Hybrid warfare: what it is and why we need to do more to combat the threat

My piece on Hybrid Warfare and Cyber Warfare, looking at why states launch attacks on our Critical National Infrastructure, published by Reaction.

Seventy-five years ago this week, the Royal Air Force’s No. 617 Squadron launched ‘Operation Chastise’ – a daring and ingenious assault on dams in the Ruhr and Eder valleys. The Dambusters scored critical hits against key Axis infrastructure, but also delivered a propaganda coup at home and abroad. Fast-forward to today: assaults on Critical National Infrastructure (CNI), by all manner of players and states – are more widespread than ever. Until recently, Governments largely kept these stories under wraps, but the reverberations of recent attacks make them too loud to ignore.

Attacks on CNI will likely become ever more common as states, and malign actors, increasingly deploy hybrid warfare tactics rather than traditional kinetic action to achieve their aims. Whilst Russia is a leading perpetrator of these attacks, it is by no means alone: China, North Korea and a number of other nations are assessed to have launched assaults targeting CNI, often subcontracting to malign groups in order to secure a degree of deniability. The question of where the agency of individuals ends, and the inciting of actions by state or non-state actors begins, occupies more and more of our security services’ time, and further stacks the deck in the favour of those forces prepared to play dirty.

Not all assaults on infrastructure are the same: whereas some may aim to cripple a particular facility, others have more nuanced objectives. However, state-sponsored attacks largely fall into five categories:

Critical Reconnaissance

The first and often most common goal is to discreetly understand and test the capabilities and vulnerabilities of British CNI. Russia currently does not distinguish between being at war or at peace, being in a constant state of readiness and preparation for any potential threat or offensive action. As a very public example, Russia too regularly flies its Bear fighter jets along our North Sea coast, skirting our airspace in order to assess the effectiveness of our monitoring and our responses: do we spot them? Do we deploy our Typhoons in response? Where from? And how quickly? It is interesting to contrast this behaviour to that experienced by another state closer to Russia: Finland, where Russia provocatively enters their airspace to send quite a different message.

Power Warnings

The second goal is as a warning: to leave the country whose CNI they are probing or attacking in no doubt that they are willing and able to do more. That they are more than capable of infecting, disabling or destroying CNI. This can be particularly effective when the aggressor perceives a nation state to be too slow in choosing to support a military, diplomatic, or economic policy the aggressor is pursuing. Whilst distinctly different, one can draw parallels to the poisoning of Alexander Litvinenko and Sergei and Yulia Skripal, where the weapon chosen was one that left a clear calling card. It acted as a warning to others: do not defect, do not dissent – no matter how far you run, we can get you. Litvinenko’s death was a brazen warning: even in a foreign, friendly land – state sponsored murder is in our playbook.

Upper Hand

The third goal enables the aggressor state to better achieve dominance and success in achieving its strategic aims. This sees states attack CNI in order to steal intelligence or intellectual property to gain the upper hand in trade, defence or other negotiations and capabilities. This can include sitting inside CNI communications structures, pulling off streams of data and emails, in order to gain information that can be used against employees, bureaucrats and politicians.

Publicly Undermined

The fourth goal is to undermine the public’s confidence in the Government being attacked. Disabling or disrupting CNI operations can be extremely public, for example outing power systems, forcing a Government to incur the cost of emergency responses and the distraction from regular governance. Depending on the target and scale of the attack, it can weaken a Government’s position on the world stage, and without question undermine the confidence of its people in the Government’s ability to keep them safe. For this reason an attacker may seek to make the successful attack public, should a Government decide not to. The ensuing distraction and crisis of confidence could also provide an ideal opportunity to launch further assaults to achieve another goal.


The final goal is an attack against a nation in order to cripple its Critical National Infrastructure. This enables the aggressor or malign entity to achieve a specific outcome, or as part of all-out warfare against the state. There is no question that attacking Britain’s underwater communication cables, energy or water supplies, or economic infrastructure could be a highly effective tactic as part of all-out warfare


Domestically, UK Government efforts to build resilience within CNI are substantial. But no system or effort is ever completely immune to malign interference. The main vulnerabilities remain you and me: employees, trusted individuals – particularly at companies that are internet-facing. A great deal of assaults committed target our Government, nuclear, water, energy, aviation and defence infrastructure. They are achieved by sending spear-phishing emails to employees or altering websites for waterhole attacks.