EXPERT BRIEFING — Polish Prime Minister Donald Tusk announced this week that 32 people have been detained since the start of Moscow’s war with Ukraine for allegedly coordinating with Russia to carry out sabotage in Poland. One person has been convicted, while the others remain in custody awaiting trial.
The suspects include nationals from Poland, Russia, Ukraine, Belarus, and a 27-year-old Colombian man accused of carrying out two arson attacks on construction warehouses in May 2024. Officials with Poland’s Internal Security Agency believe the Colombian suspect acted on instructions from someone linked to Russian intelligence and used a Molotov cocktail to start the fires.
Welcome to the gray zone. As great power competition is intensifying, superpowers are going out of their way not to engage in conflict with other superpowers.
“There's too much potential for devastating losses, and loss in power is too significant and unpredictable,” former senior CIA Officer Dave Pitts told The Cipher Brief during a recent briefing on the issue with other top experts. “Look at what Russia is facing just in its efforts against Ukraine. That means the gray zone is the available space where those countries can work against their adversaries.
What is it?
Pitts describes the gray zone (sometimes referred to as ‘hybrid warfare tactics’) and gray warfare as strategic alternatives to conventional warfare, and according to him and other experts, we should expect to see more gray zone activities that can include cyberattacks, economic coercion, espionage, subversion, sabotage, information warfare, and terrorism. All tactics that fall below the threshold of open conflict but can still be both damaging to and destabilizing to U.S. national security. It’s becoming a favored vector of attack against the U.S. and its allies, according to Pitts, as attribution is often difficult and only getting worse with innovations in technology.
“Gray zone conflict is the dominant form of conflict among nuclear armed great powers,” said Dr. Michael Vickers, who served as the former Under Secretary of Defense for Intelligence at the Department of Defense. “That will likely be true going forward, but under new conditions made possible by new technology. The means available are expanding both quantitatively and qualitatively in that area. And the lines between peace and war are blurring, so it's a real central topic for strategy.”
Experts argue that the gray zone is one of the areas where the U.S. just isn’t ready to compete, putting the U.S. at a significant disadvantage.
“One of the key contexts for Americans to understand is that even though we would say that we are not at war with Russia, Putin believes and is prosecuting a war against the West,” said Beth Sanner, former Deputy Director for National Intelligence at ODNI, who also served as President Donald Trump’s intelligence briefer during his first administration. “This is slightly different than China, which is trying to undermine the system but wants to retain parts of it … but Russia's really attacking and feels that it is at war with the West, and so it is using subversion … and exploiting vulnerabilities in our system in order to undermine and attack that system. What they're doing is effective and cheap.”
“We're not taking the problem seriously enough,” said Dr. Vickers, “When we do recognize it, we're very reactive and mostly defensive…. You have got to start with realizing this is serious business and we're not doing too well.”
“I think it's like going to an AA meeting,” said Sanner during The Cipher Brief’s recent Gray Zone briefing for Subscribers. “We're in step one of Alcoholics Anonymous, we haven't even all admitted we have a problem.”
THE CONTEXT
- The U.S. Intelligence Community’s 2025 Annual Threat Assessment warns that Russia, China, Iran and North Korea are supplementing conventional hard power tactics with asymmetric operations to challenge the U.S. and others in their regions. The assessment warns that these states are pursuing “deliberate campaigns to gain an advantage, while also trying to avoid direct war.”
- Senior British police officials have reported a fivefold increase in hostile state activity by Russia, China and Iran since the 2017 that includes the poisoning of former Russian spy Sergei Skripal in Salisbury. Officials describe an unprecedented rise in “threat-to-life operations” that include attacks and kidnappings, which are often carried out by proxies that can include local criminal groups.
- Germany’s military counterintelligence chief Martina Rosenberg said in an interview with German press agency DPA that Germany has recently seen a “sharp increase in cases of espionage and hybrid measures.” DPA reports a doubling of suspected Russian gray zone operations in the past year alone.
- Some of the more “frontline” actions that now include training on gray zone activities include Taiwan’s annual Han Kuang military exercises, which this year, included simulated cyberattack and misinformation campaigns as part of preparations against a potential Chinese invasion.
