Insider: Short of War – Details, episodes & analysis

Seize the Advantage: Three Models to Improve Security Cooperation Planning

In this essay, James P. Micciche, a US Army Strategist, presents a comprehensive framework for improving security cooperation planning and execution in support of U.S. defense strategy. He proposes three interconnected models: one that emphasizes clearly defined objectives tied to policy goals, another that focuses on understanding the operating environment with particular attention to partner nations' capabilities and institutions, and a third that advocates for developing campaigns of integrated, coordinated, and sequenced efforts. Micciche argues that by implementing these models, the United States can better leverage its network of allies and partners as a strategic advantage, aligning with the goals of the 2022 National Defense Strategy. The essay underscores the importance of moving beyond discrete security cooperation activities to a more holistic, campaign-oriented approach that maximizes limited resources and accounts for wide-ranging effects in an era of strategic competition.

The link to the essay can be found here at the Irregular Warfare Initiative's website.

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

 

The Peril of Ignoring the Legitimacy of Violent Non-State Actors

This episode explores the often-overlooked legitimacy of violent non-state actors and its implications for international security. We delve into how insurgent groups gain support from local populations and why current approaches to countering them often fall short. Our experts discuss case studies from ISIS to African separatist movements, offering insights on how democracies can more effectively address the root causes of insurgencies in an era of great power competition.

About the Authors:

Santiago Stocker is a Program Director at the International Republican Institute (IRI) and previously served as a Director in the State Department’s Bureau of Conflict and Stabilization Operations. The thoughts expressed in this piece are his own.

Kathleen Gallagher Cunningham is Professor of Government and Politics at the University of Maryland and is a 2024 Non-Resident Fellow with the Irregular Warfare Initiative, a joint production of Princeton's Empirical Studies of Conflict Project and the Modern War Institute at West Point. The thoughts expressed in this piece are her own.

 

The views expressed are those of the authors and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

 

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Chinese Unconventional Threats in the Era of Great Power Competition

https://irregularwarfare.org/articles/chinese-unconventional-threats-in-the-era-of-great-power-competition/

June 18, 2024 by Leo Matthews, Kevin Hoerold

Would China ever take a page from Iran’s playbook and cultivate relationships with violent extremist organizations (VEOs)?   Despite its seeming improbability, the increasingly assertive actions of the People’s Republic of China (PRC) in Southeast Asia raise this compelling question. This article explores when, where, and how the PRC might use VEOs to further its political, military, and economic goals. An analysis of Southeast Asia identifies an intersection of the PRC’s goals with those of violent non-state groups in Myanmar, the Philippines, and the Indian border regions. In each case, the PRC could plausibly advance its national interests via a partnered or proxy relationship with select VEOs. The same method of analysis identifies when and where the PRC’s collaboration with VEOs would be unlikely due to competing financial and political interests.   Understanding China’s potential tactics and likely flashpoints for irregular warfare is vital for preparing effective countermeasures. Most importantly, the discussion of China’s unconventional levers of power serves as a warning against the complete separation of counterterrorism efforts from strategic competition with China.   Where Does the PRC Already Cooperate with Proxy Groups? In perhaps the defining example of PRC engagement with armed non-state groups, Myanmar has been a testing ground for China’s emerging strategy. In the absence of a stable, effective central government in neighboring Myanmar, the PRC maintains mutually beneficial relationships with both the military government and a complex web of ethnic armed groups. PRC collaboration with the military government of Myanmar and numerous ethnic opposition groups demonstrates President Xi’s willingness to arm and fund non-state actors in the pursuit of economic and military interests.   The PRC’s interests in Myanmar are largely focused on the development of the 1,700-kilometer China-Myanmar Economic Corridor. First proposed as a standalone project by Beijing in 2017, the project includes oil and gas pipelines, road and rail links, and a deep-sea port located in the coastal city of Kyaukpyu. Upon completion of the corridor and Kyaukpyu Port, the PRC will obtain direct access to the Bay of Bengal and the wider Indian Ocean. This will secure an alternative energy and trade route through Myanmar, open up an easier passage to global markets for the PRC’s landlocked Yunnan-based industries, and help reduce Beijing’s vulnerable reliance on maritime energy imports through the Straits of Malacca. In addition to the economic dimensions of the Belt and Road Initiative (BRI) in Myanmar, there is a budding element of great power competition at play in Kyaukpyu. The port will grant the PRC another outpost in its “string of pearls” strategy to encircle India, intimidate neighbors, and challenge US naval hegemony in the Indian Ocean.   The PRC’s expansive BRI projects in Myanmar traverse a country embroiled in ethnic conflict and tenuously led by a military junta. Beijing’s strategic priority is the completion of the economic corridor and unimpeded flow of commerce, irrespective of the internal politics of Myanmar. Consequently, the PRC funds and arms multiple sides of the conflict to protect its investments, simultaneously engaging with violent non-state actors and the military government.   In lieu of an effective government partner in Myanmar to maintain order, particularly along the Chinese border states, Beijing works through various ethnic armed organizations (EAO), the local power brokers. The largest EAO, the twenty-thousand-strong United Wa State Army (UWSA), has enjoyed a close relationship with the PRC’s security services since its founding in 1989. The UWSA emerged in 1989 from the splintering of the Communist Party of Burma (CPB), which the PRC had supported with weapons and military equipment since 1968 to combat the nationalist Kuomintang forces that fled into northeastern Myanmar after the Chinese civil war.   In recent years, PRC weapons shipments to the UWSA have included heavy machine guns, HN-5A Man-Portable Air Defense Systems (MANPADS), artillery, armored fighting vehicles, and other sophisticated communications equipment. The UWSA further benefits from access to cross-border markets for Chinese currency, rubber and mining industries, construction technology, and communication networks. Although the PRC does not publicly endorse the political goals of the UWSA, Beijing employs the group as a proxy force to protect ongoing BRI projects, stem the flow of drugs into China, and crack down on cyber scam centers operating in remote areas near the Chinese border.   When necessary, the PRC leverages its relationship with the UWSA and other armed groups to exert pressure on the military government of Myanmar to concede contested territory near PRC investments. Meanwhile, the military government of Myanmar maintains diplomatic ties with Beijing and has purchased over $1 billion in arms and military equipment since 2021 for its war against the UWSA and other EAOs. In recent months, Beijing has pressured both sidesof the conflict into (short-lived) ceasefire agreements to reduce the violent interruptions of trade and construction.   The PRC is not picking sides in Myanmar but rather protecting its strategic interests and investments. Beijing’s demonstrated willingness to arm and fund ethnic armed organizations in Myanmar leads us to question what other regions present similar conditions for PRC collaboration with violent, non-state actors.   Where is China Most Likely to Leverage VEOs? The Philippines and the India/Kashmir border present two such possibilities. The PRC’s interest in the Republic of the Philippines is two-fold. First, the PRC seeks to undermine the re-emergence of security ties between the Philippine government and the United States. Manila has recently undertaken strategic steps to deepen its relationship with the United States, marking a significant evolution in its foreign policy. This is underscored by the recent expansion of the US-Philippine Enhanced Defense Cooperation Agreement. Second, the PRC has actively pursued territorial claims in the South China Sea (SCS), employing a strategy that combines economic leverage and the enhancement of its soft powerwithin the Philippines. This multifaceted approach aims to sway Manila into acknowledging the PRC’s territorial assertions, highlighting a sophisticated blend of diplomacy and economic influence to advance its geopolitical interests in the region. In a recent escalation of tensions, the PRC has intensified its assertive actions in disputed maritime territories by deploying both coast guard vessels and civilian fishing fleets. The PRC’s use of VEOs as a proxy force would allow for plausible deniability on the international stage while weakening the Philippine government’s maritime operations in the SCS and straining US-Philippine relations.   The two most likely VEOs for the PRC to leverage are the New People’s Army (NPA) and the Islamic State East Asia (ISEA). The New People’s Army (NPA), the armed wing of the Communist Party of the Philippines (CPP), has a documented history of engaging in actions against US personnel and interests within the Philippines. Their violent history includes deadly attacks on US servicemembers, underscoring the significant threat the NPA poses to both national and international security interests in the region. The NPA’s stated aims are to overthrow the Philippine government and eliminate US influence in the Philippines, highlighting its ambitious objectives against both the central government and foreign presence. Formed in the image of Maoist revolutionaries, the NPA received direct funding and military suppliesfrom the Chinese Communist Party from 1969 until the 1976 normalization of Chinese-Philippine relations. This demonstrates the NPA’s predisposition to collaboration with the PRC as the Chinese Communist Party’s genesis serves as the inspiration behind the NPA’s movement.   ISEA also holds both the capability and intent to attack American and Philippine government interests. The ongoing conflict instigated by ISEA in the southern islands of the Philippines demands extensive efforts from the Philippine government in terms of time, manpower, and resources. This continuous engagement diverts Manila’s focus and resources from other national security priorities, potentially benefiting the PRC’s strategic position. However, the PRC’s longstanding campaign against Uyghur Muslims in Xinjiang, under the pretext of combating Islamic extremism, might make the PRC cautious about associating with a violent Islamist group like ISEA. The PRC would go to great lengths to keep a proxy partnership with ISEA highly confidential.   When evaluating the potential for future PRC engagement with VEOs in the Philippines, several indicators could signal an escalation of involvement. A noticeable enhancement in the weaponry and capabilities of these groups could serve as an early warning of increased support. Additionally, a rise in both the frequency and intensity of their attacks, particularly if these occur in tandem or close succession with PRC assertive actions in the West Philippine Sea, could suggest a level of coordination between these organizations and the PRC.   PRC support for certain VEOs in Kashmir, meanwhile, could provide strategic, economic, and security advantages to Beijing. The PRC’s primary regional interests are the protection of nearby BRI investments and the disruption of the Indian military presence along the Line of Actual Control (LAC). Pursuant to these interests, the PRC supports Pakistan’s territorial ambitions and stands to benefit indirectly from the actions Pakistan takes to exert its power in Kashmir via conventional and unconventional means.   Periodic PRC military incursions into Indian Kashmir, including a 2020 clash in the Galwan Valley that resulted in 120 Indian casualties, underscore the PRC’s willingness to violently escalate tensions in the region. In addition to conventional military engagements along the LAC, Beijing provides financial support to Pakistan, whose military occupies a second front with India along the Line of Control (LOC). Should the PRC wish to employ unconventional methods in its simmering conflict with India, Beijing may consider working with or through Kashmir-based VEOs.   Within Indian Kashmir, Pakistan exercises varying levels of control over a network of Islamist VEOs opposed to Indian rule in the region. The jihadi organizations offer an alternative to conventional military force, operating within urban environments and conducting guerrilla warfare against the Indian government. Pakistan provides jihadists, via its Inter-Services Intelligence (ISI), with funding, weapons, equipment, and a safe haven to train for their perennial struggle against Indian rule in Kashmir.   The primary organizations directly associated with Pakistan are Jaish-e-Muhammad (JeM) and Lashkar-e-Taiba (LeT, renamed Jamaat-ud-Dawa in 2022), as well as Harakat-ul Jihad Islami (HUJI), and Hizbul Mujahideen (HM). ISI does not enjoy the same relationship with ISIS or al-Qa‘ida-affiliated groups whose global vision for Kashmir as part of a worldwide Islamic caliphate are at odds with the secular Pakistani state.   Beijing is unlikely to engage directly with Islamist VEOs but could work through existing ISI channels to indirectly fund or arm groups such as JeM or LeT. Using Pakistan as an interlocutor builds upon decades-old relationships between the ISI and select VEOs while providing a level of deniability to the PRC, publicly committed to opposing radical Islamist movements. In fact, from September to December 2023, multiple Indian media outlets reported on alleged evidence of PRC support to Pakistan-backed militants in Kashmir. Although uncorroborated in Western reporting, the stories claim Chinese military technology, including drones, encrypted communications devices, and advanced weaponry, have been supplied to LeT and JeM via the ISI. While far from definitive proof of PRC engagement, the news stories reveal an existing Indian narrative of Chinese involvement with Pakistan’s network of jihadist groups in Kashmir.   Where China is Unlikely to Leverage VEOs The conditions identified in South Asia, which may accommodate a relationship between the PRC and VEOs, are not replicated in South America or Africa. From the Revolutionary Armed Forces of Colombia–People’s Army (FARC) in Colombia to the plethora of VEOs across Africa, both regions offer vectors for VEO engagement, but the PRC’s extensive economic and diplomatic investments suggest such a partnership would be highly unlikely.   The PRC will work with and through partner governments or institutions to pursue its economic and strategic interests whenever possible. The emphasis on infrastructure development, economic growth, and fostering long-term partnerships under the BRI framework (as opposed to geographic ambitions) suggests a strategic preference for stability and cooperative engagement over the contentious and unpredictable nature of VEOs. To this end, the PRC has fostered relationships with governments across Africa and South America and voiced support for local counterterrorism efforts.   Engagement with a VEO is an inherently high-risk endeavor, only likely to happen when the PRC lacks a cooperative, effective government partner and does not jeopardize its regional investments.   Conclusion In examining these key geopolitical hotspots, it is clear that China acts based on its own self-interest. This analysis suggests that the PRC might go beyond traditional forms of international engagement, employing unconventional methods to further its strategic national objectives. Specifically, the PRC may work with VEOs as a novel approach to increase its regional influence. VEOs are appealing because they can disrupt, subvert, or distract. Therefore, China’s potential use of VEOs to project power indirectly requires a coordinated counterterrorism response. Understanding Beijing’s possible future tactics is crucial for developing effective countermeasures against these unconventional threats.   Kevin Hoerold is a General Wayne A. Downing Scholar of the Combating Terrorism Center at West Point. He holds a MA in Security Studies from Georgetown University and BS in Management and Financial Economics from Norwich University.   Leo Matthews is an instructor at the United States Military Academy’s Social Sciences Department. He holds a MA in Security Studies from Georgetown University and BS in Civil Engineering from the United States Military Academy.   Views expressed in this article solely reflect those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.   If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

