Accelerating National Security Outcomes in the Gray Zone

OPINION — “[Asymmetric] challenges have two things in common. First, they are, by their nature, long-term, requiring patience over years and across multiple presidencies. Second, they cannot be overcome by military means alone, and they extend well beyond the traditional domain of any single government agency or department. They require our government to operate with unity, agility, and creativity, and will require devoting considerably more resources to non-military instruments of national power.”

(Robert M. Gates, January 2008)

During the Cold War, the national security community had one defining challenge—containing the Soviet Union. After 9/11, attention turned to counterterrorism. Today, the nation faces a vast array of threats. Increasingly, these are “gray zone” activities—coercive or subversive actions below the threshold of armed conflict.

Recent cyber intrusions into U.S. critical infrastructure attributed to People’s Republic of China (PRC) and Russian cyber actors, attempts by Iran and Russia to influence the upcoming U.S. presidential election, and ransomware attacks against U.S. healthcare providers by Russian cyber criminals are leading examples of this dangerous trend.

FBI Director Christopher Wray says the PRC dangerously “combines cyber means with traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression,” but he’s quick to add that “China is not the only adversary we’re up against, Russia, Iran, and North Korea are all determined to use cyber means to take aim at things we all hold sacred—our freedoms, prosperity, and democratic norms.”   

Malign activities in cyber, economic, information, legal, military/security, and space domains all fall under this umbrella. They either violate global norms or exploit normative gaps. They’ve become weapons of choice for U.S. adversaries who often fail to discriminate between civilian and government boundaries and see instead one contiguous target-rich battlespace. These threats undermine democratic institutions, threaten critical infrastructure and economic resources, and subvert international order. They can only be countered by thoughtfully and comprehensively applying all elements of national power in partnership with allies.

---

Sign up for the Cyber Initiatives Group newsletter.  Better results in cyber require better thinking. Sign up for the CIG newsletter today.  

---

More hostility in the shadows

Between now and 2030, the intelligence community (IC) forecasts more frequent, diverse, and damaging acts of coercion and subversion by the PRC, Iran, Russia, and North Korea, according to a July 2024 National Intelligence Estimate (NIE) on conflict in the gray zone. The IC expects more hostile activity as these four governments look to challenge the U.S. and advance their goals while also aiming to avoid direct war. 

Such shadowy campaigns are likely to increase and diversify as new technologies enable them, countervailing norms are eroding or missing entirely, attribution remains challenging, and adversaries consider the campaigns useful. Fundamentally, in the eyes of adversaries, the risks for conducting these activities are low and the benefits are high. The PRC, for instance, has a strategy for annexing Taiwan without fighting.

What’s more, the NIE notes there is a rising risk that adversaries could collaborate more directly on gray zone activities in the future.

Overcoming “unprecedented burdens”

Current challenges are pressure testing the U.S. defense and national security community, partners, allies, and industry like never before. As Director of National Intelligence Avril Haines testified to Congress, the dynamics are creating “unprecedented burdens on the institutions and the relationships that the United States relies on to manage such challenges.”

To be fair, there are examples of successful actions by the U.S. government and foreign partners to contest malign influence operations and disruptive cyberattacks. Successful operations are intelligence driven, may be led by law enforcement, and often include collaboration with foreign partners and commercial providers.

• September 2024 – The FBI and partners dismantled a botnet created by PRC actor Flax Typhoon, denying the PRC access to a vector for malign activity, from espionage to disruptive attacks.
• September 2024 – The Department of State exposed Russian malign influence operations by RT (formerly Russia Today) for engaging in information operations, covert influence, and military procurement.
• March 2024 – The Treasury Department sanctioned individuals and corporations affiliated with PRC actor Volt Typhoon for cyber intrusions into U.S. critical infrastructure.
• January 2024 – The FBI and partners dismantled a botnet used by PRC actor Volt Typhoon to enable intrusions into U.S. critical infrastructure.

But there is a lot more that needs to be done. Recent disruptive cyber threats and malign influence activities are so significant that they require an urgent and decisive whole of-nation response.

---

Watch The World Deciphered, a new weekly talk show from The Cipher Brief with expert commentary on national and global security available exclusively on The Cipher Brief’s YouTube channel. Subscribe today.

---

Next Steps for National Security Leaders

By strengthening U.S. policy, as well as partnerships abroad and with industry, national security leaders can accelerate the speed, scale, persistence, and effectiveness of efforts to counter and diminish the impacts of gray zone activities.

Policy and legislation:

• Elevate the problem: Achieving measurable effects against adversary cyber and malign influence activities requires a whole-of-nation effort. The National Security Council should immediately conduct a comprehensive review of the problem with all relevant stakeholders across the U.S. government, foreign partners, and industry.

• Create unity of effort: Designate a lead U.S. agency responsible for coordinating counter cyber and counter malign influence efforts. Create the appropriate supporting operational activities—for instance, joint interagency task forces (JIATFs) or mission centers. Designate clear roles, responsibilities, and authorities for all supporting efforts.

• Think like a hacker: Defeating these threats requires a deep understanding of the motivations, rewards, tactics, and technology of the adversary. Recruit the best and brightest subject-matter experts from across the citizenry, industry, academia, and the government to help drive innovative solutions.

• Update policy and law: Review and change, update or create relevant policy and law to enable law enforcement, the IC, and defense forces to operate at the speed of the adversary. For instance, are any new legislative authorities needed to expand innovation and accelerate the development and fielding of new acquisition programs designed to counter emerging threats?

Operations:

• Intelligence drives operations: Review and update policies and processes to enable collection, analysis, reporting, and sharing at mission-relevant speed for all-source intelligence across the interagency, foreign allies, partners, and industry.

• Attack the networks: Focus on and defeat the human networks thatform adversarymalign cyber and influence networks. Impose real costs on all elements of the malign cyber and influence supply chain.

• Follow the money: Trace the movement of funds that underpin illicit financial actions supporting malign cyber and influence activities to enable the prosecution or disruption of threat actors.

• Define the outcomes: Establish clear and measurable outcomes to define progress and success. Focus on measures of effect and rapidly adjust as facts and assumptions change.

Geopolitical and industry partnerships:

• Enable and leverage foreign partners: Enable foreign partners with the technology and training to harden their defenses, share intelligence and information, and protect their sovereignty. Draw on more capable foreign partners for intelligence production and technical solutions. Through diplomatic channels, continue to strengthen global norms of behavior.

• Effectively partner with industry: Reduce the barriers to information and intelligence sharing between government and industry. Create streamlined processes to better access technology, trained talent, and thought leadership.

• Improve security and resilience: Incent investments by citizenry, small businesses and critical infrastructure providers to harden networks and data. Develop and deliver education for cybersecurity and countering malign influence.

• Exploit the U.S. technological advantage: Deploy best of breed AI capabilities, zero trust solutions, and quantum-resistant encryption to defeat adversary attacks. Incentive academia and industry to partner with the government on advanced security standards.

Together, the U.S., partners, and industry can chart a clear path for national security through the gray zone.

Booz Allen is focused on accelerating mission outcomes for national security. Learn more here.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. 

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field?  Send it to [email protected] for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief