Meeting

Navigating the Gray Zone—Strategies to Address Hybrid Warfare

Monday, March 10, 2025
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected
      Lockheed Martin/Garry Tice via Reuters
      Speakers
      James Appathurai

      Deputy Assistant Secretary General for Innovation, Hybrid, and Cyber, NATO (North Atlantic Treaty Organization)

      Max Boot

      Jeane J. Kirkpatrick Senior Fellow for National Security Studies, Council on Foreign Relations; @MaxBoot

      Linda S. Lourie

      Principal, WestExec Advisors; Former Assistant Director for Research and Technology Security, White House Office of Science and Technology Policy (2021-22); CFR Member

      Presider
      Christopher Isham

      President, CT Group Intelligence USA; CFR Member

      Panelists discuss the rising threat of hybrid warfare, exploring the tactics used by hostile states, and effective strategies to counter these covert attacks.

       

      ISHAM: Thank you very much and welcome, everyone. My name is Christopher Isham. I’m president of C|T Group Intelligence USA. And I’ll be presiding over today’s session on “Navigating the Gray Zone—Strategies to Address Hybrid Warfare.”

      We have a very strong panel with us today. And we’re—and I’ll introduce them briefly. James Appathurai is NATO’s deputy assistant secretary general for innovation, hybrid, and cyber. In this capacity, he is the secretary general’s primary advisor on hybrid threats. Max Boot is a historian, best-selling author, and foreign policy analyst. He’s the Jeane J. Kirkpatrick senior fellow for national security studies at the Council on Foreign Relations, and a weekly columnist for the Washington Post. Linda Lourie, the principal at WestExec Advisors and a former assistant director for research and technology security at the White House Office of Science and Technology Policy.

      So with that, let’s get on with it. Just to preface, other than Ukraine most European countries do not believe that they are at war with Russia, but there is increasing evidence that Russia is at war with them. And what we’ve seen over the past year—for example, we’ve seen assassination plots. We’ve seen a series of packages explode in cargo facilities in the U.K., Germany, and Poland. We’ve seen arson attacks across the continent. We’ve seen undersea fiber optic cables in the Baltic Sea severed. We’ve seen rail lines sabotage and information war operations designed to influence elections have been conducted. So, broadly speaking, these kinds of attacks are considered part of Russia’s hybrid war, or gray zone attacks. This is activity that falls just short of open kinetic warfare and below the threshold that would trigger response under Article 5.

      So let me begin with James. How serious do you think this threat of hybrid or gray zone warfare is to NATO member states today?

      APPATHURAI: So we do think it’s important. So, first of all, thank you very much for the opportunity to speak.

      We think it’s important. We think it’s quite important. And I’d just maybe frame it for a second, so that viewers can at least see how we see it. I think the first thing to note is that these kinds of destabilization campaigns have been Soviet policy, and now Russian policy. So this is decades long. And this is enshrined in their strategic documents. And most people—you can just go online and have a look at them. It’s not just me saying it. And I think the second point to note is this is all in the concept of Russian warfare. So the way Russians approach warfare is to use all the tools available to the state to achieve a political aim. And that includes military tools and non-military tools in a very flexible, fluid way. And they’ve actually built a headquarters in Moscow where all the instruments of state power are sort of aggregated and all the levers can be pulled at the same time. And you can Google it, because they happily showed it off to the media when they built it a few years ago. So I think the—sort of the starting point is this is campaign and it’s about destabilization.

      You very accurately listed a lot of the incidents and trends that we’re seeing. We take it seriously for a couple of reasons. One is, a lot of these attacks pose a risk to the lives of citizens in our countries. For example, the incendiary devices put onto aircraft, which could, of course, kill the people on the aircraft. The aircraft can also fall on somebody or on many people. So that’s one example. Second is to threaten politicians. And we’ve seen that too. So interference in our political systems is something very, very important. And another aim is to undermine support for Ukraine. And that’s why you saw some of the sabotage against railroads and other ways in which logistical support is provided to Ukraine.

      Final point I’d make is this can get much worse. You talked about damage to undersea infrastructure and other critical infrastructure. That can take place also using cyberattacks. And I’ll give you an example. There was the hack on the Colonial Pipeline system in the eastern United States, which shut down fuel supplies for, you know, millions of people. Imagine that everywhere, all the time, or all at once, and you start to get an idea of how important an economic effect hybrid attacks can have. And if you look at the Skripal incident, where chemical weapons were used in the United Kingdom to kill two people, that jar of Novichok was then thrown under a park bench. It could have killed a thousand people, plus. And it was just nonchalantly thrown down. And killed a couple of people, in fact. But it could have been much, much worse. So we see the risk appetite of Russia going up. And when I say risk, I mean risk to our citizens and our economy. So we are taking it very seriously.

      ISHAM: And have you seen the pace of these kinds of attacks increase as the risk on Russia’s side increases?

      APPATHURAI: I mean, in general it goes up and down from month to month. And we follow this very carefully. But the overall trend over the last five years is definitely on the way up. And what is new, or new-ish in the last couple of years, is the more kinetic side, which you outlined. Which is the sabotage, the derailments, the fires, the incendiary devices, the threats to politicians, attacks on their property, and the increasing damage to undersea infrastructure. All of this is increasing intensity—in intensity since Russia’s war on and in Ukraine.