https://irregularwarfare.org/articles/combatting-russian-lawfare-with-a-cognitive-shield/

June 13, 2024 by Armenak Ohanesian

On February 24, 2022, Putin formally announced Russia’s invasion of Ukraine. In his remarks, Putin attempted to justify his actions in part by citing the UN Charter and the right to self-defense. Putin’s argument was unpersuasive in a legal sense and widely condemned by the international legal community. Nonetheless, his attempt demonstrated Russia’s intent to present distorted interpretations of the law to create an illusion of legitimacy for the invasion. Since his speech, the Russian government has repeatedly abused and weaponized domestic and international law to support its war against Ukraine.

Russia’s weaponization of the law is part of its strategy to satisfy Russian domestic opinion, sow discord between Ukraine and its allies, and maintain international support for its activities. Perhaps most insidious, however, is that Russia’s disregard for the law is also malevolently anthropocentric, intended to both exploit and affect the most vulnerable target: the human being and its cognition. In this respect, Russia’s blatant abuse of the law is meant to degrade Ukraine’s will to fight by undermining justice and flouting accountability.

The essence of Russian lawfare is not the correctness of its legal arguments but how law and facts are used to shape the perception of its invasion of Ukraine among domestic, regional, and international audiences. When it comes to waging lawfare, Russia brazenly crafts and deploys malign narratives by manipulating facts, distorting the meaning of international obligations, passing nonsensical domestic legislation, and rendering ridiculous legal judgments. In this way, lawfare is just one part of Russia’s broader disinformation and propaganda efforts. The typology of Russian lawfare has been well-explored: some researchers distinguish up to 36 types of Russian lawfare, depending on the warfare domain and legal environment. These activities undermine the idea of justice and the rule of law and, in many cases, are presented as justifications for specific Russian military activities and objectives in Ukraine. 

Today, new technologies enhance the threat of Russian lawfare. Russia already abuses social media to spread disinformation about its invasion globally. New tools, such as large language models, make such campaigns easier, cheaper, and more effective. Disinformation campaigns can corrupt legal environments by undermining facts, biasing juries, or otherwise creating evidence-resistant beliefs and amplifying basic instincts like hatred. 

Consequently, effectively countering Russian lawfare requires recognizing human cognition as a battlefield and combatting Russian disinformation more broadly. Governments and the sources of international law—namely customary law, treaties, and statutes of international courts—should be designed to reflect a benevolently anthropocentric approach that prioritizes human cognitive resilience against lawfare and disinformation. Governments, militaries, and civil societies must erect a ‘cognitive shield’ to resist the Russian disinformation efforts that underpin its abuse of the law. This shield should focus on five pillars and be integrated into the grand strategy of multi-domain operations.

The cognitive shield includes the following:

Narrative Analysis: Governments should continuously monitor, gather, and organize sources of malevolent foreign narratives to track their activity and targets. For example, big data processing and sentiment analysis tools could do such monitoring. Indeed, such tools are already being developed, including several by Ukrainian experts directly responding to Russian disinformation campaigns. These tools have been successfully used in Ukraine to uncover and mitigate Russian attempts to promote pro-Moscow insurgencies in Ukraine. Debunking false narratives is central to combatting Russian lawfare, which frequently attempts to distort historical facts. Enhancing these capabilities would strengthen the international legal community’s ability to tell fact from fiction and blame Russia for employing such information campaigns. 