- In Europe, officials are warning of hybrid warfare tactics, spurred by increased Russian aggression across the continent following the full-scale invasion of Ukraine.
- Vice Admiral Frank Bradley, President Trump’s nominee to lead Special Operations Command, emphasized at his recent confirmation hearing that gray zone operations are a priority threat.
- Undersea cables in the Baltic Sea have been targeted in recent months. Authorities have accused Russia of sabotage, which Moscow has consistently denied.
- U.S. cyber authorities warn that the “Volt Typhoon” cyber campaign has pre-positioned China-linked hackers in U.S. critical infrastructure to position them to create larger disruptions in a broader conflict.
THE BRIEF
Below is a partial transcript from The Cipher Brief’s Gray Zone Group, a briefing exclusively for Subscriber+Members. The briefing has been lightly edited for length and clarity. The full session, including questions from other experts in the national security community, will be available soon on The Cipher Brief’s YouTube Channel.
Michael Vickers
Dr. Michael Vickers served as Under Secretary of Defense for Intelligence from 2011 to 2015 and as Assistant Secretary of Defense for Special Operations, Low Intensity Conflict, and Interdependent Capabilities from 2007 to 2011. Earlier in his career, he served as an operations officer with the CIA and as a U.S. Army Special Forces officer and operator. Mike is best known as the mastermind of the covert action program that defeated the Soviet Army in Afghanistan and helped bring an end to the Cold War. His exploits against the Soviets in Afghanistan were featured in the book and movie Charlie Wilson’s War. More recently, he played central roles in our campaigns to dismantle and defeat al-Qa’ida and in the operation that killed Usama Bin Ladin. He is the recipient of the presidential national security medal, our nation’s highest award in intelligence. His memoir, By All Means Available: Memoirs of a Life in Intelligence,
Dave Pitts
Pitts is a senior national security executive, board member, and advisor. His background includes great power competition, global affairs, counterterrorism, and special operations. Pitts served as the Assistant Director of CIA for South and Central Asia, Chief of National Resources Division, senior leadership positions in the Counterterrorism Center, and led CIA’s two largest Field Stations. He is a co-founder of The Cipher Brief’s Gray Zone Group.
Beth Sanner
Beth Sanner served in the U.S. Intelligence Community for 35 years holding senior roles at ODNI and CIA. She was former Deputy Director for National Intelligence at ODNI, and served as daily briefer to the president during the Trump Administration.
Austin Branch
Austin Branch is a national security and intelligence senior executive with over 35 years in federal service and private sector. He served in multiple Army Command and Staff positions, including becoming the Army's first Information Operations Officer. Branch also served as OIE Technology & Integration Director and Senior Advisor at Secretary of the Air Force Directorate for Concepts, Development and Management; and in several senior roles in the Office of the Undersecretary of Defense for Intelligence.
The Cipher Brief: How are you thinking about the increase in activities and what concerns does that lead to?
Dr. Vickers: The UK and Germany have both noted the expansion of Russian activity, and it's also become more lethal. During the Cold War, Russian intelligence services focused principally on intelligence. The KGB utilized active measures, mostly propaganda, sometimes some wet affairs (operations that involve assassination or murder). Russia’s GRU does a lot of that now; sabotage and assassinations and other things that are being noticed across Europe, as well as deploying new cyber tools. And disinformation launched by China in Taiwan has really intensified substantially.
Pitts: When you look at the increase in activity by adversaries, it tells us that they think this is an effective strategic effort and that it is working. That's bad for us. It means all the things that we're doing to highlight and deter it aren't working, at least not to the extent that they should. I think we should also look at the expanding breadth of these activities. How often is it that we talk about undersea cables being cut by accident by ships? We should expect an increase in breadth as well.
Sanner: I don't think we have a policy of deterrence. There's very little written, in fact, in a comprehensive way in academic literature on this. There's a lot of deterrence theory, but it's all about nuclear deterrence. We've never really had a great comprehensive look at this. There's no “gray zone solarium” that's coming up with these ideas to answer questions of, "What should we do?" Everybody's still addressing this in one-off ways. A cyberattack is a cyberattack, but it's not. We have yet to define these things and to then build out a toolkit of deterrence.