      ISHAM: Got it. This kind of warfare may be accelerating, and we’re obviously much more aware of it today, but it’s not a new phenomenon. Max, what do we know about the origins of this kind of warfare?

      BOOT: Well, I mean, we call it gray zone or hybrid warfare but, you know, another name for it is simply warfare, I mean, or competition among countries. I mean, you know, going back to the dawn of civilization nations have engaged in propaganda and sabotage, in trying to undermine their adversaries, to buy—to buy them off, to, you know, split their alliances against them, and so forth. So, I mean, this is not a new thing. But it is certainly something that I think is gaining greater recognition in the modern world, especially up until recently there has been kind of an assumption that state-on-state warfare is a thing of the past, because we have not seen that much of it since 1945. And there was—in particular after, you know, Russia sent little green men to occupy Crimea in 2014, I think people tended to focus on this is kind of the new face of warfare, just below the line of actual kinetic warfare.

      And, of course, Russia has since gone on to invade Ukraine and to wage a very deadly and very conventional conflict. You know, probably the worst conventional war we’ve seen since the Iraq-Iran war in the 1980s, and one of the few since—in the post-1945 era. So that’s a reminder that conventional warfare has not gone away, even in the nuclear age. But there is no question that, at the same time that Russia is waging, you know, very conventional warfare on Ukraine, it is also carrying out, as James pointed out, all of these gray zone type of actions in Europe, in particular. But also with a very active propaganda disinformation arm which is messaging around the world, and pretty successfully even in the United States. So this is—this is—you know, I think another way to put it is this is kind of 360 degree warfare. And it’s being waged not just by Russia. It’s also China, Iran, a number of other adversaries. And that’s—we need to—we need to think of warfare in all those dimensions.

      ISHAM: Yes. In fact, I wanted to ask Linda a little bit about some of the other perpetrators. Russia is considered the primary perpetrator of these kinds of attacks but, as Max just mentioned, other countries have engaged in in these kinds of tactics. What comes to mind?

      LOURIE: That’s a great lead in. And I echo James’ thanks for including me on this panel.

      China is obviously watching and learning what Russia is—from Russia, and matching and surpassing their efforts to—for attempts to destabilize the United States. I think first comes to mind, and something that’s really current, is TikTok, which is a Chinese-controlled app that is pushing through their algorithm all kinds of content, to largely young people but broader than that, that serves Chinese interest and serves to destabilize the U.S. and destabilize our youth from foreign policy objectives. They’re also working to surveil American citizens, as well as Chinese American citizens, through their police stations that are operating out of their embassies.

      And economic efforts, including investments in critical technology, which we are—you know, we work hard to review those, but it’s—some investments are impossible to review, as well as even short of investments, when you have Chinese—young Chinese interns into offices of venture capital firms reviewing all kinds of technology, they have ability to see what’s going on. And then the next step is data collection tools. We see that from the OPM breach—the Office of Personnel Management—from several years ago. So anybody who worked in the government then has had their information collected by the Chinese.

      And I would add to this Wi-Fi and video cameras on subway cars that they’ve sold to a number of major cities and connected cars. And there’s a rule that’s being promulgated on prohibition of Chinese-connected cars in the United States. We don’t currently have Chinese cars, at least not in large numbers, but these are the ways that China is looking to gather information to use in the future to—you know, as a way to weaponize and destabilize this country. So I would argue that this is a part of a hybrid program as well.

      ISHAM: Thank you. Yeah, thank you. These kinds of operations fall into several categories. And the first, which I’d like to dig into a bit, is what I would call critical infrastructure attacks. And the most obvious example of those have been the severing of these undersea fiber optic cables in the Baltics, which occurred last November and December. In one of those cases a vessel, which is suspected of dragging its anchor to cut the cable, was detained by Finland. James, what do we know about that ship?

      APPATHURAI: So that ship is being investigated. It’s the Eagle S. And it’s being investigated by the Finnish authorities. But actually, I think your point is the larger one also, that what we see is a pattern of damage to this infrastructure. And it’s damage that wasn’t taking place to the same extent a few years ago. And what we know is that our job is to ensure that our citizens can get the heat and the light and the data that passes through this undersea infrastructure—pipelines and data cables. So we’ve done a few things in NATO to try to do more to help protect it.

      That includes setting up basically a network with the companies that operate this undersea infrastructure, so that we can exchange data, we can exchange information about threats, we can exercise together. We can talk about how to build better resilience. So that’s already been done. We’ve deployed military assets into the Baltic Sea with instructions to be more robust. And NATO allies that are contributing or defending their own territorial waters are also being more robust. The example you used of Finland was inspiring to other allies to be a little bit more robust in how they respond.

      And we’re setting up—

      ISHAM: They actually boarded the ship, didn’t they? And I believe they detained a number of the crew members.

      APPATHURAI: They did. Well, they abseiled down onto the ship and then took the ship to shore. And you’ll see more robust action from NATO allies. And you’re already seeing it in incidents that took place after that particular incident.

      The final thing we’re doing is setting up basically a sensor stack from seabed to space so that we can better see what’s going on in the Baltic Sea, but also use AI tools to narrow down what we need to focus on, from the 3,000 ships that are at sea at any given point to, let’s say, the five or the twenty that we need to watch more carefully. What we want to do is make it very clear to everyone—not just whoever is behind increased damage but also ships’ captains, fleet operators—that it’s going to cost a lot to do damage or even to threaten damage to the undersea infrastructure there and send a clear deterrent message.

