Beth Sanner is a principal member of The Cipher Brief’s Gray Zone Group, a gathering of experts focused on raising awareness of adversarial activities that are carried out below the threshold of war.
EXPERT PERSPECTIVE / OPINION – In talks to business groups about geopolitics in recent months, I’ve been asking whether they believe we are at war. Most in the audience have voted yes. But if you asked the National Security Adviser, I’m fairly certain he would disagree, at least in the technical sense. This is in part political, because only Congress has the authority to formally declare war and, as hard as it is to believe, they haven’t done so since World War II.
This disconnect has made me wonder: What are people thinking about when they say the United States is again at war? My guess is a whole range of thoughts have prompted such a response. Perhaps these include the culture wars and polarization of our country, U.S. support for Ukraine that some have termed – in- correctly in my view – a proxy war against Russia, the U.S. retaliatory attacks on the Houthis in the Red Sea, persistent cyberattacks by nation states and gangs, global disinformation campaigns by our adversaries or perhaps the economic warfare between America and China. None of these activities meet the tradition- al definition of war, and yet it is hard to view these actions in aggregate and not feel otherwise.
The sum of it all is this: Whether defined as a war or not, the United States, its institutions and its dominant role in the world are indeed under attack, predominantly in a realm called the gray zone. It’s called the gray zone – and some-times hybrid or asymmetric warfare – because such activities take place in the hazy, gray space between peace and traditional war. One can see its allure. Gray zone attacks can serve the same purpose as war – to coerce or weaken an adversary—but without justifying or provoking a military, or perhaps any, response from the attacked party. Safe and effective. Unfortunately for us, our adversaries are getting better and better at this game. As in the childhood contest, King of the Hill, we are the King, and a lot of actors are gunning for us, mostly without using any guns. Here are four concerning recent examples, among many.
The intersection of technology, defense, space and intelligence is critical to future U.S. national security.Join The Cipher Brief on June 5th and 6th in Austin, Texas for the NatSecEDGE conference. Find out how to get an invitation to this invite-only event at natsecedge.com
In early 2024 leaked intelligence reports indicated that Russia was considering placing a nuclear weapon in space. Russia’s purpose for this weapon, outlawed by treaty, would be to threaten the United States or its allies, or perhaps to make a last-ditch effort to save itself in anticipation of a regime-threatening attack. A nuclear detonation in space would not create a mushroom cloud and a physically destructive shock wave as it does on Earth. Instead, it emits an electromagnetic pulse that would disable non-hardened military and intelligence satellites that provide command-and-control for military and civilian communications, and the Global Positioning System used for navigation and weapons targeting. Unfortunately, the collateral damage could be the global economic and communications systems, thereby causing panic, and the resulting space-debris fields would render certain orbits unusable.
Both China and Russia have been detected inside the IT networks of U.S. critical infrastructure, including our electrical grids, oil and gas pipelines, water treatment plants and transportation systems. Our government has warned that China intends to use this access to cause chaos or even injure and kill Americans at a time of China’s choosing. Beijing could do so, for example, to deter and undermine our ability to counter an attack on Taiwan, other Asian allies or U.S. forces. Russia also has burrowed into our critical infrastructure, giving Moscow similar options. And Iran has attacked U.S. water systems.
In October 2023 a Chinese commercial ship, the Newnew Polar Bear, escorted by a Russian icebreaker, improbably dragged its anchor for more than 110 miles (nearly nine hours) along the seafloor of the Gulf of Finland, severely damaging several telecommunications cables and shut- ting down the Balticconnector gas pipeline between Estonia and Finland for more than six months. As the Newnew Polar Bear traversed inter- national and national waters of several nations, the damage it wrought wasn’t immediately known. When it was discovered, the ship nonetheless continued unmolested, exploiting gaps in national and internation- al authority to board or seize it. The investigation is ongoing as of this writing, but experts say its mission was almost certainly sabotage. NATO pledged an unspecified “determined” response if this is proven. Both accident and sabotage have damaged undersea cables traversing the Red Sea, connecting Taiwan and servicing parts of Europe and Africa. With nearly 500 undersea cables transmitting about 95 percent of the world’s communications, from cat videos to financial transactions to top secret intelligence, they present a key vulnerability.
Russia’s increasingly brazen gray-zone attacks, aimed at undermining support for Ukraine and European governments, have included unprecedented plots to kill a European defense industry CEO and to attack and disrupt the Paris Olympics. Dozens have been arrested for these and other plots, such as an attempted assassination of Ukraine’s President Zelensky and sabotage of U.S. and other military and defense industry facilities. Some arson and cyberattacks have succeeded. Moscow’s use of common criminals and its own “illegals” – covert intelligence assets embedded in societies – makes defending against such attacks harder, in part because Russia takes advantage of seams in information-sharing and operational collaboration among militaries and local and national law enforcement.
These examples demonstrate several dilemmas associated with gray-zone activities and established U.S. and Allied deterrence practices. First, attributing the malicious actor behind such activities is difficult, often time-consuming and sometimes inconclusive. Second, America and its allies have no effective, let alone coordinated, strategy to deal with gray-zone aggression in aggregate. Third, we currently have few tools to respond to such attacks short of military force, doubly so against Russia since it is already the most sanctioned country in the world. Defining proportional responses consistent with our values and the rule of law remains elusive, particularly if the gray-zone attacks in question do not directly cause deaths.
