Conflict in the Grey Zone – Nothing New Under the Sun (Tzu)

The information revolution and the rise of social media make open societies particularly vulnerable to disinformation campaigns. This “explainer” looks at this all-pervasive aspect of conflict in the “grey zone”.

 “The supreme art of war is to subdue the enemy without fighting” – Sun Tzu, c. 544 BC to 496 BC

At the end of November 2020, it was widely reported that a British army information warfare unit was helping to counter online “antivax” propaganda.

This might seem like an odd task for the British army, but it is, in fact, part of an invisible conflict taking place in the so-called “grey zone” where unfriendly nations try to weaken and undermine their perceived adversaries’ societies and institutions.

The methods used include political interference, disinformation and propaganda, cyberattacks, hacking, espionage, bribery, and economic incentives or disincentives.  Each of these “tools” is tailored to suit the victim’s national circumstances, and they can be used in conjunction with – or as preparation for – covert or overt military actions.

For the most part, they are carefully calibrated to keep below the threshold that might trigger an armed response, and they are usually conducted in  way that provides an element of deniability.

Grey zone or Hybrid?

The terms “grey zone” and “hybrid” are frequently used interchangeably to describe aggression by any or all means short of military combat, and there are learned arguments about the distinctions between the two.  One, which is as good as any, is that “grey zone” operations take place primarily in the political domain, while “hybrid operations” suggest the involvement of a more traditional – overt or covert – military aspect.

The idea of conflict in the grey zone is far from new, and many tried and tested techniques from yesteryear are still in the playbook, but these are now joined by powerful new techniques which exploit the tools of the information revolution, and the diversity and openness of western societies.

Hardly a day goes by without reports of Russian or Chinese efforts to interfere in elections, steal commercial or government secrets, spread disinformation, or amplify and exaggerate disagreements on social media.

Businesses and governments now take it for granted that their information systems will be targeted by hackers, intent upon stealing intellectual property and secrets, and social media are systematically used and abused by foreign “troll factories”.

The spreading of disinformation is one of the favoured grey zone techniques being employed to inflame tensions within open societies, and to undermine confidence in their governments, political systems, institutions, and beliefs.

The most obvious means of disseminating disinformation is through traditional public media outlets: television, radio, print or internet-based written media.  Both Russia and China fund media channels aimed at mainly western audiences and which consistently underline, exaggerate and invent stories about political and societal disfunction in the West.  Coverage is relentlessly focused on western governments’ failures, tensions arising from immigration and religious differences, political corruption, rampant crime, etc.  Western institutions are invariably portrayed negatively. For instance, NATO is presented as being aggressive and dangerous at one moment, and then weak and incompetent the next. 

Such outlets also try to “crowd out” uncomfortable stories with alternatives, often supported by obscure, fringe, or self-proclaimed western “experts”.  For instance, RT and Sputnik – both controlled and well funded by the Russian government – produced many stories intended to confuse the circumstances surrounding the poisoning of Sergei Skripal and his daughter by Russian operatives in 2018.  In fact, an analysis by King’s College’s Centre for the Study of Media, Communication and Power identified 138 separate narratives about the case in coverage by RT and Sputnik in the four weeks following the incident.  These included: the event was a hoax; that it was a pretext intended to interfere with the forthcoming Russia Presidential election or Russia’s hosting of the World Cup; that the United Kingdom’s government had no evidence to support its accusations of Russian involvement; that the poisoning stemmed from drug use by the Skripals; that the perpetrators could have been criminals who Mr Skripal had crossed; and that Yulia Skripal was being detained against her will.

Misinformation and Disinformation

Misinformation and disinformation are similar in that both refer to false information. Misinformation is incorrect information that can arise all too easily from mistakes, misinterpretation, misunderstanding and even misrepresentation.  It’s an unfortunate fact of life and the human condition.

Disinformation, however, is false information which is created deliberately with the intention to mislead or cause harm.

These kinds of “alternative facts” enable a legitimate story to be dismissed by government spokesmen as just one possibility among many others, and they present a dilemma to responsible journalists whose instincts are to present both sides of a story.

Social media provides another highly effective vehicle for disinformation campaigns.

Even without malign interference, social media has a polarizing effect.  The influence of mainstream media has waned as people turn increasingly to social media where they can select from the vast array of content providers available.  Users join like-minded groups which act as an echo-chamber for opinions.  At the same time, the algorithms intended to keep users engaged – and therefore raising revenue from advertising – keep offering additional content calculated to appeal to the users.  And underlying all this is the natural “confirmation bias”, the tendency to believe items which confirm rather than challenge one’s own views

This has the effect of strengthening views and nudging people into areas where they are less likely to encounter different perspectives.  Consequently, in an environment largely separated from the social checks and balances which help to civilize face-to-face interactions, opinions become more extreme.

