international analysis and commentary

How a virus is raising questions about cyberspace, non-conventional threats and hybrid warfare


COVID-19 has been raging around the world for more than three months now. Since it was first reported in December 2019, it has evolved at a staggering speed from a regional outbreak into a global pandemic with a spiraling number of infections. As a consequence, governments everywhere are scrambling to halt or at least slow down the spread of the virus, imposing all kinds of measures to protect the people within their territories.

While COVID-19 undoubtedly triggers traditional security concerns related to public health and order, it also illustrates the proliferation of non-conventional (cyber) threats and how vulnerable societies and nation states are not only to novel viruses but also to new and mixed types of malicious activity. Governments are facing three concrete challenges in this regard. Before turning to those, a closer look needs to be taken at what hybrid threats and non-conventional warfare are, how the current pandemic is demonstrating their growing prevalence and why policy- and decision-makers should care.


The rise of hybrid threats and unconventional warfare

In recent decades, a number of developments have facilitated the rise of hybrid threats by increasingly interconnecting countries, businesses and individuals alike. Most notably in cyberspace, globalization and the technological revolution – digitalization, the rise of the Internet – have blurred the lines between previously more neatly delimited areas of life. Smart and digital technologies like Internet of Things devices now connect consumers with each other but also provide an opening into their everyday life for corporate or state actors and criminals. Whether something is public or private can often no longer be clearly distinguished. Similarly, the analogue and digital worlds are becoming more and more interlinked due to these trends.

These developments have not only heightened global interdependencies, they have expanded the potential attack surface to all of society. New spheres of influence offer opportunities at all levels for the exploitation and malicious activities of private or geopolitical actors. This could take the shape of cyberattacks, cyberespionage, disinformation campaigns, extremist content online or radicalization through the Internet.

By way of example, cyberattacks can affect the servers of governments or individuals, or target critical infrastructure including the energy and financial sector. They may be single incidents or a series of coordinated attacks. They may be perpetrated by private individuals, lone criminals, terrorists or organized crime groups, as well as by foreign governments. The effects could remain purely digital, such as hacked systems or stolen information, or they could extend to the physical domain, for instance when essential services or operations are disrupted. Correctly identifying which one of these scenarios applies at any given moment is extremely intricate and difficult to achieve precisely because of the hybrid and non-conventional nature of these threats.

“Hybrid” in this context means that they combine a range of different activities, methods and elements in a coordinated manner. This can include the actions of hostile states or non-state actors both online and offline. While hybrid threats usually contain both conventional and non-conventional elements, the unconventional side (non-military) makes its management so challenging for governments. Operating in the grey zone between traditional and modern notions of security, threat actors employ non-conventional attack methods to stay under the radar of classical defense mechanisms. The covert and hybrid nature of their activities makes it extremely difficult to distinguish criminal or terrorist acts from the hostile activities of foreign governments.


COVID-19, a geopolitical opportunity for whom?

The growing use of non-conventional and hybrid attack methods at the international level can likewise be seen in the current COVID-19 crisis. Cybercrime has risen significantly in the wake of the pandemic. As people self-isolate or are being quarantined at home, more activities have temporarily shifted to the digital realm and are thus exposed to malicious exploitation. What is more, criminals are taking advantage of the high degree of uncertainty and public anxiety in the face of the virus. Social engineering and cyberattacks against organizations and individuals are thus currently spiking. There are numerous examples of attacks targeting private individuals, teleworkers and businesses, but also hospitals and public institutions – at times even shutting them down completely. Identifying whether such incidents are the consequence of criminal activities or meddling by foreign governments poses a key challenge. The same applies to distinguishing misinformation (the unintentional spread of false information) from disinformation (the deliberate spread of false content for political or financial gains). Attributing both cyberattacks and the proliferation of false narratives is already intricate enough. Now, it is complicated further by the pandemic, which makes the situation more confusing and puts an even greater strain on public resources and capabilities.

Nevertheless, some of these non-conventional threats have been successfully attributed to geopolitical actors like Russia or China. Albeit no fully-fledged hybrid warfare, both countries are currently exploiting the COVID-10 crisis to launch large-scale disinformation campaigns. Since January 2020, Russia has been pursuing a hybrid strategy in this regard to further its influence and destabilize Western democracies. On the one hand, pro-Kremlin outlets are spreading corona-related disinformation to stir panic among Western (social) media and aggravate the public health situation in European countries by heightening anxiety and distrust in domestic authorities and institutions. This includes narratives of a man-made virus as a biological weapon of global elites. On the other hand, Russia presents itself as in control and engages in open “virus diplomacy,” lending medical support to Italy for example. Here, it openly emphasizes the success of its autocratic system in fighting COVID-19 in contrast to other and democratic states. Although the pandemic has boosted Russian disinformation activities, its employment of hybrid tactics should not come as a surprise. Already in early 2013, Russian chief of the General Staff Valery Gerasimov had published a paper in which he stated that future wars would be increasingly fought with non-military means rather than conventional military methods.