      ISHAM: So there have been some indications that that ship, the Eagle S, was part of what’s been called Russia’s shadow fleet, which operates to smuggle oil from Russia to various buyers around the world, clandestinely in violation of sanctions. And that they’re using this shadow fleet to also cause damage to undersea infrastructure and cables. How much visibility do we have into this shadow fleet? And do you agree with that assessment, that the fleet is being used for sabotage as well as for evading sanctions on oil supplies?

      APPATHURAI: So in terms of visibility, there’s quite a lot. And there has been for quite some time. So I think in terms of knowing which ships are part of the shadow fleet and where they’re going, we already have a pretty strong foundation amongst governments, also other private companies, like major oil companies, also know which ships are in the shadow fleet. And there are steps being taken to substantially enhance that knowledge. As to whether or not things are being done deliberately or not, I think—so I don’t always know. I don’t think everybody knows. And we have to let the investigations run their course. But actually, from our perspective, what matters is the damage that’s being done.

      And these ships, these shadow fleet ships, are called shadow fleet precisely because they are, of course, as you say, being used to evade sanctions on Russian oil. But, as a result, they are almost always ships that are old, that are generally unsafe, that are single hulled, that don’t meet international safety standards, that are sometimes operating with legal flags of convenience, sometimes, and increasingly, not with legal flags of convenience. Often they don’t have the insurance that they need. And they’re transiting through relatively shallow waters close to shore.

      So there’s all kinds of risk involved with these ships, which is in addition to what risk it might be posing to undersea infrastructure. And that’s very much a part of the reason why NATO allies and other countries are stepping up activity to monitor them and do what’s necessary to address the threats that they face, even in international waters when it comes to environmental issues. And that’s on a solid legal basis. And we’ve checked that very carefully. So there’s all kinds of risk from these ships, sanctions, environmental, and, as well, potential risk from anchor dragging.

      ISHAM: Yeah. There’s a proposal, I believe, that Canada has put on the table to be introduced at the G-7 coming up this week that would create a task force on Russia’s shadow fleet. It’s my understanding that the United States has not signed on to this proposal. Does NATO have a position on that particular proposal?

      APPATHURAI: We don’t comment on proposals in other international bodies, of course.

      ISHAM: But it could be helpful.

      APPATHURAI: Well—good try. (Laughter.) We also—I don’t think we’d particularly appreciate if, you know, the G-7 were to comment on draft proposals in the NATO system. (Laughs.) So we’ll leave that to the G-7 and to the countries that are occupying it.

      What we care about is security in the Baltic Sea area. We care about protection and security for critical undersea infrastructure. Many allies look to the risks posed by the shadow fleet and have taken decisions, including in NATO, in terms of accepting them, for example, in ports. We have no obligation—our allies have no obligation to accept them docking in their ports because of, aside from anything else, the environmental risks that I just discussed. And, you know, if you’re in Denmark and you see all these ships piling up in the Gulf of Denmark, you’re not that happy about the very, very low safety standards that these ships face—or, cause.

      ISHAM: Yeah. So, I mean, just briefly maybe you could address some of the other forms of attacks on critical infrastructure. I believe there have been a number of attacks on medical facilities, hospitals, that sort of thing.

      APPATHURAI: Yeah. And I think you’re right to point more broadly. I think the first thing I would mention is actually cyber because people don’t see it, obviously, but actually the cyber threat to critical infrastructure is really high—both from Russia in the form of ransomware, and ransomware that is often a cover for the implantation of malware. And that includes, in particular, into industrial control systems. And from China, through programs which some people might have heard of—Volt Typhoon, Salt Typhoon. So it’s a steady program of putting malware into critical infrastructure to do two things, espionage and to be able to shut it down if they want to. And I mentioned the Colonial Pipeline hack. That was one. You mentioned hospitals. You’re referring to the U.K., of course, most obviously. But that has happened elsewhere as well. So there’s very substantial cyber risks which are not going away. These campaigns continue.

      Then, of course, there are physical threats to critical infrastructure. And we’ve seen some of those play out across Europe. So, you know, we’re very concerned about critical infrastructure. And I think it’s important to note that the Russians in particular, like the Soviets before them, have, as part of their strategy, to go after energy infrastructure. And they have done that and weaponized energy very obviously over the past few years, first by cutting off energy supplies to the West. Second, the cyberattacks that I mentioned. Third, damage to our critical infrastructure through sabotage. And we’ve discussed some elements of that. And then, fourth, full-scale assault. And that’s what the Ukrainians are experiencing every single day. So you get the whole arc of attack, on energy infrastructure in particular, happening right now. And as I say, this has been a long-standing focus of Soviet and then Russian policy and strategy and operations.

      ISHAM: Max, another category of this kind of warfare is what I would call information war, which has often been directed at influencing elections in, for example, Moldova and other European countries. What are some other examples of that?

      BOOT: Well, this has been a massive Russian disinformation campaign where they’ve spent years building up Kremlin organs like Sputnik, RT, Russia Today, many others, and also establishing links with far-right and far-left parties in Europe and the United States. And you see that really paying off for them with, you know, the AfD, for example, now being the second-largest party in Germany. And they are, aside from being—you know, having extremely offensive views on immigrants, and neo-Nazi proclivities, and so forth, they’re also pretty pro-Russia. They really echo Russian propaganda. You see Russian propaganda being echoed by Orban and his Fidesz Party in Hungary, many others as well.

