Recent events show that it has become a major and growing challenge for the Alliance in an era increasingly dominated by hybrid warfare.
The term hybrid threat refers to an action conducted by state or non-state actors, whose goal is to undermine or harm a target by combining overt and covert military and non-military means. Hybrid threats combine disinformation, cyber attacks, economic pressure, deployment of irregular armed groups, and use of regular forces, often over a sustained period of time and in conjunction with one another.
Hybrid warfare is roughly defined as ‘grey area’ warfare, which often exists just beneath the threshold of armed conflict. It is designed to erode public confidence in civil society and democratic foundations, primarily through cyber attacks on critical infrastructure, including energy, or targeted disinformation methods. In this regard, it poses a potential threat to sovereignty, as it gives nations, terrorist organisations and criminal actors relative anonymity via a low-cost, high-yield method to influence the politics and policies of other states.
Russia is one of the most active perpetrators of hybrid warfare and implemented it most effectively in its 2014 illegal annexation of Crimea. The Kremlin continues to use it today, notably in some countries to realise desired political outcomes such as undermining pro-Western governments, dividing and weakening the NATO Alliance, or advancing its own economic interests. China too has recently engaged in cyber attacks and disinformation campaigns aimed at NATO Allies and poses a grave risk to critical infrastructure, including energy infrastructure, as highlighted in the recent NATO 2030 experts’ report.
Ultimately, hybrid warfare challenges to the energy sector have the potential to disrupt the NATO’s political and military effectiveness and cohesion. It will take time and effort to counter these threats, if the Alliance is to address dependencies among its members and act as a platform to build a common picture of complex operational risk and vulnerabilities.
Energy sector increasingly targeted
The use of hybrid warfare is growing. The past decade has seen a dramatic increase in hybrid threats worldwide: from cyber attacks to disinformation campaigns to covert military operations. Threats are becoming more frequent, complex, destructive and coercive. The broader economic and security ramifications of hybrid warfare are evident, especially when applied to the energy sector.
Russia has deployed a range of hybrid threats against the energy assets, policies or supplies of NATO Allies, as well as other countries. It has used political and economic leverage, combined with disinformation campaigns, against Bulgaria and Romania to undermine efforts to reduce their dependence on Russian energy sources. Supply disruptions have been used in the past as well, most famously in the case of Ukraine in 2009, the Baltic states before that and, more recently, against Bulgaria.
Russia has also used its economic clout, combined with political influence, to advance its energy agenda, in Hungary, where the expansion of the Paks Nuclear Power Plant is now underway using Russian energy technology. Likewise, in Germany, Russia has used its commercial and political ties, as well as other suspected malign influence, to advance the controversial €12 billion Nord Stream II pipeline, now nearing completion. Moreover, in 2020, a suspected Russian group, Berserk Bear APT, launched cyber attacks against German energy companies, and has been implicated in previous cyber attacks against German utilities in 2018.
Russian-backed cyber attacks against energy assets have also been identified in a number of other Alliance members, including Poland, Turkey, the United Kingdom and the United States. In some instances, those cyber campaigns have run concurrent with other hybrid threats against energy assets, like malign influence efforts and natural gas supply cutbacks. Taken together, it is clear that – over the past decade and with increasing vigour – Russia has been pursuing a concerted hybrid campaign aimed at undermining the Alliance’s energy security.
Over the same period, among NATO’s partner countries, Russia’s hybrid campaign has been most evident in Ukraine, combining supply disruptions, cyber attacks, economic and political influence, and disinformation efforts to undermine the country’s energy security and sow political instability. The most disruptive effort was Russia’s 2009 interruption of natural gas supplies, but the attacks have continued and become increasingly complex and coercive.
A notable example is the December 2015 Black Energy cyber attack on the western Ukrainian power station, which shut down power for nearly a quarter million residents over a six hour period. This was followed, a year later, with a more sophisticated attack on the power grid supplying electricity to the capital, Kyiv, using CrashOverride/Industroyer malware. While of shorter duration and scope than the previous attack, the effort was far more sinister: it was aimed at compromising electrical safety relays, which are used to protect bulk power equipment. Had it not been detected by analysts, the final attack phase could have led to physical destruction of expensive and difficult-to-replace equipment beyond briefly disrupting power supplies.
Beyond the Euro-Atlantic area, Iran and other suspected states are currently waging a complex hybrid campaign against Saudi Arabia’s energy assets. This campaign may be illustrative of the future of hybrid warfare, particularly in the domain of energy security. Through both covert and overt military operations, and the use of proxy forces, Iran has repeatedly disrupted or otherwise struck Saudi energy infrastructure.
The possible collusion of hostile actors in the ongoing Iranian campaign against Saudi Arabia is of particular concern and may have consequences for NATO Allies. Specifically, the 2017 cyber attack on the Petro Rabigh complex, which resulted in a costly shutdown and forensic clean-up of the facility and very nearly resulted in an uncontrolled gas release and explosion. Despite initial speculation that Iran was uniquely responsible for the dangerous Triton malware used in the attack, the United States has since concluded that the malware was developed by Russia and imposed sanctions on the research institution connected with its development. The malware has also been implicated in attacks on energy companies in the United States.
