The Gray Zone is that place between war and peace where actors use a range of elements at their disposal to effect outcome. We see it in everyday operations like disinformation and election interference or in using economic means to coerce an outcome. China and Russia have been big fans of the practice and have employed it all over the world.
A recent independent, self-funded study of the issue by four experienced authors takes an in-depth look at what happens between nations just below the level of armed-conflict and how we should be thinking about gray zone operations as a future threat.
Based entirely off open source information, the authors used both red teaming and an analytic methodology that they created. The Cipher Brief is publishing their work without footnotes. If you’d like a foot-noted version, drop an email to Editor@thecipherbrief.com.
KEY CONCLUSIONS:
- Competition below armed conflict can be accurately characterized as subversion, and a wide range of actors – not just nation states – is perpetrating subversion operations in the gray zone between peace and war.
- Adversary operations in this phase of the competition continuum deliberately attack the target nation’s instruments of national power – the DIMEFIL. Further, the authors were able to:
- map tactics to the operations they support,
- map operations to their DIMEFIL targets, and
- characterize the desired effects of these operations against their targets.
- Although no single operation discussed below is especially effective or alarming in isolation, the organized, synchronized, campaign approach employed by adversaries and competitors is a serious threat to national security.
THE AUTHORS:
Ian Conway manages Helios Global, Inc., a risk analysis consultancy that specializes in applied research and analysis of asymmetric threats. Prior to conducting this study of political warfare operations and economic subversion, he supported DoD and homeland security programs focused on counterterrorism, counterproliferation of WMD, hard and deeply buried targets, and critical infrastructure protection.
Kathleen Cassedy is an independent contractor and open source specialist. She spent the last three years identifying, cataloging, and analyzing modern Russian and Chinese political and economic warfare; the role of foreign influence operations in gray zone problem sets; global influence of multi-national entities, non-state actors, and super-empowered individuals; and virtual sovereignty, digital agency, and decentralized finance/cryptocurrency.
Dr. Sean Ryan is a retired U.S. Army Colonel (Special Forces) with experience in psychological operations, counterinsurgency, counter threat finance, and unconventional warfare. Dr. Ryan served in USPACOM, USCENTCOM, and on the U.S. Army and Joint Staffs. His deployments included duty in Thailand, Japan, Iraq, and Afghanistan. He retired as the Deputy Director of U.S. Central Command’s Interagency Action Group.
Clem Danish owns and operates Blank Slate Solution, LLC., an operational advantage and information environment consultancy that specializes in indications and warnings analysis and planning; operational, acquisition, and critical infrastructure protection design; and multi-domain characterization and planning. Prior to these efforts he was a DoD civilian evaluating global micro-aggression activities that assisted in the initial stand-up of DoD's Office of Commercial Economic Analysis.
INTRODUCTION
Today, the United States faces a complex environment wherein adversaries are enabled by the modern globalized economy and the ubiquity of information technology, both of which are largely controlled by private citizens and corporations.
Gray Zone Conflict, Hybrid Warfare, and Political Warfare are often used to describe strategies employed in competition below armed conflict. While each of these terms have different meanings, all these concepts share common some traits. Generally, these are operations that by design are intended to: (1) exceed the threshold of normal geopolitical competition but not rise to the threshold of kinetic warfare (2) be carefully synchronized and managed across a variety of operational thrusts, while seizing on occasional tactical targets of opportunity; (3) blend covert, overt, and clandestine operations; and (4) make little, if any, distinction between a target’s military, civilian, political and industrial infrastructures. In essence, these operations are designed to attack the target’s instruments of national power – the DIMEFIL.
Activities in this space are perpetrated by an increasing number of actors – most often a combination of nation-states and others. Sometimes non-state actors support state-level outcomes; sometimes they simply pursue their own intersecting agendas. Recognizing that the United States currently has overmatching military and economic power and global reach, our adversaries and competitors are expanding the activities against the U.S.,4 our alliances, and the domestic and international systems that underpin our influence. If there is a strategic end-state to these operations, the likely focus is to rebalance the global stage from American dominance to a multipolar world.
Rather than risk direct kinetic conflict to reach the desired end-state, the weapon of choice in this battlespace is subversion. In modern application, subversion is intended to exceed the threshold of ordinary competition, and to destabilize the opposition enough to distract them, turn them inward, and gain room for maneuver.
In this environment, it is often difficult to attribute activities to the actual perpetrators - to identify the operational ultimate beneficial owners. Well-resourced disinformation campaigns camouflage diplomatic, military, and economic activities of adversaries that underpin strategically effective efforts orchestrated over generations. Transnational businesses operating within the letter if not always the spirit of international law benefit from these well-resourced strategic campaigns, thus having little incentive to cooperate with U.S. authorities seeking to disrupt such threats.
There does not appear to be a coherent national strategy for countering this brand of warfare. Nor is there a lead Federal agency, formal interagency body, implementation plan, or doctrine, with the exception of some recent work by the Joint Chiefs of Staff. How is the U.S. national security community identifying, defining, and synthesizing the seemingly disparate activities of our adversaries into a coherent picture that reveals their complex subversion campaigns? The authors hope this study helps facilitate meaningful course of action development for interagency strategists, planners, and analysts.
Through what lens do our adversaries look at us in order to target their campaigns and operations to achieve the desired effects? We use the DIMEFIL spectrum to consider our own ability to project power and conduct statecraft. It is also arguably a valid framework for describing how these tactics are being used against us. There is both historical and current evidence that our adversaries think about it this way as well.
The DIMEFIL framework provides a vehicle to chart our adversaries’ full-spectrum of tactics along specific operational lines of effort directly to their targets and desired effects. During this study, the authors were able to categorize open source reporting on adversary activities as tactics, then group those activities into operational lines of effort consistent with reporting from Communist-era documents, publicly cited adversary thought leaders, and historical and contemporary scholarly research. Where directly derived from single sources, citations are footnoted. The authors then followed those operational lines of effort to their targets and described the desired effects against those targets. The outlier in the process was cyber, but cyber is at least partially present in nearly every operation, and thus for the purposes of this study, cyber should be considered an inherent, integrated function throughout the following pages.