      I mean, quite frankly, you see it here in the U.S. of A. I mean, when—if you go back to that horrendous Oval Office exchange between President Zelensky, President Trump, and Vice President Vance, when Trump and Vance ganged up on Zelensky a lot of what they were saying was just Russian propaganda about how Ukraine is leading us to World War III, how they can’t win. Trump has consistently said that Ukraine started the war, even though it was an unprovoked invasion by Russia. Vance has blamed NATO, which is the excuse that Putin has given for his unprovoked invasion. And, you know, it’s hard to know exactly where these talking points come from, but they are certainly part of the far-right infosphere in the U.S. and in Europe.

      And you see very interesting interchange between Russian propaganda organs and far-right websites, and social media, and so forth in the U.S. and Europe. And it’s—at this point, it’s actually hard to know where these disinformation stories start, although they get propagated everywhere. But one good example of that was the this nonsense about Ukraine having bioweapons labs, which was apparently started by an expatriate American and then it, you know, found its way onto the right-wing media sphere, and then was picked up and amplified by the Russian propaganda organs. And then it’s this kind of endless feedback loop where this ridiculous stuff gets spread. And it often, you know, winds up at the highest levels of U.S. or even European politics.

      So the Russians have been very effective in spreading their lies. And we are basically, at the moment, I would say, unilaterally disarming. Even before Trump took over Republicans had ended funding for the Global Engagement Center at the State Department, which is meant to counter disinformation from Russia, from ISIS, from China, and other sources. So that was defunct even before Trump came into office. And, of course, since Trump came into office he and Elon Musk have destroyed funding for the National Endowment for Democracy, for example, which supports so many groups that are trying to get out the truth about Putin’s oppression and corruption, and doing the same with other regimes around the world. And, you know, Putin—and the Trump administration has now ended offensive cyber operations against Russia. So I feel like the Russian propaganda blitz is continuing, and now instead of trying to counter it too often U.S. leaders are echoing that Russian propaganda.

      ISHAM: I want to hit on one more category before we move to sort of some more general questions. Linda, what can you tell us about how Russia uses—facilitates migration, and it’s actually weaponized migration?

      LOURIE: Yeah. So between August and December of 2023, more than 1,300 asylum seekers from the Middle East, Syria, Somalia, Yemen, entered Russia with cheap flights on student or tourist visas. And they were given winter coats and bicycles and driven to the border with Finland. It’s about a thousand-mile border with Finland, and a lot of it is not well guarded. But they give them winter coats and bicycles—and bicycles because you’re not allowed to walk across the border. That’s one rule.

      And so they’ve got them biking across the border, with the idea that all these asylum seekers are going to destabilize Finland and, in effect, the EU. And a largely this was retaliation for Finland’s joining NATO in April of 2023, and looking to destabilize their alliance—the NATO alliance, as well as the EU. This was a security threat as well as an economic threat. So they did this before with Belarus, but Belarus was an ally, and with the idea that they’re going to get people into Europe through Belarus. But this was particularly egregious. And Finland retaliated—or, responded by closing all their borders with Russia.

      ISHAM: Thank you. I’d like to move on to question of how—from a from a high point of view—how NATO combats this kind of warfare. James, one of its characteristics, it seems to me, is the deniability and the ambiguity that’s built into many of these kinds of attacks. The difficulty in attributing these attacks to certain actors, and particularly tracing them back to perpetrators such as Russia or China. What is NATO doing to strengthen intelligence sharing among member states, among both law enforcement organizations as well as intelligence organizations, to try to get a better—get better visibility into the actors behind these kind of tactics?

      APPATHURAI: So a couple of points. And I think it’s a great question, because better visibility is crucial, but I would also put some constraints on the attribution aspect. So I’ll just explain for a second. It’s very important that we don’t allow a sort of very rigid requirement for 100 percent attribution at all times to handcuff us from doing what we need to defend our systems, to also establish some deterrence. These kind of gray zone, destabilization efforts, hybrid, whatever you call it, are predicated on the attempt to be deniable, to hide it, to be ambiguous, to make it difficult to determine exactly who was behind it very quickly. And that’s the attempt. It doesn’t always work. And they’re not often very good at it, but that’s part of the package.

      But what’s really important is that we do what’s necessary to defend our societies, regardless of where the threat comes. But we do need to identify that there is a threat and, if possible, attribute, because actor-specific responses are more effective. If you know what they’re going after, for whatever reason, then you can build better resilience and you can respond and deter more effectively. So a real important foundation of that is good tracking. And we haven’t been good at it. We have been, as a group of countries—not treating this as a group of countries. There’s been a lot of Whack-a-Mole happening.

      You know, when my son was young and I took him to football, to soccer, you’d see a bunch of six-year-olds all running after the ball. You know, nobody plays their position. You don’t see the whole field. We were a little bit like that. What we are doing now is tracking in a comprehensive way. And this is something we’ve just built in the last couple of years, to be able to look across the alliance at the full scale and the full range of destabilization activities or hybrid attacks, and putting together a tracking mechanism. And the logic of that is threefold.

      One is to get a comprehensive view and not play at Whack-a-Mole. Second, is to set a baseline. Because we have been in a bit of a boiling frog situation where it’s going up a little bit all the time, and it’s going up over here, and then it’s going up over there. And if you look back five to ten years, this overall scale is much higher than it used to be. And we cannot accept for ourselves that we just get used to this ever-increasing amount. So that’s the first or second reason, to set a baseline.