Proactive Information Campaigns, Educational Initiatives, and Civil-Military Cooperation: Governments should start or build upon existing efforts to promote ‘cognitive self-resilience skills’ like critical thinking and fact-checking techniques among all levels of society, cultivating media literacy and the ability to recognize disinformation on one’s own. This strategy paves the way for a pre-bunking approach, preemptively exposing weaponized narratives before they are deployed, including in legal environments. Several national governments and regional bodies are already working on these initiatives and should be considered models for other governments interested in doing the same.

Legislative Efforts to Protect Human Cognition: National and international legislative bodies should pass measures to protect mental health and the integrity of cognitive processes, including perception, memory, and decision-making. These functions should be considered fundamental human rights and principles protected by international humanitarian law. At the same time, legislative bodies must criminalize cyberattacks and AI-enabled disinformation campaigns. Indeed, implementing such protections in international law would require significant efforts within the United Nations, particularly the UN International Law Commission. This would include amendments to the Geneva Conventions and the Statute of the International Court of Justice or Responsibility of States for Internationally Wrongful Acts (2001). Similar provisions must also be reflected in international criminal law, such as the Rome Statute of the International Criminal Court. The goal of these efforts is significant: to introduce a new principle in the law of war that protects human cognition and to hold accountable the states that violate it.

Interdisciplinary Integration: New insights from neurosciences such as neurobiology, psychoneuroimmunology, and psychology will continue to help explain the specific neural mechanisms that must be protected from disinformation. Just as there are mechanisms capable of artificially inducing negative reactions like hatred, there are also mechanisms that can neutralize these reactions. For example, a recent meta-analysis of 42 studies found that psychological “inoculation” (e.g., teaching people about common misinformation strategies) can improve a person’s ability to assess the credibility of new information independently. Government and international legal bodies must maintain awareness of these scientific advances to create new means of protecting citizens against disinformation.

Military Cognitive Strategies: Besides building resilience among civilians, governments need to adopt strategies to combat disinformation in their militaries. A striking example of the importance of such strategies is the Russian attempt to exploit allegations of corruption at the highest levels of power in Ukraine to undermine Ukraine’s will to fight. Indeed, corruption in Ukraine is a long-standing and systemic issue. Many Ukrainians of military age who left the country after Russia’s invasion state that they do not want to fight for a corrupt government. 

From my personal experience—as both a lawyer and a combatant in Ukraine—I am disappointed about the absence of a robust justice system in Ukraine. However, it’s important not to overlook the paradox of ‘perverse transparency,’ when anti-corruption efforts expose previously unnoticed corruption, thereby creating a misleading impression of increasing corruption. Russian intelligence services have leveraged Ukrainian anti-corruption efforts to generate high-profile news stories, which Russian media channels further exploit to discredit Ukrainian authorities to Western and Ukrainian audiences, including Ukrainian soldiers. Military doctrines must account for information campaigns exploiting narratives designed specifically to undermine a population’s will to fight by emphasizing the importance of cognitive resilience among its troops and populations that may be called upon to serve in the future.

Notably, the pillars of the cognitive shield are mutually reinforcing. For example, narrative analysis tools developed by governments or private industry can be improved by incorporating new findings from neuroscience studies. These tools can then be better applied in resilience-building educational initiatives and inform the drafting of legislative and military doctrine.

Whether local or global, conflict remains fundamentally a clash of wills, making it inherently a cognitive battle. Russian attempts to legally justify its invasion of Ukraine are a stark reminder of the vital role of cognitive resilience. Indeed, proactive and creative strategies necessitate relentless political commitment, but they are essential to safeguard the cognitive integrity of individuals committed to the ideals of freedom.

Armenak Ohanesian is Ukrainian lawyer, practiced in litigation, international arbitration, and criminal law. Post-Russian invasion, he served in the Ukrainian Armed Forces, including roles as an infantry soldier, combat medic, and artillery commander, notably in the Izium Counteroffensive and the Battle of Bakhmut. Decorated for his service, he now leads legal studies at IKAR, focusing on international law and cognitive warfare.

The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

June 4, 2024 by William Akoto

Original article published on the Irregular Warfare Initiative's website.

Editor’s note: This article is part of Project Proxies and Partners, which explores the promises and pitfalls of security cooperation in war, at peace, and in between. We invite you to contribute to the discussion, explore the difficult questions, and help influence the future of proxies and partners. Please contact us if you would like to propose an article, podcast, or event.

In September 2001, operatives for Procter & Gamble were caught diving in dumpsters outside a Unilever facility in Chicago in search of documents and other discarded items containing confidential information about Unilever’s hair care products business. To avoid litigation and the negative publicity that often accompanies such disputes, the companies quietly reached a negotiated settlement where Procter & Gamble agreed to not use any of the information obtained. This early example illustrates the ongoing vulnerability companies face regarding data security. In today’s corporate environment where digital data storage is the norm, companies now have to be wary of not only paper documents but also discarded storage devices like hard drives, USBs, and even old office equipment that might store digital data. 

Companies also have to worry about the increasing trend of nation-state-backed hackers trying to infiltrate corporate networks. This is part of a worrying shift in state-sponsored espionage from traditional intelligence gathering primarily targeted toward military and political secrets to the targeting of information held by private firms and other commercial enterprises that perform research and produce innovation critical to national economic growth and prosperity. Perpetrators often aim to use this information to leapfrog rivals’ technological advancements and to gain a competitive edge in the global marketplace. This is emblematic of modern interstate conflict, where the lines between economic, military, and political rivalry are blurred. 

In this article, I aim to highlight the rising tendency of states to engage in cyber economic espionage and how cyber proxies—hackers for hire—are playing an increasingly central role in these efforts. Two brief examples illustrate this trend. 

In 2017, APT10—a Chinese state-sponsored cyber proxy group believed to be linked to China’s Ministry of State Security—conducted a massive espionage operation dubbed Operation Cloud Hopper. This group is an example of what are known as Advanced Persistent Threat (APT) groups—hackers that engage in prolonged and targeted cyber campaigns against specific entities such as government agencies, companies, or other strategically important targets to steal information, disrupt operations, or spy on activities. In the Cloud Hopper operation, the group targeted managed service providers (MSPs)—companies that manage IT services for multiple businesses. The techniques used included spear-phishing to gain initial access, followed by the deployment of various malware tools to establish persistence and facilitate the exploration and extraction of valuable data.

The operation, distinctive in its scale and focus on commercial secrets rather than traditional military or political intelligence, was global, affecting countries across Asia, Europe, and North America. It spanned a wide range of industries including technology, telecommunications, and pharmaceutical companies. Targeting such a diverse array of industries highlights the strategic nature of the campaign and its aim to gain economic advantages through the theft of trade secrets and other sensitive corporate information.

The SolarWinds hack, identified in late 2020, is another significant incident that, although primarily seen as an intelligence-gathering operation, had substantial implications for economic espionage. This sophisticated attack involved the insertion of malicious code into the software updates of SolarWinds’ Orion platform, a widely used network management tool. Believed to be conducted by Russian intelligence services, this campaign compromised the systems of numerous US government agencies, top enterprises, and technology firms, allowing the attackers to spy on business activities and potentially steal valuable corporate and technology secrets. The breach not only exposed vast amounts of sensitive information but also revealed vulnerabilities in the software supply chain.

The Strategic Use of Cyber Proxies

These high-profile incidents raise important questions about why states choose to use proxy hackers for such operations. Academic researchers who have wrestled with this question suggest that states often use cyber proxies because it allows them to leverage specialized skills, expertise, tools, and capabilities that the proxies have but which might be missing from state intelligence agencies or are prohibitively expensive to develop in-house. The activities of cyber proxies tend to fall in the gray areas of international law and politics, which makes them very appealing to states that want to reap the benefits of the proxy’s activities while avoiding responsibility if the activities are discovered. 

For instance, despite suspicions and probable cause, the lack of concrete, publicly-disclosed evidence explicitly linking China and Russia to the Cloud Hopper and SolarWinds operations respectively allowed them to deny involvement, thereby avoiding international sanctions, retaliatory cyberattacks, and other diplomatic consequences. Even when criminal indictments are issued for cyber espionage operations, they typically target individual hackers or the organizations directly involved, rather than the states that sponsor them. This separation enables the state sponsors to maintain a façade of non-involvement and continue their cyber operations under the veil of secrecy.

Proxies also serve another very important function: they can help states hide their true cyber capabilities from their adversaries. Even if state intelligence agencies have the necessary tools, capabilities, and personnel to successfully execute a cyber operation, it might still be beneficial to use cyber proxies so that adversaries do not become aware of these capabilities. 

This is an important benefit for states that wish to maintain strategic ambiguity in cyberspace as norms in the cyber realm continue to develop. For example, Fancy Bear—a cyber proxy affiliated with Russian military intelligence (GRU) that uses sophisticated tactics and techniques—has been concretely linked to the hacking of the Democratic National Committee (DNC) during the 2016 US presidential election. However, direct attribution to the GRU remains circumstantial rather than definitive. This potentially allows the GRU to mask its true cyber capabilities.

