The problem set: Hybrid Threats (HT[1]) are currently the most significant factors contributing to global instability.
Despite being the buzzword of choice, HT actually possesses serious features about its composition, manifestation, and effects. It can be considered as an aggregate of threats – and potentially developing risks – on a multidimensional/multidisciplinary level. The consequences of maligned activities/actions carried out within the framework of HT have the potential to negatively impact the lives of millions of people, precisely because of the characteristics of the menace.
A few definitions
In 2007, author Frank Hoffman defined HT[2] as “conventional, irregular and catastrophic terrorist challenges [that] will not be distinct styles; they will all be present in some form. The blurring of modes of war, the blurring of who fights, and what technologies belligerents will leverage, produces a wide range of variety and complexity that we call Hybrid Warfare”. Even if at the doctrinal dawn, the definition highlighted the essence of the threat by using a nounized verb, “the blurring”. HT represents the apex of the fog of war conceptualization of Clausewician memory. The adversary is willing to employ a mix of regular/irregular, symmetric/asymmetric, kinetic/non-kinetic means, in an unpredictable modality and temporal phasing. The goal is to shape the operational environment (OE) along desired lines of efforts aimed at a sustainable political end-state, to counter the opponent’s attempts by dominating the OE, and generating the effect of deflecting the target’s will. HT affects perceptions and behaviors and subsequently is capable of re-orienting the decision-making process.
Other definitions can be found in the NATO doctrinal body: here HT is identified as a “combination of military and non-military as well as covert and overt means, including disinformation, cyberattacks, economic pressure, deployment of irregular armed groups and use of regular forces. Hybrid methods are used to blur the lines between war and peace, and attempt to sow doubt in the minds of target populations. They aim to destabilize and undermine societies”. Nowadays, when attacks are executed, impacting variables refer to speed, scale and intensity, which are facilitated by the rapid technological pace and global interconnectivity.
Due to the severity of the menace, a European Hybrid Center of Excellence[3] was established and assigned the goal “to strengthen the security of its Participating States by providing expertise and training in countering hybrid threats and by enhancing EU-NATO cooperation in this field”. The Center fleshed out HT features as follows: “HT are harmful activities that are planned and carried out with malign intent. They aim to undermine a target, such as a state or an institution, through a variety of means, often combined. Such means include information manipulation, cyberattacks, economic influence or coercion, covert political maneuvering, coercive diplomacy, or threats of military force. Hybrid threats describe a wide array of harmful activities with different goals, ranging from influence operations and interference all the way to hybrid warfare”.
On the other side, Russia[4] and China[5] have their own interpretations of what constitutes a HT and how to confront it: both resent the stimulus of their own systems or way of life – made up of the political, legislative, informative, social and cultural components – when it comes to define, prepare, counter and exploit the HT emanating from the western world.
These considerations set the conditions for the two nations to operationally posture in light of future escalating engagements along the imperatives of Hybrid Warfare (HW). In the end, the same logic applies for all of the actors, be they state or non-state, a reasoning that revolves around the concept of a holistic multidimensional/multidisciplinary HT approach with the potential of a whole-of-society involvement (and ensuing impacts).
This author has already used the allegory “soupfare”[6] to describe the current OE whose ingredients are represented by mingled, empowered, hybrid menaces. As reported, “the “indigestibility of the instability soup” that is being served by state actors and proxies or surrogates is unprecedented, whereas quasi-state capabilities are being mixed with sub-state tactics whose integration can yield empowered effects. Moreover, opposing intelligence organizations like those in Iran, Russia, Pakistan and China – but also the Taliban – can adopt an opportunistic stance in orchestrating violent actions “by, with, through” willing proxies that act on their behalf in order to perform “plausible deniability” while mounting false flag operations”.
A few examples
Instances of HT applications can be found in the following incident list:
– the US National Institute on Drug Abuse (NIDA) reported that drug overdose deaths rose from 2019 to 2022 with 107,941 drug overdose deaths reported in 2022. Overdose deaths declined to 105,007 in 2023. Deaths involving synthetic opioids other than methadone (primarily illicitly manufactured fentanyl or IMF) decreased from 73,838 overdose deaths reported in 2022, to 72,776 in 2023. It is an historical fact that fentanyl precursors are being smuggled from China thru an illegal trafficking network;
– 11 million “encounters” (unauthorized immigrants) were estimated in 2022, with about 8 million coming from the southwest land border with Mexico. Unauthorized Chinese immigrants are part of the larger unauthorized Asian immigrant population in the US, which was estimated to range from 1.1 to 1.7 million. Similar considerations can be applied for MENA, Afghan, Iranian individuals pouring in the US, whose amount is difficult to estimate. Unauthorized immigrants are being weaponized as HT tools;
– the “Doppelganger” disinformation campaign active in European countries since shortly after the Russian invasion of Ukraine in 2022 aimed at undermining the support for Ukraine in Europe, to discredit Ukrainian leadership, and to spread false information about Ukrainian refugees;
– in 2023, the Baltic connector incident, a suspected sabotage of an undersea gas pipeline connecting Finland and Estonia in the Baltic Sea demonstrated how cable attacks could be integrated into broader HT strategies, combining infrastructure targeting with information operations and political pressure aimed at sowing distrust over the targeted society;
– in 2024, a fire broke out in a container carrying parcels about to be placed on a DHL cargo flight at Germany’s Leipzig Airport. One of the packages, containing an incendiary device, originated in Lithuania. It was the first in a series of parcel fires that summer that also included a site near Warsaw, Poland, and another near Birmingham, UK;
– in 2024, Belgian investigators raided the home and offices of a EU staffer to investigate his involvement in spreading Russian propaganda ahead of the European elections. Media identified the person as a former assistant to a German MEP from the far-right party AfD and later assistant to a Dutch MEP from the Eurosceptic and conservative party Forum for Democracy;
– in 2024, three people were arrested in in Madrid and two other Spanish cities, for their alleged participation in DDoS (denial of service) cyberattacks against public institutions and strategic sectors in Spain and other NATO countries. The attacks were organized by the hacktivist group “NoName057”, one of the most active criminal networks in the cyberspace, which was born after the Russian invasion of Ukraine;
– in 2025, a Ukrainian man was sentenced by a court in Poland to eight years in prison for planning acts of sabotage and arson on Russia’s behalf. According to the Polish Security Agency, after being recruited on Telegram he was offered 4,000 USD for setting fire to a paint factory in Wroclaw, a highly flammable objective situated close to an oil refinery housing 56 million liters of fuel.
