SEDE

hacker-2077138_1920-everglow

Committee on Security and Defence (SEDE)

L’Europe qui protège: With digitalisation and globalisation greatly increasing the potential impact of hybrid threats, how can the EU protect its citizens against those threats?

henri

Written by:

Henri Haapanala (FI)

Topic at a Glance

Closed Captions
“A Europe that protects: Hybrid threats are everywhere in our digital and global world. For example, online conspiracy theories and interference in elections. And in the offline world, Member States are sometimes held ransom with non-military topics such as energy supply or migration flows. What brings all these strategies together, is that they are not acts of war, but our enemies can use them to damage European unity or influence the behaviour of Member States. In this committee we ask what the EU can do to eliminate or reduce the impact of hybrid threats on European citizens. This is what security and defence looks like in 2021.”

Hybrid threats might be hard to define, but it seems impossible to imagine modern foreign policy without them. Our globally and digitally interconnected world is vulnerable to attacks which blur the lines between war and peace, such as online disinformation, election interference, or military operations without national flags. It is essential that the European Union, together with NATO, is able to respond to threats in our geopolitical environment, and prevent the opponents of liberal democracy from gaining an upper hand.

Context

Political philosopher David Hume considered it an essential function of the state to provide security and justice in order to guarantee the liberty of its citizens. A lot has changed since the times when sovereignty could be upheld with disciplined armies and equipped fleets, though. Hybrid threats, incorporating a broad array of military and non-military strategies, aim to exploit the weaknesses of democratic states and institutions while occupying the grey area between peace and war. There is nothing new in the idea of countries using hard-to-define actions to create distrust and suspicion in their opponents, but the impact of hybrid threats has greatly expanded alongside digital and global integration. There is no distance between attacker and victim in cyberspace, and in the real world, modern nation-states rely on complex networks of energy supply, logistics, and political legitimacy to defend their autonomy.

The European Union (EU) cannot leave the duty to address hybrid threats to Member States or defence alliances such as NATO alone. Following the NATO strategic concept of 2010 which raised hybrid threat concerns for the first time, the EU has specified its own comprehensive approach to hybrid threats spearheaded by the European External Action Service (EEAS). Multiple events in the 2010s attest to the prevalence of a new security environment – hybrid action has played a role in Chinese expansion in the South China Sea; the Russian annexation of Crimea; Brexit and Eurosceptic populism; and the global spread of disinformation and election meddling, just to give a few examples. Hybrid threats are not a concern for military brass alone. The response to them must involve all levels of the European institutions.

Fig. 1: The "Little Green Men" who occupied Ukraine have become the symbol of hybrid threats.

Relevant Policy Measures and Legal Framework

Although the prevention and response to hybrid threats may involve almost any government department depending on the specific nature of the threat, the policy process centres on defence and foreign affairs. Since these functions lie at the heart of sovereignty, the EU has agreed on special competences regarding the implementation of the Common Foreign and Security Policy (CFSP), of which the Common Security and Defence Policy (CSDP) is the most important element.

Articles 23-46 of the Treaty on European Union (TEU) outline that major strategic and operative decisions in foreign affairs and security are made unanimously by the European Council. However, this excludes decisions regarding the European Defence Agency and permanent structured cooperation, which are made by qualified majority vote. For example, the declaration of the Crimean annexation as illegal, and the subsequent decisions to implement economic sanctions on Russia, were made unanimously by EU heads of state or government because they defined the EU’s overall foreign policy position towards Russia. Day-to-day implementation of the CSDP, both its civilian and military dimensions, is largely carried out in committees of the Council of the EU and EEAS which report to the High Representative of the Union for Foreign Affairs and Security Policy (HR/VP), currently Josep Borrell Fontelles.

Policy in this field has evolved rapidly following the events in Crimea. In 2016, the Global Strategy for CSDP and the Joint Communication on Countering Hybrid Threats called for Member States to evaluate their threat environments and recommended deeper integration of national security and defence policies as enabled by the TEU. A review in 2019 suggests several concrete actions have been taken by the European Commission and EEAS, including but not limited to the Action Plan against Disinformation; protection of critical infrastructure en energy security of supply; transport and supply chain security; EU defence capabilities; cybersecurity; anti-radicalisation; public health and food security; en election defence. On top of all these EU-specific programmes, threat response is organised in collaboration with NATO. NATO works together with the EEAS and European Commission in specific defence projects. NATO and the EU are also sharing knowledge by participating in the European Centre of Excellence for Countering Hybrid Threats, which is an independent research organisation.

Fig. 2: The various domains of hybrid threats

NATO is certainly the most relevant international organisation when it comes to hybrid threats in Europe. Starting from the recognition that 22 Member States are also NATO members, the TEU guarantees that EU defence policy will not interfere with NATO. In fact, EU-NATO collaboration and European defence spending have been extremely high during the 2010s because of heightened military activity in Eastern Europe and the Black Sea regions. This activity includes several hybrid activities by Russia, such as the soldiers without identification who occupied Crimea, and the propaganda and disinformation spread by Russian state-owned media RT at politically opportune moments.

