3_menacesHybrides
π Geopolitics
Asymmetrical warfare: new strategies on the battlefield

Asymmetric warfare: how to respond to hybrid threats

Richard Robert, Journalist and Author
On October 27th, 2021 |
4 mins reading time
3
Asymmetric warfare: how to respond to hybrid threats
Jérôme Clech
Jérôme Clech
Research engineer at ESDR3C (CNAM) and Lecturer at Sciences Po Paris
Key takeaways
  • Hybrid threats come from states that add information manipulation to conventional warfare, but also from hybrid, criminal or terrorist entities.
  • Taking these hybrid threats into account calls for hybrid responses: the “war before the war”.
  • “Augmented prevention” would combine the sword (armed drones, cyber offensives, and offensives in the broader “cyber” field) to act externally and the shield (cyber security and security through cyber) to protect our territories.
  • Europe needs to increase its capabilities in this area, especially as we now need to update our responses in anticipation of these threats: the challenges posed are technological, legal, and ethical.

What is a ‘hybrid’ threat?

Jérôme Clech. In addi­tion to states that prac­tice hybrid war­fare (such as Rus­sia or Chi­na), com­bin­ing con­ven­tion­al modes of action and infor­ma­tion manip­u­la­tion (fake news, deep fakes, etc.), the hybrids; crim­i­nals, traf­fick­ers, gang­sters and ter­ror­ists, use the same tech­no­log­i­cal means that enable glob­al­i­sa­tion. They make up its dark side, which is why they rep­re­sent such a chal­lenge for states and even large companies.

IT has not put an end to the asym­me­try of hard pow­er between devel­oped states and non-state actors, but it does serve an equalis­er in all areas of soft pow­er close­ly linked to the infor­ma­tion­al sphere (cul­ture, influ­ence, media, social net­works, pro­pa­gan­da, etc.). As infor­ma­tion moves at the speed of light for every­one. By invest­ing in the “infos­phere”, non-state actors have restored the sym­met­ri­cal aspect of con­fronta­tion, but in a main­ly non-kinet­ic reg­is­ter: the impact of an attack is much greater than the num­ber of deaths, as West­ern soci­eties have a very low accep­tance of risk.

How can we respond to this threat?

Hybrid threats require a hybrid strat­e­gy. Our nation­al defence and secu­ri­ty strat­e­gy, con­sid­er­ing the absence of a “crit­i­cal mass” in our sys­tem, aims to low­er the trig­ger point for large-scale mil­i­tary inter­ven­tion, par­tic­u­lar­ly in the event of hybrid attacks. But there is a gap in the con­tin­u­um of strate­gic func­tions that nei­ther nuclear “deter­rence” nor the “pro­tec­tion” of ter­ri­to­ries and pop­u­la­tions can fill. A form of “aug­ment­ed pre­ven­tion” would be required: the cur­rent “pre­ven­tion” would be extend­ed to in-depth action aimed at intim­i­da­tion and ear­ly dis­rup­tion through a com­bi­na­tion of remote kinet­ic strikes and cyber offen­sives, not only in the phys­i­cal lay­er of cyber­space, but also in the log­i­cal and socio-cog­ni­tive lay­ers of cyberspace.

In con­crete terms, aug­ment­ed pre­ven­tion would focus on nerve points, such as drone strikes aim­ing to neu­tral­is­ing ter­ror­ist lead­ers, for exam­ple. Both mil­i­tary and large­ly dehu­man­ised and – more or less – stealthy or sched­uled, these remote strikes are also the source of eth­i­cal con­cerns. Europe is fol­low­ing suit, since one of the projects of the Per­ma­nent Struc­tured Coop­er­a­tion (PESCO, estab­lished in 2017) is none oth­er than the MALE (Medi­um Alti­tude Long Endurance) Euro­drone, which could even­tu­al­ly be armed and whose devel­op­ment is part­ly financed by the pre­cur­sor of the Euro­pean Defence Fund (EDF). 

On the cyber side, cyber offen­sives con­sti­tute a hybrid mode of action at a dis­tance: with a mate­r­i­al aim when it is a ques­tion of hit­ting the phys­i­cal lay­er of cyber­space; imma­te­r­i­al when it is a ques­tion of exploit­ing or reach­ing the infos­phere. A Com­put­er Net­work Attack (CNA), which is hybrid in nature in that it involves inter­nal­is­ing hack­ing skills with­in the defence estab­lish­ment, is a cyber offen­sive mode act­ing on the log­i­cal lay­er. Hybrid and cyber threats are one of the areas of NATO-EU coop­er­a­tion, and PESCO has near­ly ten projects in this area.