Other suspected measures in Iran’s campaign include two drone strikes by Iran’s Houthi allies on Saudi refineries, covert attacks on two Saudi registered oil tankers in the Persian Gulf and, most recently, attacks on two foreign-flagged tankers at Saudi ports on the Red Sea. Notably, the drone strike on the Saudi Aramco Abqaiq refinery in late 2019, which was claimed by Houthi forces, provided Iran with deniability and helped expose air defence weaknesses in Saudi Arabia.
The risk to NATO and Allies
Allied leaders emphasised the importance of energy security at the NATO Summit in Brussels in 2018: “A stable and reliable energy supply, the diversification of routes, suppliers and energy resources, and the interconnectivity of energy networks are of critical importance and increase our resilience against political and economic pressure. While these issues are primarily the responsibility of national authorities, energy developments can have significant political and security implications for Allies and also affect our partners.”
Critical energy infrastructure present potential targets, which could provide an adversary with tempting advantages such as:
- disrupting the energy supply just when an unfriendly government does something that is likely to draw NATO’s response;
- contributing to service disruptions in civilian infrastructures on which the military depends and which may undermine social cohesion;
- showing their destructive capabilities to intimidate.
Moreover, malicious cyber activity is effective, cheap (for a state) and deniable.
As the world benefits from and increasingly depends on new technologies from the Internet of Things and the Industrial Internet of Things, societies and infrastructure are becoming more vulnerable. In the energy sector, the interconnection of the global energy supply chain provides better efficiencies and economies of scale. However, exposing operational technology to greater access and interconnectivity, also creates innumerable attack vectors. As the global energy infrastructure is expanded, integrated and increasingly dependent on connectivity, we are already witnessing the rise of cyber criminals, often state-supported, deploying malware capable of disrupting energy distribution over an ever-broader area.
The debate about Huawei/5G that has been taking place over the past year illustrates another major concern. If deployed in NATO member states, could Huawei’s communication equipment be penetrated or otherwise compromised by the Chinese government?
Is the hybrid threat beginning to take on a new dimension? Should we now be concerned not just about cyber attacks but about the physical hardware being installed in critical infrastructure, particularly when that hardware is manufactured in potentially hostile countries or could be intercepted and tampered with during shipment to the customer?
Such potential vulnerabilities are also emerging in the energy sector. For example, do newly built power stations in the West include critical components made in China? Do any of the components have exploitable added features and functionalities? Acting on such concerns, in May 2020, the U.S. Administration seized a $3 million Chinese-made transformer on its way to Colorado, fearing that it might be used to compromise the power grid in the United States. Shortly thereafter, the Administration followed up with an executive order barring foreign adversaries from supplying critical components to the grid.
An increasingly networked battlefield, interrelated and fully dependent on the host nation’s energy and communications infrastructure, will provide a host of potential attack vectors from which an adversary could disrupt the flow of liquid fuels or availability of battlefield power.
Even a short-term or intermittent denial of service could impact the ability of NATO forces to move and have devastating effects on operational mission assurance in a collective defence scenario, covered by Article 5 of NATO’s founding treaty. NATO’s 2010 Strategic Concept notes the Alliance must “develop and maintain robust, mobile and deployable conventional forces to carry out both our Article 5 responsibilities and the Alliance’s expeditionary operations, including with the NATO Response Force.” It is precisely these ‘deficiencies in military mobility’ that were highlighted in the May 2020 report by the Center for European Policy Analysis, entitled One Flank, One Threat, One Presence: A Strategy for NATO’s Eastern Flank.
NATO has recognised the threat to energy security and of hybrid warfare. As far back as the Bucharest Summit in 2008, Allies noted NATO’s role in energy security and followed up by opening the NATO Energy Security Centre of Excellence in Vilnius in 2012. More recently, NATO supported the creation of The European Centre of Excellence for Countering Hybrid Threats, which was inaugurated in Helsinki in October 2017.
In 2020, the NATO Science and Technology Board, formally authorised the creation of a research task group to focus on energy security in the era of hybrid warfare. Drawing together more than 80 researchers from over a dozen countries, the task group will analyse the hybrid-energy threat and its impact on NATO’s military preparedness and ability to execute a mission, its members’ infrastructural resilience and ability to participate in a NATO mission, and, ultimately, the coherence of the Alliance.
One of the key aspects of this effort is to provide an Alliance-wide overview of the energy security posture. The research teams will identify vulnerabilities to hybrid-energy warfare in areas such as military operational effectiveness, communications networks, market-based economies, and maintaining vital energy sector services to society and public confidence in their governmental institutions. The research will also seek to provide a range of possible mitigation strategies and countermeasures that NATO and the member states could implement.
Rapid developments in information and communications technologies, and our growing dependency on them, have opened a new domain of warfare, which could potentially adversely impact NATO’s political and military functions. The ubiquity of digital connectivity, the ability to deny involvement in attacks, and the advantages of disrupting critical energy infrastructure by leveraging network-dependent operations have driven the evolution of hybrid warfare. NATO is uniquely positioned to consolidate Allies’ efforts to mitigate these vulnerabilities and to leverage lessons learned in this field. Only through the unity of effort inherent in the Alliance can appropriate levels of interoperability be achieved to detect, deter and recover from potentially devastating hybrid attacks on the broader energy infrastructure.