All this is fertile ground for fuelling divisions and polarizing opinions.

“Our authoritarian rivals see the strategic context as a continuous struggle in which non-military and military instruments are used unconstrained by any distinction between peace and war. These regimes believe that they are already engaged in an intense form of conflict that is predominantly political rather than kinetic. Their strategy of ‘political warfare’ is designed to undermine cohesion, to erode economic, political and social resilience, and to compete for strategic advantage in key regions of the world.

“Their goal is to win without going to war: to achieve their objectives by breaking our willpower, using attacks below the threshold that would prompt a war-fighting response. These attacks on our way of life from authoritarian rivals and extremist ideologies are remarkably difficult to defeat without undermining the very freedoms we want to protect. We are exposed through our openness.”

Chief of the Defence Staff, General Sir Nick Carter in a speech launching the Integrated Operating Concept, September 2020

As a result, foreign agencies infiltrate social media on a huge scale using human operatives, and “bots” which can mimic human users to spread and amplify messages.

There are endless examples of this phenomenon.

One is the “Lisa case” in Germany in 2016.  According to a story that was widely circulated in Russia and in Germany, Lisa, a thirteen-year-old Russian-German girl, was raped by migrants.  This story – naturally – provoked outrage, and it also succeeded in stoking up sensitivities about Germany’s decision to take in of thousands of refugees from the conflict in Syria.  The story provoked demonstrations by the Russian-German community and by far-right groups, and it raised diplomatic tensions between Russia and Germany.  But the story was false: Lisa had been staying with a friend.

In the Baltic States, there is a constant barrage of disinformation about NATO forces, such as fake stories about offences committed against the local population, and even reports that NATO is planning to deploy nuclear weapons there.

One social media disinformation campaign has been particularly well documented: the extraordinary effort to interfere in the 2016 Presidential election campaign in the United States.

Russia operated thousands of fake Facebook, Twitter, Instagram, YouTube, and Tumblr accounts and used these to amplify divisions and encourage their followers to move to more extreme positions.

In addition, Russian intelligence agencies stole hundreds of thousands of emails and documents related to the Democratic campaign, and leaked these in an effort to undermine the campaign.

And the United States is by no means the only target of these actions.

In 2015, during the run-up to France’s Presidential election, thousands of emails from Emmanuel Macron’s campaign were stolen and then placed on a file-sharing site, and a cyberattack on the German parliament shut down part of its network and obtained data and emails from several members of parliament, including the Chancellor, Angela Merkel.

Of course, foreign powers do not infiltrate computer systems just to find information that might be used to discredit an organization or individual: espionage is an ancient profession, and cyberespionage is another key feature of grey-zone operations.

Two examples serve to illustrate the phenomenon.

In 2018, Dutch officials thwarted an attempt to launch a cyberattack against the Organization for the Prohibition of Chemical Weapons (OPCW) in the Hague.  At the time, the OPCW was investigating the Skripals’ poisoning by a chemical weapons agent.

In late 2020, a remarkably extensive cyberespionage case came to light when it was discovered that the IT networks of potentially thousands of government departments and commercial bodies had been compromised, mainly in the United States.  Hackers had inserted malicious code into an update of widely used network management software.  The code remained inert for a while and then reported its location to its controllers, who could then choose to exploit it.  It appears that the code was activated only where it had found its way into “high-value” facilities.  These included sites within the Departments of State, Homeland Security, Energy, Justice, Defense, and Commerce and the National Nuclear Security Administration.  Several sites in the United Kingdom were also reportedly affected, including the National Health Service, and the Home Office.

In this case, the main motive for the attack is likely to have been espionage, with the discovery of anything useful for disinformation purposes being a bonus.

Cyber operations can also cause degradation, disruption or destruction in the physical domain, and some experts reserve the term “cyberattack” specifically for such cases.  These can be used as part of a more traditional military conflict, or to intimidate an adversary, or undermine public confidence in them.

One notable example occurred in 2007 when, following a diplomatic argument with Russia about a Soviet war memorial, Estonia suffered a cyberattack which had national repercussions, disrupting government, financial and media systems for days.

Also in 2017, a cyberattack targeted against Ukraine inflicted widespread disruption on some government departments and business.  The malware spread beyond Ukraine, causing huge losses of data in affected companies all over the globe.  One victim was the Danish shipping company, Maersk which estimated the costs of the related losses to be between $250 million and $300 million.