How States Manage Their Cyber Proxies

States employ a variety of models in their relations with their cyber proxies. For example, the United States uses nontraditional cyber proxies such as defense contractors and security companies like Lockheed Martin and BAE Systems, whose software products, personnel, and services are often employed in the infiltration, degradation, or destruction of adversary computer systems. It maintains a close relationship with these proxies, allowing for strict oversight and control over their targeting choices and operational techniques. Conversely, countries like Iran and Syria tend to maintain more operational distance from their proxies, offering material and ideological backing in exchange for the proxies’ commitment to targeting designated firms, political foes, and other entities. 

Russia maintains an even larger separation from its proxies, often refraining from direct guidance and allowing them free rein regarding targets and methods. In many cases, the only link between the proxy and Russian authorities is that they willingly turn a blind eye to the activities of the proxy despite having the capacity to crack down. This raises the intriguing possibility that some of these hacker groups may be acting as proxies of the Russian state without even being aware of it.

Putin and senior Kremlin officials frequently express admiration for these “patriotic” hackers while denying any knowledge of their activities. Putin has asserted that “Hackers are free people, like artists … ” so if they are patriotically minded will “ … do what they see as their part to fight Russia’s enemies.” In this way, the Russian government can deny knowledge of these proxies while reaping the benefits of their activities without admitting the involvement of government agencies.

Traditional Intelligence vs Economic Espionage

Regardless of whether states use government agents or proxy hackers for cyber operations, the logic that once guided traditional espionage—where information flowed from those who had it to those who needed it—does not appear to apply when it comes to economic espionage. In a recently published research paper, I show that contrary to earlier beliefs, countries with similar economic structures and technological capabilities are more likely to engage in economic espionage against each other (as opposed to those with dissimilar structures and capabilities). The reason? The stolen information is more applicable and immediately beneficial to the perpetrator. For example, it is of little use to steal technology to manufacture solar panels if you do not have factories and a technically capable workforce that can profitably leverage that information.

By focusing on rivals with similar economic structures and technological capabilities, perpetrators can refine their competitive strategies and enhance their own industrial and technological bases. Importantly, this strategy is less about filling gaps in knowledge and more about advancing in an already closely contested field. This dynamic has a profound policy implication for the likely future of interstate conflict: as states continue to develop and closely guard their technological innovations, the arena of interstate rivalry is likely to shift increasingly towards more covert forms of conflict. 

This evolution suggests that except in a few instances, traditional forms of diplomacy and military confrontation may give way to an irregular warfare landscape where subterfuge and indirect aggression increasingly become the norm. In particular, states with similar economic and technological capabilities will increasingly find themselves not only competitors in the global marketplace but also clandestine rivals in a continuous struggle for technological supremacy. This scenario necessitates a reevaluation of national security strategies to prioritize cybersecurity and intelligence in anticipation of these less overt, but equally impactful forms of conflict.

In addition, diplomatic relations will likely become more complicated, as states may publicly adhere to norms of peaceful coexistence and cooperation while privately engaging in aggressive cyber operations. This combination of open cooperation with covert aggressive cyber tactics can strain international trust and cooperation, potentially leading to a more fragmented international system where states are increasingly wary of their counterparts’ intentions.

Confronting Economic Espionage and the Use of Cyber Proxies

If the United States is to respond effectively to the emerging risk posed by the use of state-sponsored cyber proxies, it needs a better understanding of how to mitigate their use and activities. In a research paper, I gathered new data on over 100 hacker groups around the world and their state sponsors to examine which accountability mechanisms are effective in mitigating the use of cyber proxies. My research indicates that the use of proxies is rare in states that have robust domestic accountability mechanisms. This is particularly true in countries where citizens can hold their elected leaders accountable for actions carried out by cyber proxies through vertical accountability mechanisms such as elections and other democratic practices. In contrast, trying to curb the use of cyber proxies using horizontal accountability mechanisms such as congressional and regulatory oversight bodies is significantly less effective. 

These insights have important policy implications aimed at addressing the issue of cyber proxies. Firstly, they suggest that pressure from citizens and civil society organizations could be effective in reducing reliance on cyber proxies in countries where vertical accountability structures are effective. One practical way to implement this is to increase the number of attributions of cyber operations to proxies and their state sponsors. The act of attributing cyber attacks to state sponsors, even when the evidence is not concrete, could prompt pressure from citizens and civil society groups for governments to desist from such operations, potentially deterring future attacks. 

Additionally, my findings imply that reliance on policies that predominantly aim to combat the use of cyber proxies through regulatory and other state oversight mechanisms are ineffective. For instance, despite numerous international agreements aimed at curbing state-sponsored cyber activities like the 2015 agreement between the United States and China to refrain from cyber-enabled theft of intellectual property for commercial advantages, activities attributed to Chinese state-sponsored actors have continued unabated.

With regard to economic espionage, my research holds important lessons for US national cybersecurity policy. For example, the current US National Cyber Strategy emphasizes building a resilient cyber infrastructure, deterring adversaries, and promoting American prosperity by fostering a secure cyberspace that supports US national interests and economic growth. While the strategy recognizes the importance of international cooperation, it primarily focuses on deterring adversarial actions through strength. It does not sufficiently capitalize on the important finding that the primary economic espionage threats are likely to come from nations with similar technological advancements and economic profiles. This includes perennial rivals China and Russia but also allies like France, Germany, and Britain. Given the tendency for similar economies to target each other in economic espionage activities, the US could refine its strategy by fostering deeper, more targeted intelligence-sharing partnerships with countries that are at similar levels of technological and economic development.

As technological advancements reshape the contours of international relations, understanding the strategic calculations that drive states to engage in cyber economic espionage and to use proxies is increasingly crucial. This is important not only to secure states’ economic interests but also to preserve international peace and stability in an increasingly interconnected world.

William Akoto is an Assistant Professor of Global Security in the Department of Foreign Policy & Global Security at American University’s School of International Service. His research is primarily focused on examining how states leverage cyber and other emerging technologies in the pursuit of national security objectives. Details of his past, current, and forthcoming research projects are available on his website at willakoto.com.

The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

June 6, 2024 by Jacob Ware, Sam Rosenberg

https://irregularwarfare.org/articles/d-days-bodyguard-of-lies-intelligence-and-deception-in-normandy/

The heroes who stormed the beaches of Normandy on June 6, 1944, eighty years ago today, faced a rainstorm of gunfire as they disembarked from their landing crafts. Over 4,000 lost their lives in the initial landings, which nevertheless succeeded in establishing an Allied beachhead in Adolf Hitler’s Atlantic Wall.

The toll could have been even worse had safer passage not been ensured by a secretive army of spies and decoys that, beginning in 1943, wove an elaborate deception to convince their Axis adversaries that the landing would be later and further north. In the words of Winston Churchill, the front-line soldiers were protected by a “Bodyguard of Lies” that carefully protected the true location and intentions of the landings at five beaches in Normandy.

The D-Day deception operation stands as a powerful example of the essential blend of irregular warfare methods with conventional tactics. As we witness brutal combat in Ukraine and anticipate potential future conflict in the Indo-Pacific, the lessons from June 1944 are more pertinent than ever. Integrating tactical and strategic deception to support traditional warfare, involving civilians alongside the military, and the critical importance of avoiding large-scale conventional war due to its immense costs are lessons that continue to resonate today. 

The D-Day Deception

As the Second World War approached its turning point, an inevitable Allied assault on occupied Europe, Allied leaders gathered at Tehran to devise their strategy. The odds appeared against them: despite Germany’s forces being spread thin across 2,600 kilometers of Atlantic coastline, the Axis held a force advantage, outmanning the landing force in France by an estimated 60 divisions to 37. Cunning and misdirection would need to complement the brute force of men and armor that would be hurled against Hitler’s European fortress. In the words of Jon Latimer, “Deception would play a crucial role in producing a ratio of forces necessary for Allied victory in the battle of the build-up and permitting a break-out.”

Operation Bodyguard was established in 1943 as the overall deception strategy to mislead the German High Command about the timing and location of the inevitable Allied invasion of Europe. Under this overarching plan, the main thrust was Operation Fortitude, which was itself divided into two smaller campaigns: Fortitude North, which would feint at Norway, and Fortitude South, which promised an attack at the Pas-de-Calais in northern France. Fortitude combined both physical deception and signals intelligence to construct the ruse. For example, the Allies invented out of thin air the United States First Army Group, commanded by General Patton, and mustered the paper command in southeast England, supporting the idea that the invasion would strike directly across the English Channel at Calais. Dummy inflatable military hardware was spread across the area, hoping to attract spy planes, while the infamous Ghost Army created fake shoulder patches to accompany and announce the arrival of the phantom units.

