Held in Tallinn on 7 September, the exercise brought together EU Defence Ministers, the High Representative of the Union for Foreign Affairs and Security Policy and Head of the EDA Federica Mogherini, senior representatives of the European Commission as well as the heads of cyber-related EU agencies. CYBRID’s main objectives was to raise cyber awareness at the highest political level and to practice strategic decision-making procedures to be followed in case of a cyber-attack against EU military structures. In the spirit of the new EU/NATO Joint Declaration, the exercise was also attended by NATO Secretary General Jens Stoltenberg.
Cyber + hybrid = CYBRID
The exercise name in itself is a reminder of the fact that cyber and hybrid warfare have become a new threat cocktail that can no longer be ignored by defence planners. Blending traditional military with non-military tools, hybrid strategies seek to incrementally undermine a system, destabilize a region or state and fuel conflict. Another key feature of hybrid warfare is that attacks are very difficult to attribute with certainty to a certain state or group, in effect allowing attackers to remain incognito.. At the same time, hybrid aggressions come in such small doses that it is difficult to categorise them as clear-cut armed attacks under international law. This, in turn, makes it harder for any victim country to use its legitimate right to self-defence.
Awareness at the top level
Cyber is nowadays widely acknowledged as a major threat to Europe’s security and, subsequently, has its place in the EU’s Common Security and Defence Policy (CSDP). Yet, crucial aspects such as CSDP missions and operations’ resilience to such threats have to date been given only limited attention. How far a third country’s dubious cyber activities can be considered an indicator for active hybrid warfare also requires further reflection and debate. What is beyond doubt, however, is that aggressive cyber campaigns orchestrated by adversaries in combination with other hybrid actions (such as propaganda, fake news, use of proxies, etc.) can easily provoke massive disruption in whatever country, organisation or infrastructure targeted by such attacks, including CSDP missions and operations. Such crisis inevitably involves the full chain of command, up to the top military and political level. Hence the need to raise ‘Cybrid’ awareness at the highest level throughout Europe and to improve cyber defence incident coordination.