Aug­ment­ed pre­ven­tion could also have an impact through hybrid bor­der sur­veil­lance. Drones are a great asset in terms of obser­va­tion and are used in the civil­ian sec­tor for bor­der sur­veil­lance in the Unit­ed States. The aim is not only to hin­der ille­gal immi­gra­tion, which is known to feed into every lev­el of the ille­gal econ­o­my, but also traf­fick­ing of all kinds (arms, drugs, coun­ter­feit goods, etc.), which hybridis­es the threats and pro­vides a breed­ing ground for inter­na­tion­al ter­ror­ism. Since 2020, the use of drones has strength­ened the Fron­tex sys­tem at the bor­ders of the Euro­pean Union (EU). Inte­grat­ing the sys­tem into the range of sen­sors oper­at­ed by the intel­li­gence com­mu­ni­ty (includ­ing the DGSE and Tracfin) would undoubt­ed­ly increase its effectiveness.

From bor­der con­trol to bor­der risk man­age­ment, the emer­gence of the con­cept of “smart bor­ders” cor­re­sponds to the imple­men­ta­tion of “intel­li­gent” sys­tems at air­ports, ini­tial­ly based on bio­met­rics. The aim is to char­ac­terise and iden­ti­fy the poten­tial threat posed by an indi­vid­ual accord­ing to their behav­iour­al pro­file. For exam­ple, the PNR (Per­son­al Name Record) is a device for assess­ing the risk of a trav­eller being linked to a ter­ror­ist organ­i­sa­tion; it is designed to know “what the indi­vid­ual has done” before book­ing a flight and to pre­dict “what he or she is like­ly to do” at destination.

In order to see more clear­ly into the dig­i­tal maze gen­er­at­ed by the “com­put­er­i­sa­tion of the body” (the shad­ow body, a cloud of data and infor­ma­tion that goes beyond one par­tic­u­lar indi­vid­ual since some of this data only makes sense as part of a series), it could then be use­ful for the dat­a­min­ing enabled by AI to cross-ref­er­ence the PNR with the files held by nation­al defence and secu­ri­ty forces, and more par­tic­u­lar­ly those held by agen­cies in the intel­li­gence com­mu­ni­ty. Sub­ject to net­work sov­er­eign­ty in place at a Euro­pean lev­el (as this is the rel­e­vant scale), it is con­ceiv­able that all this data could even­tu­al­ly be host­ed on a ded­i­cat­ed cloud.

But what would be the val­ue of a secret cloud if only France was to input in cer­tain ele­ments of the intel­li­gence infor­ma­tion col­lect­ed by its sen­sors (relat­ing to coun­tert­er­ror­ism or illic­it flows, for exam­ple)? For the time being, we only have an Intel­li­gence Col­lege in Europe – not a Euro­pean Col­lege of Intel­li­gence! Nam­ing it such might bring it to life, or per­haps not: noth­ing oper­a­tional, but the ambi­tion to build a “com­mon strate­gic cul­ture” … This, as Jean Mon­net believed, is cer­tain­ly where any Euro­pean project should start, but con­sid­er­able efforts need to be made, as Pres­i­dent Macron acknowl­edged in his 2017 Sor­bonne speech with the Euro­pean Inter­ven­tion Ini­tia­tive (EII).

Nat­u­ral­ly, the use of data and the search for such syn­er­gies raise eth­i­cal and legal ques­tions that bring us back to the secu­ri­ty-free­dom dilemma.

Are we head­ing for wide­spread hybridisation?

The response to hybrids would in fact ben­e­fit from more hybridi­s­a­tion. For while tech­nolo­gies have a major and grow­ing role to play, the relat­ed capac­i­ties (equip­ment and know-how) must not be reduced to tech­ni­cal fetishism. We must be able to artic­u­late the explorato­ry force of the machine with human intu­ition in order to, at least, strength­en their co-pro­duc­tion if not hybridise them. Aug­ment­ed pre­ven­tion would only be a strate­gic shift. We need to do even more: a quan­tum leap in terms of the antic­i­pa­tion of threats. Antic­i­pat­ing hybrids so as not to have to respond to them is, in my opin­ion, the way to under­stand the log­ic of “win­ning the war before the war”, to quote the Chief of Staff of the Armed Forces. This would imply rethink­ing the meth­ods and tools of strate­gic fore­sight, pay­ing renewed atten­tion to the ear­ly detec­tion of “weak sig­nals”, in order to nip future threats in the bud before they emerge. Per­ceiv­ing and char­ac­ter­is­ing the under­ly­ing struc­ture of emerg­ing hybrid phe­nom­e­na undoubt­ed­ly requires defin­ing and build­ing the ‘hon­est cyborg’ of the 21st cen­tu­ry. But that’s anoth­er story!