage. Attribution, the more complex follow-on to detection, is the ability to attribute an attack to a specific actor and to differentiate it from an accident, system failure or human error. Response, which is greatly dependent on accurate, timely and credible detection and attribution to allow for sound crisis decision- making, is to change security posture or retaliate against the actor to which the hostile action is attributed (in accordance with existing just war ethics). Recovery is the ability to restore functionality to the systems, capabilities or societal coherence attacked through the hostile action.

It is important to note that these steps are not sequential; for example, recovery can begin immediately after detection to “stop the bleeding,” and some internal response postural decisions can be made prior to attribution.

Within NATO it can be difficult to reach a consensus on Article 5 (collective defense) in the face of a hybrid campaign; however, a stricken ally can always bring its security concerns to the alliance via Article 4, under which allies can exchange views and information and discuss issues prior to taking any action. Thus, Article 4 consultations are the most likely venue for the North Atlantic Council to first discuss options when facing hybrid aggression against an ally.

Within the European Union, Article 42 (7) of the Treaty of the European Union and Article 222 of the Treaty on the Functioning of the European Union are the most applicable to hybrid threats. Though similar to NATO’s Article 5 in that it is triggered by an armed attack on a member-state, Article 42(7) can also be applied to some situations below the threshold of armed attack. Article 222 (the Solidarity Clause) applies more broadly to natural or manmade disasters, terrorist attacks and situations that align more closely with a hybrid campaign. It is also tied to the E.U.’s Solidarity Fund, which can provide immediate funding to recovery and response efforts.

At a meeting of the European Union’s Political and Security Committee (PSC) and the North Atlantic Council in September 2018, the European Center of Excellence for Countering Hybrid Threats led a scenario-based discussion on addressing hybrid threats. Author Chris Kremidas Courtney, seated behind the NATO DSG and the PSC Chair, assisted with the deliberations.
© European Union / Enzo Zucchi

A Process Approach

Each time we face a new security challenge, a defense or security contractor is waiting in the wings to sell us a solution. But in the case of hybrid threats, there is no system we can buy or new organization we can establish to mitigate these threats. Instead, everything we’ve learned since 2014 tells us that we must adapt our legal frameworks and working culture, and improve the connective tissue between ministries and organizations, to enable our own governments and organizations to better protect themselves.

Within the United States, our national security culture’s dependence on buying solutions from contractors has hindered our ability to make more progress on this. Allies and partners such as the U.K. and Finland are farther ahead of us because they have taken a process approach to the challenge. So where to begin?

First, countering hybrid threats requires member-states to focus on internal resilience. This calls for a cultural shift from the expeditionary-only mindset, in which ministries of foreign affairs and ministries of defense have primacy, to one in which ministries of the interior and ministries of public protection often take a leading role. At the same time, the inter-state nature of hybrid threats, especially in the multilateral context, means that foreign ministries continue to take a leading role, albeit in a much broader whole-of government effort.

In the expeditionary era NATO became accustomed to operating in other nations’ territories, and its internally focused Civil Emergency Planning Committee and civil defense aspects atrophied. Today, NATO again sees national resilience as a critical element of collective defense, and since 2014 the CEPC has put renewed emphasis on working with allies to meet the NATO Resilience Baseline Requirements set at the Warsaw Summit in 2016.

The seven NATO resilience baseline requirements are:

  • Assured continuity of government and critical government services
  • Resilient energy supplies
  • Ability to deal effectively with the uncontrolled movement of people
  • Resilient food and water resources
  • Ability to deal with mass casualties
  • Resilient communications systems
  • Resilient transportation systems.

In 2018, NATO allies and NATO headquarters staff conducted assessments of each member-state’s ability to meet these requirements and identified shortfalls.

Governments and public and private institutions with weak governance tend to be more susceptible to hybrid threats.

Second, member-states need to ensure that their legal frameworks eliminate gray areas of uncertain or nonexistent government authority. Hybrid attacks often take place in the gray zones between the authorities of different ministries. Several NATO allies and partners have conducted extensive internal reviews and tabletop exercises to identify gaps and vulnerabilities in their legal frameworks. Subsequently, they have worked with their parliaments to close legal gaps and clear up any potential confusion on roles and authorities.