China poses another example of the relevance of discussing non-conventional threats and hybrid warfare in the context of the coronavirus pandemic. Since January 2020, the Chinese government has conducted disinformation campaigns at home and abroad. Like Russia, China has been presenting itself and its centralized political system as superior in fighting the disease compared to Western democracies, particularly the US. Additionally, false narratives originating from China are being spread internationally and incorrectly attribute the origin of the virus to other countries. Competing corona-related narratives are dismissed as anti-Chinese strategies of foreign governments.

Chinese Foreign Ministry new spokesman Zhao Lijian wrote in a tweet that “it might be US army who brought the epidemic to Wuhan.”


Other examples of how governments currently exploit the pandemic to strengthen their geopolitical influence by non-conventional means include countries in the MENA region and the Western Balkans. Corona-related disinformation campaigns have been used to fuel both anti- and pro-Iran sentiments as well as anti-EU discourse (Turkey) or to meddle with electoral debates in North Macedonia and Serbia.

However, non-conventional tactics are not only employed by state actors or in hybrid warfare scenarios. Non-state actors such as Daesh or sectarian groups have likewise been abusing the coronavirus crisis to advance their own influence. They are deliberately blurring the lines between true and false information by attaching their own narratives to existing (social) media content, thus fueling propaganda and hate speech for their own ends.


Three challenges on the way forward

Essentially, three challenges stand out that governments need to address if they want to be able to effectively manage hybrid threats from cyberspace, be they related to criminal acts or warfare scenarios.

The first is the problem of definition. To be able to mitigate or counter hybrid and non-conventional threats, a baseline needs to be established of what is “normal” and what constitutes a deviation from the status quo. Currently, there is a lack of political doctrines and legal frameworks that address this question, let alone answer it. This is especially problematic considering that the denomination of an act of war (vs. a conflict or a criminal act) is ultimately a political decision, especially in the cyber realm and in hybrid scenarios. No universal rules exist at the moment.

Detection poses the second challenge. How to connect the dots between seemingly unrelated events is key in the identification of a hybrid attack. Does a DDoS attack present a single incident? Is it the result of criminal activity? Or is it part of a coordinated series of attacks perpetrated by a hostile government to destabilize the political system? Reliably detecting and countering hybrid threats thus depends critically on analytical capabilities and whether available information is interpreted correctly.

Third, governments need to devise a clear approach on defense against hybrid threats. This includes the problem of attribution: Against whom does a country need to defend itself? Can an attack be attributed and if so, is it acceptable or desirable to openly attribute it? Additionally, defense may also be a question of (in-)sufficient capabilities. Even if the perpetrator is known, not all states may possess the necessary skills or resources to effectively defend themselves against foreign meddling. Finally, even if a hybrid attack can be attributed and adequate defense capabilities exist, a course of action needs to be prescribed. This could take a more passive or defensive shape such as strengthening cybersecurity and deflecting attacks. However, it could also mean offensive or retaliatory action, for example hacking back or imposing economic sanctions on the hostile government. Depending on the type(s) of hybrid attack, any response must consider whether it should be limited to non-kinetic means or also involve kinetic elements. An alternative would be the formal engagement in public or cyber diplomacy to defuse the situation.

Eventually, mastering these challenges boils down to three corresponding steps on the way forward. They are respectively the improvement of competence, capabilities and coordination. Governments and their security (and other) authorities need to be educated and trained in order to possess the necessary knowledge and skills to be able to detect hybrid threats. They then require adequate resources to employ their competence in the management of such threats. This includes the guaranteed availability of information, technology, manpower and funding. Especially the use of smart technologies and open source information could facilitate detection and counter-intelligence/defense. Lastly, neither competence nor capabilities suffice if existing structures and actors do not interact and communicate strategically. Precisely because hybrid threats can affect all areas of life and society, and target multiple attack vectors, coordination is key.

While governments across the globe have begun to put measures in place and thus set in motion a process towards the better management of hybrid and cyber threats, much remains to be done. COVID-19 is revealing some of the more open applications of disinformation and cyberattacks. However, much hostile activity remains under the radar of the public and even intelligence agencies, including cyberespionage.

Although most attention is currently on public health systems, the coronavirus pandemic demonstrates that dealing with unconventional threats and hybrid conflict or warfare scenarios is perhaps more important than ever. In the age of big data and rapidly proliferating new digital technologies and in the face of a crisis situation that is fueling public anxiety everywhere, the stability of nation states also hinges on their societal resilience and ability to offset non-conventional or hybrid attacks.