Russia could launch a conventional military invasion of Ukraine at any moment, but it could also destabilize and undermine it without ever firing a shot. Russian military exercises and positioning are powerful tools of unpredictability that keep NATO and Ukraine off balance while Russian operatives and their proxies wage a hybrid war through covert operations, coordinated disinformation campaigns, and cyber attacks. To build resilience against hybrid warfare, NATO should collaborate with the private sector and devote more resources to technology literacy and innovation.

Russia’s Hybrid Warfare Strategy

Russia’s strategy is centered on promoting a narrative of grievances. Russia believes the United States is using Ukraine and promoting NATO expansion to contain Russian national security interests and encroach on its traditional spheres of influence. It also contends that Ukraine should return to the Minsk Agreements and end its attempt to win back Donbas. These are false narratives because sovereign and independent states have the freedom to determine their own path and seek membership in any alliance. And it would be madness for the Ukrainian government to retake Donbas given the Russian military presence there. The Russian rhetoric is a trojan horse created by the Kremlin to renegotiate the end of the Cold War and redraw European borders the same way Russia did when it illegally annexed Crimea in 2014.

The effectiveness of the Russian narrative depends on combining conventional military positioning with hybrid tactics or “active measures.” Hybrid actions taken in the so-called “gray-zone” typically consist of measures short of conventional warfare such as limited strikes, special operations forces, raids, cyber attacks, and covert influence operations. Hybrid warfare is a central element of Russia’s military strategy, in which operatives remain just below the radar and work with proxies to stage false flags to justify an invasion. To crush the Prague Spring in 1968, Soviet operatives in Czechoslovakia planted weapons in packages labeled “Made in the USA,” which were published in Soviet state-controlled outlets as signs of a U.S.-led plot. The KGB ran active measures during the Soviet war in Afghanistan in the 1980’s, often using “false bands” of Afghan units posing as CIA-backed guerillas to justify Soviet military operations.

Misinformation and disinformation are quickly and efficiently distributed through news channels and social media to influence public opinion. Russian state-owned outlets Russia Today (RT), Tass, and Sputnik have a strong presence on Facebook, Twitter, YouTube, and Telegram, echoing the Kremlin’s position and portraying NATO and the United States as aggressors. In 2013-2014, Russian state media framed the Maidan protests that toppled Ukrainian President Viktor Yanukovych as “fomented by the U.S. in cooperation with fascist Ukrainian nationalists” that were used as a pretext for Russia’s little green men to seize Crimea.

One Russian-backed channel on YouTube is НАШ or NASH TV, which has been promoting Russia’s narrative until it was banned in Ukraine. Founded by former pro-Russia Ukraine parliament member Yevheniy Murayev, NASH TV is a Kremlin mouth piece flooding viewers with anti-American and anti-NATO falsehoods. Last month, the United Kingdom accused Russia of attempting to overthrow Ukrainian President Volodymyr Zelensky and replace him with Murayev. This is the same approach used by Russia when it seized Crimea and installed Sergey Aksyonov as the so-called Prime Minister of Crimea.

Sustained Russian information operations reinforce specific elements in Moscow’s narrative of grievances. First, NATO’s eastward expansion since the end of the Cold War is the real threat, not Russia. Second, Ukraine and Georgia joining NATO would threaten the European security order. Third, the annexation of Crimea and support for separatists in Donbas are liberations of Russian-speaking communities.

Troll factories and bots spread large volumes of fake news stories, making it almost impossible to counter the steady deluge of disinformation. On January 31, it Western media reported that Russia planted fake stories about bomb threats against Ukrainian schools and shopping malls, forcing children to online learning and closing businesses. Just last week, U.S. officials uncovered a plot by Russian intelligence to fabricate a propaganda video portraying fake explosions, corpses, and grieving women designed to legitimate a Russian invasion to protect civilians in Ukraine.

