Addressing effectively Hybrid Threats requires a common understanding by policymakers and politicians, early identification of the hybrid activity, identification of gaps in prevention, preparedness and response and development of the right actions in order to bolster resilience both at national and European/NATO level. There is significant ongoing activity at academic, policymaking and operational level. In the academic level, new scientific knowledge is been produced. At EU policy making level, two Joint Communications have paved the way for acting in this area and Hybrid Threats are mentioned in a number of security-related policies. In the EU and NATO member states, significant changes have been made already in the political level, however, more is needed to. At operational level, the EU has conducted the largest ever tabletop exercise on Hybrid Threats (Parallel and Coordinated Exercise, PACE 18) in collaboration with NATO. These efforts leave no doubt on the importance of Hybrid Threats for the EU.
A careful analysis of these actions reveals that our understanding about hybrid threats and respective activities draw still very much from past experience. Since a solid conceptual basis has been missing, it has hindered relevant stakeholders to improve their understanding of hybrid threats while it becomes more challenging for designing and implementing effective measures to address this very complex phenomenon.
In order to address this gap, the Joint Research Centre of the European Commission and the European Centre of Excellence for Countering Hybrid Threats in Helsinki have joined forces in order to develop a conceptual model for characterising HT.
The proposed conceptual model provides a narrative with a respective visual representation and depicts the main concepts and variables and more importantly their relationships. More specifically, the conceptual model is developed around 4 main pillars: Actors (and their strategic objectives), domains, tools, and phases. This structure allows to grasp the time variable of hybrid threats and identify the way that an actor can employ a series of tools to affect the targeted country in order to achieve a series of objectives. The proposed framework is not the mere listing of the above-mentioned pillars but aims at identifying the links between them as well as provide a flexible framework, a blueprint, that can be adapted to the needs of each EU and NATO MS. The proposed framework is validated against a number of real case studies in order to assess its validity and its analytical value. Although it would be convenient to establish the conceptual model on the basis of past experience, we refrained from doing so in order to deliver a framework which is future proof and describes the concept rather than a representation of past or current phases. Such an approach would severely limit the analytical value of the framework.
In particular, the conceptual model puts a lot of emphasis on actors aiming at understanding their drivers based on motives, doctrines, open-source intelligence and literature which provides pieces of evidence for their objectives. As mentioned above, the actors’ objectives have not been developed on the basis of observation but have been inferred from extensive research on available literature. A deep understanding on actors’ objectives is an excellent proxy for forecasting possible future activities albeit not enough. The conceptual model focuses on state and non-state actors and the case studies demonstrate the diversified nature of their activities and modus operandi.
An essential variable of the conceptual model is the identification of the various tools that enable state and non-state actors to conduct hybrid activities. Despite the extensive list of tools that have been included and analysed in the present document, the objective was not to develop an exhaustive list of tools but rather to provide examples and a model of what hybrid tools could look like so as to enable MS and international organisations to adapt the framework to their needs. Such an approach serves the purpose of avoiding a conceptual handcuffing which would restrict stakeholders rather than broaden their view. We are expecting that the end-users of this product will be in a position to propose also other tools of hybrid activity which are not currently listed and associate them with actors and domains.
The term domains is used throughout the document in order to characterize instruments of national power. There has been a significant effort to achieve a balance between granularity and analytical value of generalisation and to this end, 13 domains have been considered. It might be worth noting that there are still several subdomains and all case studies demonstrate combinations of different domains, so alternative approaches exist both in consolidating and expanding the list of domains. As in the case of tools, it would be useful to observe an evolution of the concept with less or more domains according to the strategic, operational and analytical needs of the end users. A description of the phases of Hybrid Threats is fundamental for its complete conceptualisation. It is an essential element for raising awareness; it provides arguments to the stakeholders in order to act even during periods of low activity since this low activity might simply be part of the first phases of hybrid where little is observed. The timeline of hybrid activity does not necessarily exhibit a monotonic escalation but it might oscillate between priming and destabilisation phases without reaching a full escalation. That is because a hybrid actor might achieve the desired objectives without full escalation.
A recurrent question for which this conceptual model aimed at providing concrete answers is the hybridity of certain actions, or in other words what makes hybrid a hybrid threat. In fact, this aspect constitutes the glue that links together the variables of the present conceptual model. The combinatory and persistent nature of a threat (involving several tools on a variety of domains for extended periods), the manipulation of thresholds of detectability, attribution, and activation of response mechanisms, ambiguity and exploitation of the seams of democratic states are the gluing elements that render an activity hybrid.
The conceptual model is expected to constitute an important element both for operational as well as for strategic thinking at EU and NATO level which is highly needed. It will complement ongoing efforts and existing policy initiatives as well as provide an ex-post raison d’être based on scientific evidence. In addition, it will facilitate a common understanding and raise the awareness of the relevant authorities on the issue of HT. Given the importance of early detection and attribution in order to counter HT, the conceptual model will provide a comprehensive guide for those variables that authorities should look upon in order to identify at an early stage the onset of a hybrid activity. It will also serve as a basis in order to extract vulnerability indicators across domains facilitating sound risk management as well as building capacities for bolstering resilience. Finally, the conceptual model will support the development of exercise scenarios as well as the identification of areas that require further research work (e.g. emerging and disruptive technologies).
The case-study authors Dr. András Rácz, Deutsche Gesellschaft für Auswärtige Politik, Dr. Patrick Cullen, Norwegian Institute of International Affairs, and Dr. Magnus Normark have performed a Herculean task in uncovering difficult cases and analyzing how Hybrid Threats are manifested. They also contributed significantly to the concept of Hybrid Threats and hybrid warfare, pointing out linkages, missing parts and unclear passages, especially relating to Russia, China, and non-state actors.
Read and download the full report here.