This is part 2 of a 3-part series by Cipher Brief Expert and former Assistant Director of CIA for South and Central Asia Dave Pitts, who also serves as a member of The Cipher Brief’s new Gray Zone Group.
EXPERT PERSPECTIVE — Even with a broad understanding of the gray zone, it can be difficult to put into strategic perspective the gray zone activities we see. The tools of the gray zone are diverse and evolving: cognitive warfare; cyber operations; use of surrogates, proxies, and ambiguous forces; aggressive espionage; political and economic coercion; and darker tools such as sabotage and assassinations come to the top of the list, but there are others.
Our adversaries are using these tools in key five areas in the gray zone to advance their strategic objectives, to gain a strategic advantage, and to attempt to weaken and undermine the U.S.
First, our adversaries want to win the cognitive battle
Beyond disinformation, our adversaries, particularly Russia and China, are conducting much more advanced and AI-enabled cognitive warfare activities to advance their strategic objectives by attempting to manipulate how we see the world, what we think, how we make decisions, and which decisions we make.
For example, the current debate over TikTok is based on concerns that TikTok allows China to discreetly drive the national security narrative in the U.S. to its advantage, with an audience of 170 million Americans. There are also concerns about China’s access to the personal data of all those users.
TikTok is just one example. Today’s cognitive warfare is a comprehensive assault on human cognition. Our adversaries attempt this by influencing individuals, groups, and societies, including our policymakers, at the cognitive level—through persistent influence and disinformation activities, but also through a wide range of actions and pressures, including intimidation—that can influence cognition. Cognitive warfare has become a prevalent gray zone activity.
Second, our adversaries are working to alter the geopolitical landscape to their advantage
The gray zone allows nations to alter the geopolitical landscape or “change the map”, figuratively and literally, so that it favors their interests and possibly sets conditions for a future war.
In 2014, Russia seized control of Crimea to change the map around its borders using ambiguous forces, soon to be labeled “little green Men”. This created a thin veneer of deniability and enough confusion for Russia to gain full control of Crimea before there could be an effective international response; essentially a fait accompli.
Today China is expanding its artificial island-building activities in the South China Sea, creating new strategic locations that didn’t exist. China began these activities more than a decade ago in the Spratly Islands. The strategy has allowed China to project military power far from its mainland, potentially threaten U.S. bases in the Philippines, and intimidate its neighbors.
Join Pitts and other Cipher Brief Experts for a real-time conversation on defining the gray zone and the impact on U.S. national security led by former Undersecretary of Defense for Intelligence Dr. Michael Vickers and Dave Pitts on Wednesday, January 22 at 1:30p ET. Subscriber+ Members, check your email for an exclusive invitation to register for this exclusive conversation. Not a member? We can help with that.
China’s aggressive maritime activities around Taiwan, meanwhile, are part of a strategy to erode Taiwan's control over these waters, normalize the presence of Chinese forces, and assert Chinese jurisdiction through force; a change in the status quo outside of international norms.
Iran's development of proxy forces in Syria, Lebanon, Iraq, and Yemen are another example, changing the map in a more figurative way, allowing Iran to project power well beyond its borders, to provide strategic depth, and to threaten Israel, the U.S., and the West.
The polar regions, particularly the Arctic, are new areas of contested space ripe for gray zone activities in an evolving and important geopolitical landscape. Russia is already trying to exert control over Arctic waters close to the U.S., and China’s growing influence in Greenland is heating up great power competition.
Third, our adversaries want to compromise and disrupt our essential national systems
Penetrating and compromising national systems can have devastating impacts while still avoiding a military response.
Cyberattacks on U.S critical infrastructure constitute one of the most potentially damaging gray zone activities by our adversaries. According to DHS, China, Russia, and Iran are the most pressing foreign threats to U.S. critical infrastructure
FBI Director Christopher Wray recently said that Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow.” The U.S. response has been robust, but this is a race we are not yet winning.
Although not formally designated as critical infrastructure, space and space infrastructure have also become a frontier for gray zone activity. Our adversaries can disrupt GPS and communications satellites, and other methods, such as deorbiting, obstructing, or soft kill may also be possible. This may be a new type of space race.
Sabotage is a tool of war, but it is also a gray zone activity. Sabotage can damage, disrupt, or destroy critical infrastructure, resources, or capabilities, and is often conducted covertly. Some forms of sabotage can also create chaos, intimidate, convey threats, and undermine confidence in a government’s ability to protect it citizens and sovereignty.
Russia has a long history of sabotage, including suspicion that it may have collaborated with China in cutting two fiber-optic data cables in the Baltic Sea in November. Russia was also implicated in plotting to put incendiary devices on cargo planes and other acts of sabotage in an escalation of Russian sabotage activities against the West.
One non-adversary example also stands out. Israel’s innovative sabotage of Hezbollah pagers and hand-held radios last September disrupted Hezbollah’s command and control, shattered Hezbollah’s confidence in its communication, reminded Hezbollah that Israel had deeply penetrated its organization, and sent shockwaves throughout Hezbollah leadership and the rank-and-file. This was sabotage not only with a strong disruptive effect but also with a strong cognitive component, as an example of the broad impact that sabotage operations can have.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? Get expert-level analysis about The Middle East, Russia, China and the other issues driving today's headlines.
Supply chain disruption is a frequent gray zone activity. Russia is using sabotage to disrupt the flow of support to Ukraine. In 2017, Russia’s NotPetya cyberattack on the Ukraine, which Russia continues to deny, also disabled global supply chains.
Iran also poses a threat to U.S. and global supply chains. Iran has seized almost 20 ships since 2021, including the 2024 seizure of MSC Aries in international waters. The Houthi attacks on international shipping also threaten and degrade Israeli and Western supply chains.