These subversion activities seek to degrade our capacity to project global power by exploiting our vulnerabilities – specifically the seams and gaps in our legal, bureaucratic, and policy frameworks. Simply stated, the DIMEFIL framework only enables us to see our competitors’ disparate activities in context; it does not help us understand the complex systems and motivations behind these operations.
The following section aligns disparate adversary activities with these tactics, subordinates those tactics to operational vectors, and maps those operations to their DIMEFIL targets.
MAPPING SUBVERSION OPERATIONS AGAINST THE DIMEFIL FRAMEWORK
Diplomatic Operations: (Statecraft)
Often seen as the counterbalance to military actions, diplomacy forms the cornerstone of a nation-state’s non-kinetic instruments of power. Diplomacy is how we work with partners, neutrals, and adversaries. If a nation is not at war, it must have a means for managing its affairs abroad, and diplomacy is the conventional sovereign means for achieving national goals on a global scale. Multinational corporations conduct similar efforts, using public relations, lobbying, and other levers of influence to improve their market positions and bolster their share prices. Diplomacy is a way to find acceptable compromise with those with whom we engage. This perception of balance can lead to advantages by both sides while keeping discussions open and productive. A lack of dialog between parties often leads to more aggressive engagements, including hostilities. Operations deliberately focused to disrupt and degrade our diplomatic capabilities damage long-term global relationships, and internally divide our own foreign service corps. Accordingly, our adversaries and competitors habitually target our diplomatic efforts, even as we seek to limit our opponents’ ability to maneuver diplomatically.
Operations to fracture and/or degrade multilateral political and security agreements: While perhaps the most obvious examples of this kind of maneuvering involve Russia’s actions against NATO and the European Union (EU) and China’s pressures on Taiwan, Russia and China are far from the only players. For example, the Kingdom of Saudi Arabia, with the aid of their Emirati partners, are currently attempting to strategically isolate Qatar in what has been described as an Arab Cold War.
Recently, reporting has included ultra-high net worth individuals (UHNWIs) and individual actors participating in this type of game as well. At first glance, the “bad boys of Brexit” appear to have brought the referendum to secure the United Kingdom’s divorce from the EU to a close based on shared personal political desires. However, these actors appear to have blended political manipulation with the manipulation of commodity and currency markets for profit.
During the Brexit referendum, UK hedge fund managers closely associated with Independence Party leader Nigel Farage made fortunes by shorting the British Pound Sterling. Certain hedge funds reportedly attempted to gain advance access to polling data commissioned by a major media outlet from a large UK pollster. Large sums of money were offered for securing early release of data, although it is not alleged that the pollster in question or any other pollsters accepted such offers. Using such data and granting early access are considered crimes in the UK.
This same reporting alleged that a different pollster, Survation (with personal and professional ties to Farage), saw a business opportunity to offer private polling data, including real-time streaming data on the night of the Brexit referendum, to certain hedge funds for a substantial fee. The results of the commissioned public polls on the night of June 30, 2016 wrongly indicated that Brexit would be defeated. This inaccurate polling data was made public and led to a strengthening of the British Pound. At the same time, the managers of these funds had access to private and more accurate polls that indicated that Brexit would prevail. As a result, these funds took short positions on the pound and made hundreds of millions of pounds, overnight. These might appear to simply be extremely prescient business decisions, were it not for Mr. Farage’s curious actions that evening.
On the night of the vote, Farage made two public concession statements after the polls closed, conceding that Brexit had failed. The Bloomberg journalist interviewed Farage about that evening. “He twice told the world on election night that Leave had likely lost, when he had information suggesting his side had actually won. He also has changed his story about who told him what regarding that very valuable piece of information.” By the following morning, voting tallies indicated a small Brexit majority – precisely as predicted by the hedge funds’ secret polls – and the pound crashed to its lowest level in decades. By leveraging conflicting public and private poll data, fund managers were able to bet both on the pre-vote rise in the pound and capitalize on their short positions after the fact. This hybrid political-financial manipulation, resulted in Rokos profiting $100M, Brevan profiting $160M, Capstone Investments profiting over $88M, and Odey Asset Managers making $300M. Whether or not Farage personally benefited from the short on the pound was not discussed in the reporting. There was extensive reporting and public concern over what appears to be corruption; however, it is not clear that any crimes were committed. In short, the story smells fishy, but it may all have played out within UK legal boundaries.
Further, factual evidence (or serial coincidence, depending on your point of view) of the cozy relationship between Brexit leaders and Russian embassy staff in the UK – and allegations of Russian business offers with the principal Brexit funder – raise more questions as to their motivations (and Russia’s involvement) than there are answers. These activities align with historical patterns of political warfare operations to subvert alliances by isolating target nations and supporting breakaway initiatives.
Operations to fracture and/or degrade targeted government institutions: In 1962, William Kintner perhaps best described the depth and breadth of these operations,
…the purpose of political warfare may be to strengthen some competing groups or to weaken others; to organize forces whose activities can be directed toward desired ends; to support groups for as long as their objectives conform to one’s own; and to help fully controlled and semi-controlled groups and personalities to reach positions of power and influence and eventually to take over the government.
These methods can range all the way from simple manifestations of sympathy to the financing, organizing, and equipping of political movements, and from personal friendships between statesmen to the infiltration or capture of politically important agencies in the target country and the fomenting of mutinies, civil wars, and revolutions.
Russian activities in the Crimean Peninsula and Ukraine in 2013-2014 provide excellent illustrations of these complex operations. Based on reporting in technology trade journals, Russia may well regard Ukraine as a sort of experimental sandbox for a variety of hybrid warfare operations, just as Russia’s use of chemical weapons in the UK may have been to test NATO’s willingness to trigger Article V. Ukraine’s geographical presence in Russia’s near-abroad sphere of influence, its long and complicated history with Russia and the Soviet Union, and its fledgling efforts at breaking free of that relationship to move towards the West and democracy make it an ideal target to refine Russia’s modern war machine. The appendix provides specific tactics inside this operational vector.
