INCIDENT
A few days ago, French security services issued a warning in which they singled out the need to enhance the awareness towards espionage activities on the part of Russian spy agencies targeting the national defense industrial complex. The memo emphasized attempts, carried out through various means, of human approaches to individuals belonging to concerned national companies involved in the defense sector with the aim of soliciting or even coercing employees to provide information relating to their own corporate production.
Moscow’s goal is to identify how European and NATO defense capacity is increasing, what kind of new weapons and equipment are being developed, and what influence might be executed in order to undermine or even compromise the production. A suite of traditional human-related espionage activities are being carried out along with new technical methods of cyber-espionage.
COMMENT
The raised issue cannot be seen as a surprise, especially after the Russian invasion of Ukraine dated back in the early months of 2022. Even if the notice refers to one of the traditional instruments of the influencing arsenal at Kremlin’s disposal, it is peculiar that the French authorities felt the need to “go public” with the alert. The announcement might be related to the recent posture highlighted by the French President during the visit of the Ukrainian President to Paris dated September 4th. The statement released for the public as a consequence of the meeting bears the position of President Macron whereas he stresses that “… this Coalition of the Willing, which was established right here in Paris on 17 February this year … which is a coalition of peace, has actually put on the table, and clarified through a military and political commitment, the 35 members’ contribution to provide Ukraine with those very guarantees of peace and security. Their aim is firstly to ensure that, in the negotiation, there’s no limitation on format or on capabilities for the Ukrainian army … So we put ourselves in a position to provide the means to regenerate the Ukrainian army so that it can not only resist any fresh attack but also deter Russia from any further aggression. It’s the first pillar of the security guarantees, the most important one, the most essential one, and so we’ve brought together every country’s contribution. The second element of these peace and security guarantees is what’s called reassurance forces. Today we actually have 26 countries which have formally pledged, several others yet to strengthen their position but 26 countries which have pledged to deploy troops in Ukraine as reassurance forces or to be present on the ground, at sea or in the air, to provide this reassurance to Ukrainian territory and to Ukraine the day after the ceasefire or peace. The desire or goal of this force isn’t to wage some sort of war against Russia, but it’s a force that must guarantee peace and very clearly send a strategic signal. It will be deployed in the framework of a ceasefire, not on the front line but in geographical areas currently being defined, but it aims to prevent any further major aggression and involve the 26 States very clearly in Ukraine’s long-term security … the next few days will therefore allow us to finalize this work firstly on sanctions, and secondly on American support, but it must also lead us to increase pressure on Russia so that it comes to the table finally to conduct these peace discussions. ”. As it can be appreciated, France has been placing itself in the forefront of the Coalition of Willing, whose negotiation deals are meant to be assuring a lasting peace by, at the same time, safeguarding the integrity and security of Ukraine.
The alert highlighting the potentials for such hostile actions is to be placed within the broad concept of Hybrid Threats (HT). As well-known, these activities, short of open conflict, are sustained campaigns aimed at shaping and influencing the opposing camp in order to advance asymmetrically the agenda of the State actor, who usually is prone to employ sub/non-state proxies to conceal its hand in so doing granting deniability of actions and effects. And espionage is one of the instruments of the HT repertoire at Russia’s disposal: this is even more relevant when it comes to executing undertakings against the opposing military industrial complex which can be considered a softer targets if compared to the receiving end of the production, i.e. the Western military apparatus. The latter is inherently postured to countering these types of HT manifestations, whereas the readiness of the former is less responsive in capturing indicators of such menaces lacking pertinent capabilities in that regards. “Active measures”, in the Russian’s jargon, are the “tools of choice” that are being used to generate effects within HT campaigns. Espionage, the gathering of information with the goal of knowing and understating the adversaries to more effectively action against them, is the preferred device. With this respect, agent recruitment – which is the process of designating a human resource thru various means/motives – is the modality to carry out such activities. Within the scenario at hand, the category to apply is the insider threat: from the Russian perspective, a member of the opposing industrial complex, who is spotted in light of his/her competences, knowledge and position within the organization, gets coopted in order to research, collect and deliver pertinent information. A derivative activity, which is more subtle and purposefully actioned, is also the use of the controlled human resources to orchestrate a disinformation campaign with the aim of influencing the production chain of the targeted defense company.
