1November/December 2018, Vol. 38, No. 10 RUSI Newsbrief

Modern Deterrence

‘A standing Army provides depth; as well as conducting complex war fighting, it is the same

highly trained soldier who welcomes you to the Olympics, deals with floods and trains partner forces abroad’, explains the British Army on its website, pointing out that the Army is ‘always ready and steadfast in its commitment to the defence of the United Kingdom and its citizens’. Those are laudable goals, and the British armed forces – like their colleagues across Europe and many other countries – have a proud history of valiantly defending their countries. But today’s threats are very different from those of the past two and a half decades.

To be sure, some European countries still face the prospect of land invasion or other forms of military aggression, and that requires sizeable armed forces. Moreover, it should be remembered that hybrid instruments have been used in the past: front publications and influence agents were commonplace during the Cold War. But today, daily life is easier to disrupt, even from a distance, partly because so much of it is based on technology, most of which is not owned or even operated by the government. A hack of any major mobile phone network would knock out a predominant mode of communication, while an attack on a port or a logistics company could disrupt the many complex supply chains that most people rely on to meet their basic needs.

Continuing urbanisation, combined with increasing use of the Internet

of Things (everyday items such as refrigerators and home heating systems that are connected to the internet), adds more opportunities for adversaries to wreak havoc on daily life. When Maersk, the world’s largest container shipping company, was hit by NotPetya ransomware last year, it was seen as a commercial matter. But because 80% of global trade by volume is carried on board ships, it was also a national security concern to countries relying on Maersk for deliveries of their populations’ daily necessities – which is to say, virtually every developed country.

Today’s practitioners of hybrid warfare usually do not announce impending aggression or claim responsibility afterwards

Today’s threat scenario also extends to the US, which has, by virtue of its location, mostly been spared military aggression. According to a study by Lloyd’s Insurance, an attack on the energy grid covering the northeastern US would leave 93 million people without power, disrupt water supplies, wreak havoc on transportation and cost lives. Such disruption is a real possibility: between 1992 and 2006, Russia imposed at least 55 energy cut-offs in different countries.

Because non-conventional attacks fall under the threshold of military aggression, the target country cannot

deter them with the usual means, namely military punishment. Deterrence by punishment works because virtually no country wishes to be attacked in response to an attack of its own. Military punishment would also lead to escalation not in the interest of the initially targeted country. Modern deterrence, then, must also focus on deterrence by resilience.

The energy cut-offs and the virus attacks are part of what is commonly labelled hybrid warfare, grey-zone warfare, threshold warfare or fourth generation warfare – the combination of military threats with non-military threats and attacks against companies and civil society. Attacks against civilian targets have, of course, always been part of warfare: during the First World War, for example, the Allied powers conducted a highly successful naval blockade of Germany that starved their adversary of necessary goods, and during the Cold War both the Western and Soviet blocs conducted disinformation campaigns against the other side. But today, non-military threats and attacks are no longer just an accompaniment to military action: they are a stand-alone means of aggression. They can take on such a potent role because highly technology-driven societies, with their relatively small government sectors, present ample targets. In addition, Western populations are accustomed to material comforts that were not known to previous generations. Because of that, and the dependence of societies on easily disrupted global trade, in combination with a lack of crisis response training, even a small attack

Modern Deterrence: Preparing for the Age of Grey-Zone Warfare Elisabeth Braw

Modern deterrence is concerned with how countries employ their resilience potential to deter today’s hybrid threats, especially through the involvement of the private sector and civil society. New approaches will likely build on the practices already developed by countries exhibiting a strategy of ‘total defence’.

2November/December 2018, Vol. 38, No. 10 RUSI Newsbrief

could have a major effect the lives of individuals in Western societies.

These opportunities are being exploited, not just by state actors but by non-state actors as well. Further muddying the waters, in many cases non-state actors operate on behalf of a government. State actors (whether operating through proxies or not) have the capacity to conduct sustained non-conventional warfare, and can combine such non-conventional warfare with conventional armed forces to carry out hybrid warfare.

States such as Russia and China are increasingly directing hybrid warfare at Western Europe and North America with the aim of disrupting the presumption of a safe homeland. Currently, Russia is the most important actor to focus on in Europe. Following the attempted assassination of Sergey Skripal, government-linked Russian news outlets tried to discredit British authorities by claiming that the government’s Porton Down laboratory had simply failed to safely handle the Novichok nerve agent. In 2014, a suspected Russian submarine was spotted in the Stockholm archipelago. Russian news outlets immediately suggested alternative scenarios and ridiculed the Swedish navy’s inability to locate the sub, discrediting it

and the Swedish government. Similarly, the NotPetya ransomware attack that targeted Ukraine in 2017, has been traced to Russian agents. In the US, Russian agents created fake Facebook profiles and groups that influenced the 2016 presidential election in key swing states.

Attacks on companies in any strategic sector can be similarly effective. Complexity can, of course, also generate adaptability, but today’s fragile supply chains lack a Plan B that could be rapidly implemented. As households, retailers and distribution centres maintain minimal reserves, even a Plan B put into place several days after a major disruption would be too late. During the Cold War, most European countries had strategic food reserves. Few do today.

From the attacker’s perspective, unleashing a mix of threats and attacks on civilian targets is attractive for a simple reason: it is cheap and affords the attacker strategic ambiguity. An adversary can claim responsibility for the act – or not. Either way, the attacker can support the desired narrative with government-linked media that provide much more sophisticated messaging than traditional propaganda. Russia’s state-owned international television network RT, for example, blends

standard reporting with half-truths and slanted coverage, while Soviet propaganda was so unsophisticated that few could mistake it for the truth. Today’s practitioners of hybrid warfare – of which Russia is the most-discussed example and most relevant to Europe – usually do not announce impending aggression or claim responsibility afterwards.