The assassination of foreign officials—political, military, and industry—is a long-standing gray zone tactic. Many countries have a history of using assassinations to silence political dissent, and the KGB has been credited with numerous assassinations of foreign leaders during the Cold War.
Russia’s disrupted plan to assassinate the Chief Executive of a German arms manufacturer that produces artillery shells and military vehicles for Ukraine, and other defense industry executives across Europe, is an example of Russia’s willingness to assassinate foreign officials – beyond military targets – to achieve its goals.
And while it did not involve a foreign official, Russia’s plan to assassinate Russian defector Aleksander Poteyev, which was disrupted in Florida in 2020, is a clear signal that Russia will take action with no regard for sovereignty or law.
The U.S. Justice Department recently announced murder-for-hire charges against an Iranian IRGC asset including plots against President-elect Donald Trump. This is the latest in a long series of Iranian plots to assassinate Americans and other Westerners.
Fourth, U.S. adversaries want to steal data and technology to gain an advantage
Espionage is taking place every day around the world, but the gray zone allows for bolder, more aggressive espionage that is harmful to the U.S. but difficult to deter and counter.
The 2024 large-scale hacking of telecommunications infrastructure, perpetrated by “Salt Typhoon”, a China-backed hacking group, exposed the cell phone records of millions of Americans, including political figures, and went undetected for more than a year.
Russia’s 2020 SolarWinds cyberattack, which involved widespread infiltration of government and private sector networks, is another example of large-scale cyber espionage campaigns. Both attacks resulted in incalculable national security damage to the U.S.
The intersection of technology, defense, space and intelligence is critical to future U.S. national security. Join The Cipher Brief on June 5th and 6th in Austin, Texas for the NatSecEDGE conference. Find out how to get an invitation to this invite-only event at natsecedge.com
FBI Director Wray identified China’s technology theft as the “defining threat of the generation”, and it is also a global threat. Technology theft potential gives China and other countries a means to undermine a U.S. technological edge.
China uses cyberattacks, hacking operations, recruitment of employees, and social and professional networking sites to identify targets, and direct acquisition of companies and land. The impact is widespread. One in five U.S. corporations report that China has stolen their intellectual property within the last year; overall, such theft has an annual impact estimated at between $225-600 billion. Targets range from Fortune 100 companies to small startups, which may be particularly vulnerable.
Russia and China employ other methods as well. The Chinese surveillance balloon episode from early 2023 illustrated that China will use all means available to spy on the U.S., including violating U.S. territory.
The ten “Operation Ghost Stories” SVR agents arrested in the U.S. in 2010 not only gave Russia an ongoing intelligence collection capability, but also a potential gray zone capability inside the U.S. for the future – had it not been disrupted.
Finally, U.S. adversaries are working to undermine U.S. global activities and influence
Our adversaries work in the gray zone to undermine and disrupt U.S. global activity, influence, and standing around the world, particularly with prospective partners. Unexpected setbacks in global initiatives or the reversal of diplomatic gains can often be traced back to the gray zone.
U.S. and NATO efforts to provide Ukraine with an advantage over Russia are directly undermined by Iran and North Korea shipping missiles, drones, and munitions to Russia, and China providing billions of dollars in microchips—an effort aimed as much at the U.S. as Ukraine.
The U.S., NATO, and other countries have taken significant steps to sanction Russia following its invasion of Ukraine. But ghost fleets, shell companies, money laundering, and other behind-the-scenes cooperation with countries unwilling or unable to cut ties with Russia enable gray zone sanctions evasion and undermine U.S. efforts.
Past U.S. efforts in Syria were systematically undermined by Iran and Russia, often working in parallel. Their activities had the intent to diminish U.S. presence, influence, and resolve in the Middle East. However, the December collapse of the Assad regime represents a significant setback for Russia and Iran.
China and Russia both have a long history of gray zone activities to subvert legitimate political processes and undermine political independence of other countries to put in place governments favorable to them. This is well beyond traditional diplomacy.
Russia has used a variety of coercion, bribery, voter bribery schemes, economic leverage, and support for separatists and pro-Russian groups to manipulate political processes in Moldova, Ukraine, Georgia, and in at least 28 countries in Africa.
Europe has been a favorite political interference target for Russia, and Russia has used similar tactics to influence political outcomes in Romania, France, and Italy. Russia still hopes to maintain considerable influence in, if not control over, Central Asia through political interference.
China has employed varying levels of bribery, coercion, and debt diplomacy with mixed degrees of success in countries such as Taiwan, the Philippines, Indonesia, Malaysia, South Korea, Bhutan, Pakistan, Laos, Cambodia, Myanmar, Nepal, Sri Lanka, the Maldives, New Zealand, Canada and Australia. It’s fair to say that China’s diplomatic engagement and economic investment can easily set the stage for more nefarious gray zone activity.
China’s expansive Belt and Road Initiative (BRI) currently provides China with diplomatic and economic access in 150 countries. BRI does provide economic advantages for many of those countries, but it would be a mistake to not also see the BRI as a foundation for China’s global gray zone activity—political interference, expansion of Chinese intelligence and military infrastructure, and negating of U.S. access and influence.
Read the next installment of Pitts’ Gray Zone series next Wednesday, exclusively in The Cipher Brief.
Join Pitts and other Cipher Brief Experts for a real-time conversation on defining the gray zone and the impact on U.S. national security led by former Undersecretary of Defense for Intelligence Dr. Michael Vickers and Dave Pitts on Wednesday, January 22 at 1:30p ET.
Subscriber+ Members, check your email for an exclusive invitation to register for this exclusive conversation. Not a member? We can help with that.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
