L’Europe qui protège: With digitalisation and globalisation greatly increasing the potential impact of hybrid threats, how can the EU protect its citizens against those threats?
Committee on Security and Defence (SEDE)
Henri Haapanala (FI)
Topic at a Glance
Hybrid threats might be hard to define, but it seems impossible to imagine modern foreign policy without them. Our globally and digitally interconnected world is vulnerable to attacks which blur the lines between war and peace, such as online disinformation, election interference, or military operations without national flags. It is essential that the European Union, together with NATO, is able to respond to threats in our geopolitical environment, and prevent the opponents of liberal democracy from gaining an upper hand.
Political philosopher David Hume considered it an essential function of the state to provide security and justice in order to guarantee the liberty of its citizens. A lot has changed since the times when sovereignty could be upheld with disciplined armies and equipped fleets, though. Hybrid threats, incorporating a broad array of military and non-military strategies, aim to exploit the weaknesses of democratic states and institutions while occupying the grey area between peace and war. There is nothing new in the idea of countries using hard-to-define actions to create distrust and suspicion in their opponents, but the impact of hybrid threats has greatly expanded alongside digital and global integration. There is no distance between attacker and victim in cyberspace, and in the real world, modern nation-states rely on complex networks of energy supply, logistics, and political legitimacy to defend their autonomy.
The European Union (EU) cannot leave the duty to address hybrid threats to Member States or defence alliances such as NATO alone. Following the NATO strategic concept of 2010 which raised hybrid threat concerns for the first time, the EU has specified its own comprehensive approach to hybrid threats spearheaded by the European External Action Service (EEAS). Multiple events in the 2010s attest to the prevalence of a new security environment – hybrid action has played a role in Chinese expansion in the South China Sea; the Russian annexation of Crimea; Brexit and Eurosceptic populism; and the global spread of disinformation and election meddling, just to give a few examples. Hybrid threats are not a concern for military brass alone. The response to them must involve all levels of the European institutions.
Relevant Policy Measures and Legal Framework
Although the prevention and response to hybrid threats may involve almost any government department depending on the specific nature of the threat, the policy process centres on defence and foreign affairs. Since these functions lie at the heart of sovereignty, the EU has agreed on special competences regarding the implementation of the Common Foreign and Security Policy (CFSP), of which the Common Security and Defence Policy (CSDP) is the most important element.
Articles 23-46 of the Treaty on European Union (TEU) outline that major strategic and operative decisions in foreign affairs and security are made unanimously by the European Council. However, this excludes decisions regarding the European Defence Agency and permanent structured cooperation, which are made by qualified majority vote. For example, the declaration of the Crimean annexation as illegal, and the subsequent decisions to implement economic sanctions on Russia, were made unanimously by EU heads of state or government because they defined the EU’s overall foreign policy position towards Russia. Day-to-day implementation of the CSDP, both its civilian and military dimensions, is largely carried out in committees of the Council of the EU and EEAS which report to the High Representative of the Union for Foreign Affairs and Security Policy (HR/VP), currently Josep Borrell Fontelles.
Policy in this field has evolved rapidly following the events in Crimea. In 2016, the Global Strategy for CSDP and the Joint Communication on Countering Hybrid Threats called for Member States to evaluate their threat environments and recommended deeper integration of national security and defence policies as enabled by the TEU. A review in 2019 suggests several concrete actions have been taken by the European Commission and EEAS, including but not limited to the Action Plan against Disinformation; protection of critical infrastructure en energy security of supply; transport and supply chain security; EU defence capabilities; cybersecurity; anti-radicalisation; public health and food security; en election defence. On top of all these EU-specific programmes, threat response is organised in collaboration with NATO. NATO works together with the EEAS and European Commission in specific defence projects. NATO and the EU are also sharing knowledge by participating in the European Centre of Excellence for Countering Hybrid Threats, which is an independent research organisation.
NATO is certainly the most relevant international organisation when it comes to hybrid threats in Europe. Starting from the recognition that 22 Member States are also NATO members, the TEU guarantees that EU defence policy will not interfere with NATO. In fact, EU-NATO collaboration and European defence spending have been extremely high during the 2010s because of heightened military activity in Eastern Europe and the Black Sea regions. This activity includes several hybrid activities by Russia, such as the soldiers without identification who occupied Crimea, and the propaganda and disinformation spread by Russian state-owned media RT at politically opportune moments.
The United States en post-Brexit United Kingdom are also important international partners for the EU. They are both NATO members with powerful military and intelligence organisations, and the EU shares their liberal democratic values. It therefore makes sense for the three to work together, to learn from the hybrid attacks that the others have experienced, and to create stronger and more coherent responses.
Lastly, national approaches to hybrid threats are hard to describe exhaustively because they strongly depend on the geopolitical environment en institutional vulnerabilities of specific Member States. For example, Member States in the Baltic Sea region and particularly those sharing borders with Russia may emphasise concerns over territorial integrity, whereas countries more dependent on imported energy seek to guarantee security of supply. The preferred response to hybrid threats therefore encompasses both national-level preparedness and international cooperation.
Further Research and Questions
The variety of hybrid threats is almost endless, and I would be happy to see case studies from your own countries. However, please select cases with sources available in English en make sure you can justify the hybrid component. The Hybrid CoE is a very useful website for theory and basic research. Reliable online sources include but are not limited to Politico, Euractiv, The Economist, BBC, Foreign Affairs, Carnegie Europe, EUISS, IISS, RUSI, and other national and international news sites and research institutes.
Finally, a note on primary research – we always encourage you to think critically about your sources, but it is particularly important for a topic like this. You can be fairly certain that texts on political-military conflicts or disinformation that are published by accredited academics or research institutes are neutral and fact-based. However, the same cannot be said for all newspaper articles. When referencing news stories, try to make sure that they are covered by more than one website. Check the “About Us” page of every organisation that you are unfamiliar with and make a judgment if their information is trustworthy. Always ask yourself: who is writing this text and what is their reason for writing it?
You are encouraged to think about the following five questions when conducting your own research:
- How would you define hybrid threats? What makes them different from 20th century warfare?
- What hybrid threats have you or your country experienced? How have you responded to them?
- How should NATO, the EU, and individual Member States allocate the responsibility for responding to hybrid threats? Which security and defence activities should each level perform?
- How can EU citizens be better informed about hybrid threats?
- Who can make hybrid threats? Are they made by nation-states, terrorist groups, organised criminals, or individuals?