If anyone cares to doubt or debate the effectiveness of these operations on the United States today, the authors challenge the reader to fill in the blank in the following passage:
In the name of the right to free speech, the Party, its fronts, and its captive organizations want an unlimited right to advocate the Party’s civil-disturbance program but also the right to lie, pervert, fabricate, slander, and smear their opponents. At the same time – still in the name of free speech – the Party wants Congressional investigating committees which seek to reveal the Party’s subversive machinations either abolished or reduced to impotence. In fact, the Party wants all efforts of the government to defend itself declared unconstitutional.
No, this passage is not referring to the U.S. Republican Party or Democratic Party, and this was not written in the 21st century. The redacted word is “Communist,” referring to the U.S. Communist Party, under control of Moscow’s Communist International (COMINTERN). The uncomfortable truth remains that nearly 60 years after this was penned, our greatest strength – our Constitutionally guaranteed civil liberties – may also be our greatest vulnerability.
Information Operations: (Influence and Ideology)
Information operations were likely discussed in the past few years more than any other of the DIMEFIL elements. The ability to control what people read, think about, discuss, and repeat is at the center of political warfare, regardless of who the perpetrator is. The proliferation and near-global adoption of modern commercial communication tools make what was once perhaps the most long-term and strategic operations in the toolkit into an operational, even a tactical component. Where once a perpetrator had to work patiently for years to spread misinformation, disinformation, and propaganda to a target audience, all one needs now is an Internet on-ramp, an army of content generators, and access to commercial search engine optimization and digital ad buys. Information operations primarily focus on the cognitive process in the targeted population, leading to mistrust and distortion in everything they see, hear, and read.
Information operations include:
Operations to degrade perceptions of truth and fact: Although all practitioners of political warfare conduct operations of this sort, this element is a Russian specialty.22 As John Barron wrote in 1983, these operations
…however couched and conducted, aim at perverting perceptions of reality. To the extent they succeed, they cause popular attitudes and public policies to be formulated on the basis of specious or unrealistic premises. Grounded in illusions rather than reality, the thought and behavior induced can secure benefits for [the adversary] unobtainable through rational debate, reasonable negotiations or even force.
Current Russian doctrine specifies that strategic approach to influence operations “puts information before objects” and suggests that reality can be manufactured by the skilled disinformation practitioner. The desired operational effect is to alter perceptions of reality in the targeted population using illusion, deception, conspiracy theory, reflexive control, and revisionist history to achieve this end state. As Peter Pomerantsev wrote while covering the Ukraine incursion, “whatever the Russians were doing, it was not simply propaganda, which is intended to persuade and is susceptible to debunking. This was something else entirely: not only could it not be disproven, it seemed to vaporize the very idea of proof.”The effect of this operational line of effort is to create a “hall of mirrors” sensation, which can be debilitating to the analyst, journalist, or even the casual observer.
A quick glance at some of the social media ads fielded by the Leave.EU, Vote Leave, and BeLeave campaigns during the Brexit referendum, or the White House Press Secretary’s form FD-302 illustrate that Russia no longer has a monopoly on this operational line of effort.
Operations to divide populations of targeted nations: These operations are perhaps best understood in the context of the Cold War-era word for the designed material that facilitated these operations: agitprop, short for agitation propaganda. This line of effort is designed to divide the targeted nation’s population among generations, ethnicities, races, religions, sexual orientations, political party affiliations, economic classes, rural and urban populations, and any other useful divisive social construct. Kintner observed that “…political warfare is based on the exploitation of sociological contrasts. It is pragmatically sociological in approach. All groups are considered for vulnerability; the [adversary] could not possibly care less about the ‘left’ and ‘right’ as we know them.” It is important to remember that during these operations one side or another may seem favored by the adversary narrative, but in reality, the desired effect is simply to divide the society and exploit the most vulnerable targets.
Modern social media advertising tools make operations which once required a decade of analysis executable in minutes, at a small fraction of the cost, and at orders of magnitude greater accuracy and effectiveness. Further, these modern advertising tools allow any actor – nation-state or otherwise – to engage in targeted influence operations. Sowing division, distrust, and doubt within populations can be much easier and more cost effective than attempting to prove a specific counterpoint to an existing narrative.
Operations to control the narrative: Shaping operations was made far less challenging for adversaries in recent years due not only to the ubiquity of digital media access, but perhaps even more critically by the economic crisis in Western journalism – a crisis with the potential to render traditional media susceptible to economic subversion. Storied print newspapers successfully transitioned to hybrid print and online platforms, but the speed of information dissemination on social media creates a constant race to the headlines, resulting in a situation in which traditional source validation and verification, or circumspect positions on pros and cons of publishing (and in some instances, journalistic integrity) are taking a backseat to speed-to-press in the need for revenue. As social media is often first with a story, traditional news sources now report on social media trends out of economic necessity. The rise of cable news networks and the resulting demand for 24/7 news coverage only exacerbates these issues and provides more opportunities for subversion – both witting and unwitting.
Adversary tactics include efforts to shape, create, and command social media and online media trends by flooding search topics with tailored content, engaging in search engine optimization, deploying trolls, and fielding botnets, among other tactics. Often these efforts alone influence national and local media storylines; however, this space is further controlled through the production and dissemination of free high-quality content on material relevant to the subversion operation, skewed or fictitious poll and opinion data, “astroturfing,” and circuitous citations and/or references. Finally, adversaries build influence and coerce targeted social and traditional media organizations by cultivating and using agents of influence (e.g. through money, ideology, coercion, and ego/excitement (MICE), by offering special access to material, and even impersonating organizations using proxies.
Operations to market ideology: These efforts are often focused at mobilization of the minority diaspora in targeted countries, and include the suppression of oppositional views, especially by students living abroad. They include the sponsorship of institutions to proliferate desired ideologies, often under the auspices of educational or cultural programs. One example is China’s Confucius Institutes. These institutions are used as a platform to grow support for the subversion campaign (e.g. recruit, maintain morale, and provide guidance).