The advised solution
Given the integrated application of HT instruments and considering the state/non-state sponsored actions with width/depth negative effects/impacts generated against the targeted whole-of-society, the resultant has the potential to trigger kinetic/non kinetic campaigns within the scope of the HW construct. It is then imperative to figure out how to properly cope with the operational requirement organizationally.
The HT, ontologically ambiguous and intended to be creating distrust inside the objective, manifests itself on a multidimensional/multidisciplinary plane, which engages the targeted-system holistically: physical, cognitive, military, non-military, cyber, psychological, informational, diplomatic, legislative, commercial, economic, financial, biological, narcotics, migration activities/actions carried out in an overt/covert, direct/indirect (thru proxies) fashion, are all areas/disciplines/modalities of potential HT applications, usually operated in a “combined-arms” method.
The integration of the two HT attributes – the whole-of-society effects and the holistic operational approach – cannot be detected/attributed/reacted upon[7] without a “unified combined effort”. The option at hand is the establishment of a single organizational unit[8] at the executive level in charge of developing knowledge and understanding over the HT and elaborating proposals to the national government aimed at dealing with its manifestations and subsequently the protection of national interests. The unit should be performing the functions of the executive point of entry for the matter. Essential tasks refer to the collection, analysis, processing phases of HT-related intelligence to be disseminated to concerned stakeholders. The goal of the organizational unit is to get the national government ready in the event that HT reveals itself and to set the conditions for preparing the State if need to escalate towards HW engagements be. In light of the unified approach, the organizational unit is to be tasked with representing the sole focal point in connection not only with other governmental departments, but also with the academia, the private sector, community services, societal stakeholders, and other concerned actors.
In the case of Italy, as highlighted already, there is a governmental organizational gap represented by the absence of a National Security Council[9] type of bureaucratic architecture, with the mandate to:
– develop lines of efforts (LoE) that need to be implemented thru the instruments of state powers;
– subsequently, advise the Prime Minister and the Cabinet.
The LoE are hinged on developing a strategic analysis and evaluation (which means setting the goals and identified ways and means) of the enemy’s centers of gravity (critical requirements, capabilities and vulnerabilities). Along this very line of reasoning and figuring out an organization tasked with developing knowledge and understanding over the composite HT factors endangering vital national interests and the democratic way of living of the Italian citizens, a supporting articulation within the NSC should be considered.
This organizational unit should be assigned with the following essential tasks:
– monitoring early warnings and indications of HT activities/actions;
– developing the HT picture with the goal of building knowledge and understanding of the phenomenon to submit to the appreciations of the political/strategic decision makers;
– supporting the political/strategic level with feasible and sustainable containing/countering options and measures aimed at detecting/developing/disrupting/documenting HT manifestations;
– advising over future HT trends and lines of development.
The time for a renewal of the Italian security-related architecture with the establishment of an NSC-type structure and ancillary HT-focused organizational unit is ripe. Any further delays in adopting the advised bureaucratic configuration might be hindering the polical/strategic level awareness over the phenomenon and its resolution in getting the Italian system protected from the vicious but present danger represented by the HT.
[1] Even though defining nuances can be found between one another, several catchwords have been developed over time to conceptualize and contextualize the current operational environment. They are tangent/servant to, overlapping with or included in the essence of the HT construct: Unrestricted Warfare (China), Irregular Warfare (US), Liminal Warfare (Australia), 5th Generation Warfare (US), Gray Zone (US), Three Warfares (China), Non-linear Warfare (Russia), others.
[2] F. G. Hoffman, “Conflict in the 21st Century: The Rise of Hybrid Wars”, Potomac Institute for Security Studies, Arlington VA, December 2007.
[3] Founded in April 2017 under Finnish law, with a MoU between 8 European states and the United States and in alignment with EU and NATO decisions (https://www.hybridcoe.fi/).
[4] M. Clark, “Russian Hybrid Warfare” Institute for the Study of War, December 2020.
[5] N. Peterson, “The Chinese Communist Party’s Theory of Hybrid Warfare”, Institute for the Study of War, November 21, 2023.
[6] E. Palmieri, “SPOTREP: the FBI arrest of an Afghan ISIS operative in Oklahoma City. The need for a paradigm shift in security”, ITSTIME, October 20, 2024.
[7] For more about the triad relating to the concept of liminal warfare, see D. Kilkullen, “Liminal Manoeuvre and Conceptual Envelopment: Russian and Chinese Non-Conventional Responses to Western Military Dominance since 1991”.
[8] The internal task-organization is to be further elaborated. Advised structures could be shaped off either the phases of the HT knowledge development function (direction, collection, analysis, processing, dissemination), the HT disciplines (cyber, military, economic, information, legal, others), or the HT geographical origins (Russia, China, MENA, North Korea, others)
[9] This author, in the SPOTREP reported under footnote n.6, advised the proposal of establishing a NSC type architecture.