The deception was furthered by British intelligence’s exemplary Double Cross system, masterfully recounted in Ben MacIntyre’s Double Cross: The True Story of the D-Day Spies. By 1944, British counterintelligence confidently believed it controlled every German spy in the United Kingdom. Fortitude put this network of double agents to work, steadily feeding handlers in Berlin a diet of false reports that contributed to incorrect beliefs about the Allied order of battle. In one case, double agents “Mutt” and “Jeff” transmitted false reports about a fictitious British Army amassing in Scotland to join the Soviets in an invasion of Norway. The trick worked, with Hitler sending one of his divisions to Scandinavia just weeks before D-Day. The intelligence network was so extensive that stories still emerge today—like the women codebreakers stationed at the US Foreign Service Institute, who stole Japanese diplomatic messages describing German defenses on the French coast, further contributing to the deception’s success. 

The deception plans were joint operations involving multiple branches of the Allies’ armed forces. Operation Glimmer, Taxable, and Big Drum formed the naval component of Operation Bodyguard. Like Fortitude South and the Double Cross system, these efforts aimed to deceive the German forces about the invasion beaches in France. Small fleets, equipped with radar-reflecting balloons and devices simulating large convoys, maneuvered off Cap d’Antifer and Pas-de-Calais to create the illusion of impending naval assaults northeast of Normandy. Confused by the feint, the Germans in Calais reported an invasion fleet and even sent airplanes to investigate. 

Civilians also played a significant role in Allied deception and intelligence operations. By 1944, the French Resistance numbered an estimated 500,000 members in many different groups, most of whom came under the umbrella of the French Forces of the Interior (FFI). Operating in small groups called Maquis, resistance fighters engaged in sabotage, targeting Nazi supply routes and reinforcements. The FFI’s intelligence-gathering efforts also provided the Allies with invaluable information about German troop movements and fortifications, directly supporting the impending landings. In one case, as recounted in Cornelius Ryan’s classic The Longest Day, an FFI sector chief identified an artillery piece sited for Utah Beach and managed to transmit a message to London about the potential threat. On the morning of D-Day, he was overjoyed when an Allied destroyer arrived off the coast and blasted the artillery piece with a precise bombardment. “They got the message!” he cried. 

The Maquis’ coordinated closely with Allied strategy. On June 5, the BBC broadcasted coded messages to alert the French Resistance about the imminent invasion, setting off plans to sabotage railways (the Green Plan), main roads (the Tortoise Plan), and telecommunication networks (the Purple Plan), along with launching guerilla attacks against German troops. More than 90 three-man Jedburgh teams, comprising American, British, and Free French operatives, parachuted into France throughout 1944 to facilitate this coordination on the ground. The first team, codenamed “Hugh” dropped in on the evening of 5/6 June and linked up with the head of the resistance in the Indre area, near Châteauroux. In June and July, the “Jeds” helped disrupt German communications in Normandy. By August, teams worked with the British Special Air Service in Brittany, orchestrating guerrilla attacks and providing intelligence that hastened the Allied advance. These Jedburgh teams, the forerunners of modern special operations forces, provided leadership, training, and communications support, amplifying the impact of the Resistance’s efforts. 

Once the invasion began, the Allies relied on tactical deception to further confuse the German defenders. As part of Operation Titanic, another subcomponent of Operation Bodyguard, the British Royal Air Force and Special Air Service dropped hundreds of dummy parachutists far from the actual landing areas in Normandy. Known as “Ruperts” to the British and “Oscars” to the Americans, these decoys were equipped with noise makers and explosives to simulate an actual airborne assault. British commandos even jumped with some of the dummies and played recordings of gunfire and men shouting to sell the ruse further. The plan had the intended effect, with the Germans sending a division reserve away from Omaha and Gold beaches and the 101st drop zones to search for the suspected paratroopers. When members of the German 7th Army discovered the dummies, General Hans Speidel ordered a decreased level of alert for his soldiers, leaving them less prepared for the actual invasion.

Perhaps the most challenging—and, in turn, impressive—aspect was that the deception could not end when the invasion began. It had to continue, convincing the enemy the true invasion was, in fact, a feint and the initial (deceptive) intelligence remained accurate. Three days after the invasion, Spaniard Juan Pujol García (Agent Garbo) transmitted to his handlers that most companies had stayed behind in England, expanding upon the lie that the main thrust of the assault would cross the Strait of Dover and hit Calais. The Ultra intercepts, made possible by the codebreakers at Bletchley Park breaking the Enigma code, offered invaluable proof that the Germans continued to believe the Fortitude ruse instead of the catastrophic and physical evidence that the invasion was already underway. It would take seven weeks for the German High Command to redeploy resources from Calais to Normandy. By then, the Allied beachhead was secure. Germany’s delay was the ultimate success of Operation Bodyguard. If the element of surprise is essential in war, then the ability to maintain and even extend the element of surprise is perhaps the most impressive triumph. 

Although debates endure about the importance of Bodyguard and Fortitude, largely over skepticism that the inflatable hardware was ever actually seen and insistence that German espionage incompetence was the ultimate culprit, there is little doubt that the deception at least contributed to the tremendous success of the D-Day landings. In the immediate aftermath of Fortitude, the German High Command awarded (Double) Agent Garbo the Iron Cross for his efforts. If nothing else, as Lt. Jason Carminati writes, “Although the Nazi regime had unique institutions that contributed to the operation’s success, the Allies’ planning and execution of various deception techniques were more impactful to the success at Normandy because German weaknesses were discovered and exploited.”

Deception Today and Tomorrow

Deception, of course, remains an integral part of warfare, deployed by both friends and foes. During the first months of Russia’s full-scale invasion of Ukraine, echoing the Rupert dolls of World War II, Ukrainian defenders employed mannequins from local stores to confuse Russian forces. Drone footage captured Russians wasting valuable artillery on a trench system manned only by these decoys. As the war progressed, Kyiv expanded its deception efforts, with civilian companies like Inflatech and Metinvest creating realistic decoys of Ukrainian weapons and vehicles, complete with multispectral signatures, causing further Russian munitions to be squandered on fake targets. 

When preparing for the initial counteroffensive in Kharkiv in September 2022, Kyiv aimed to convince its adversaries that the counteroffensive would target Kherson in the south. Using media leaks, encouraging popular resistance as “shaping” operations, and amassing troops in the south, Ukrainian military planners succeeded in drawing Russian forces to defend Kherson, leaving the Kharkiv salient largely unprotected. The eventual offensive shattered Russian lines, liberating some 12,000 square kilometers, including the strategic crossroads at Izium. (Impressively, Ukrainian forces also liberated Kherson two months later.) 

In contrast, the failed Ukrainian offensive in the summer of 2023 highlighted the challenges of deception. The Ukrainian military failed to mislead Moscow about their intention to penetrate Russian lines protecting Melitopol and the Azov coast. Despite shaping operations along the Russian defensive line, particularly in Bakhmut, the Ukrainian government’s insistence in early June that “Plans love silence” and warnings against rumors did not materially weaken the entrenched Russian defenses.

Just as the French Resistance played a central role in the success of D-Day through deception and intelligence operations, Ukrainian citizens have become crucial to their country’s current conflict. Early in the war, the Territorial Defense Forces, made up of citizen volunteers, were instrumental in repelling the initial Russian assault on Kyiv. As the war progressed, Ukrainian civilians took on various wartime responsibilities, from raising funds for the Ministry of Defense to crowdsourcing military gear and weapons to developing targeting and intelligence for the armed forces. Remarkably, the Ukrainian government even launched an app, Diia, allowing citizens to report on Russian troop movements and defenses directly.  

Deception can also be deployed at the strategic level and is often weaponized by non-state actors. Just four months before Hamas’s October 7 Einsatzgruppen-like thunder run across the Gaza border, a former Knesset member had written that Hamas and Israel enjoyed a “strategic détente” and that “Hamas doesn’t seem to be eager to change the existing equation in order to challenge Israel.” Hamas’s strategic deception contributed to the total failure of the Israel Defense Forces to protect the borderlands near the Gaza strip—they were unable to access many of the kibbutzim until hours after the initial attack. After the fact, deception can reveal not just cunning and secrecy on the part of the deceiver but also complacency and ineptitude among the deceived.

However, the lessons for modern warfare might apply even more strongly to strategic competition. As the US escalates its saber-rattling with China, it fences with an enemy that makes deception a core concept of its strategy, using tactics such as decoy targets and disguising military equipment as civilian vehicles to mislead adversaries and protect assets.  Beijing even employs local militia forces to provide camouflage support for important potential targets.  And yet, ironically, “American dominance in conventional warfare has contributed to perceptions that deception is unnecessary, or is a technique for weaker powers,” as Fabian Villalobos and Scott Savitz observe. “But successful deception activities enhance force protection, preserve combat power, and add complexity for the adversary—facts that are often underappreciated.”