      Third is to get a pattern, to see patterns. If one train in the Netherlands, say, that carries supplies to the Ukraine derails, well, it might be a derailment. But if we see seven in seven countries, then we know that it’s a pattern. And we know also what the intent is. And we don’t need to catch seven people who have been hired online by the Russians, or whoever, to carry out this attack. We know, and we can build better resilience. We can respond in different ways, including managing escalation and deterrence.

      And the third reason is to detect the trends. Meaning, is it going up? Is it going down? And I say that because we want it to go down. It’s one thing to set a baseline, but we don’t want this to be the baseline. So even as we are dealing with increased resilience, deterrence, escalation management, because it’s being pressured up, we also need to have a long-term strategy—our own campaign of counter destabilization—to push it down to where we can live with it, and where, you know, red lines aren’t crossed.

      And what always concerns me is that a major attack from wherever in this gray zone would break through and cause, for example, major civilian casualties, major economic damage. And the Skripal example that I used before could easily have been that. Which would then trigger a very violent—I’m sorry, let me rephrase that—a very strong political response or pressure from the opposition, from the media, from the public, that we would have to deal with in times of crisis. So I think it’s really important that we have this better visibility, better attribution wherever possible, but also patterns, trends, and a comprehensive view, and we’re building all of that here.

      ISHAM: Now, there have been some suggestions that NATO could strengthen its countermeasures by adopting hybrid war tactics themselves. So in other words, using Russia’s weapons against themselves. So using sabotage, covert operations, that sort of thing. Have you—what do you think about that?

      APPATHURAI: I think the first thing to say, and I think it’s really important to say—and I’m not just saying it because, you know, we’re on camera—we will abide by the law. We will abide by national laws. We will abide by international laws. There is no ambiguity about that amongst allies. So that’s the first thing. Which means just because Russia does something, or China does something, or whoever does something illegal against us, or one of the allies, that we’re not automatic—we’re not going to do something illegal in response. Second point to make is an effective response to this threat does not necessarily mean you respond with like for like. Like, a cyberattack against one or more allies does not mean that we should necessarily, or any individual ally should, launch a cyberattack in response.

      You can take political judgments to impose costs and express displeasure that are not necessarily like for like. So I’ll give you an example. Major cyberattack can lead—and in fact, does lead—to the expulsion of a substantial number of Russian so-called diplomats, who were carrying out espionage activities inside NATO countries and across, in many cases, Schengen. And so there was a collective decision to engage in this mass decision to PNG, persona non grata, a whole number of Russian diplomats, or so-called diplomats, as a response. This is an effective way to manage this particular challenge. And I think each time there is an incident allies will take a decision nationally or together on how to respond. It won’t necessarily be like for like. And we may take decisions even not in response but as part of the campaign to lower the overall threshold of hybrid attacks against us.

      ISHAM: Got it. Good. Well, thank you very much. With that, I think we should take some questions from our members, I’d like to invite members to join the conversation. You will be cued on how to do that. Raise your hand. And, once again, reminder that this meeting is on the record.

      OPERATOR: (Gives queuing instructions.)

      We’ll take our first question from Jane Harman.

      OPERATOR: Ms. Harman, please accept the unmute now button.

      Q: Are you talking to me? This is Jane Harman.

      OPERATOR: Yes, you’re on. Thank you.

      Q: OK. Hello, everyone. I thought this was a great panel. Congrats.

      My question is, what impact is—

      OPERATOR: Apologies. Seems we’re having trouble hearing you, Ms. Harman.

      Q: Well—(laughs)—

      ISHAM: We got you now. That’s good.

      Q: You got it?

      ISHAM: Yeah.

      Q: What—(audio break)—administration decision on offensive cyber having on all of this? Not tracking offensive cyber in Russia. Did you hear me?

      ISHAM: Yeah. I think the question was, what was the impact of the administration’s decision to terminate offensive cyber operations against Russia, is that right, Jane?

      Q: Correct. Better stated and correct.

      ISHAM: OK. (Laughs.) James, you want to take a whack at that?

      APPATHURAI: Well, I guess what I would say is this. You know, there’s all sorts of fast-moving events and decisions that are underway. What I would say is, from a NATO point of view, I would draw your attention to a political article from a couple of days ago in which a senior NATO official, who wasn’t me, is quoted as saying that intelligence cooperation from the United States with allies through NATO has not been interrupted. It hasn’t been modified. So that’s sort of the basis here. Beyond that, I would leave it to other colleagues.

      ISHAM: Max, I think—I have a feeling where you would take that question. Maybe you want to suggest another pathway there?

      BOOT: Well, I don’t—I mean, I don’t know the exact consequence of cutting off cyber—offensive cyber operations against Russia. And we probably will not know the consequence of that for a little while. And the consequence is probably going to be highly classified, unless it appears on the front page of the New York Times, which is also possible. But, I mean, it does seem to me, as just an outside observer with no access to any of the super-secret information that we’re discussing, that there is a bizarre imbalance in the Trump administration approach here, where Trump is bending over backwards to curry favor with Putin, including by cutting off cyber operations against Russia, but at the same time he has cut off intelligence sharing with Ukraine, which is getting Ukrainians killed.

