The Baltic region now serves as a prime example of a hybrid threat environment, where the lines between conventional warfare and irregular tactics are increasingly blurred. Baltic and Nordic states have recognized these developments better than most, and it is no coincidence that the European Centre of Excellence for Countering Hybrid Threats was established in Finland in 2017. Yet as Russian aggression against Ukraine has illustrated, traditional intelligence assessments have struggled to keep pace with the broad spectrum of emerging security risks. Lessons from strategic disaster intelligence, a subset of broader energy and environmental security (EES), may provide some guidance.
While EES at first blush may appear to focus on natural hazards and physical processes, its development always required acknowledging and engaging with the PMESII spectrum (political, military, economic, social, information, infrastructure). Work on EES in the US Air Force overlapped closely with counter-insurgency (COIN) and irregular warfare (IW) expertise, and then provided a bridge to the wider scientific community. What emerged was an unclassified approach to anticipating emerging risks, drawing upon community expertise to identify and evaluate weak signals for early warning. Disaster intelligence relied on vulnerability analyses, identifying critical nodes and stress-testing systems not with just one source of pressure, but using scenarios where a constellation of varied risks would hit simultaneously.
While the initial concern had been force protection and operational disruptions from natural hazards, the USAF EES work incorporated emerging threats from cyber, disinformation, and cognitive warfare. The resilience of systems was not just a static quantity, but part of a dynamic system which itself was often deliberately targeted. Resilience targeting has been a key component of hybrid and cognitive warfare, with new technologies allowing it to be deployed at scale not just in Ukraine, but across Europe and North America.
The essential need is to move beyond a traditional “threat-centric” view to a more holistic and dynamic view of security as a system. This involves mapping critical infrastructure, including finance, energy, health, ecosystems and social/political communities. Such critical nodes are precisely what hybrid warfare, particularly the gibridnaya voyna as practiced by the Russian Federation, target and attempt to exploit in asymmetric and deniable attacks. After the initial 2014 invasion by Russian forces into Ukraine, Russia and proxies carried out distributed and persistent attacks against banks and hospitals, with the goal of fostering mistrust in the legitimacy of the Ukrainian government and financial system. The attacks were most vividly seen in the NotPetya cyber worm in 2017, which originally intended to attack Ukrainian health and financial institutions, spread and caused billions of dollars damage to logistics companies and hospitals worldwide. Ultimately resilience targeting strategies attempt to break down trust, which leaves targeted communities fractured and passive against an outside adversary.
Disaster intelligence also highlighted the necessity of formalized ‘dark reports’, where known unknowns are analyzed. Deep analyses of what is not known about a system involves identification and measurement of different uncertainties, the reasons for existing or future data gaps, and the implications for risk assessments of these blind spots. Based on experiences of the Royal Navy during WW2, earlier efforts relied primarily on HUMINT and expert judgement. New computational resources now allow for more formal and real-time modelling of both uncertainties and missing elements of early warning models. The dark reports allow for greater peripheral risk vision, and help avoid underestimation of the probability of extreme risks.
While new technical applications exist, creation of scenarios and wargames are still necessary elements of expert pattern recognition and response. The process of scenario creation helps to establish plausibility from decision-makers, especially when clustered around improbable combinations of probable events. Both institutions and individuals find it difficult to carry out multihazard risk assessments, when synergistic effects create conditions that overwhelm orientation and response. The disaster intelligence tools had to approach such risk clusters as given, and to rely on the emergent properties of group assessments to overcome analysis and decision paralysis. So for example, what if a cyberattack disables the ports of Helsinki and Tallinn coinciding with a coordinated disinformation campaign blaming NATO, a paralyzing ice storm, and a sudden influx of migrants at the Belarus-Poland border? We need to ask such questions well in advance.
Asian Institute of Management
Philippinescbriggs@aim.edu