SIGNIFICANCE
The incident, which follows a growing wave of reported Russian hybrid operations mainly targeting EU member states and consisting of suspected sabotage, cyberattacks, and disinformation campaigns linked to Moscow, bears a few implications that need to be underlined. The pervasive, long-lasting, detrimental effects of hybrid informational/influencing/sabotaging activities carried out by hostile intelligence services against the military industrial sector of countries belonging to NATO or the EU pose a serious concern especially in the current times:
– influence operations: the alarm raised by the French security services can be seen as part of a broader campaign being executed by Russia. The concept of influence operations, with the disinformation tool as a “weapon of choice”, might have a number of operational implications. Amongst those, setting the conditions to derail the production of the targeted industrial complex or building a hetero-directed line of effort by feeding up domestic opposition groups involved in violent sabotaging actions against the national defense industrial sector with the resultant of creating civil unrest;
– softer targets: further areas of interest where opposing security services could be executing hostile actions are those against the logistics supply system of the targeted nation. As already highlighted in a number of publicly available information, the notorious Russian GRU unit 26165 has been cyber-campaigning against Western logistics providers and technology companies digitally striking against dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes – air, sea, and rail – mainly located in Europe. Another field of interest of the unit seems to be gaining the access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors target Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices and gain access to the cameras’ feeds;
– China: the warning refers to malign activities being carried out by Russia, but there is another superpower even more capable of acting in that respect. It is China, a nation capable of mounting prolonged campaigns in order to advance the political agenda set by the Communist Party. Following the “holistic approach”, which implies the involvement of the whole society in executing the activities as a United Front, the Chinese expats community might be weaponized in order to follow the “unrestricted warfare” strategy propagated by the CCP thinkers. In a more professional perspective, Chinese military and intelligence services are keen to take on Western military R&D secrets gathered through cyber activities and espionage actions aimed at executing intellectual property theft. As a result, advanced military capabilities, based on the stolen designs, are developed and then assigned to the People’s Liberation Army with the goal of transforming the Chinese military complex into the world’s most technologically advanced military by 2049, as stated by the President in light of the 100th anniversary of Mao Zedong’s establishment of communism;
– Italy: in the country, there are a number of potential targets due to the high quality of the military industrial sector. Companies, both national and foreign, involved in the defense industry have generated over the course of the years a connected ecosystem of diverse and territorially distributed specialized spin-off subsidiaries that contribute to the advancement of the Italian military-related research, development and production. But there are other segments belonging to the critical infrastructure complex that may be representing objectives to malign actors working to erode the national interest. The energy compartment, oil and gas, and other companies involved in the production of technologies/commodities are potentially subject to act of influence, interference, even sabotage (both physical and/or technological), all of these manifestation of the already highlighted “active measures” repertoire. In this respect, the already advised establishment of a National Security Council (NSC), with a broad portfolio of engagements, and a dependent Hybrid Threat Department (HTD) in charge of taking on the specific phenomenon and coordinate the ensuing actions, is more urgent than ever today in order to identify, counter and neutralize in a holistic fashion the unrestricted, asymmetric threat;
– partnership: due to the significance of impacts at stake and in light of the advised approach, it is desirable to strengthen, under the construct of the NSC, the partnership between security Institutions and the strategically-relevant private sector. The aim is to educate the latter about the threat and its manifestations, enhance the situational awareness and develop understanding with the goal of opposing as a “united front” the attempts of the adversaries;
– join vulnerability assessment: ancillary to the partnership is the execution of JVAs aimed at identifying weaknesses thru a structured process. By employing the CARVER matrix[1], the national private military sector in collaboration with the security Institutions and under the coordination of the HTD will be able to flesh out protective measures to safeguard the identified vulnerabilities and counter/neutralized foreign hostile actions.
[1] This author has already articulated the concept in the 19/09/2024 and 08/01/2025 SPOTREPs.