      And that is putting a massive hamper on Ukrainian ability to defend their population or to target the Russians, who continue their unprovoked, illegal, criminal aggression against Ukraine. So, you know, I can’t see any justification whatsoever for this approach. And, you know, I think it’s just basically an encouragement to further Russian aggression, whether in Ukraine, or in Europe, or in the United States, because basically the signal we are sending to Putin is we will not oppose him. And that is a very dangerous signal to send, I think, to somebody who is already an indicted war criminal.

      BOOT: OK. Thank you. Next question, please.

      OPERATOR: We’ll take the next question from Ken Morse.

      Q: Thank you for this excellent panel. And, James, thank you for tuning in across the time zones.

      It’s a very simple, naive question. What’s the definition of a declaration of war? It seems to me that deliberately dragging an anchor a hundred kilometers, with the obvious knowledge that critical infrastructure will be severed, is pretty close. But I don’t know. And maybe you guys can tell me when is hybrid not hybrid?

      ISHAM: When—I guess, when would hybrid activities cross the line and trigger an Article 5 response, for example? Maybe you could address that, James.

      APPATHURAI: Sure. So, first of all, it’s a great question. And it’s not a naive question. It’s a sophisticated question. And it’s one that we, you know, think about very hard here. The basic policy position of allies is that a hybrid attack can reach the level of armed attack and therefore trigger Article 5. Or, cumulative hybrid attacks could reach a level where allies wish together to invoke Article 5—because, of course, it’s up to allies to invoke it, not the secretary general, and not NATO. It’s up to allies to do that. And, as you know, we’ve only done it once.

      Then comes the next level, which is, OK, what if one ally feels that it has reached that level? And I think it’s really important that we exercise together and discuss together these ideas because one ally’s view might not be that of other allies if we haven’t really exercised it together. So Norway has said publicly that it could consider that an attack on the critical infrastructure it operates can be considered an armed attack against Norway, which then it could bring to the NATO table. And, you know, when you look at how Europe now depends on Norway for 30 percent of its natural gas since we’ve gotten off Russian supplies, that would matter to everybody. And it’s part of the reason why I suspect the Norwegian government wanted to send a very clear message by announcing this publicly.

      So, you know, to bring that long answer to an end, it is a political decision every time, first on the part of a nation and then, if they bring it to NATO, on the part of other allies. But our policy position is very clear. And we will continue to—and we’re doing it right now, literally, almost as I speak—we will continue to exercise together hybrid attacks against us so that we have a common understanding of where the thresholds are of what each ally sees as core to their national interest, and where these attacks can reach the level of armed attack.

      The final point I’d make, though, is we really should not make the mistake of thinking that, OK, there’s hybrid, and then kinetic starts and hybrid’s done and we’re into war fighting. These kinds of destabilization activities will not just continue during full force-on-force fight, but they will intensify. Cyberattacks, disinformation, political interference, attacks on critical infrastructure, attacks on energy infrastructure, these will all be part of a kinetic fight and they’ll continue at varying levels before and after. That is the reality we’re in.

      ISHAM: Thank you. Next question, please

      OPERATOR: We’ll take the next question from Meredith Berger.

      Q: Thank you so much. Meredith Berger.

      And I wanted to go to a piece of U.S. critical infrastructure that was more recently designated in the context of some of the information warfare that several folks were commenting on. And that’s elections. I know that recently the administration has made a decision to review CISA, the FBI task force that looks at influence operations. I was wondering if you all would comment on what that means in the context of this conversation, and how you see that impacting in some of the gray space that we’re talking about. Thank you.

      ISHAM: James, you want to address that?

      APPATHURAI: I think that’s a question for Americans.

      ISHAM: OK. Linda, maybe you have some thoughts on that?

      LOURIE: Thanks. I mean, that’s a great question. I think, as Max was talking about, the media influence both in terms of sovereign media outlets, like RT, but also, like, social media, I think there is a great deal of disinformation and misinformation, as well as just flat-out interference that we’ve seen in the past. And by removing our—or, diminishing our ability to spot that, it’s very worrisome, frankly. And it makes it difficult for us to be able to respond in the future and future elections, and to ensure that we have free and fair elections.

      ISHAM: And what kinds of countermeasures would you suggest could be strengthened to, basically, prevent these kinds of attacks in the future?

      LOURIE: I mean, I think with AI there’s increasing opportunity for malign involvement. Some of the AI tools, like watermarking and identification of—that requirement of identification that AI is being used would be helpful in being able to identify which are actual videos and which are AI-created videos. And then reestablishing measures that can identify malign efforts to destabilize and promote disinformation would be ideal.

      ISHAM: OK. Thank you. Next question, please.

      OPERATOR: We’ll take the next question from Ken Kraetzer.

      Oh, good morning. This great panel. Ken Kraetzer with CaMMVetsMedia.

      When we were in Washington in December they talked a lot about the SALT Typhoon virus. But military people tell us about the connection between cyber and space. And I’m wondering if damage to a communications satellite would go over the line that you’re describing between hybrid and kinetic.

      APPATHURAI: Oh, I guess that one’s for me again, huh?

      ISHAM: That’s for you. James, yeah. (Laughter.)

