Cybridity

“There are three people who understand the Schleswig Holstein question. One is dead, the other quite mad, and I am the third, and I have forgotten”.

Lord Palmerston

Alphen, Netherlands. 12 October. What role does cyber and hybrid warfare actually play in strategy? Hybrid warfare is the strategic flavour of the month at present and at times I feel pretty much like Lord Palmerston about the Schleswig Holstein question, particularly when hybrid and cyber warfare merge. Therefore, this Monday morning in an attempt to better understand how cyber and hybrid warfare interact, and there place in the order of strategy/battle I have determined to fashion a new concept - cybridity. Brilliant, eh?

Now, as far as I can fathom (or not) ‘hybrid’ to most practitioners actually means anything or anyone ‘we’ do not much understand, doing things ‘we’ cannot fathom, in ways that seem to make little clear strategic sense, in pursuit of ‘interests’ that by and large seem utter madness. In other words, hybrid is simply not cricket. Add cyber warfare to the mix and our misunderstanding is compounded.

Cyber ‘warfare’ ranges from the irritation caused by some kid with Asperger’s, to states and wannabe states engaged in systematic mass disruption. By the way, why is it these kids are always kids, and why is it they always have Asperger’s? Until recently I thought Asperger’s was a posh, upper class English public (private) school somewhere in deepest bucolic Hampshire. Worse, bring ‘hybrid’ and ‘cyber’ specialists together and I am reminded of worst nightmare conferences of international relations theorists – the unintelligible in pursuit of the utterly incomprehensible. Thankfully, last Thursday at a conference in The Hague, at which I was of course brilliant, a senior NATO official, who is also a friend of mine, finally cast all the guff that is spoken about ‘cybridity’ into some form of strategic shape.

In effect cybridity is a function of globalisation in which hybrid and cyber warfare together act as the most significant agents of change – multiplying strength, magnifying weakness, and offsetting both. In other words, hybrid warfare is a form of strategy and cyber warfare a form of, er, warfare. Therefore, the importance of cybridity as a means of attack and defence in the twenty-first century is clear and must not be under-estimated. The scale of warfare is stunning. For example, NATO deals with some 20 million cyber incidents against its 32 networks each day.  A senior British officer told me on a visit to RAF Leeming that Britain is under ‘industrial’ cyber attack daily from China and Russia.

Cybridity works on several levels of power. At the softest level of power cybridity helps attackers manipulate history by employing influence to generate an alternative narrative that undermines political cohesion in the West and the legitimacy of any course of action. At the interface between soft and hard power cybridity complicates policy and defence planning by generating offensive disruption below the level of offensive destruction and thus further complicates the very idea of what constitutes an ‘attack’. At the high-end of hard power cyber can generate a readiness to escalate rapidly to the use of conventional force by destabilising an opponent and keeping opposing military power off-balance. Such action can either be taken directly by state or through hard-to-nail proxies. For example, Russia uses criminal gangs and networks necessitating the fusion of military and criminal intelligence by way of response.

Cybridity also penetrates modern society by dint of its very openness. The stability of a modern Western societies is dependent on so-called critical infrastructure. Such infrastructure incorporates both public and private systems and networks both of which are vital to the functioning of aforesaid societies.  In modern Europe some 85% of critical infrastructure is owned by the private sector which means any aspiration to render a society more resilient is dependent on robust co-operation between and across government, the private sector, and given the cross-border nature of cyber international systems and structures.  In other words, cybridity demands a holistic view of security that incorporates classical defence and goes far beyond in terms of the ambition required to mount a credible response.  

How is NATO defending against cybridity? By properly understanding the place of cybridity on the conflict spectrum and its crucial role in force escalation NATO is endeavouring to craft a new form of collective defence.  First, the Alliance is beefing-up situational awareness by creating new early-warning indicators that enable leaders to know exactly what it is they need to look for to confirm an attack. Second, NATO is seeking to speed up the decision-making cycle to enable early intervention, never easy in a multi-national organisation like the Alliance that acts through consensus. The particular focus of the Alliance is on searching for the strategic design behind cyber events.  Third, the Alliance is in the vanguard of efforts to generate a much closer set of relationships between international and national responses. Such an effort runs in parallel with similar efforts across the road in Brussels at the EU, and thus affords both organisations new areas for co-operation. In 2016 NATO and the EU will undertake their first joint exercise since 2003 to test co-operation in the face of cybridity. Finally, NATO is reinforcing the credibility of NATO’s military readiness and responsiveness by better understanding the place of both hybrid and cyber warfare in the order of strategy and battle. The focus is on countering Russian cybridity, particularly in Poland and the Baltic States, and primarily through forward-deployed Special Forces.

However, for counter-cybridity to work a new partnership between the state, NATO, the EU, and the individual citizen will also be needed. During the Cold War for all the Protect and Survive nonsense which encouraged people to hide under the kitchen table in the event of a nuclear attack, there was a legitimising partnership between the state and the citizen in the defence of both – the state and the people that is, not the kitchen table. 

One of the many retreats of the past twenty-five years has been the retreat from transparency by the state in matters security and defence. Consequently, strategy has been sacrificed for short-term politics. The result is that security and defence have come to be seen by much of the population as somebody else’s business.  The danger posed by cybridity means that the age of strategic childishness must end.  Indeed, the greatest defence against cybridity will be the resilience of the responsible, aware citizen, because the greatest threat cybridity poses is that to the relationship between the citizen and the legitimate use of force on his or her behalf.

In the final analysis both hybrid and cyber warfare are simply the latest ‘ways’ to achieve ‘ends’ via the continuation of policy by all ‘means’ available.   Ironically, the most powerful exponents of cybridity can be found in the West itself, not least in the teenage lay-about-hood who lurk in bedrooms across the West. Therefore, if the likes of Russia, China and ISIS can use cybridity to mess around with us, it is nothing compared with ‘our’ capacity to mess around with them.

Let me finish with quote from Professor Paul Cornish of RAND, one of the relatively few other experts who properly understand the role of cyber and hybrid warfare in war and strategy - cybridity.  “At the level of states and governments, it is clear that in some quarters the Internet is becoming viewed as a battlefield where conflict can be won or lost. The threats can inter-connect when circumstances demand – terrorist groups, for example, can be sophisticated users of the Internet but can also make use of low-level criminal methods such as hacking in order to raise funds. The challenge to cyber security policy-makers is therefore not only broad, but complex and evolutionary”.  Some of us would suggest the challenge is now revolutionary.

Julian Lindley-French