Global losses due to this one attack – which irretrievably erased data on affected computer systems – have been estimated at $10 billion.

Election Interference: extracts from the Mueller report on the Investigation into Russian Interference in the 2016 Presidential Election.

 Russia’s Internet Research Agency, the IRA, “conducted social media operations targeted at large U.S. audiences with the goal of sowing discord in the U.S. political system….

 …Using fictitious U.S. personas, IRA employees operated social media accounts and group pages designed to attract U.S. audiences. These groups and accounts, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists. Over time, these social media accounts became a means to reach large U.S. audiences…

 …By the end of the 2016 U.S. election, the IRA had the ability to reach millions of U.S persons through their social media accounts. Multiple IRA-controlled Facebook groups and Instagram accounts had hundreds of thousands of U.S. participants. IRA-controlled Twitter accounts separately had tens of thousands of followers, including multiple U.S. political figures who retweeted IRA-created content…

 …the IRA began to create larger social media groups or public social media pages that claimed (falsely) to be affiliated with U.S. political and grassroots organizations… More commonly, the IRA created accounts in the names of fictitious U.S. organizations and grassroots groups and used these accounts to pose as antiimmigration groups, Tea Party activists, Black Lives Matter protestors, and other U.S. social and political activists.

 …IRA Facebook groups… covered a range of political issues and included purported conservative groups (with names such as “Being Patriotic,” “Stop All Immigrants,” “Secured Borders,” and “Tea Party News”), purported Black social justice groups (“Black Matters,” “Blacktivist, ” and “Don’t Shoot Us”), LGBTQ groups (“LGBT United”), and religious groups (“United Muslims of America”).

 …Collectively, the IRA’s social media accounts reached tens of millions of U.S. persons. Individual IRA social media accounts attracted hundreds of thousands of followers. For example, at the time they were deactivated by Facebook in mid-2017, the IRA’s “United Muslims of America” Facebook group had over 300,000 followers, the “Don’t Shoot Us” Facebook group had over 250,000 followers, the “Being Patriotic” Facebook group had over 200,000 followers, and the “Secured Borders” Facebook group had over 130,000 followers. According to Facebook, in total the IRA-controlled accounts made over 80,000 posts before their deactivation in August 2017, and these posts reached at least 29 million U.S persons and “may have reached an estimated 126 million people.”

…units of the Russian Federation’ s Main Intelligence Directorate of the General Staff (GRU) hacked the computers and email accounts of organizations, employees, and volunteers supporting the Clinton Campaign…In total, the GRU stole hundreds of thousands of documents…

 The release of the documents was designed and timed to interfere with the 2016 U.S. presidential election and undermine the Clinton Campaign.

Mention must also be made of a cyberattack against Iran in 2010 when a computer virus reportedly caused almost 1,000 uranium enrichment centrifuges at the Natanz nuclear facility to spin themselves to self-destruction.  The fingers of suspicion pointed towards Israel and the United States, but neither has claimed responsibility.

In fact, the prevalence of disinformation campaigns and cyberattacks is growing throughout the Middle East as economies become increasingly digitalized.

Confronting the Grey Zone Hydra

While this “explainer” centres on the information and disinformation aspects of the grey zone, there are many others that policy makers cannot afford to ignore.  In fact, there is effectively no limit to an aggressor’s choice of targets and methods, nor to the ingenuity with which they might be exploited. There are already many examples of cyberattacks against critical infrastructure such as power supplies, communications, air-traffic control, traffic management, health services etc,.

Cyber warfare techniques are also used – alongside many more traditional methods – in large-scale efforts to steal intellectual property – trade secrets and technology – which can cause huge economic losses for the victims.

Other grey zone “tools in the box” include old-fashioned influence-peddling and corruption, economic coercion, and diplomatic pressure.

The problems of cyberattacks, disinformation, and “real life” political interference in the United Kingdom were highlighted in the report on Russia published by the UK Parliament’s Intelligence and Security Committee in July 2020.  This stated, “It is clear that Russia currently poses a significant threat to the UK on a number of fronts – from espionage to interference in democratic processes, and to serious crime.”

Responding to this and other grey zone threats requires a “whole of government” approach, which in the case of the United Kingdom is the responsibility of National Security Council (NSC) which is chaired by the Prime Minister and includes key government ministers.

Reporting to the NSC through the various government departments are many specific bodies which focus on specific aspects of threats.