The United States en post-Brexit United Kingdom are also important international partners for the EU. They are both NATO members with powerful military and intelligence organisations, and the EU shares their liberal democratic values. It therefore makes sense for the three to work together, to learn from the hybrid attacks that the others have experienced, and to create stronger and more coherent responses.

Lastly, national approaches to hybrid threats are hard to describe exhaustively because they strongly depend on the geopolitical environment en institutional vulnerabilities of specific Member States. For example, Member States in the Baltic Sea region and particularly those sharing borders with Russia may emphasise concerns over territorial integrity, whereas countries more dependent on imported energy seek to guarantee security of supply. The preferred response to hybrid threats therefore encompasses both national-level preparedness and international cooperation.

Fig. 3: The comprehensive approach to countering hybrid threats

Topic Analysis

Individual
Amid the high-flying geopolitical discussion, it can be useful to step down for a moment and consider the perspective of the common European. How do hybrid threats affect our lives, and where are we likely to face them? First of all, since hybrid threats are hard to define or even point out, it is not always easy to say if one is taking place. Perhaps the most likely domain for exposure, especially during the coronavirus pandemic when our lives have shifted online, is cyberspace. Classic cybercrime by non-state or state actors, like phishing and identity theft, has the potential to affect every internet user. Moreover, fake social media accounts which spread disinformation are getting harder to distinguish from humans. Facebook and Twitter are already deleting billions of fake accounts en inflammatory posts every year, but critics say this is only scratching the surface. Real-world hybrid attacks, such as the failure of energy grids or ICT communications, would also have immediate and extremely concrete implications on individual livelihoods.

Fig. 4: Commission overview of tackling disinformation

National
At the national level, hybrid threats endanger sovereign rule by sowing doubt in democratic institutions or threatening territorial integrity. Despite best efforts of the EU to raise its diplomatic profile, these issues are still ultimately addressed by individual heads of state who have the best knowledge of their counterparts and willingness to play the long diplomatic game. This tends to create conflicts between Member States who sometimes have very different bilateral relationships with the same non-EU country, for example Russia. When some countries rely on Russia for energy, others for an exports market, and others still have ties through culture, finance or infrastructure, it is relatively easy for the Kremlin to play these positions against each other and create so-called Trojan horses, or countries with strongly pro-Russian attitudes, within the EU.

The fact that different Member States approach Russia so differently also highlights why the foreign and security policy of the EU is not truly federal, such as the US’s. When individual Member States are allowed to decide on their own foreign affairs, it may be hard for the EU to define and defend a foreign policy position that everyone agrees with.

Fig.5: HR/VP Josep Borrell Fontelles visiting Russian Foreign Minister, Sergey Lavrov

European
While the EU’s response to hybrid threats at the operational level has been rapid and forceful, the new security environment raises political questions that affect the entire European project. Strong actions from Russia and Turkey in the 2010s have led to the return of great power politics on the European continent, a situation for which the consensus-based EU governance system is arguably ill-equipped. Faced with rivals who are not afraid to throw out the rulebook to get what they want, the argument that Europe needs hard powersuch as a strong military force of its own – to back up its value-based, diplomatic soft power is gaining supporters. Donald Trump’s distaste for NATO and the departure of British military might with Brexit showed that the EU cannot be complacent when it comes to defence capacity.

In all, the EU has plenty of resources to tackle borderless online crime, disinformation, and vulnerabilities in energy and material supply. A new, bold step for countering hybrid threats might be to make redundant the popular divide-and-conquer strategy of pitting 27 Member States against each other. To fully deliver on Ursula von der Leyen’s vision of a Geopolitical Commission, EU foreign policy needs further integration. For Europe to assert itself on the world stage, it has to speak with one voice, speak softly, and carry a big stick.

Further Research and Questions

The variety of hybrid threats is almost endless, and I would be happy to see case studies from your own countries. However, please select cases with sources available in English en make sure you can justify the hybrid component. The Hybrid CoE is a very useful website for theory and basic research. Reliable online sources include but are not limited to Politico, Euractiv, The Economist, BBC, Foreign Affairs, Carnegie Europe, EUISS, IISS, RUSI, and other national and international news sites and research institutes.

Finally, a note on primary research – we always encourage you to think critically about your sources, but it is particularly important for a topic like this. You can be fairly certain that texts on political-military conflicts or disinformation that are published by accredited academics or research institutes are neutral and fact-based. However, the same cannot be said for all newspaper articles. When referencing news stories, try to make sure that they are covered by more than one website. Check the “About Us” page of every organisation that you are unfamiliar with and make a judgment if their information is trustworthy. Always ask yourself: who is writing this text and what is their reason for writing it?

You are encouraged to think about the following five questions when conducting your own research:

  • How would you define hybrid threats? What makes them different from 20th century warfare?
  • What hybrid threats have you or your country experienced? How have you responded to them?
  • How should NATO, the EU, and individual Member States allocate the responsibility for responding to hybrid threats? Which security and defence activities should each level perform?
  • How can EU citizens be better informed about hybrid threats?
  • Who can make hybrid threats? Are they made by nation-states, terrorist groups, organised criminals, or individuals?