Military Operations (Including Paramilitaries, Private Military Corporations (PMCs) and Proxies) Although operations in the gray zone are carefully designed to fall below thresholds triggering kinetic response by military forces, the military is nonetheless a significant part of a political warfare campaign, both as target and an actor. It is important to note that leading Russian military scholars consider most political warfare operations elements of the “initial phase of war”, and in the future such operations may immediately precede kinetic action, in addition to occurring in the gray zone. An adversary will seek to sow broad doubt in the target’s military capabilities, and concurrently, use its own military (or paramilitary proxies) to create illusions of power, dominance, and omnipresence. It is a delicate balancing act to employ military and/or paramilitary forces without triggering kinetic action, particularly when the opponent is militarily dominant. Increasingly, military forces conduct cyber components of these operations, as cyber aggression thus far falls below thresholds considered warfare. However, the recent decision of the insurance firm Zurich American to claim an act of war exclusion in denying a claim filed after the NotPetya attack has the potential to change this quickly.
Conduct conventional operations to project physical power: While Russia’s operations in the Ukraine and the Crimean Peninsula were widely reported and analyzed, the constant violations of territorial waters and sovereign airspace in the South China Sea, the Gulf of Finland, and the Black Sea have been perhaps less publicized. Russia’s Zapad-2017 exercise was clearly designed as a show of force against NATO. Russia and China’s joint-combined Vostok-2018 exercise was designed to send a much broader geopolitical message. Further afield, Russia’s forays into the Atlantic and Arctic spaces have drawn concern about Russia’s muscular projection of power.
Conduct unconventional operations to degrade sovereignty of targeted nations: Russia’s activities in the Ukraine and Iran’s decades-long support of Hezbollah and activities of the Iranian Revolutionary Guard Corps (IRGC) are perhaps the best examples, but the Kingdom of Saudi Arabia’s support to and proliferation of Wahhabism abroad (e.g. Pakistan, Afghanistan) should not be overlooked. Supporting resistance, separatist movements, militias, covert and clandestine unconventional warfare (UW) activities is being used to threaten the sovereignty of U.S. allies and partners.
As proxies – especially private military companies (PMCs) – emerge as geopolitical power brokers, it is difficult to discern specific intentions and drivers when viewing these entities. Are they obfuscating the involvement of a nation state, augmenting coalition forces, legally supporting an internationally recognized government, attempting to overthrow a legitimate government, or something else entirely? And if a publicly-traded PMC is partially or fully owned in turn by a nation state, should we view its business operations as free-market opportunism, or as strategic proxy activities? What’s more, these questions don’t even begin to address the overlapping but somewhat different services offered by the growing volume of private intelligence companies (PICs) on the market, many of them staffed by individuals who learned their craft in the service of their respective countries.
Conduct espionage operations: Espionage activities by national intelligence services and industrial espionage to degrade the sovereignty of targeted nations are discussed in detail elsewhere in this document. However, military intelligence entities are often used to conduct operations compartmentalized from intelligence services and proxy entities. Most notably, the activities of Russia’s Glavnoye razvedyvatel'noye upravleniye (GRU) during the Brexit referendum and the U.S. 2016 presidential election were reported on extensively, but Sluzhba vneshney razvedki (SVR) actions were all but absent in this reporting.
Conduct disruptive cyber operations (e.g. disrupt steady-state civil operations): In late 2018, cybersecurity giant McAfee reported that it had been monitoring and analyzing a global cyber campaign to infiltrate critical systems and infrastructure in U.S. defense, finance, energy, telecommunications, and healthcare sectors, among others. The campaign started in October of 2018 and as of the initial reporting, appeared to have successfully gained access to critical systems at 87 U.S. companies. The campaign was ultimately attributed to North Korea’s Lazarus Group, a cybercrime entity that is known to take taskings from DPRK officials. This cyber campaign executed during the nuclear dismantlement talks in Hanoi.
Russian military thought leaders described the “Initial Phase of War, or IPW, as operations which “…include planting cyber viruses in important systems of an opponent’s infrastructure, capturing the electronic warfare frequencies and equipment operating parameters of a potential opponents’ equipment, scrambling global positioning system frequencies, or conducting reconnaissance on key underwater cables for espionage or destruction purposes.” In April 2019, a study was released showing that Russia has considerable GPS spoofing capabilities which are used to mask President Putin’s movements to sensitive locations, wreaking havoc with shipping and sometimes aircraft in the region. While currently used as a protective measure, this capability could be employed offensively against civilian targets.
Economic Operations (Production, Distribution, Supply, and Demand)
For any modern nation or entity, securing freedom to pursue economic independence, stability, and growth is an essential function of governance. Security begets prosperity, and prosperity promotes peace. In the pro-democracy West, business and the economy are largely viewed as separate from governance, with the notable exception of government setting the conditions for success in the free market (e.g. consumer and occupational safety, environmental regulations, tax policy, antitrust regulations). In other cultures, particularly those with authoritarian governments, business and the economy are extensions of state power, as are all other aspects of civil society. From a practical perspective, the tools of modern international business and finance are absolutely fair game—as both instruments for action and as target sets. Just because the West’s playbook considers private businesses as off limits does not mean that operations will not target the business sector. Actors conducting economic operations will target commercial entities to disrupt friendly economies, discredit domestic or international policies, and increase costs, thereby decreasing economic power. As Russia dominates the information domain, China in particular excels at using economics and finance both to benefit China and to manipulate or degrade the power of other nations.
Operations to economically isolate targeted nations: The isolation of Qatar initiated in May 2017 by neighboring Gulf states Saudi Arabia, UAE, and Bahrain, among others, is a textbook example of economic isolation. This story really begins in a complex, stranger-than-fiction incident in which members of the Qatari royal family were kidnapped on a falconry expedition in Iraq, which subsequently resulted in the transfers of large volumes of cash, the relocation of populations, and an array of geopolitical actors converging on the situation for profit and leverage.58 Beyond this incident involving the kidnapping of members of the Qatari royal family personally, a variety of tactics were used to accomplish the effective economic isolation of Qatar. Most of the demands levied on the Qatari government by the perpetrators of this larger strategic operation are direct infringements on the nation’s sovereignty. Aljazeera has excellent reporting on the complex series of events and lines of effort employed in this incident.
