BLOG | MAR 10, 2022
GREY ZONE DETERRENCE
Attacks are being carried out by exploiting IT vulnerabilities and other non-traditional battle routes, rather than open warfare. Government, as well as defence and security organisations, should be rethinking their approach and start looking at this problem in a more active and dynamic way.
With defence spending in the UK coming under increasing public and government scrutiny, it's now decision time regarding how defence and security infrastructure evolves. A new approach needs to be found as traditional ideas of Western or NATO conventional military supremacy is not currently fit for purpose as international rules based order compliant countries, have at present, no answer to grey zone tactics.
CURRENT SITUATION
States such as Russia and China are increasingly directing hybrid warfare at Western Europe and North America with the aim of disrupting the presumption of a safe homeland.
Following the attempted assassination of Sergey Skripal, government-linked Russian news outlets tried to discredit British authorities by claiming that the UK government had failed to safely handle its own stock of nerve agent. Similarly, the NotPetya ransomware attack that targeted Ukraine in 2017, has been traced to Russian agents. In the US, Russian agents created fake Facebook profiles and groups that influenced the 2016 presidential election in key swing states. As 2021 draws on there is an ever increasing weight of reporting to indicate that more attacks especially targeting Western countries' infrastructure are on the rise.
From the attacker’s perspective, unleashing a mix of threats and attacks on civilian targets is attractive for a simple reason: it is cheap, effective and affords the attacker ambiguity, as they can choose to claim responsibility for the act or not. Either way, the attacker can support the desired narrative with government-linked media that provide much more sophisticated messaging than traditional propaganda.
GREY ZONE ATTACKS CAN BE BROKEN DOWN INTO FIVE CATEGORIES:
1. Deniable attacks: A cyber-attack on utilities or assets
2. Information attacks: Foreign election interference or false text message/email scams that can be used to discredit an organisation or draw money from
3. User of proxy force: Terrorist attacks on cities or infrastructure
4. Economic coercion: An adversary purchasing and disabling a piece of infrastructure such as an oil refinery
5. Territorial encroachment: Seizing a fishing lane or sovereign territory
Policymakers have begun to grasp the extent of the threat and the ultimate outcomes. Furthermore it is clear that open and democratic societies are extremely vulnerable to such unannounced aggression. At present, most governments have not identified their countries’ vulnerabilities, let alone created a system to defend those weak points. That is partly because Western-style democracies are highly decentralised and partly because non-conventional threats have until recently not been considered to be major threats to national security.
Modern deterrence must involve a critical mass of businesses and citizens, a concept known as societal resilience. Business leaders need to be trained in, and be comfortable executing crisis management plans.
WHAT IS NEEDED TO COUNTER THE THREAT?
Cooperation between governments, the private sector and the general population. This must begin with the recognition that modern warfare have changed from conventional state-on state military action that has been the staple of Western states or NATO war fighting doctrine.
Modern deterrence must involve a critical mass of businesses and citizens, a concept known as societal resilience. Business leaders need to be trained in, and be comfortable executing crisis management plans. The business sector and areas of infrastructure should also be seen as part of national security with effective crisis response and continuity plans identified and exercised. That means, for example, close coordination with the government, and constant sharing of threat updates with other companies in the same sector. Coupled with this is the need for citizens to also know how to prepare and respond to a crisis, and how to identify disinformation.
Due to open markets and deregulation, Western governments do not own most companies in strategic sectors or strategic infrastructure. They need to work closely with the private sector to form a credible resilience and deterrence posture. In addition, the public are often disengaged from matters of national security, but they should be enabled to become involved, though education and funding to play a role in societal resilience and thus deterrence.
Open societies are inherently vulnerable to malicious acts, and the success of liberal democracies with their market economies is dependent on that very openness. But private sectors and populations possess enormous potential that is currently under-utilised. Most companies implement measures to protect themselves for commercial reasons and in isolation from one another and the government. Societal resilience must be a joint effort.
Given today’s threats and attacks, modern deterrence must become an essential element of national security.
WHAT DOES CLOSER INTEGRATION LOOK LIKE?
There is a role for the Ministry of Defence (MoD) and the national agencies within the UK to integrate themselves with the private sector, in particular defence contractors and security risk management companies in order to mitigate grey zone threats. As direct confrontations become a thing of the past, the private sector, with its considerable resources and knowledge are ideally positioned to conduct soft power and conflict de-escalation initiatives and programmes.
The concept of 'sustainable defence' involves investment in mitigating potential conflicts by bolstering and integrating companies within the private/business sector not only together, but within the public sector to defend against grey zone actions. A number of private security risk management companies already train businesses to safeguard against cyber-attacks and increase their resilience. In addition, the more the private sector knows about the grey zone through interactions with government and defence, the more likely they will react to hostile attacks and in turn strengthen their own deterrence, building sustainable defence.
Moreover it is also about how the private sector within the UK can bring an element of sustainable defence to organisations like the MoD through services such as intelligence capacity building when the size of the military is decreasing and political and diplomatic commitments are unlikely to wane. The British Military will undoubtedly look to maintain a high tempo of operational readiness to counter threats, however this becomes problematic with less resources. This is where onboarded and comprehensively vetted private security companies with relevant experience can act as a force multiplier through the recruitment of consultants that have global experience of intelligence driven operations.
Experience has also shown that private companies have coverage in areas were state militaries have no footprint, and in a crisis can deploy easier to conduct information gathering operations and glean atmospherics more effectively, as they don't have to conform to public sector red tape or bureaucratic military deployment procedures.
If the British Government is serious about building concepts such as societal resilience and sustainable defence, which should be a priority in the current risk landscape, then a more integrated and streamlined solution that enables both the private and public sector to work together is vital. The UK will continue to rely on the military and the agencies to act as the foundation for deterrence against grey zone attacks or any traditional threats. However with a Western culture change to the perception of risk with regards to military personnel in high-risk environments for long periods of time, coupled with shortages of personnel, there needs to be a serious look at how sustainable options can be implemented.
The Government needs to think more dynamically on this issue, or they will only be overseeing decline of their strategic geo-political and defence objectives.