      APPATHURAI: So, you know, we spend a lot of time thinking about space and our—and, I mean, all allies and NATO’s heavy dependence on space assets. And, you know, we have now taken steps to enhance our resilience in space. And that includes stronger reliance on commercial infrastructure. You know, we’ve always had this sort of exquisite military satellite focus in many NATO countries. And obviously these satellites have incredible capability. But what you see more recently is the proliferation of commercial satellites, low earth orbit synthetic aperture radar satellites, low earth orbit communication satellites. Starlink is an excellent example but there are others. And so we’re working really hard to basically diminish the threat that you just discussed, which is taking out one satellite, which can then, you know, blind you, cripple your ability to communicate or to see.

      With these constellations of small satellites, it becomes really, really hard to take them out. Like, maybe with this sort of nuclear weapon that Russia is putting into space, well, then everything goes. But below that I’m actually feeling confident that as we, and NATO allies also nationally, move towards these different constellations, actually the risk of a single attack against a satellite having such an impact on our security that it does raise very fundamental questions about collective defense will diminish. And I think diminish pretty quickly, because of the pace at which these satellite constellations are being put up.

      Not just by us, by many, many countries. But, you know, we happen to have in the West a real strength when it comes to launch. And, you know, SpaceX is one of the most obvious, but there are others in the U.S. which are also of good value. So I think actually we’re getting to be, when it comes to space, in a stronger position than the pretty vulnerable position we’ve been in until now, especially when you see the extent to which China, in particular, has developed antisatellite capabilities. Russia has as well. I just mentioned the biggest one. So it’s of concern. I hope and expect that over time it will be of diminishing concern.

      ISHAM: Thank you. Next question, please.

      OPERATOR: We’ll take the next question from James Gavrilis.

      Q: Hi. James Gavrilis. I’m with George Washington University.

      Maybe this is not such an interesting question, but I have a lot of graduate students who are interested in this field. And I’m wondering what areas do you see further research could advance either awareness or understanding or policy changes? And I’d like to almost hear from every one of the panelists, if they’ve got a couple ideas on that. Thanks.

      ISHAM: OK. Well, shall we start with Max? Any ideas on that?

      BOOT: I mean, there’s a lot to do. It’s obviously a burgeoning area. And there’s so many different questions that have been raised, even during this—our discussion today that don’t have great answers, like when do hybrid attacks cross the threshold of becoming acts of war and that could lead to kinetic response? Or, you know, how—you know, what is the threat of information operations? What is the threat of cyber operations? How do you counter these threats?

      I mean, to me, it’s a vast research agenda which is only hampered at this point by the fact that I don’t expect there will be a lot of U.S. government funding coming for any of these things because, obviously, U.S. government funding for a lot of worthwhile activities is now being slashed. So it’ll have to be supported elsewhere. Maybe I hope our European partners and allies can step in and continue that collective intellectual engagement with these issues.

      ISHAM: Linda.

      LOURIE: This is a great question. Really appreciate your asking it.

      I think public awareness, public education, and especially with the younger generations, is really critical. They have to learn how to look at media, and with a clear eye, and be able to detect what is disinformation, what is accurate. Being able to be critical—have a critical eye is really an important skill. And so the—with a lot of the things we’ve been talking about, it’s about separating the noise—the signal from the noise, essentially. So I think that’s great, you know, for your students to be thinking about this.

      ISHAM: James, any thoughts on that?

      APPATHURAI: Well, maybe a couple. What I think would be very useful is basically AI tools. And, I would say, not generative AI but agentic AI tools to basically be able to track open-source information, and then turn it into something useful. So I mentioned the patterns, the trends, they can—these tools can increasingly give warnings to policymakers when they see attacks coming. They can propose remedial steps, for example, in cyber when cyberattacks are coming, as a result of a zero-day vulnerability that’s being exploited by whatever attacker. And that can be, you know, a kid in the basement or it can be a state actor.

      But these tools are super effective when programmed correctly, but is just beginning to give the public, to give policymakers an idea of what’s really happening across the breadth of threats and activities, detect the patterns and the trends, but also to propose remedial steps that can be taken, and all very quickly. So there’s an area where, you know, we can hire very big, expensive companies to do it—and to a certain extent, they can do it. But with the pace of change in AI, that would be a very interesting thing I would ask my students to develop. And, you know, spin off a company and go get rich.

      ISHAM: (Laughs.) Very interesting. So I think those are all good suggestions. Next question, please.

      OPERATOR: We do not have any questions currently in the queue. So back over to you, Mr. Isham.

      ISHAM: OK. So maybe we could wind up a little bit on some general questions of where we go from here. One specific question is it seems that many of the attacks that have been attributed to Russia are linked to the war in Ukraine. And one question I have is, if there is some kind of a peace agreement in Ukraine, and given this—you know, it may or may not be temporary. But if there is a—if the violence subsides to some degree, would you anticipate a similar downtick in the pace of hybrid war attacks against countries in Europe? Or do you think that Russia is hellbent on this path, regardless of the campaign in Ukraine, and that these kinds of destabilization efforts and gray zone attacks would continue regardless of what happens in Ukraine? I’d put that to James, but I’d be interested in the other panelists as well.

      APPATHURAI: So I’m absolutely convinced that they will continue, for three reasons. One is, they preceded the war in Ukraine. So, point one. Point two is they are—or, actually a few points. They are part of the Russian strategic mentality, and approach, and force structure, and exercise program. So that’s the second reason. Third reason is Russia has ambitions that go well beyond Donetsk and Luhansk. You know, when I was in school I was taught that Russia was a riddle wrapped in an enigma wrapped in a puzzle. But, actually, my experience, and now it’s long experience, is that this is not true at all. Russia says exactly what it thinks. It says it repeatedly. And then we’re always surprised when they actually do it.