Operations to undermine the dominance of the U.S. dollar in global financial, banking, and commodities pricing systems: Both China and Russia have demonstrated strategic interest in reducing dependency on the U.S. dollar, largely to reduce susceptibility to politically motivated sanctions. China – an on-again, off-again currency manipulator – took steps to influence pricing oil in yuan using gold futures contracts. Russia, for its part, has all but eliminated its investment in U.S. Treasury bonds, while becoming the world’s fifth largest holder of gold bullion. Both nations continue to experiment with parastatal cryptocurrency and/or digital currency projects.
In 2012, the BRICS nations (Brazil, Russia, India, China, South Africa) agreed to establish a new development bank (currently known as the New Development Bank, or NDB) as an alternative to the World Bank. NDB, headquartered in Shanghai, provides a potential platform for China (and possibly the other member nations) to challenge U.S. economic power beyond its immediate sphere of influence.
Create and exploit resource and/or commodity dependency of target nation’s economy: In 2018, the EU imported 69% of its natural gas, and 37% of its gas from Russia. In spite of coordinated efforts to reduce Russian imports following the Ukraine hostilities, imports from Russia rose to record levels following those events. Some Eastern European nations are almost entirely reliant on Russian gas exports – a commodity from which Russia derives 67% of its tax revenues. Russia’s steady, reliable, and relatively inexpensive gas has created a situation in which European energy dependency has made penalizing Russian geopolitical aggression via energy sanctions a virtual impossibility.
There are also opportunities for corporate manipulation of economies, both national and global. In the United States, the five largest companies (Apple, Amazon, Alphabet, Microsoft, and Facebook) have combined market caps equivalent to more than 17% of U.S. GDP. As seen above, Europe’s dependency on Russian natural gas gives Russia both substantive revenue and significant economic leverage over the West. So too do America’s technology powerhouses control outsized portions of critical infrastructure sectors and GDP, creating for those firms an exceptionally powerful negotiating position with government regulatory bodies.
Operations to sow corruption (e.g. money laundering as strategic economic subversion): A prophetic example begins with the massive exfiltration of currency from the former Soviet Union to the West after the collapse of Soviet government. Richard Palmer, then CIA Chief of Station Moscow, recognized that the influx of that sheer volume of cash into Western governments set up possible foreign-derived “…political donations to U.S. politicians and political parties to obtain influence.” While there is no hard evidence to indicate this has happened in the past two decades, or that this exfiltration of currency was part of a formal operation, the fact remains that Mr. Palmer’s warning that “…Russian values might infect and then weaken the moral defense systems of American politics and business,” remains a legitimate concern. Indeed, foreign finances from multiple sources have emerged as influencers in U.S. elections.
This foreshadowing can be seen in Europe and beyond in the tale of the Danish Danske Bank’s Tallinn, Estonia branch. Starting in 2013, a whistleblower leaked internal documents to a German media source (Berlinske) and the Organized Crime and Corruption Reporting Project (OCCRP). These documents were the start of a paper trail detailing how as much as $10 million USD per day may have been laundered through the Tallinn branch of Danske Bank by Putin family members and Federal'naya sluzhba bezopasnosti (FSB) officials. Estonian financial authorities ordered that branch closed in the same year.
According to further investigative reporting by OCCRP, this was part of a much larger international money laundering scheme by wealthy Russians over the past decade, referred to as “the Russian Laundromat.” The reporting estimates $20-80 billion was laundered in the first half of the current decade, using a global network of banking institutions and shell companies, including Deutsche Bank.
Exploit and/or gain control of resources in weak governments to compensate for lack of same in own nation: A recent report by the Office of the U.S. Trade Representative details the tools and tactics employed by foreign governments – especially China – to acquire American technology, intellectual property, and businesses. Although many of these methods are legal, a cursory look at the incidents of industrial espionage leading up to the development of China’s J-31 fighter indicate that the legal mechanisms available to China are but one of many tools employed in this line of operation.
An example of a Chinese operation that may blend legal and possibly illegal components occurred in 2017 when Silicon Valley’s ATop Tech was declared insolvent. By all measures, ATop Tech had been a leader in its field, and declared by the U.S. Government to be “critical to U.S. Defense systems and military strength.” ATop developed an automated chip designer that could create electronic components for products ranging from cell phones to guided missiles. Employing 86 people, ATop commanded nearly
$1B in market share when it went into receivership. It remains unclear from public sources what led to ATop Tech’s insolvency, but ATop was subsequently purchased by Avatar Tech, a company owned by a Hong Kong steel magnate named Jingyuan Han. Once the company was liquidated, ATop’s stateside operation was shut down, its shares, its technology and intellectual property (IP) sold to King Mark International Limited, another Chinese company in which Han had invested. Thus, defense industrial base (DIB) IP once deemed critical technology has now been effectively exported to China, under the control of a Chinese investor.
In Africa, Chinese ownership of resources and infrastructure spanning the transportation, energy, mining, real estate, utilities, technology, finance, agriculture, and media sectors has led to allegations of neo-colonialism and geopolitical aggression. Although not all African nations (or African people) share these sentiments, it is worth noting that China’s $188B investment (since 2010) is more than three times greater than that of any other nation.
Finance Operations (Pricing, Markets, and Investments)
Closely tied to economics, the world of finance and financial tools are equally vulnerable to use and misuse by adversaries. While the economy is about supply and demand, finance is about the monetary instruments that move economies. In neoliberal economies, finance is heavily a private sector function, while the government provides a minimum of regulation and oversight. Accordingly, while an adversary may take actions to destabilize a target’s economics, it may also seek to leverage financial tools to their own benefit aside from profit, as it is likely to find greater freedom from regulatory controls in near self- governing free markets. In short, adversaries push with economics, while they pull and manipulate with finance.
Exploitation of target nations’ economies and financial institutions in strategic locations: The current masters of using excessive lending and debt as a tool of influence and leverage – also called “debt diplomacy” – are the Chinese under President Xi. China has used this tool effectively throughout its spheres of influence (both current and desired) to prepare the battlespace for their long-term strategy, the Belt and Road initiative. China also creates safe havens for Chinese citizens to offshore money (licit and illicit), as well as managing by proxy close-by havens for leisure and gambling and acquiring potential dual-use real estate and assets.