Russia supplements information operations with cyber attacks. Russian hackers recently breached Ukrainian networks, replacing publicly facing websites with messages in Ukrainian and Polish designed to look like a Polish cyber operation. Russian cyber attacks targeted Georgian networks during the 2008 South Ossetia War and again in 2015 when Sandworm, a hacking group linked with Russian intelligence, took down Ukraine’s power grid.

Russian state-sponsored cyber attacks targeting Ukraine can devastate U.S. and NATO networks. The 2017 Notpetya and WannaCry attacks spread throughout the world soon after hitting their targets. In the 2020 Solar Winds hack, cyber criminals directed by Russian intelligence inserted malicious code into updates in Orion software that infected servers used by the U.S. Treasury, Energy, and Defense Departments, as well as Microsoft, Intel, and Cisco. The U.S. Cybersecurity and Infrastructure Security Agency recently warned U.S. networks are vulnerable to more Russian cyber attacks.

Russia also uses blended cyber operations, in which governments tolerate cyber criminals and ransomware groups operating in their countries. For example, the 2021 cyber attacks against Colonial Pipeline, which controls much of the fuel along the U.S. East Coast, were launched by criminal group Darkside operating in Russia. Darkside locked up Colonial Pipeline’s networks and held data hostage until it paid a ransom of $5 million.

Steps NATO Should Take

Information warfare and cyber attacks demonstrate that NATO must get serious about building resilience against hybrid war tactics. This means prioritizing counter-hybrid measures in NATO’s next Strategic Concept, which will be developed in June. NATO should take the following steps to counter Russian information operations:

  1. NATO’s next Strategic Concept should update Article V of the North Atlantic Charter, which commits NATO members to defend one another, to include hybrid war tactics in addition to conventional military actions. While the range of gray-zone operations makes it difficult to know when and how to trigger the collective defense mechanism, NATO members should engage in deterrence in the contemporary battlespace.
  2. NATO must establish a network of innovation centers to expand on its existing centers of excellence. NATO developed the Strategic Communications Centre of Excellence in Latvia to identify disinformation and the Cooperative Cyber Center of Excellence in Estonia to monitor cyber operations. NATO also approved the NATO-Industry Cyber Partnership to improve the alliance’s relationship with private firms and coordinate cyber defense efforts.
  3. New NATO innovation centers could engage in cutting-edge research and development on artificial intelligence, quantum computing, autonomous machines, hypersonic technologies, and information and technology literacy. Innovation centers could be modeled on the European Union’s East Stratcom Task Force, which is staffed with experts specializing in Russian propaganda through its EUDisinfo site. Innovation centers funded through NATO’s Science for Peace and Security program could partner with NATO’s Joint Intelligence and Security Division (JISD).These centers could also develop public-private partnerships with commercial firms, academic institutions, and civil society groups to build resilience through training centers, research institutes, and information technology programming.
  4. Governance and rule of law among alliance members must be improved as weak institutions provide maligned external actors avenues to interfere. For example, while an innovation center can improve North Macedonia’s ability to combat disinformation and cyberattacks, it must also improve domestic governance, combat corruption, strengthen judicial practices, and enhance economic opportunities. President Biden’s executive actions targeting corruption in the Western Balkans is a significant step to promote accountability.

The most effective way to defend against Russian hybrid tactics is for NATO to partner with the private sector and academia to lead research and development initiatives that can boost alliance-wide emerging and disruptive technologies policies. Since many security-related applications of emerging and disruptive technologies are derived from private firms, partnering with companies, start-ups, and universities and research institutes is essential to securing alliance members in the 21st Century. NATO should invest in strengthening capacity and innovation against hybrid attacks as much as it invests in conventional military hardware.

Image: (L-R) Russian Deputy Defence Minister Colonel-General Alexander Fomin, Deputy Foreign Minister of the Russian Federation Sergei Ryabkov and NATO Secretary General Jens Stoltenberg meet during the NATO-Russia Council at the Alliance’s headquarters in Brussels, on January 12, 2022. (Photo by Olivier HOSLET / POOL / AFP) (Photo by OLIVIER HOSLET/POOL/AFP via Getty Images).