Today’s security environment is increasingly complex and unpredictable, with State and non-State actors conducting cyber attacks and hybrid warfare which can blur the lines between conventional and unconventional forms of conflict. The spectrum of threats also encompasses energy security challenges, including those posed by climate change and natural disasters, and emerging and disruptive technologies such as AI and quantum computing. The challenge of adapting and responding to these different types of threat is compounded by trends that have radically transformed the security environment.

In an age of strategic competition, cyberspace remains a contested space. The malicious cyber activities targeting our nations are continuous, and their true strategic consequences may lie not in producing a catastrophic armed attack that disables a country in a single moment, but rather in the results of an accumulation of smaller attacks which undermine the sources of national power. We are witnessing a change in international security where conflicts increasingly take place in the grey zone and where aggressors use hybrid tools such as disinformation, cyber-attacks, economic pressure, deception, and sabotage in combination with military instruments. This targeting of our nations through digital means will likely remain an attractive option for years to come. After all, these tools can be exploited by states as well as by proxies and private organisations, without any geographic constraints.

Resilience against cyber and hybrid threats should therefore remain our top priority. Given the evolving threat landscape, societies should focus on building up the ability to resist and recover from major shocks such as the failure of critical infrastructure or a hybrid or armed attack, while also creating national tools to address more drawn out campaigns such as disinformation and electoral interference. Ideally, the practice of building up resilient societies should result in raising our collective benchmarks to a level that makes it more difficult for our adversaries to achieve the effects they desire.

Our ability to deny potential benefits to the aggressor must also be complemented by continuous thinking about and refining of ways to proactively deter and defend against hybrid campaigns. There is constant competition and continuous ambiguity in cyberspace, which renders traditional thoughts on deterrence and strategy less effective. It is not possible to prevent and deter all cyber activity, so we must shift our thinking towards a more proactive approach.

No one corporation, country, or continent can build resilience, deterrence, or defence in isolation. The space of cyber and hybrid conflict is a shared one, so solutions must be built on international coordination and cooperation. Industry remains a primary player in cyberspace, owning most of the infrastructure that supports cyberspace and often being the entity that identifies that an attack is in progress, as well as a first responder. The sharing of responsibility and power with the private sector within an operational domain is therefore a key strategic consideration which needs to permeate all governmental discussions of cyber and hybrid defence strategies. This requires new ways of thinking and working together which may take us out of our comfort zone.

It is therefore my genuine pleasure to welcome this contribution to our collective thinking. Cyberspace and technology will be at the core of the strategic competition that will unfold during the next decade and we need to ensure that we are positioned to harness cyberspace to its benefit in an increasingly digitized environment. Cybersecurity will become increasingly important to securing and enhancing our way of life and ability to conduct business, as industry, government, military, and ordinary citizens rely increasingly on technology and engage in digital transformation. As an enabler, line of effort, catalyst for change, and product of innovation, we must continue to iterate on our thinking about cyber and hybrid defences because they are here to stay.

Christian Lifländer

Head, Cyber and Hybrid Policy Section, Emerging Security Challenges Division, NATO HQ