Branch: There's way too much ambiguity right now on what this is and what these challenges present to all of us. And I'll note that it's not just a government challenge. It's not just a government security issue. Western-based multinational corporations, other institutions that we have throughout the globe are being challenged by pressures on their economic and market positions. Fisheries, fossil fuels, precious metals all these areas and the access to that trust and faith and confidence in relationships with partners overseas, are all being challenged. And the front lines of those engagements are not just occupied by nation states, but our businesses and our corporations are also there, fighting every day to ensure that they have access to the market space. I believe there's an intersection of shared interest between what they're experiencing and what we as a nation are looking at in our security considerations in the gray zone. We need attention on this to reduce ambiguity and to be able to focus and plan against these threats.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The Cipher Brief: What can we do about it? It's commonly believed that the U.S. is not currently structured to be effective at fighting in gray zone areas.
Branch: I believe that because of all our shared interests and shared security challenges, the only way to compete and to push back on some of these pressures is through networks of like-minded folks. We need to utilize the power to convene in order to drive a common orientation and understanding so that people and organizations and governments can start to drive actions to compete and contest these pressures. That doesn't mean that everyone has to agree on everything. That doesn't mean that everything has to be coordinated or aligned, but we do need to be operating in a common orientation, because there are shared interests. We haven't discussed what those common interests are and how we will align actions to secure our respective interests.
Pitts: We often think this is an attack on the U.S. government, and of course gray zone attacks are. But a few years ago, the statistic was that 85% of critical infrastructure inside the United States belonged to the private sector or was managed by the private sector. If you look at global logistics, you look at global shipping, you look at the airline industry, you look at global banking, you look at global energy, you look at all the things we rely on as a nation for global security and global influence — it's in the hands of the private sector. Quite often when we are talking about attacks in the gray zone, the private sector feels them the most, they experienced them the earliest and sometimes more critically. I think the government and private sector shared interest is inseparable. Quite often, the private sector will see potential gray zone attacks before we will because of how they're postured. I think there's an element of transparency there that we should be working toward to a much greater extent.
Gray Zone Threats are on the Agenda for The Cipher Brief Threat Conference happening October 19-22 in Sea Island, GA. The world's leading minds on national security from both the public and private sectors will be there. Will you? Apply for a seat at the table today.
Sanner: We have cyber collaboration with the private sector that's quite deep and very mature. But that's not really the case everywhere. You have small businesses affected by these things as well. I think that there needs to be a strategic and regular conversation for example, between the National Security Council and the U.S. Chamber of Commerce to find a vector to a much greater swath of the private sector, than just kind of the same old actors that come in and talk about cyber. Because it is just so much more than that.
And we have examples. NATO's new Baltic Security Initiative has a component of engaging with the private sector in terms of threats to undersea cables and shipping and addressing Russia’s shadow fleet. There's a private sector part of that that's built in. How do we expand that? NATO's great, because we have our key Pacific partners who are partner nations with offices in Brussels and we need to actually start doing something, because I think Americans believe, including administrations, that this is really an ‘over there problem’ as in, "Oh, we have problems with our critical infrastructure." And then we have the lightning rod of disinformation they don't want to talk about. So, we need to get above all of that and just say, "Forget about the details of which vectors we're doing here. We have to go after these nation state whole-of-government things in a whole-of-government plus whole-of-society way ourselves."
Dr. Vickers: Policymakers really have an important role here. Particularly, not to stretch the pun too far, to illuminate what's gray a little bit. Why is it a series of orchestrated actions with strategic intent? Why aren't they just one-offs? That's the role and there just hasn't been much of that lately.
Branch: We ought to use and leverage the power to convene and to drive these conversations — they're not going to naturally happen. They have to be engineered, and they have to be driven and inspired. And sessions like this one and others that we'll participate in ought to drive that conversation, because it's not going to happen on its own.
Cipher Brief Senior Editor and Writer Ethan Masucol contributed to this report.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.