D-Day stands as a stark reminder of the cost of traditional warfare and the importance of avoiding it whenever possible. As the US inevitably ramps up its industrial capability to prepare for total warfare with China, it should also pay equal attention to the range of irregular capabilities—from espionage and intelligence to information warfare and cyberoperations—that will better prepare it to deceive and avoid being deceived by the enemy. As Seth Jones writes in Three Dangerous Men, “Chinese military strategy generally aims to avoid a conventional war. China’s goal is to weaken and surpass the United States without fighting.” 

US success in the coming years will not be defined by victories in conventional military battles with China, Russia, or any other adversary but by avoiding such confrontations through cunning, creativity, and deception.

 

Correction (June 7, 2024): In the article, it was previously stated that more than 90 three-man Jedburgh teams parachuted into France on the night of June 5/6. The correct information is that these teams parachuted into France throughout 1944. The corrected sentences now read: “More than 90 three-man Jedburgh teams, comprising American, British, and Free French operatives, parachuted into France throughout 1944 to facilitate this coordination on the ground. The first team, codenamed ‘Hugh,’ dropped in on the evening of 5/6 June and linked up with the head of the resistance in the Indre area, near Châteauroux.”

Jacob Ware is a research fellow at the Council on Foreign Relations and an adjunct professor at Georgetown University’s Walsh School of Foreign Service and DeSales University. He is also a visiting fellow at the University of Oslo’s Center for Research on Extremism, and the co-deputy editorial director of the Irregular Warfare Initiative. With Bruce Hoffman, he is the co-author of God, Guns, and Sedition: Far-Right Terrorism in America.

Sam Rosenberg is an Army Strategist preparing for an assignment to US Army Europe and Africa in Wiesbaden, Germany, and the co-deputy editorial director of the Irregular Warfare Initiative. Commissioned as an infantry officer in 2006 from West Point, Sam has served in Iraq, Afghanistan, and Eastern Europe. He holds a master’s degree in Security Studies from Georgetown University and a PhD in Public Policy from the University of Texas at Austin. 

Views expressed in this article solely reflect those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

By Antonio Salinas

 

The Cacti and the Grass: The Collapse of Afghanistan's Security Forces

Antonio Salinas offers a unique perspective on the collapse of the Afghan National Defense Security Forces (ANDSF) following the U.S. withdrawal from Afghanistan. Through his "Cacti and Grass" analogy, Salinas illustrates how the U.S. attempted to cultivate a Western-style security force in an environment fundamentally unsuited for such structures. Drawing from his personal experiences and extensive research, Salinas examines the cultural mismatches, strategic oversights, and socio-political realities that contributed to the ANDSF's rapid disintegration. This insightful analysis not only sheds light on the complexities of the Afghanistan conflict but also offers valuable lessons for future foreign security assistance efforts.

 

Antonio Salinas is an active duty Army lieutenant colonel and PhD student in the Department of History at Georgetown University, where he focuses on the history of climate and conflict. Following his coursework, he will teach at the National Intelligence University. Salinas has twenty-five years of military service in the Marine Corps and the United States Army, where he led soldiers in Afghanistan and Iraq. He is the author of Siren’s Song: The Allure of War and Boot Camp: The Making of a United States Marine.

 

The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

 

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

by Christopher Booth

Editor’s Note I: This article is part of IWI’s Project Maritime, a series exploring the intersection of irregular warfare and the modern maritime dimension. Focusing on current events and their underlying geographical and historical patterns, we aim to contextualize the drivers of conflict in the maritime domain and inspire dialogue on integrated statecraft approaches. We warmly invite your participation and engagement. Please send submissions to Submit An Article with the subject line “Project Maritime Submission.” Follow us @proj_maritime and check out our Project Maritime Look Book.

Editor’s Note II: IWI is pleased to announce Christopher Booth and Walker Mills as the new directors of Project Maritime. Their extensive expertise in irregular warfare, national security, and the maritime domain will significantly enhance our ability to provide unique insights into contemporary maritime challenges. Both Chris and Walker have been non-resident fellows and have written extensively for IWI in the past. We're thrilled to have them join IWI and Project Maritime in leadership roles.

In response to China's growing maritime power and America's naval vulnerabilities, Christoper Booth proposes a controversial solution: reviving privateering. He argues that employing private actors to raid Chinese commerce could provide an asymmetric advantage in a potential long-term conflict, addressing US shipbuilding deficiencies and exploiting China's reliance on maritime trade. Drawing parallels with historical precedents and recent irregular warfare tactics, the essay explores the legal and ethical considerations of privateering while challenging conventional thinking on naval strategy. This provocative proposal aims to spark discussion on innovative approaches to maritime warfare in the 21st century.

About the Author: Christopher D. Booth is a non-resident fellow with the Irregular Warfare Initiative and co-director of Project Maritime. He has more than two decades of experience in national security and international relations, first serving on active duty as an Army armor and cavalry officer. He is a Distinguished Graduate of Command and Staff College–Marine Corps University and graduated from Vanderbilt University Law School and the College of William and Mary.

The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

 

Eroding Global Stability: The Cybersecurity Strategies Of China, Russia, North Korea, And Iran   In recent years, declarations like “no-limits partnership,” “comprehensive agreement,” and “security partnership” between the United States’ adversaries have become increasingly common. On May 16, 2024, Russian President Vladimir Putin and Chinese Communist Party Leader Xi Jinping reaffirmed their comprehensive partnership during their historic 43rd meeting. Since Russia invaded Ukraine on February 24, 2022, Russian-Iranian collaboration has reached new levels, with Iranian drones becoming a familiar site over the battlefields. North Korea too, has upped its cooperation with Russia, working closely on schemes to avoid Western sanctions and even signing a mutual defense pact on June 19, 2024. The extent to which America’s adversaries cooperate on cybersecurity remains less understood but is a growing concern.   However, as unified Western actions against rogue and adversarial states have increased (e.g., sanctions, public shaming, etc.) and hot wars roil Ukraine and Israel, the agreements and cooperation among China, Russia, North Korea, and Iran have similarly grown stronger and more unified. In this context, the cybersecurity strategies of China, Russia, North Korea, and Iran have emerged as significant and irregular threats to global stability, threatening the contemporary geopolitical landscape. Furthermore, each nation has developed sophisticated cyber capabilities designed to asymmetrically attack the international security frameworks established by NATO (North Atlantic Treaty Organization) and Western powers. It is, therefore, important to assess how US adversaries collaborate in cyberspace and are using asymmetric and irregular tactics to undermine the liberal world order.   Strategic Cybersecurity Alliances   State-sponsored malicious cyber actors from China, Russia, North Korea, and Iran increasingly dominate the cyber threat landscape and are driven by geopolitical, economic, and military objectives. Moreover, adversaries develop capabilities for strategic ends, blurring the line between irregular and conventional warfare in cyberspace. Importantly, their efforts are not strictly unilateral, as evidence increasingly points toward formal and informal collaboration among rogue states in cyberspace. For example, Chinese and Russian cyber actors have been known to share malware and exploit kits, enabling more sophisticated attacks. Additionally, joint operations, like coordinated disinformation campaigns, have been observed, highlighting our adversaries’ willingness to coordinate influence operations.   Furthermore, China, Russia, North Korea, and Iran also leverage emerging technologies, like artificial intelligence (AI) and generative AI, to enhance their cyber capabilities. Disruptive technologies can enhance already sophisticated cyber operations and allow for automated attacks, deep-fakes, and advanced social engineering tactics. AI in cyber operations poses new challenges for cybersecurity defenders as it increases the complexity, scale, and pace of potential attacks. How these nations use cyber capabilities, and leverage asymmetric advantages for strategic ends, underscores the need for greater international cooperation and more robust policy coordination to counter these irregular threats.   People’s Republic of China   China's journey toward becoming a cyber power began in the early 2000s. At the helm is the Central Commission for Cybersecurity and Informatization (CCCI), chaired by President Xi Jinping, as well as the Ministry of State Security, the Ministry of Public Security, and the Cyberspace Administration of China. The “Great Firewall of China” exemplifies China’s commitment to information control, both domestically and internationally, and allows government control over the internet and information. By limiting domestic information access, the government controls the population’s understanding of other nations and restricts external access to Chinese-focused content, sites, etc.   A key component of China's cyber strategy is the concept of military-civil fusion, which encourages collaboration between the private sector and military and integrates resources. The fusion is evident in the activities of major Chinese tech firms like Huawei, Alibaba, and Tencent, which play significant roles in advancing China's cyber ambitions and provide irregular approaches to securing technological control over an increasing percentage of the world’s telecommunications and digital infrastructure outside China.   China's cyber strategy is also characterized by its use of state-sponsored hacking groups to conduct widespread and far-reaching cyber espionage and sabotage campaigns. The discovery of Volt Typhoon, a Chinese state-sponsored hacking group, and its activities underscores China's focus on gaining asymmetric advantage over the US and its allies by gaining persistent access to their critical infrastructure. The group uses the unconventional and irregular warfare tactic of “living off the land,” utilizing existing resources in the operating system of the targeted devices and systems rather than introducing new files that could trigger cybersecurity sensors or be more easily detected through forensic analysis. Volt Typhoon's objective appears to be long-term persistence within the target environment, or pre-positioning, giving China the placement and access to conduct future acts of sabotage and disruption.   Russian Federation   Russia's evolution as a cyber power began in the late 1990s and early 2000s and is encapsulated in initiatives like, the Information Security Doctrine of the Russian Federation. Moreover, Russia's cyber strategy is deeply rooted in the concept of political warfare and its understanding of cyberspace as a theater of military operations akin to land, sea, air, and space. However, political warfare for Russia includes a cognitive dimension that influences how they leverage cyberspace to achieve political outcomes. Russia’s approach to cyberspace, therefore, differs from the concepts espoused by US and other NATO-aligned nations and is characterized by a decentralized and asymmetric approach to cyber operations.   The Russian government views cyberspace as a critical domain for exerting influence and achieving geopolitical goals and their cyber ecosystem is a complicated tangle of state and non-state actors. The Federal Security Service, the Foreign Intelligence Service, and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation all have cyber units that conduct operations domestically and internationally. These agencies also recruit cybercriminals to carry out operations on their behalf, providing them with legal protection and resources in exchange for their services.   A key component of Russia's cyber strategy is the concept of information confrontation, an approach that integrates cyber operations, psychological operations, electronic warfare, and traditional military operations to achieve strategic objectives. Russia has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. For instance, Russian cyber actors have been implicated in attacks on US election systems, energy grid, water systems, and other critical sectors. The operations are designed to foster instability, leveraging cyber operations, cyber espionage, influence campaigns, and other asymmetric tactics as force multipliers in geopolitical conflicts.   Furthermore, Russia has a long history of integrating cyber operations into its broader military strategy, relying on cyber capabilities during conflicts, like its ongoing invasion of Ukraine. The integration of cyber operations into Russia's broader political warfare framework, reminiscent of Soviet-era "active measures," further complicates attribution and response measures. Importantly, Russia’s approach to leveraging cyber operations and capabilities to disrupt critical infrastructure, spread disinformation, and conduct espionage underscores its asymmetric and irregular approach to confrontation with Western powers.   Democratic People’s Republic of Korea   North Korea's growth as a cyber power also began in the early 2000s and is largely focused on leveraging its cyber capabilities to circumvent economic sanctions and finance its regime through illicit means. Directing North Korea’s cyber activity is its Reconnaissance General Bureau, with “Bureau 121” being responsible for conducting cyber espionage, financial theft, and disruptive cyberattacks. However, North Korea’s cyber capabilities are divided among several units, including the now-infamous Lazarus Group, Kimsuky, and APT37, known for their sophisticated cyber operations.   North Korea's cyber strategy seeks to develop defensive and offensive capabilities. On the defensive side, North Korea has invested heavily in protecting its critical infrastructure and sensitive data from cyberattacks. On the offensive side, North Korea has developed various capabilities to conduct cyber espionage, disinformation campaigns, and disruptive cyberattacks.   North Korea has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. One of the most notable North Korean cyber operations is the 2014 Sony Pictures hack but the most significant is likely the 2017 WannaCry ransomware. WannaCry ransomware infected more than 200,000 computers in over 150 countries, causing widespread disruption by encrypting files on infected computers and demanding ransom payments in cryptocurrency. The attack is an example of North Korea's ability to conduct large-scale disruptive cyber operations and the regime's willingness to engage in asymmetric and irregular attacks to fund its government.   Islamic Republic of Iran   Iran's cyber proliferation began after the Stuxnet attack in 2010, an attack that targeted Iran’s nuclear enrichment facilities. Stuxnet highlighted the vulnerability of Iran’s critical infrastructure to foreign intervention and pushed the regime to invest heavily in developing cyber capabilities. As a result, Iran's cyber strategy has been focused on retaliatory cyber capabilities and driven by its perception that it is engaged in an ongoing conflict with the West over its nuclear program and other geopolitical issues. Unlike China and Russia, which primarily engage in cyber espionage, or North Korea, which engages in cybercrime and theft, Iran’s regime views cyber operations as a means of retaliating against sanctions and other forms of pressure from the international community.   Similar to North Korea, Iran's cyber strategy focuses on the development of defensive and offensive capabilities. On the defensive side, Iran has invested in protecting its critical infrastructure and sensitive data from cyberattacks and crafted defensive cyber doctrine to guide how the regime repels and mitigates cyberattacks against Iran. Offensively, Iran has developed various capabilities to conduct cyber espionage, disinformation campaigns, and disruptive cyberattacks.   Iran’s focus on retaliatory capabilities makes them a particularly volatile cyber actor, that is willing and able to launch disruptive attacks with little warning. For example, a significant Iranian cyber operation was Operation Ababil, which disrupted services at US financial institutions through a series of distributed denial-of-service attacks between 2011 and 2013. The Iranian hacking collective, Izz ad-Din al-Qassam Cyber Fighters, carried out the attacks and is believed to be state-sponsored. The operation was designed to impact major US banks and is understood as the regime’s retaliation against economic sanctions.   To date, Iran has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. The Shamoon attack, which targeted Saudi Aramco in 2012, is among the most notable Iranian cyber operations. The attack used malware to cause irreparable damage to thousands of computers, rendering them useless by overwriting the master boot record, partition tables, and most files with random data. Shamoon demonstrated Iran's ability to conduct large-scale destructive cyberattacks and highlighted its willingness to use asymmetric attacks to achieve strategic goals.   Implications for Global Security   China's, Russia's, North Korea's, and Iran's collaborative and individual cyber strategies have significant implications for global security. Their activities undermine the stability provided by NATO and Western powers, posing complex, asymmetric, and irregular challenges to international norms and, more broadly, cybersecurity. State-sponsored cyber operations, like state-sponsored terrorism or political violence, are sophisticated attempts to erode trust in digital infrastructure and government or institutional functions by disrupting the integrity, availability or confidentiality of data, services, and other aspects of online and physical security. For example, China's cyber activities, including Volt Typhoon, have heightened tensions with the US, particularly over Taiwan. Similarly, Russian cyber operations have exacerbated conflicts in the former Soviet Bloc nations and strained relations with Western nations.   The cyber collaboration between China, Russia, North Korea, and Iran varies in scope; however, its aim always aligns with political goals that negatively impact the existing rules-based world order. For example, Russia leverages malware to attack Ukraine, which was developed by Scarab, a Chinese government-linked cyber group, and shares techniques on how best to leverage AI for attacking targets and “living off the land” persistence to avoid detection by cyber defenders.   Moreover, the cyber strategies' collaborative and sophisticated characteristics pose significant challenges for cybersecurity defenders. Traditional cybersecurity measures are often insufficient to counter the advanced tactics used by state-sponsored actors. NATO and Western powers must adopt a comprehensive approach that includes enhancing defensive capabilities, leveraging advanced technologies, fostering international cooperation, and developing offensive cyber strategies to effectively counter these threats. By doing so, they can safeguard the stability and security that have been our world's cornerstone since World War II's end.   Evan Morgan is the Founder of Cyber Defense Army, a cybersecurity consultancy and services firm that incorporates geopolitical risk in their cybersecurity practices for clients. He is a United States Air Force veteran.   Editor's note: This article is part of Project Cyber, which explores and characterizes the myriad threats facing the United States and its allies in cyberspace, the information environment, and conventional and irregular spaces. Please contact us if you would like to propose an article, podcast, or event environment. We invite you to contribute to the discussion, explore the difficult questions, and help.   The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University's Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.   Capt. Taiwan Veney, cyber warfare operations officer, watches members of the 175th Cyberspace Operations Group in the Hunter's Den at Warfield Air National Guard Base, Middle River, MD, June 3, 2017. (U.S. Air Force photo by J.M. Eddins Jr.)   If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Beijing's Long Game: Gray Zone Tactics in the Pacific

Published July 25th, 2024

By Brandon Tran

“During the progress of hostilities, guerillas gradually develop into orthodox forces that operate in conjunction with other units of the regular army… There can be no doubt that the ultimate result of this will be victory.”

-On Guerilla Warfare, by Mao Zedong

The expulsion of former Chinese defense ministers Li Shangfu and Wei Fenghe from the Chinese Communist Party (CCP) on June 27, 2024, is the latest development in a months-long series of personnel purges in the People’s Liberation Army (PLA). As President Xi Jinping continuously reforms the PLA to make it a “world-class military” capable of achieving the People’s Republic of China’s (PRC) national security objectives, these purges illustrate an underlying tension that stems from competing priorities. Because the PLA is the armed wing of the CCP, Xi Jinping must make tradeoffs in balancing regime loyalty and military competence when selecting PLA officers for senior positions. As a result of this and similar compromises, the PLA remains unprepared for direct confrontation with near-peer adversaries. To address this gap, China will continue leveraging irregular warfare activities to incrementally accomplish its strategic objectives while buying time to achieve the level of conventional force development it desires. This article will evaluate how China’s use of irregular warfare sets the stage for its conventional force development, given the context of the competing requirements for senior PLA officer promotion, the PLA’s guiding principles, and the role of the new defense minister, Dong Jun.