Also read former Assistant Director of CIA for South and Central Asia (and Gray Zone Group member) Dave Pitts’ three-part series on the gray zone. Read parts one and two and three exclusively in The Cipher Brief.
What to do? The United States and its partners should start by seeking to under- stand, label and publicly reveal the range of gray-zone activities for what they are: part of a coordinated campaign by our adversaries that threatens us, could lead to loss of life and represents potential acts of war. The strategy must comprehensively name and shame such activity across the globe, just as the Philip- pine government has adopted an aggressive transparency campaign to call out China’s coercive belligerence in the South China Sea. Simply revealing such activity is unlikely to fully deter such behavior. Over time, however, global publicity about bad behavior can erode the willingness of other countries to work with offending states and curb the most dangerous activity.
We need to flesh out real response options. So far, we and our allies have focused mostly on strengthening detection and improving the resilience of our systems against threats that have manifested in particular sectors. For example, the Biden administration has imposed new regulations to compel private critical-infrastructure companies to improve cybersecurity. Legal approaches such as banning the sale of land near critical infrastructure and military bases, and England’s recent banning of foreign ownership of newspapers could provide protection. Such measures are what folks in the business call “deterrence by denial.” In other words, you harden your systems so much that attacks aren’t possible or worth the effort. All are important steps but not sufficient to deter our adversaries fully.
Also necessary is “deterrence by punishment.” That is, asserting clarity about the consequences adversaries will face if they take hostile measures, and solidifying their belief that we will follow through and impose consequences outweighing the benefits of their actions. America and its allies have agreed to impose such costs for gray-zone attacks, particularly cyberattacks. For example, for a decade, NATO members agreed that “hybrid attacks” could trigger Article 5 of the organization’s charter, in which case Allies would come to the defense of the attacked member state. But no one knows exactly what situation might trigger the needed NATO consensus under Article 5, nor has it been established what response this would entail.
Likewise, DOD’s 2022 National Defense Strategy for the first time called the threats posed by our adversaries’ gray-zone activities a priority; and Secretary of Defense Lloyd Austin introduced the concept of “integrated defense” to prepare for a spectrum of conflict, from high-intensity warfare to the gray zone. Although these sorts of documents tend to spur military planning, potential responses to such attacks remain vague, at least in the public domain.
With all this in mind, I recommend three broad steps to improve our deterrence posture.
First, we should address the lack of an agreed-upon definition of what actions and attacks fall within the gray zone and consider the entire range of adversarial activities as a coordinated campaign. U.S. agencies and departments, not to mention the public, appear to be operating under different understandings. This definitional exercise should be expanded to establish what types and thresholds of a gray-zone attack warrant a response.
Second, we need to develop a whole-of-government-plus-private-sector strategy for gray-zone attacks writ large, including anticipating gray-zone vectors that are vulnerable but have not yet been attacked, for example, Russia’s weaponization of migrants against its NATO neighbors. Militaries and civilian security and law enforcement agencies must develop more agile and robust collaboration.
The private sector is the victim in most gray-zone attacks, and yet government-to-private-sector communications about threats and responses, while tremendously improved since COVID, remain stove-piped and situational rather than continuous and structured across all threat vectors. The strategy should therefore include mapping and creating mechanisms and structure for communication between the whole of government and the private sector.
Furthermore, we should devise a menu of pre planned actions that can be deployed in response to specific scenarios and that encompass the full range of our instruments of power, from information campaigns to economic sanctions to cyber and military responses. This process will surely reveal major shortcomings in available options, necessitating some new creative thinking.
This leads to the third, concurrent step. The administration and Congress should begin a dialogue on whether, how and when we should fight and fight back in the gray zone. For example, while offensive cyber operations are now part of U.S. military doctrine, such operations remain definitionally vague, and we probably lack clarity or agreement on how far they should go under different scenarios. Certainly, at least part of the discussion should take place in the public domain.
Coordinating and planning collective responses with allies and partners, including AUKUS (Australia, the United Kingdom and us), our Five Eyes partners (the AUKUS trio plus Canada and New Zealand), NATO and our friends in the Indo-Pacific will be key. Roles and responsibilities among countries and institutions are needed to address mismatched and confusing jurisdictions and authorities – as was the case for the Newnew Polar Bear incident. These responses are just as important to practice as are traditional military exercises. NATO will need further work on creating seamless coordination for hybrid attacks as part of preparing for the full spectrum of conflict. We must determine when and how to communicate red lines to adversaries, including the goal of avoiding escalation.
In sum, we are living in a new world, perhaps a Cold War 2.0, where technology creates vulnerabilities and attack options we never imagined, and our systems and institutions were never designed to manage. Unfortunately, the international institutions that should be at the forefront of addressing such issues, like the United Nations, are increasingly hamstrung by the veto powers of the main perpetrators. Therefore, we need bold new thinking, creativity and assertiveness to respond to gray-zone threats. If we fail to do so, our adversaries no doubt will hold us hostage, coerce us and perhaps prevent us from fighting and winning the next war, should it come to that.
This essay by Cipher Brief Expert Beth Sanner was first published as a chapter in IMAGINE: Winning the New Cold War by Phil Berardelli.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
