[screen 1]
In 2014, “little green men” - soldiers without insignia - appeared in Crimea. Russia denied involvement while simultaneously waging information campaigns, cyber attacks, and economic pressure. Crimea was annexed without traditional warfare.
This is hybrid warfare: blending military and non-military, conventional and unconventional, overt and covert tactics to achieve strategic objectives while maintaining plausible deniability.
[screen 2]
Defining Hybrid Threats
Hybrid threats combine:
- Military force (conventional and unconventional)
- Information operations and propaganda
- Cyber attacks
- Economic coercion
- Political subversion
- Legal warfare (exploiting laws and regulations)
The combination makes attribution difficult and responses complicated, operating in a “gray zone” below traditional warfare thresholds.
[screen 3]
Why “Hybrid”?
Traditional warfare had clear boundaries: declared wars, uniformed soldiers, identifiable battlefields. Peace and war were distinct states.
Hybrid threats blur these boundaries. Is a cyber attack on infrastructure an act of war? Is funding opposition groups invasion? Is disinformation campaign aggression?
This ambiguity is strategic - it complicates victim response and divides international coalitions.
[screen 4]
Key Characteristics
Multi-domain: Operating across military, informational, economic, and political spheres simultaneously
Deniability: Using proxies, unmarked forces, or cyber attacks that can’t be definitively attributed
Ambiguity: Staying below thresholds that would trigger clear response (like NATO Article 5)
Adaptability: Quickly shifting tactics based on victim responses
Long-term: Campaigns lasting years rather than days or weeks
[screen 5]
Information as a Weapon Domain
In hybrid warfare, information operations serve multiple purposes:
- Preparation: Shaping opinions before military action
- Cover: Providing alternative narratives during operations
- Division: Splitting victim societies and international alliances
- Demoralization: Undermining will to resist
- Justification: Creating pretexts for escalation
Information warfare isn’t auxiliary - it’s central to hybrid strategy.
[screen 6]
Case Study: Russian Hybrid Operations
Estonia 2007: Cyber attacks on government and banking infrastructure, coinciding with political dispute over Soviet-era monument
Georgia 2008: Military invasion combined with cyber attacks, disinformation about Georgian “genocide,” and economic pressure
Ukraine 2014-present: Unmarked forces, separatist proxies, cyber sabotage, continuous disinformation, economic warfare
Each operation refined hybrid tactics based on previous lessons.
[screen 7]
Case Study: COVID-19 Information Operations
Multiple state actors used the pandemic for hybrid operations:
- China: Promoting conspiracy theories about US origins of virus
- Russia: Amplifying vaccine hesitancy in Western countries while promoting own vaccines
- Iran: Spreading disinformation about Western pandemic responses
These campaigns exploited crisis to advance strategic objectives while maintaining deniability.
[screen 8]
Case Study: Election Interference
Modern hybrid threats increasingly target democratic processes:
Russian operations 2016: Social media manipulation, hacking and leaking emails, targeted disinformation, exploitation of existing divisions
Chinese operations: Economic pressure on diaspora communities, infiltration of community organizations, control of Chinese-language media abroad
Iranian operations: Social media campaigns, hack-and-leak operations against adversaries
[screen 9]
The Gray Zone Challenge
Hybrid threats operate in gray zones where:
- Attribution is difficult but not impossible
- Actions are harmful but don’t clearly justify military response
- International law application is ambiguous
- Response options are limited or risky
- Victim societies are divided on how to respond
Adversaries exploit this space, achieving objectives while avoiding consequences.
[screen 10]
Why Hybrid Threats Succeed
Hybrid approaches exploit several asymmetries:
- Speed: Victims need time to attribute, build consensus, formulate response
- Ambiguity: Unclear whether responses should be diplomatic, economic, cyber, or military
- Divisions: Democratic societies debate response while authoritarian adversaries act decisively
- Risk tolerance: Democracies are more cautious about escalation
These factors give hybrid operators advantages despite weaker overall power.
[screen 11]
Implications for Defense
Defending against hybrid threats requires:
- Early detection and attribution capabilities
- Resilience across multiple domains (not just military)
- Rapid decision-making despite ambiguity
- Coordinated whole-of-government responses
- International coordination and information sharing
- Public resilience against information manipulation
Defense must be as integrated and adaptive as the threats.