• Insight
  • 7 min read

Hybrid warfare and the gray zone

Hybrid Warfare and the Effects of Hybrid Threats on Cybersecurity

For quite some time two buzzwords have been heard in the public debate on security politics and Swedish defense capabilities – hybrid warfare and the gray zone. This article explores what this really means and how these buzzwords are connected with preventing cyber breaches in an increasingly unstable world. The author of this article has been involved in the practice of Swedish crisis management, protective security, and issues surrounding total defense capabilities (“Totalförsvaret” in Swedish wording) for over 20 years. He is a former intelligence officer in the Armed Forces and heads Truesec Human Threat Intelligence.

What Is Hybrid Warfare and What Are Hybrid Threats?

The expression hybrid warfare was initially created to describe and define war and conflict in the nuclear age. When great powers armed with nuclear weapons have the capacity to annihilate each other, all-out war becomes unthinkable. Conflicts and escalation must be managed, and sometimes aggression must be hidden.

In this hybrid warfare, the term war is expanded to mean more than just a clash with armed forces. War and confrontation can also include other means and other arenas than the ordinary to achieve strategic and military goals. Other means might be to weaken political stability and apply political pressure at a level that is closing in on extortion. It might also be to weaken societal stability by attacking supplies vital to our common well-being, for instance, power/energy, fresh water, and pharmaceuticals.

Combining the two would be defined as a typical act of hybrid warfare – to weaken society and then apply extortion until the state collapses. This could be achieved by a combination of covert sabotage and cyber operations. In this scenario, no conventional military weapons have been needed, and the aggressor will probably not have been seen, at least not in the early stages. This means that other arenas have been used. Diplomacy, relations, and information operations instead of soldiers and tanks. Cyberspace instead of fields and streets. We have difficulties navigating these hybrid conflicts because we prefer to think in terms of war and peace as distinctly different. When we become targets of hybrid war, we are not always sure what’s actually happening. Is this an accident, a freak event, or an indication of more to come? We are inside what is generally referred to as the gray zone.

Along the way, the idea of hidden aggression has been broadened and applied to everyday language when we refer to assets being threatened by other means than we might initially expect, often a combination of them. We increasingly discuss hybrid threats as a key problem in protecting modern society.

The Shift in the Swedish View on Security

Following a long period of relaxation in how Sweden viewed its security needs, a shift took place around 2015 when again, there was a need to take stock and reorientate. Slowly the debate escalated around the need for a military capability and a stronger capability in civil society to withstand the effects of the crisis and armed conflict. The Swedish Security Police reported an increasing interest from foreign intelligence services directed towards several segments of society, reaching far beyond the “traditional” ones of military installations, foreign relations, etc. Today the experiences from the Covid pandemic and the war in Ukraine are clear and hard to evade. In the early days of the pandemic, society lacked basic medical equipment to handle the crisis because of the dismantlement of the civil defense capability. Rebuilding this is a priority and foreign intelligence is curious about proceedings. Early this year, we were all brutally reminded that war might actually strike in Europe. Increasing military capacity is crucial, and foreign intelligence is as curious about this. And in addition – cyber attacks in various forms have become everyday news.

What has been gradually underway since 2015 is now time critical. To strengthen Sweden’s capacity to withstand the negative impact of crisis (physical and cyber) and war, we need to shift our view on what is a security-sensitive business operation and what information is now (again) to be regarded as security-sensitive. Society is shifting from viewing (this is, of course, a simplification) National security as “military and foreign stuff” to “everything that makes our society tick even when under pressure.” This shift is gigantic. It is reasonable to predict that a broader segment of society will be in scope for foreign interference and thereby face different sorts of hybrid threats.

Legislation responded in the shape of the new Swedish Protective Security Act of 2018, effective from 2019. It expands the number of organizations in need of protective security from a few to many. The term National security was changed to Swedish security in the 2018 law – indicating the increasing amount of affected organizations. If your business operation in any way contributes to the well-being of society, you may fall under the regulation – easily explained. Parliament underlined the level of urgency in an amendment to the law in December 2021, giving the state authority to place substantial fines on organizations not reaching up to standards.

How All This Affects Cybersecurity

What has been said about hybrid threats in combination with the shift in Swedish security gives an indication of what arenas might be used – and why – by an aggressor who wants to harm Sweden or Swedish interests. It’s evident that the cyber domain is a key arena for modern hybrid war – regardless of the level of intensity and choice of method.

Destructive cyber attacks could be directed against Sweden as part of a full-scale military invasion. Cyber attacks could also be used on much lower steps on the escalation ladder as a way to put pressure on Sweden or Swedish organizations, be it public (state, region, or council level) or private (business), and force them into the desired direction. Even information operations and propaganda can be pushed in the cyber domain to influence our actions.

A full-scale cyber attack from an advanced adversary is likely to be conducted using multiple axes of attack. A cyber attack from the outside may be complemented with insider attacks using people already in place (planted or recruited) who already have the organization’s trust and can act without suspicion. Such an insider could plant malicious code, extract information, and manipulate key individuals with high-level access to information (social engineering). If simultaneously under attack from the outside (by technology) and the inside (by humans), the impact would be severe.

This is an example of the modern hybrid threat, using parallel and complementary tools to achieve the desired goal. As a society (to protect Swedish interests) and as individual organizations (to protect ourselves), we must address these hybrid threats. This means immediate action in several arenas.

>> Learn more about Human Threat Intelligence to prevent insider threats within your organization

Key Takeaways

  • “Hybrid warfare” is the modern and smart way to attack and achieve results. It is complex, consisting of parallel tools in ways we might not always expect. This makes us vulnerable and creates a need for 360° protection in a variety of arenas – at the same time.
  • Swedish security in its modern 2022 form is shifting from military and territorial focus to stability in society, with civil and business focus. As a result, more organizations are a piece of the security puzzle and need to brace for impact. It doesn’t matter if the aggressor’s purpose is “only” blackmailing a company for money or if it is part of a larger nation-state operation to weaken society. It is still a threat that needs to be eliminated.

Written by Mattias Engström, Domain Lead of Human Threat Intelligence

Human Threat Intelligence, Incident Response, Threat Hunting, Threat Intelligence