Constant remotely directed disruption, accompanied by fear of additional attacks, can weaken the target country to the point that its government will adjust its behaviour to suit the wishes of the perceived attacker. In Sweden, for example, an advocacy group accused the Swedish Navy of incompetence in the 1981 Whiskey on the Rocks incident, arguing that the Soviet submarine that ran aground near a Swedish naval base had no hostile intentions but simply had faulty navigation instruments. The objective in this form of warfare is not territorial conquest, but a suppliant geopolitical environment.

Especially during the past four years, policymakers have begun to grasp the extent of Russia’s current military capabilities, combined with its innovations in hybrid warfare. To go a step further, it must recognise

An aerial view of the Port of Felixstowe, the UK’s largest and busiest container port. Enhancing the security of critical national infrustructure like ports and power stations is an important element of modern deterrence. Courtesy of Wikimedia

3November/December 2018, Vol. 38, No. 10 RUSI Newsbrief

that open and democratic societies are extremely vulnerable to such unannounced aggression. So far, most governments have not exhaustively mapped their countries’ vulnerabilities, let alone created a system to defend those weak points. That is partly because Western-style democracies are highly decentralised and partly because non-conventional threats have until recently not been considered to be major threats to national security, and even today many governments consider them to be mere inconveniences. Non-conventional threats exploit gaps in advanced free market societies: where, for example, companies may not consider themselves to be partly responsible for national security. They are unlikely to consider attacks – and their response and defence against such attacks – to be matters of national security.

What is needed, then, is cooperation between governments, the private sector and the general population. This must begin with the recognition that modern warfare is now deeply dissimilar from the conventional, uniformed armed conflict that the West has been imagining and preparing for.

During the Cold War, the Scandinavian countries in particular built comprehensive defence models known as total defence. Although total defence was developed in preparation for land invasion, the concept remains highly relevant to the various threats that are typical of hybrid warfare and is still practiced to some extent in the Scandinavian countries. In addition to assisting its armed forces, Denmark’s all-volunteer Home Guard supports civilian agencies with duties such as crowd control and evacuations. The Danish Emergency Management Agency (FEMA) leads a so-called capability-builders’ working group with Danish multinationals, with the goal of harmonising crisis preparedness and responses. Sweden, meanwhile, is resurrecting and updating its partially dismantled total defence architecture. The Swedish Civil Contingencies Agency (MSB), for example, shares responsibility for a broad suit of issues, ranging from critical national infrastructure to disinformation campaigns. This spring, the MSB

sent a brochure entitled ‘If Crisis or War Comes’ to every household in the country, which provides easy to understand advice on how to prepare for and act in a crisis. Thanks to its general conscription for military-aged men, Finland has a critical mass of citizens with a good understanding of preparedness and military skills. Perhaps learning from their Nordic neighbours, total defence preparedness can also be seen in the Baltics. Over the past couple of decades, Estonia has built an impressive total defence system that involves both general conscription for men and an efficient National Security and Defence Coordination unit situated in the chancellery.

An attack on the energy grid covering the northeastern US would leave 93 million people without power

These examples from Scandinavian and Baltic countries are partial solutions. Modern deterrence must involve a critical mass of businesses and citizens. Business leaders need to be trained in, and be comfortable executing, crisis management. They also need to learn to see their businesses as part of national security, not simply as commercial operations, and to act accordingly. That means, for example, close coordination with the government, and constant sharing of threat updates with other companies in the same sector.

Indeed, although hybrid warfare has been a much discussed in security and defence circles, no country has yet developed complete defence simply because the threat scenario is new to this generation of decision-makers in Western governments. Just like their adversaries can seamlessly employ a range of threats and attacks against them, Western governments need similarly seamless deterrence to be undertaken in an active and dynamic way. Because Western governments do not own most companies in strategic sectors, and in many cases not even

strategic infrastructure, they need to work closely with the private sector to form a credible resilience and deterrence posture. Governments – ideally through a central ‘tsar office’ with ministry status – could act as coordinators of crisis management exercises, industry-provided threat updates and similar preparatory actions.

Today, voting publics are often disengaged from matters of national security, but they can – and must – play a crucial role in societal resilience and thus deterrence. Even if governments had enough money to dramatically increase defence spending, armed forces are not best placed to provide resilience, and current recruitment can barely meet the needs of armed forces’ primary duty of combat. As armed forces face bounded resources and capabilities, what is needed is a critical mass of citizens who know how to prepare for a crisis, how to respond during it, and how to identify disinformation.

Open societies are inherently vulnerable to malicious acts, and the success of liberal democracies with their market economies is dependent on that very openness. But private sectors and populations possess enormous potential that is currently underutilised. To be sure, most companies go to great lengths to protect themselves, but do so for commercial reasons and in isolation from one another and the government. Societal resilience must be a joint effort.

Given today’s threats and attacks, modern deterrence must become an essential element of national security, as well as a key consideration for the security of the NATO Alliance. As a potential programme of work within defence, modern deterrence also sows the seeds for more robust and resilient societies and populations – a kernel of a refreshed national security for this century’s interdependent and interconnected world.

Elisabeth BrawElisabeth is an associate fellow who directs the Modern Deterrence programme at RUSI.

The views expressed in this article are the author’s, and do not necessarily reflect those of RUSI or any other institution.

Modern Deterrence