Loyalty and Experience within the CMC

By necessity, Xi Jinping’s selection of senior officials balances political loyalty with operational and command experience. While he favors aggressive and competent commanders capable of realizing his ambitions in the Indo-Pacific, these leaders must remain politically loyal to Xi’s rule. His selections for the Central Military Commission (CMC) in 2022 attest to this. In order of rank, they are Zhang Youxia, He Weidong, Li Shangfu (who has since been removed), Liu Zhenli, Miao Hua, and Zhang Shengmin. Xi’s appointment of senior leaders to the CMC  indicates  an attempt to balance loyalty and experience because many of his selections break precedent. Examples include Zhang Youxia and Liu Zhenli, both promoted despite Zhang being past retirement age and Liu being the youngest in his rank group. These exceptions to policy were made because both Zhang and Liu have combat experience from the Sino-Vietnamese border wars, a rare and valuable quality given that the PLA is largely untested and inexperienced in combat. In other unconventional moves, He Weidong was permitted to skip key career milestones before assuming his position on the CMC. At the same time, Miao Hua transitioned from a long Army career to become the Navy’s political commissar. Indeed, selection to senior leadership positions has also been based on personal connections and previous experience with Xi. He Weidong and Miao Hua worked with Xi back when he was a provincial official in Fujian, and both Zhangs hail from the same region as Xi, claiming membership in his infamous Shaanxi Gang.

Chinese Strategic Concepts

To put Xi’s priorities and the PLA’s irregular military operations into context, it is vital to understand the guiding principles that inform the PLA’s military philosophy. Since its founding, the PRC has adhered to a warfighting philosophy of Active Defense. Under this principle, conflict is believed to exist on a spectrum ranging from peace to kinetic war. As a result, the PLA assumes a proactive force posture, constantly assessing potential threats and carrying out activities below the threshold of kinetic war that could create a better geopolitical position for the PRC. Through Active Defense, the PLA would theoretically be able to accomplish its objectives while controlling escalation on the conflict continuum. 

In tandem with Active Defense is the concept of People’s War, incorporating lessons from the past century and a half and forming the backbone of the PLA’s tactics and strategies. From its inception by Mao during the Chinese Civil War to the present day, the idea of People’s War has gone through several revisions, but the crux remains the same. Warfighting proficiency must be pursued through all possible means at the tactical, operational, and strategic levels. The United States understands this in the modern context as being able to field a proficient joint force capable of combined arms and multi-domain operations.

However, due to having to include party loyalty as a prerequisite for promotion, the PLA suffers from an acute “Big Army Mentality” that prevents the realization of an effective joint force. Consider the service component composition of the 2022 CMC. Four of these officials are PLA Army officers, a Navy officer, and a Rocket Force officer, with no Air Force representation in the CMC. Because of the pervasive attitude in the PLA that favors the dominance of land forces, the PLA has struggled to integrate its different services, preventing it from executing seamless multi-domain operations in both war and peacetime. Wargames conducted by Chinese military leaders have shown that the PLA is not yet ready to face near-peer adversaries in conventional warfare. PLA publications and training orders frequently acknowledge these shortcomings, using phrases like the “Five Incapables,” “Two Incompatibles,” and “Three Whethers” to describe issues of inflexibility, poor training performance, and a general lack of readiness.

As a result of these weaknesses, and despite the PLA’s many modernization initiatives in recent years, the PLA still favors asymmetrical approaches and remains hesitant to embrace large-scale combat operations fully. This is best explained by the Chinese military concept of shi (勢), rendered in English as a “strategic configuration of power.” Under this framework, one’s military assets are arrayed to create an advantageous situation and physical power is applied at that particular moment to achieve victory. Returning to Active Defense and People’s War, shi (勢), when applied, would craft an unassailable position for the PLA and enable it to maximize its resources if conflict escalates to kinetic war. The PLA employs irregular tactics to create favorable geopolitical and battlefield conditions to achieve this objective, maximizing China’s strengths and neutralizing enemy advantages before conflict begins.

Irregular Warfare Activities

As military reforms continue, China will likely employ unconventional methods to achieve immediate security objectives. Recognizing its forces are not yet war-ready, China keeps tensions below the threshold for war through gray zone activities. The PLA uses warfighting, military deterrence, and military operations other than war to build capabilities and gather information, aiming to discourage adversaries or decisively defeat them if conflict arises. These activities are expected to intensify once military reforms and modernization are complete.

This strategy is already on display in the South China Sea. There, China optimizes anti-access and area-denial capabilities to prevent any significant and sustained challenge to Beijing’s territorial claims, all while remaining under the threshold for kinetic conflict. Components of this strategy consist of technological development, legal warfare, and expansion of China’s presence through manufactured islands.

Technological development in key areas of the maritime domain is intended to negate the West's advantages of firepower and experience to ensure Beijing’s dominance over other Southeast Asian states in the South China Sea. Legal warfare limits the range of potential responses to China’s actions by its adversaries yet still achieves PRC interests. Expanding China’s presence in the adjacent seas through conventional troop deployment and unconventional state entities ensures the persistence of Chinese influence. It enables China to continue its regional operations without escalating to war. All these activities require significant planning and expertise to function as intended and synchronize with other PLA activities, thus necessitating leadership with joint experience and knowledge.

The PRC bolsters its sea claims through conventional and unconventional means. Troop deployments and exercises, as well as the construction of artificial islands and commercial sea vessels, ensure a continuous Chinese presence that is hard for other maritime states to displace. These artificial islands provide strategic bases for sustainment and defense, which are crucial for sectoral control in naval warfare. Coupled with advances in military technology, this enables China to project its reach beyond the First Island Chain, effectively limiting the entry of other navies into the area.

The China Coast Guard (CCG) and the Maritime Militia are key in these irregular activities. Their vast number of assets and plausible deniability, under the guise of internal security, offer significant advantages. CCG and Maritime Militia vessels often target other ships with non-lethal means, preventing competing states from establishing a sustained maritime presence in the South China Sea while minimizing the risk of military escalation. The PRC frequently obstructs and evades attempts to enforce international law about maritime practices. This enables China to act with impunity in the South China Sea and provides the PRC the time and space to consolidate its claims within the Nine Dash Line. Again, these gray zone activities require considerable expertise and experience to avoid escalating tensions beyond China’s readiness.

The New Defense Minister

Further evidence that the PLA will continue to execute gray zone activities can be found in the appointment of the new Minister of Defense. On December 29, 2023, China announced the appointment of the PLA Navy (PLAN) commander Dong Jun as its new defense minister. Dong Jun previously served as the deputy commander of the East Sea Fleet, responsible for Taiwan Strait maritime issues and disputed islands in the East China Sea. After that, Dong was deputy commander of the Southern Theater Command, which oversees operations in the contested South China Sea. His operational experience in these strategically vital theater commands handling China’s most salient national security interests already makes him a desired candidate for promotion by conventional force standards alone.  Dong Jun also has extensive experience conducting gray zone activities because such operations are largely carried out by the PLA Navy and conducted in the Eastern and Southern Theater Commands’ areas of responsibility.

Also of note is the fact that Dong Jun is not sanctioned by the United States, unlike his predecessor, which suggests that he will be able to serve China effectively in military diplomacy. Dong’s recent engagements with US Secretary of Defense Lloyd Austin illustrate the role he is stepping into. These are the first of such meetings in over two years and reflect attempts to ease tensions between the two countries. Thus, Dong Jun’s promotion facilitates diplomatic engagement and enables China the time and space to develop conventional military capabilities and bring China’s military power to the immediate forefront. Military diplomacy reduces threat perceptions, preventing escalation along the continuum of conflict and enabling China to continue its activities in repositioning and improving the PLA.

Conclusion

Since the PLA is not ready for a direct confrontation, China will continue to bide its time and leverage gray zone activities to achieve its interests while preparing the PLA to be able to counterbalance any potential near-peer adversary. To this end, we should expect to see increased use of irregular warfare, coercion, and pressure in the maritime domain from the China Coast Guard and Maritime Militia, especially given the elevation of Admiral Dong Jun to the position of defense minister. With these developments, the PLA will step closer to towards its goal of being able to execute unified multi-domain operations. The United States and its partners must also prepare for the future challenges to come. 

Brandon Tran is a cadet at the United States Military Academy at West Point. He is majoring in International Affairs and Chinese.

The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.