Operations to gain leverage in the private sector: In April 2019, the Department of Justice announced that the UK-based Standard Chartered Bank (SCB) agreed to more than $700M in fines and forfeitures, in relation to violations of U.S. sanctions against Iran. The criminal conspiracy involved two now-former Dubai-based SCB employees who helped the Iranians use SCB to conduct U.S. dollar transactions through the U.S. financial system, for the benefit of Iranian persons and entities during 2007-2011. This was an operation across the strategic to tactical levels, using the international banking system, a financial institution based in a Western-allied country, and conducting Foreign Exchange (FOREX) trades to launder Iranian funds into U.S. dollars and assets, all to circumvent sanctions.
Operations to gain leverage over and/or control critical infrastructure: One of the world’s largest exporters of oil, Venezuela, a founding member of OPEC, sits on one of the world’s largest oil reserves. During the 2019 agitation over the outcome of Venezuela’s Presidential elections, reporting emerged that Wagner Group (a Russian PMC) employees were in Venezuela. Although Russia’s official line maintains these PMC employees were there as hired security, practically speaking they were there as proxies for the Putin government. Their purported purpose was to bolster Maduro’s claim that he won the presidential election – a claim which remains disputed by opposition leader Juan Guiadó, who is backed by the U.S. government. Further, additional reporting cited that roughly 100 Russian military advisors were flown into Caracas on a military aircraft in March, to work on repairing Chavez-era air defenses.
The presence of both Russian groups was likely designed to make potential U.S. military intervention a less appealing option. The result is a fragile government, whose current leader is holding his position in part through the subtle threat of PMC action with the backing of a stronger nation.
Intelligence Operations (Human and Cyber Operations)
Intelligence and espionage lie at the heart of both conventional and modern warfare campaigns, due to the covert and clandestine nature of these activities. However, what was for many centuries almost exclusively a tool of state is now available commercially for those with the means to pay for it. The result is actors now using both witting and unwitting proxies to assert power and influence in the intelligence arena while maintaining plausible deniability. Even (or maybe especially) operations involving targeted violence may be, and frequently are, outsourced to entities with training, knowledge, and skills stemming from previous government service.
Conduct economic espionage: This aspect of intelligence operations has been in heavy use for most of the current century both by government and commercial entities. Economic espionage has been in the political warfare practitioner’s toolkit for much longer, but it has risen to prominence and public awareness particularly in the past year or so, as a primary tactic used by the Chinese government operating through parastatal corporations. Operating largely below the radar, China effectively blends tactics across the DIMEFIL spectrum to turn the DoD’s offset strategy into an American liability and a Chinese advantage. If allowed to continue unabated, the offset strategy will belong entirely to China. The 2012 Committee on Foreign Investment in the United States (CFIUS) Annual Report to Congress stated that the U.S. intelligence community “judges with moderate confidence that there is likely a coordinated strategy among one or more foreign governments or companies to acquire U.S. companies in research, development, or production of critical technologies for which the United States is a leading producer.” While CFIUS reports no longer cite Intelligence Community conclusions, the most recent CFIUS Annual Report to Congress (published in 2017) suggests that foreign governments are actively conducting coordinated activities such as espionage aimed at obtaining “critical technologies” from U.S. companies. Bloomberg estimated the commercial monetary cost for intellectual property (IP) theft as approximately $50B, but these dollar value estimates expose American cultural fixation on profit and loss, and miss the real threat of Chinese strategy – the gradual (and largely legal) acquisition of the DIB intellectual capital and innovation that fuels the U.S. offset strategy.
Leveraging their mastery of American legal and cultural nuance while staying true to its ancient Thirty- Six Strategies, China gains opportunities to achieve success one brick at a time. China legally navigates CFIUS using parastatal commercial entities to acquire targeted foreign businesses. This reduces Chinese research and development costs in both time and money while gaining strategic economic and security advantages. These activities directly impact U.S. operational and strategic defense planning efforts.
As highlighted by the arrest in Canada of Huawei’s CFO, reportedly at the urging of U.S. government, China has taken a long strategic view of how to both leverage and attack the economies of adversaries and near-peer competitors. China in particular is noted for its tactic of penetrating research, academic, civic, and industrial institutions, to access cutting-edge technologies, patents, personal relationships, personal information, big data, and intellectual property. Such Chinese operations are usually conducted using a combination of human and cyber assets. China is far from the only perpetrator of economic espionage being conducted in order to gain economic competitive advantage, however. Other nation states highlighted in public sources include Iran, North Korea, Saudi Arabia, and Russia, and private companies are employing espionage practitioners for similar purposes.
Conduct influence operations using espionage operational tradecraft: Known in the Soviet-era as “active measures,” intelligence services and their private sector proxies use a variety of espionage related tradecraft against key influential people to bribe and/or blackmail, discredit through smear campaigns, or conduct targeted assassinations. A vivid recent example of this tactic can be seen in the early 2019 news stories about Amazon founder and Washington Post owner Jeff Bezos’s unexpected and very public divorce. The initial stories broke via the long-running National Enquirer’s publication of reports that Bezos was having an affair. On the surface, the story sounded like a typical celebrity scandal. Further reporting, including information that Bezos himself and his long-time security professional shared publicly, traced back to a character assassination operation allegedly initiated by individuals within the government of the Kingdom of Saudi Arabia using an Israeli private intelligence company. This subsequent reporting suggests that the Kingdom wanted to punish Bezos and the Washington Post for its detailed and continuing coverage of the purported assassination of Saudi national and Washington Post journalist Jamal Khashoggi in the autumn of 2018.