For instance, in the cyber domain, the United Kingdom’s National Cyber Security Centre (NSCS) has clear responsibilities and expertise to bring to bear. According to press reports, one area of current activity is in assisting research facilities and pharmaceutical companies defend themselves from hacking efforts by Russia, China, North Korea and Iran.   As it says on its website, “Helping to reduce the harm from cyber security incidents in the UK”.

To assess broader hybrid threats and inform the response, the United Kingdom has created the “Joint State Threats Assessment Team” (JSTAT) under the responsibility of the Home Office.  This assesses “the national security threat posed by activities such as espionage, assassination, interference in our democracy, threats to the UK’s economic security and the UK’s people and assets overseas.”

Both NATO and the European Union have developed plans for countering hybrid threats, and for working with each other in this area.  Both bodies emphasize that nations themselves are primarily responsible for addressing hybrid threats, and that improving national resilience is essential.

Considerable attention is being paid by both organizations – separately and together – to dealing with disinformation and countering cyber threats.  The EU, for instance, has a specific project to assess Russian disinformation efforts about the EU in Eastern Partnership Countries, and to explain and expose such efforts.  It has also launched a European Democracy Action plan which includes a programme to address misinformation, disinformation, and foreign interference aimed at destabilising democratic institutions and undermining the trust of citizens.

The 2014 "Wake-Up" Call

The United Kingdom and other western, liberal democracies were slow to recognize the scale and intensity of the threat.  After all, they generally live alongside like-minded, cooperative neighbours who, whatever their differences, have a shared belief in democracy, liberty, and the rule of law.  They also prefer to see international relations as being cooperative, with good relations benefiting all parties.

 In February 2014, Russia wrong-footed the international community by occupying Crimea in an operation which skilfully combined both guile and force.

 Russia’s leaders claimed to have no knowledge of the “little green men” popping up to “protect” strategic locations in Crimea, asserting that they must be local “self-defence groups” who had probably bought their own uniforms and military hardware.

 The deception – subsequently openly admitted as such – made decision makers and the press hesitate, giving the Russian forces time to take up effectively unassailable positions before the clouds of confusion dispersed.

 Although there was nothing fundamentally new about the use of deception and misdirection, this operation brought the world’s attention to the potential effectiveness of hybrid operations, and nations bordering upon Russia became particularly concerned that similar tactics might be employed against them.

NATO’s Joint Intelligence and Security Division has a hybrid analysis branch, and NATO’s Public Diplomacy Division ensures that accurate factual information about NATO is widely available in order to counter disinformation.

NATO has also set up counter-hybrid support teams which stand ready to respond to any member’s request for assistance. Both NATO and EU support the European Hybrid Centre of Excellence for Countering Hybrid Threats which aims to help nations build a whole-of-government and whole-of-society approach to countering hybrid threats.

So why has the British army been called upon to help address issues related to Covid-19?

At present, Covid-19 is at the heart of a grey-zone battle.  Both China and Russia appear to be active in promoting the whole panoply of fake stories and myths about the coronavirus and the vaccines being deployed to end the pandemic.

The EU has a programme to counter coronavirus misinformation and disinformation, including that disseminated through foreign disinformation campaigns.  Josep Borrell, the EU’s High Representative – its foreign policy chief – has noted that “Some foreign actors, be they state or non-state, even engage in disinformation campaigns, deliberately spreading false or misleading information….Foreign interference and disinformation harm our fight against the pandemic and our security and democracy.  Addressing disinformation is an urgent necessity.”

Which is why in the last few months there have been headlines about the British army – and the Government Communication Headquarters (GCHQ) – getting involved in efforts to address disinformation programmes intended to discredit coronavirus vaccines.

Their role is to help identify disinformation originating overseas and which is fuelling “anti-vaxx” sentiments in the United Kingdom.

In fact, this ties in well with the United Kingdom’s Integrated Operating Concept, unveiled by General Sir Nick Carter, Chief of the Defence Staff at the end of October 2020.

This forward-looking document provides an accessible summary of the evolving security landscape and how the armed forces must be adapted in order to play their part in addressing the full spectrum of today’s security threats.  It stresses the importance of working with allies and the need to ensure that the armed forces will be suitably equipped for 21st century combat, as well as being prepared to operate continuously to deal with competition below the threshold of war.

General Carter has cleverly noted that this form of warfare “perhaps turns the Clausewitzian dictum that war is an extension of politics upside down – political warfare is war by other means.”

Or as Sun Tzu, a 5th century Chinese general and strategist, put it: “The greatest victory is that which requires no battle.”


ATA UK 19 January 2021