April 22, 2021

The Nine Commandments on Countering Hybrid Threats

There are some rules that the Western strategic community should adhere to in order to create a common understanding of hybrid threats and responses.

An armed man, believed to be a Russian soldier, stands guard outside an Ukrainian military base in Perevalnoe March 5, 2014.
All rights reserved

Current issue

Most hybrid threats are non-kinetic, yet in grappling with the concept of “hybrid” the West still manages to shoot itself in the foot. Not only are there many different definitions, there is also a lack of discipline in applying the term. For example, cyber and hybrid attacks are often used interchangeably; terms like “hybrid war” are bandied about as if the term “war” had no specific legal meaning anymore; and even smaller, non-existential hybrid activities are said to be extremely dangerous.

How can one foster a common understanding of hybrid threats and responses? The following nine commandments (using 10 could have resulted in charges of copyright infringement) are intended to help the Western strategic community reach a common understanding and, consequently, chart a common course.

First Commandment: Thou shalt be precise

“Hybrid” always describes a combination of two or more tools or actions. Hence, we should not use the term when we are just describing a series of cyberattacks or a single disinformation effort. Only when several tools are applied together is the word “hybrid” really appropriate. Rule of thumb: whenever an expert uses the term “hybrid,” but only talks about cyber, he or she is no expert! By the same token, calling everything we don’t like “hybrid,” simply to get more attention, leads to semantic overstretch that will only confuse ourselves.

Second Commandment: Thou shalt not generalize

For many analysts, what happened in Ukraine in spring 2014 was the textbook example of contemporary hybrid warfare. Indeed, these events offer a wealth of lessons for the study of hybrid conflict. However, the essence of Russia’s success was made of traditional military power. Moreover, Ukraine was far more vulnerable to Russian hybrid activities than most other countries. Hence, generalizing the Ukrainian case into a template for future Russian hybrid activities could be self-deceiving. Notwithstanding eventual similarities, every hybrid case is a sui generis case and should be treated as such.

Third Commandment: Thou shalt be actor-specific 

It is seductive to over-conceptualize hybrid threats. The rich panoply of instruments that some hybrid attackers could bring to bear makes for impressive PowerPoint presentations. Throw in a quote by Clausewitz or Sun Tsu and the audience will be in awe. However, real-world malign hybrid activities are being perpetrated by very real state or non-state actors, who often appear to follow an approach of trial and error rather than a hybrid master plan. And as these actors and their interests differ, so too do their hybrid activities, and so must the defender’s responses. That’s why no hybrid adversary will ever be defeated by PowerPoint slides or banal—yes, banal—Sun Tsu quotes.

Fourth Commandment: Thou shalt look at interests

Much of the current debate on hybrid threats reveals on obsession with tools: cyberattacks, “fake news” campaigns, election interference etc. By contrast, the far more important question often gets lost: What are the interests that lie behind an adversary’s decision to initiate hybrid activities? Only when we know these interests can we determine—or at least plausibly guess—where an opponent’s “pain threshold” lies, and only then can we respond effectively with measures that target these very interests. Even better: knowing an opponent’s interests might also allow us to find ways of accommodation that might reduce hybrid attacks in the first place.

Fifth Commandment: Thou shalt not mirror-image

In trying to find ways to deter hybrid campaigns, Western analysts often fall into the trap of mirror-imaging. For example, some believe that by consistently “naming and shaming” a hybrid perpetrator one could deter that actor from continuing his malign behavior. This sort of collective attribution approach may work vis-à-vis Western countries, which are mindful of their reputation and their public opinion. However, other countries will simply deny that they are the culprit, relying instead on the low likelihood that their culpability can be proven. In short: what may deter the West may not necessarily deter others.

Sixth Commandment: Thou shalt covet your neighbor’s experience

The exchange of best practices with like-minded nations is among the most important elements in fostering a common approach to countering hybrid threats. Australia’s experience with Chinese influence campaigns can be as useful as Israel’s experience with non-state actors, or Ukraine’s or Georgia’s experience with Russian hybrid approaches. Not every specific national experience, such as introducing new laws to penalize certain hybrid activities, may be applicable wholesale to other countries. However, over time a solid “acquis” will emerge on how best to counter malign hybrid activities.

Seventh Commandment: Thou shalt become more resilient

Many analysts put their faith in deterring hybrid threats. The term “deterrence” sounds comforting, as it implies that one can preserve the status quo against one’s competitors, irrespective of their means of attack. However, the fact that malign activities in the “gray zone” are constantly increasing suggests that deterrence may be the wrong analytical lens through which to look at hybrid threats. The better concept is resilience. It presumes that attacks will happen and that the defender must be able to take the hit and bounce back. Resilience requires investments in cyber defense, the protection of critical energy infrastructure, and public education on dealing with fake news on social media. It is remarkably unremarkable. Still, when dealing with hybrid conflict it is a more useful paradigm than deterrence, which may promise more than it can deliver.

Eighth Commandment: Thou shalt not be alarmist

The obsession with hybrid “warfare” has led to an alarmism among parts of the Western strategic community that is unhelpful and even counterproductive. It mystifies opponents as infinitely malign yet brilliant long-term strategists who manage to outmaneuver Western democracies at every turn. What gets lost in this nervous debate is the fact that many hybrid attackers have weaknesses, and that most hybrid campaigns are only marginally successful or fail altogether. In order to effectively deal with hybrid threats, the West, rather than admiring or outright envying its adversaries or their tactics, must approach this challenge with less fatalism and more analytical cool-headedness.

Ninth Commandment: Thou shalt not accept hybrid as the “new normal”

Largely due to technological developments such as cyber and social media, hybrid activities have become a constant feature of international relations. Yet there is no law of nature that makes this unpleasant situation inevitable or permanent. Most hybrid actors have a face and an address. They can be countered, punished, sometimes deterred, but they can also be engaged. Western unity is key. If the West stays united, becomes less prone to hyping hybrid into a miracle strategy, and learns how to get better at meeting threats in the “gray zone,” it can blunt the hybrid weapon even if it may never completely eradicate it.


If the Western strategic community were to heed these simple principles, it would be able to develop a solid counter-hybrid toolbox. This would make the West more resilient, and it would raise the price for hybrid aggression. And once we have done all that, we can lean back, relax, and enjoy a hybrid refreshmenthow about a gin & tonic?

Michael Rühle is Head of the Hybrid Challenges and Energy Security Section in NATO’s Emerging Security Challenges Division. The views expressed are his own.