One of the more well-publicized targeted assassination attempts in recent history was the 2018 poisoning of Sergei Skripal and his daughter, Yulia, in the UK by two GRU operatives. Skripal was a former Russian spy/U.K. double agent, and Russia reportedly wanted to send a strong message that no one was beyond their reach. The Skripals survived the attempt, but the message was received, regardless. Less well reported is the growing number of individuals, some Russian, some with Russian associations, who died in the United Kingdom in recent years under suspicious circumstances. In November 2006, a Russian defector who had worked for the GRU, Alexsander Litvinenko, was fatally poisoned in London by two Russians using radioactive Polonium. There have been other, less clear-cut instances. British Member of Parliament Yvette Cooper called for a review of 14 of these cases, all of which may fall into a pattern of state-sponsored assassinations. The United Kingdom is not alone in an accumulation of suspicious deaths. Many occur on Russian soil but are intended as much to send an international message as a domestic one.
Penetrate and subvert political infrastructure, including voter registrations: Although the extent of actual damage to the United Kingdom’s political system remains contested, it’s hard to imagine a stranger or more complex example of the intersection of UHNWIs, commercial intelligence capabilities, targeted digital advertising tools, and state adversary actions than the Cambridge Analytica-Brexit-Facebook saga. Here in the United States, however, we can see evidence of more deliberate targeting of our political system, down to the level of voting machines and registries, as perpetrated by Russia. It’s not just in the United States and United Kingdom, however. In France’s 2018 Presidential election, the closing hours of the race saw alleged but still-uncredited large-scale hack-and-leak effort against the ultimate winner, Emmanuel Macron, attempting to sway the outcome toward far-right candidate Marine Le Pen. And testimony to the British Parliament indicated that Cambridge Analytica and its parent company SCL had worked on political campaigns in more than two dozen countries.
Conduct recruitment operations: In 2017, Kevin Mallory was indicted by the Department of Justice on charges of leaking classified information to Chinese intelligence professionals. Mallory, a U.S. citizen, military veteran, and career government employee and contractor with a TOP SECRET clearance, was convicted in 2018 of conducting espionage. According to the original indictment, Mallory was first approached while on a business trip to China, via a quasi-academic think tank known to be used by Chinese intelligence operatives for cover. Mallory, who is fluent in Mandarin, was given an encrypted communications device by his Chinese handler, which he used to transmit classified information to China. Then there is Paul Manafort.
Legal Operations (Sovereign and International Legal Systems):
The final element of political warfare operations in the DIMEFIL spectrum is in the exploitation of law, legal systems, and law enforcement. Perhaps the most clever and insidious adaptation of tactics in the modern globalized operating environment is the use of legal conventions and institutions to manipulate targets and influence narratives. Subverting legal systems – while simultaneously criticizing these systems and eroding public trust in the rule of law – is a masterstroke of targeting. Thus, in modern warfare, the general population is left feeling that they have no recourse against injustice, and the state is incapable of protecting them from either white collar or violent criminals. This may particularly shake the foundations of democratic societies and institutions and tilt the global playing field in favor of plutocratic and criminal insurgencies, both of whom offer themselves as protection and shelter from “crooked” legal/justice systems, albeit at a price.
Manipulate targeted legal systems: One of the more interesting subplots during Special Counsel Mueller’s investigation into Russian influence operations was a motion filed by an indicted Russian defendant – Concord Management and Consulting LLC, a/k/a, the Internet Research Agency or “the troll farm” - in the U.S. District Court in Washington, DC. This motion attempted to use pre-trial discovery to force disclosure of documents identified by the Special Counsel’s Office as “sensitive” to officers of Concord Management, including Yevgeniy Progozhin (a/k/a, “Putin’s Chef”), a resident of the Russian Federation. Although this motion was denied on national security grounds, the strategy indicates a strong understanding of the American legal system, and a willingness to manipulate it to protect the Russian government’s sovereign interests. This is one example in a series of Russia’s manipulations of the U.S. justice system.
Circumvent sovereign law and subvert international treaties: Russia has become quite proficient at manipulating the U.S. legal system and international legal agreements and treaties to pursue critics and dissidents who have fled abroad. Reporting in 2018 strongly suggests that U.S. Federal agencies and the Department of Homeland Security increasingly rely on Interpol Red Notices issued by Russia as sufficient reason to extradite these individuals, even though many in the United States have been granted asylum or are awaiting asylum adjudication. The United States has no extradition treaty with Russia, and in the past, a Red Notice alone was insufficient to extradite someone from the United States.
Subvert international law enforcement organizations: Interpol, arguably the best-known international law enforcement entity, has come under increasing attention for the number of authoritarian member nations gaming Interpol’s systems and agreements to quell political dissent at home and to pursue refugees and asylum seekers abroad. This is in direct contravention of its founding charter that seeks to keep Interpol as politically neutral. Countries including Bahrain, Iran, Indonesia, and Egypt, as well as more predictably China and Russia (see above), have exercised Interpol’s loopholes and databases for domestic advantage, rendering it difficult for other member nations to intervene. This system compels the 192 member nations to provisionally arrest anyone their law enforcement encounters with such a flagged notice, and then hold the individual pending extradition. In 2017 there was a particularly inventive repurposing of Interpol’s Red Notice system, by Turkey’s Erdogan government. Turkish media reported in July 2017 that Turkey had attempted to upload 60,000 names to Interpol’s database, allegedly mostly dissidents and followers of cleric Fethullah Gulen. For scale, the prior year, across the globe there were only 13,000 new names added to this database.
And then in 2018, China’s first-ever President of Interpol was reported missing by his wife. He had been on a visit back to China, and his wife reportedly has not heard from him since she received a worrying text from him. A few weeks later, the Chinese government claimed he had resigned his Interpol post, and then in March 2019 announced that he has been indicted under suspicion of bribery and corruption. His wife claims that the arrest is politically motivated and that her husband was targeted for his criticism of Chinese policies.
Promote censorship and use legal system to influence perceptions: During the 2008 Summer Olympic Torch Run in San Francisco, CA, Chinese officials and intelligence assets, concerned over images of anti- PRC government protestors (the Olympics were held in Beijing that year), “bussed in 6,000-8,000 J-Visa holding students—threatening them with the loss of Chinese government funding—from across California to disrupt Falun Gong, Tibetan, Uighur and pro-democracy protesters.”These Chinese operations used the American constitutionally guaranteed right to assemble to censor the protesters’ constitutional right to free speech.
