London, United Kingdom. 25 November. They call it Rage; a newly-discovered malware programme that is perhaps the most advanced malicious spyware yet discovered. Here in London according to people who know about these things the purpose of Rage is to gather intelligence by penetrating highly-protected computer systems. The strange thing about Rage is not that it exists but rather its provenance. Its signature seems to belong not to China or Russia as one might expect these days, but a Western intelligence agency as yet unspecified. The latest revelation adds yet more spice to a growing sense here in London of a country under siege from a broad panoply of so-called ‘hybrid’ threats. My purpose here is to attend a IISS meeting to consider ‘hibridity’, the latest buzz-phrase in the insecurity foment. ‘Hybridity’ implies the use of all possible civil and military means to threaten all possible people in all possible places thus undermining the essential ‘contract’ between societal protection and power projection upon which security and defence is established. What’s new?
As I arrived at London City Airport Home Secretary (Interior Minister) Theresa May was warning Britons that the police and intelligence agencies can no longer cope with the scale and sophistication of the many terror attacks being planned against Britain. She called for sweeping new powers to combat the threat posed by Al Qaeda or Islamic State-inspired terrorist attack which she regards as more dangerous than “at any time since 911”.
It is certainly the case that the lexicon of new terms beloved of the security community has proliferated. Indeed, if one listens to language of conflict one could be tempted into thinking disaster is imminent. Russia’s 2014 invasion of Ukraine saw Moscow’s use of ‘ambiguous warfare’ for strategic ends. There is a ‘super-insurgency’ in the Middle East that both threatens the regional state structure and risks destabilising an already destabilised British society. ‘Cyber warfare’ threatens to fry ‘critical national infrastructures’ reducing society to anarchy. And, growing ‘geopolitical hyper-competition’ points to a strategic environment in which friction abounds and big war no longer an impossible nightmare. All imply a world increasingly beyond and out of control.
However, stand-back a moment. Yes, all the conflicts share common twenty-first century factors that magnify insecurity, such as mass and social media, the twenty-four hour news cycle and the Kommentariat, and the growing paranoia of open, instable societies. And yet peek through the dynamic language of threat, break down each conflict and the threats become not only recognisable but manageable.
Russia’s aggression against Ukraine represents a classic exploitation of political division for strategic ends. Moscow is using proxies reinforced by a disinformation and strategic communications campaign reinforced by use of Russian forces to consolidate territorial gains. The super-insurgency in Syria and Iraq takes place against the backdrop of a regional state structure in turmoil. However, Islamic State is in fact a classical Sunni insurgency that General Gordon would have recognised at Khartoum in the late nineteenth century. The stalled negotiations in Vienna over Iran’s nuclear ambitions reflect Tehran’s regional-strategic ambitions and classical geopolitics albeit nuclear-tipped.
All three conflicts would have been recognised by Britain’s forebears for what they are and the tools and instruments available to past London would have been shaped accordingly and applied proportionately. The problem is that the tools have been denuded and the structures designed to cope with multiple, simultaneous threats have withered. In such a situation political leaders conscious of their own strategic failure are happy to accord such conflicts the radical appellation ‘hybrid’ because it implies an exoticism and complexity that does not in fact exist.
The danger is that terms such as ‘hybrid’ become a metaphor in an ever-changing lexicon of threat for an inability of government to grip complexity and establish sound strategy thereafter. It is a metaphor reflective of an acute inability to act and the deepening policy paralysis in increasingly dysfunctional societies of which Britain has become a sad example. ‘Hybrid threats’ by definition demand of a state a comprehensive security concept, i.e. joined-upness, at which contemporary states such as Britain are not very good at. Faced with such dysfunctionality terms such as ‘hybrid’ becomes a catch-all, full of meaning and yet meaningless, generating more heat than light, more politics than strategy.
Western governments must go back to the fundamental principles of sound security; intelligence-gathering, analysis, deterrence, defence and interdiction. Each scenario must be carefully and sufficiently analysed and properly-considered so that the vital balance between protection and projection can be adapted, reinforced and maintained. Only then will the balance between security and liberty, efficiency and effectiveness be properly re-established.
There can be no doubt that the shifting balance of power, emerging technologies and radical belief systems do pose a real threat to societies changed beyond all recognition to the one into which I was born. Indeed, in the space of my lifetime Britain has gone from being one of the most secure and stable of developed societies to one of the most insecure and unstable. Some of this is the inevitable consequence of technological change. Rage is but the latest attack emerging from the “Internet of Things” to which open society is vulnerable.
‘Hybrid threats’ are certainly real but they are not as new as their advocates would suggest. Rather, the danger is that ‘hybridity’ become a kind of lazy shorthand for security inadequacy that loads different and differing types and forms of conflict into a misleading buzz-phrase. Such ‘laziness’ not only affects planning and response but could lead to a form of panic as threats are combined and then aggregated. If that is the case ‘hybridity’, which is all the rage amongst security wonks, would reflect more an unwillingness to grip complexity than combat the very real threats implied therein. That in turn would be a failure of strategy, policy and imagination.
Hybrid threats: all the rage,