The world of hybrid threats presents a complex and ever-evolving landscape where traditional and non-tradi-tional methods intertwine. With the rise of these multifaceted challenges, safeguarding the integrity of European democracies has become an urgent imperative. Initiatives like EU-HYBNET (https://euhybnet.eu/) aim to enhance preparedness and to establish a European network to counter hybrid threats.
Picture a scenario in which malicious actors orchestrate a sophisticated influence campaign. In the civic space, they disseminate propaganda, manipulate narratives, and wage disinformation campaigns. Concurrently, cyber-attacks are launched, targeting critical infrastructure and government systems, seeking to disrupt operations and compromise sensitive information. At first glance, these activities may appear disconnected. But looking closely, there is an underlying influence campaign at play. This is the modus operandi of hybrid threats, which are addressed as part of the European Commission’s new EU Security Union Strategy for 2020-2025, focussing on priority areas to support Member States in fostering security.
Hybrid threats can best be characterised as “coordinated and synchronised actions that deliberately target democratic vulnerabilities of EU States and Institutions”. These threats are becoming more powerful as the security environment changes, new tools and technologies emerge, and vulnerabilities are exploited in different areas in ways we haven't seen before. They employ a variety of tools, ranging from familiar ones (physical operations against infrastructure, cyber-espionage, disinformation campaigns and propaganda) to unexpected and covert methods (misuse of foreign direct investment or territorial water violation).
Addressing such threats requires a focus on early identification and on gaps in prevention and response measures. The Horizon 2020 security research project EU-HYBNET aims to build a sustainable pan-European network of security stakeholders, especially security practitioners, to collaborate with each other and increase the capacity at European level to counter hybrid threats. The EU-HYBNET Network focusses on monitoring relevant developments in research and innovation with respect to countering hybrid threats, including recommendations for sound and promising technological and non-technological (e.g. training, Standard operating measures) innovations uptake and industrialisation and definition of common European requirements. The network will run until 2025 and will then be hosted by the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE).
Hybrid threats may be deployed to erode public trust in democratic institutions, intensify social division or impact political leaders’ decision-making. Due to their multi-faceted nature, hybrid threats can be difficult to identify and attribute to a source. As Päivi Mattila, coordinator of the project, says, “The challenge in hybrid threats is to connect the dots together”.
The EU-HYBNET project uses the conceptual model developed by the Joint Research Centre (JRC) and Hybrid CoE in 2021 to characterize Hybrid Threats. The model provides a way to analyse different kind of actors and understand their motives and doctrines. By gaining a thorough understanding of their objectives, the model serves as a valuable tool for foreseeing and predicting future malicious activities.
Recently, EU-HYBNET used “Core Model” methodology in pan-European security practitioners’ and other relevant actors gaps and needs to counter hybrid threats analysis – the Core Model was developed by the JRC and the Hybrid CoE. This new model adopts a holistic approach encompassing various societal spaces (governance, civic, service) at different levels (international, national, local). It emphasizes the interactions among these societal spaces and offers means to visualise the strategies employed by different actors, the specific tools utilised, and the targeted domains.
Given the evolving nature of Hybrid Threats, thorough trend analysis is key. The EU-HYBNET project also has a focus on identifying the future trends of hybrid threats and addresses them in working cycles that culminate in many project’s events, especially in Future Trends Workshops. Throughout these event s and project’s working cycles, foresight exercises contribute to the initial identification of gaps and needs, as well as, in the final stage, formulating recommendations for possible innovations and solutions uptake and standardisation. Mattila explains “Our main objective is to assist European security practitioners in analysing the gaps and needs to counter hybrid threats. We aim to identify what they see as vulnerabilities and challenges in their daily working life to find technological or non-technological solutions”.
When examining future trends in hybrid threats, an aspect of concern within hybrid threat landscapes is the interplay between economic transactions and covert operations. A specific aspect that has received thorough scrutiny is the utilization of Foreign Direct Investment (FDI) to acquire land and properties in strategically significant areas, raising apprehensions regarding potential implications. According to Mattila, a significant concern revolves around understanding the processes involved in purchasing premises or land in critical areas, and how these properties can be activated for malicious activities. As Mattila underlines, the project focusses “on who is behind the money, getting control of this premise and how this can be used to foster illegal activities”. This underscores the urgency of not only understanding such threats but also developing robust countermeasures to safeguard strategic assets and curb illicit financial activities.
When considering the future development of criminal and unlawful activities, Mattila highlights the ongoing competition between security practitioners and malicious actors. Positive signs of success would be e.g. a reduction in the number of cyber-attacks and malicious actions and that “security practitioners would be well ahead of malicious actors in developing cyber-offensive and other capabilities”. Making this happen means creating the conditions for security practitioners to collaborate and be aware of various types of threats that go beyond conventional cyber and physical security, including vigilance against threats from unconventional domains.