Third, member-states must deepen their level of cooperation internally and internationally to build the trust and connective tissue necessary to counter hybrid threats. The two greatest challenges thus far have been attribution and crisis decision-making to determine appropriate and measured responses. Both require a high level of trust and familiarity between officials, ministries and institutions.

Enhanced Cooperation

Currently NATO and the E.U. are working together on enhanced cooperation in four areas: civil-military planning, cyber defense, information-sharing and analysis, and coordinated strategic communications. Since 2016, they have agreed on 74 areas of deeper cooperation, 20 of which relate to countering hybrid threats. The European Centre of Excellence for Countering Hybrid Threats, established in 2017 in Helsinki, effectively contributes to strengthening NATO-E.U. cooperation in this area. Both organizations’ personnel have participated in a number of the center’s activities.

In September 2018, NATO’s North Atlantic Council and the E.U.’s Peace and Security Committee held the first-ever scenario-based discussion on hybrid threats, and subsequent parallel exercises have validated the improved cooperative working mechanisms being put into place at staff and senior levels. Also in late 2018, NATO adopted the concept of establishing Counter Hybrid Support Teams to give ad hoc assistance to allies in the event of a hybrid crisis. These teams are being fielded and exercised in 2019, and it remains to be seen how allies requesting assistance may integrate them into their own national processes.

In any case, determining attribution of potential hybrid attacks and decisions on responses to them (including any public announcements) remains a sovereign responsibility of the stricken nation. Internally, providing credible deterrence to hybrid threats is straightforward: building and maintaining resilient, credible and capable governance that raises the price of hybrid aggression and reduces its chance for success. To do so requires cooperation and collaboration from all entities.

Depending on the level of willingness of different actors to work together, there are three levels of national and multilateral cooperation that enable governments and societies to better address hybrid threats. First is a “whole-of-government” approach, in which all agencies and ministries from the national to local level cooperate, set broad common goals and share information. Second is a “whole-of-society” approach, which is similar to a whole-of-government approach, but also includes engagement with the private sector, academia and civil society. And lastly, the “comprehensive approach” features like-minded groups or states working together with international organizations and entities. Each collaborates and coordinates to face challenges together—all while respecting each other’s roles and decision-making autonomy. In each of these cases, working together in staff-to-staff discussions, table-top exercises and scenario-based discussions is vital to building trust and interoperability between ministries, nations, civil society, international organizations and the private sector.

By focusing on overall governance instead of looking at hybrid threats through a military lens, we gain a perspective more closely aligned with each nation’s own legal authorities and frameworks, yet one that does not necessarily exclude a role for military capabilities. Given the nature of these threats, the first to detect and respond are most likely to be civilian government or private entities. In turn, varying degrees of military capabilities may be required for support. This cooperation is vital because no government is in a position to pay for the same capabilities twice.

In the event of a possibly escalating situation, close civil-military cooperation and interoperability is necessary to ensure an appropriate response, accompanied by all necessary and available instruments of national and international power and influence. For this reason, comprehensive and whole-of-society approaches are vital. Through strengthening public and private governance, and seeking deeper and broader cooperation among institutions, nations and civil society, we can turn globalization and our greater interconnectedness from vulnerability into an advantage.

Chris Kremidas Courtney is a senior consultant for Strategy International. He has previously served as the multilateral interagency engagement coordinator for U.S. European Command, as director of training and exercises for the Hybrid Center of Excellence, as political adviser to the commander, NATO Training Mission–Iraq and as assistant political adviser to the commander, Joint Forces Command Naples. He has also served as chief strategist for U.S. Joint Task Force North, NATO policy planner at the U.S. Delegation to NATO and as deputy defense policy adviser for the U.S. Mission to the European Union. Mr. Kremidas Courtney served for 22 years as a U.S. Army strategist and intelligence officer and is a veteran of Operation Iraqi Freedom.