In the summer of 2018, more than 40 international airlines gave in to Chinese pressure to eliminate references to “Taiwan” in their business processes, changing flight listings to “Taipei” instead. The White House encouraged American carriers not to comply with the Chinese government’s demand, citing the export of Chinese political correctness and “Orwellian nonsense.” In the end, all carriers complied with the Chinese demands to avoid the thinly veiled threat of legal or economic consequences.
ADAPTING TO SUBVERSION OPERATIONS IN THE GRAY ZONE
Although no single operation discussed above is especially effective or alarming in isolation, the organized, synchronized, campaign approach employed by adversaries and competitors is a serious threat to national security. Subversion operations in the gray zone negatively impact our domestic functions, our partners and allies, multilateral economic and security relationships, and diplomatic efforts. Subversion is used to attack all aspects of civil society, not just national governance. Accordingly, the ability to recognize, assess, and respond to such attacks requires extensive and diverse analytic capabilities. Awareness and participation by the private sector, civic and religious institutions, and the general population, as well as by Federal, State, local, and Tribal entities are essential. The previous section illuminates some modern subversion tactics, techniques, and procedures (TTP) in use by a wide range of state and non-state actors. Regardless of specific targets, the TTP listed above are used routinely in different combinations tailored to achieve designed effects and outcomes.
How does a nation safeguard itself against such attacks, when the target set can be in any one or more aspects of society from any number of perpetrators? Much as was done after the 9/11 terrorist attacks, the United States needs to develop and resource a strategic policy, establish a coordinated implementation plan, and adopt a comprehensive analytical framework to identify and defend against gray zone subversion activities. Unlike traditional intelligence or analytical tools, an effective gray zone analytical framework will begin with observable phenomena and integrate trends and findings into a strategic framework that reveals hypotheses as to the motivations and objectives of the perpetrators. The authors began developing such a framework, which is what led to this article. A holistic framework, if leveraged across the Federal interagency and private sector partners, and integrated to contextualize gray zone subversion activities in a strategic paradigm, can place the United States on a firm footing to anticipate and counter subversion. An effective counter-subversion campaign promotes and supports effective governance, as well as public and private efforts.
Once these assessments are completed across various levels, individuals and groups can begin to systematically integrate them into other planning methodologies. This collective effort is essential to prepare for and respond to future attacks. While a plethora of planning tools and methodologies exists across government and business venues, there are gaps that detract from our abilities to deal with a broad spectrum of subversion threats. Fresh perspectives enhanced by deeper, long-term analysis involving all of the elements of gray zone subversion described above will improve our readiness to recognize and confront these challenges.
Recommendations:
As the U.S. government considers how to identify, categorize, and lay groundwork for responding to the full range of subversion TTP in the great power competition of this century, the authors suggest beginning with a net threat assessment of the global state of modern subversion. The purposes of this assessment would be to: (1) take stock of the state and non-state actors appearing to use subversion TTP domestically and abroad; (2) catalog the TTP in use (agnostic of actor); and (3) analyze the potential effects of the TTP on both the government and American civil society. Given the continually morphing nature of actors and specific subversion TTP, this initial assessment would be best recognized as a living document, with an expectation for continual refinement as new tactics, actors, and motives emerge.
After a baseline net threat assessment, a multidisciplinary red team analysis of U.S. vulnerabilities to modern subversion campaigns and activities should be conducted. Based on the net threat assessment (above), the U.S. government should select the actors of greatest strategic, operational, and tactical concern. For each selected actor, the red team would then conduct an analysis of critical U.S. vulnerabilities, across the whole of society. To best leverage the use of the red teaming construct, the red team itself would then determine the best subversion TTP to exploit identified vulnerabilities, along with their desired effects and measures of effectiveness. Finally, the red team would develop a campaign plan for each actor using modern subversion TTP to demonstrate the previously identified vulnerabilities.
Using the campaign plans developed during the red team analysis stage, a gap analysis should be conducted of U.S. government and society capabilities to recognize and respond to the range of subversion campaigns. This step bears many similarities to the post-9/11 efforts undertaken at the Federal, State, local, and tribal levels to identify gaps in domestic capabilities to prevent, detect, respond to, and recover from terrorist events. Planners and liaisons will need to conduct extensive outreach at all domestic levels to adequately catalog existing detection, prevention, and response resources. Participants should be encouraged to look broadly throughout their respective communities and networks to understand where they can draw on expertise from existing resources.
Finally, a needs assessment of the policy, economic, fiscal, educational, political, and socio-cultural tools that need to be developed to bring the whole of the United States to an adequate state of readiness in the context of the great powers competition is needed. Just as occurred during the early stages of the Global War on Terror, all aspects of American society should take stock of where the resources available to them fall short, where policy and doctrine needs to be developed, authorities created or modified, funding allocated or redirected, and where training and education deficiencies need to be addressed.
Critical to the success of this major undertaking will be new approaches to analyzing the modern operating environment. These tools and methodologies will need to be flexible enough to assess the full range of gray zone subversion actors and how they exploit, leverage, and manipulate supply chain vulnerabilities, competitive intelligence, counterintelligence, intellectual property theft, money laundering, and obscured foreign investment in key U.S. business sectors, to name a few key areas of concern. Perhaps most importantly, analysis must tie the seemingly disconnected and tactical activities into strategic value sets that affect the influence and power balance underpinning U.S. National Security.
For a full copy of the report, drop an email to Editor@thecipherbrief.com
What do you think of the report's findings? Leave a comment below.
Read also Taliban: New Masters of the Gray Zone with expert insights from former senior British Diplomat Nick Fishwick and former CIA Officer and Deputy Director of the Defense Intelligence Agency Doug Wise.
And read Maskirovka: Russia’s Gray Zone Between Peace and War with Former Senior CIA Officer and Cipher Brief Expert Robert Dannenberg and Maj. Gen. Volodymyr Havrylov, Defense Attache of Ukraine to the United States.
Get more national security expert insights, opinion and analysis in The Cipher Brief