      But, you know, Russia has made no secret of its ambitions to impose itself on its neighbors. That, you know, when President Putin said that the greatest tragedy of the twentieth century was the collapse of the Soviet Union, that was what they meant. And I was in Munich in 2007 when he gave that very famous speech. And then the final reason is, if you look at Russia it has now closed off its information space. And the Kremlin is convincing the totality of the Russian population that the collective West, as they call us, is Russophobic—not true—trying to dismantle Russia—not true—trying to contain Russia—to a certain extent, true. Meaning, we don’t want them to, you know, impose themselves militarily on their neighbors. That, we don’t like. And holding them back from their ambition to be a great power, meaning to dominate Europe.

      And that is going to continue, because we have no way of changing their minds, of communicating the truth to them, of expressing to them what we actually see, because of this information space closure and the internal propaganda inside of Russia. So for all these reasons, I have zero doubt that this is going to be a real problem for us for a very long time. Even after—even as we have to constrain Russia militarily, we’re also going to have to constrain this hybrid threat, which I expect not just to continue but to increase.

      ISHAM: Thank you. Max and Linda, do you have anything to add to that?

      BOOT: I mean, fully agree. And I think, keep in mind what’s going to—if there is a ceasefire—and I don’t actually see much immediate prospect of a ceasefire in Ukraine because, again, all of Putin’s incentives at this point are just to keep going because the U.S. has cut off Ukraine. But if there is a ceasefire, I would expect a massive uptick in Russian gray zone-type of activity, especially in Ukraine because, as James was alluding to, Putin’s goal is not to take 20 percent of Ukraine. He wants 100 percent.

      And so if there is a temporary stop in the fighting, Russia is going to focus not just on rebuilding its military arsenal but also on a massive subversion campaign to overthrow President Zelensky, to install a Russian puppet in Kyiv. Which, remember, this is how we got here, is when the people of Ukraine rose up and overthrew a Russian puppet in 2014, that’s the direct event. It wasn’t the expansion of NATO. It was the fact that Ukrainians were throwing off Russian domination that led to the Russian campaign in eastern Ukraine, the seizure of Crimea, and then eventually, in 2022, the Russian attempt to take all of Ukraine.

      So I would expect that those types of subversion activities would radically increase as a result of any agreement that is reached with Putin. In addition to, of course, all the other things that James talked about in Europe and the U.S. I mean, Russia is also, by the way, projecting power in Africa, in the Middle East. They’ve used mercenaries and other means to do that there. So I think all these activities are going to be on the upsurge, even if there is a temporary peace in Ukraine.

      ISHAM: Good.

      LOURIE: I would agree. Just be to be really quick, I completely agree with everything James and Max said. And would just take that one more step, which I would say this is part of the axis of chaos, or whatever you want to call it. But Russia, China, Iran trying to change the world order, and that this is one tool in their toolbelt to remove the United States and the—and the West from the top of the food chain, to put them up. And so I think it will continue.

      ISHAM: Great. Well, thank you very much. That is 12:00. So on penalty of death we’ve got to wind this up. But it’s been a very, very interesting discussion. And thank you, James, Max, and Linda, and all of you who joined today.

      APPATHURAI: Thank you very much.

      BOOT: Thank you.

      LOURIE: Thank you.

      (END)

      This is an uncorrected transcript.

      Explore More on United States

      Ukraine

      Here’s How Much Aid the United States Has Sent Ukraine
      Ten charts illustrate the extraordinary level of support the United States has provided Ukraine in its war against Russian invaders.

      Article by Jonathan Masters and Will Merrow March 11, 2025

      United Nations

      Funding the United Nations: How Much Does the U.S. Pay?
      Many UN agencies, programs, and missions receive crucial funding from the United States. In his second administration, President Trump is again calling for greater scrutiny of U.S. funding and involvement in the global body, and he has signaled sharp cutbacks in some payments.

      Backgrounder by CFR.org Editors February 28, 2025

      United States

      How the U.S. Asylum Process Works
      Asylum has become a central part of the U.S. immigration debate in recent years after border crossings reached a record high in fiscal year 2023. Here’s how the asylum process works.

      Backgrounder by Diana Roy February 19, 2025

      Top Stories on CFR

      Arctic

      What Would Greenland’s Independence Mean for U.S. Interests?
      The island’s residents have voted in favor of a party that seeks gradual independence from Denmark. But Greenland has attracted significant attention from President Trump, who sees the island’s considerable mineral wealth and location in the Arctic as necessary for U.S. national security.

      Article by Diana Roy and Jonathan Masters March 13, 2025

      Syria

      Syria’s Surge in Violence Does Not Signal a New Civil War—for Now
      A spate of attacks involving loyalists to former ruler President Bashar al-Assad has spurred concerns of a return to sectarian warfare in Syria, but there is still a path for the country’s new rulers to find stability.

      Expert Brief by Steven A. Cook March 12, 2025

      Ukraine

      Here’s How Much Aid the United States Has Sent Ukraine
      Ten charts illustrate the extraordinary level of support the United States has provided Ukraine in its war against Russian invaders.

      Article by Jonathan Masters and Will Merrow March 11, 2025