Insider: Short of War

 
The Peril of Ignoring the Legitimacy of Violent Non-State Actors
This episode explores the often-overlooked legitimacy of violent non-state actors and its implications for international security. We delve into how insurgent groups gain support from local populations and why current approaches to countering them often fall short. Our experts discuss case studies from ISIS to African separatist movements, offering insights on how democracies can more effectively address the root causes of insurgencies in an era of great power competition.
About the Authors:
Santiago Stocker is a Program Director at the International Republican Institute (IRI) and previously served as a Director in the State Department’s Bureau of Conflict and Stabilization Operations. The thoughts expressed in this piece are his own.
Kathleen Gallagher Cunningham is Professor of Government and Politics at the University of Maryland and is a 2024 Non-Resident Fellow with the Irregular Warfare Initiative, a joint production of Princeton's Empirical Studies of Conflict Project and the Modern War Institute at West Point. The thoughts expressed in this piece are her own.
 
The views expressed are those of the authors and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

By Antonio Salinas
 
The Cacti and the Grass: The Collapse of Afghanistan's Security Forces
Antonio Salinas offers a unique perspective on the collapse of the Afghan National Defense Security Forces (ANDSF) following the U.S. withdrawal from Afghanistan. Through his "Cacti and Grass" analogy, Salinas illustrates how the U.S. attempted to cultivate a Western-style security force in an environment fundamentally unsuited for such structures. Drawing from his personal experiences and extensive research, Salinas examines the cultural mismatches, strategic oversights, and socio-political realities that contributed to the ANDSF's rapid disintegration. This insightful analysis not only sheds light on the complexities of the Afghanistan conflict but also offers valuable lessons for future foreign security assistance efforts.
 
Antonio Salinas is an active duty Army lieutenant colonel and PhD student in the Department of History at Georgetown University, where he focuses on the history of climate and conflict. Following his coursework, he will teach at the National Intelligence University. Salinas has twenty-five years of military service in the Marine Corps and the United States Army, where he led soldiers in Afghanistan and Iraq. He is the author of Siren’s Song: The Allure of War and Boot Camp: The Making of a United States Marine.
 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

by Christopher Booth
Editor’s Note I: This article is part of IWI’s Project Maritime, a series exploring the intersection of irregular warfare and the modern maritime dimension. Focusing on current events and their underlying geographical and historical patterns, we aim to contextualize the drivers of conflict in the maritime domain and inspire dialogue on integrated statecraft approaches. We warmly invite your participation and engagement. Please send submissions to Submit An Article with the subject line “Project Maritime Submission.” Follow us @proj_maritime and check out our Project Maritime Look Book.
Editor’s Note II: IWI is pleased to announce Christopher Booth and Walker Mills as the new directors of Project Maritime. Their extensive expertise in irregular warfare, national security, and the maritime domain will significantly enhance our ability to provide unique insights into contemporary maritime challenges. Both Chris and Walker have been non-resident fellows and have written extensively for IWI in the past. We're thrilled to have them join IWI and Project Maritime in leadership roles.
In response to China's growing maritime power and America's naval vulnerabilities, Christoper Booth proposes a controversial solution: reviving privateering. He argues that employing private actors to raid Chinese commerce could provide an asymmetric advantage in a potential long-term conflict, addressing US shipbuilding deficiencies and exploiting China's reliance on maritime trade. Drawing parallels with historical precedents and recent irregular warfare tactics, the essay explores the legal and ethical considerations of privateering while challenging conventional thinking on naval strategy. This provocative proposal aims to spark discussion on innovative approaches to maritime warfare in the 21st century.
About the Author: Christopher D. Booth is a non-resident fellow with the Irregular Warfare Initiative and co-director of Project Maritime. He has more than two decades of experience in national security and international relations, first serving on active duty as an Army armor and cavalry officer. He is a Distinguished Graduate of Command and Staff College–Marine Corps University and graduated from Vanderbilt University Law School and the College of William and Mary.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 

Eroding Global Stability: The Cybersecurity Strategies Of China, Russia, North Korea, And Iran
 

In recent years, declarations like “no-limits partnership,” “comprehensive agreement,” and “security partnership” between the United States’ adversaries have become increasingly common. On May 16, 2024, Russian President Vladimir Putin and Chinese Communist Party Leader Xi Jinping reaffirmed their comprehensive partnership during their historic 43rd meeting. Since Russia invaded Ukraine on February 24, 2022, Russian-Iranian collaboration has reached new levels, with Iranian drones becoming a familiar site over the battlefields. North Korea too, has upped its cooperation with Russia, working closely on schemes to avoid Western sanctions and even signing a mutual defense pact on June 19, 2024. The extent to which America’s adversaries cooperate on cybersecurity remains less understood but is a growing concern.
 
However, as unified Western actions against rogue and adversarial states have increased (e.g., sanctions, public shaming, etc.) and hot wars roil Ukraine and Israel, the agreements and cooperation among China, Russia, North Korea, and Iran have similarly grown stronger and more unified. In this context, the cybersecurity strategies of China, Russia, North Korea, and Iran have emerged as significant and irregular threats to global stability, threatening the contemporary geopolitical landscape. Furthermore, each nation has developed sophisticated cyber capabilities designed to asymmetrically attack the international security frameworks established by NATO (North Atlantic Treaty Organization) and Western powers. It is, therefore, important to assess how US adversaries collaborate in cyberspace and are using asymmetric and irregular tactics to undermine the liberal world order.
 
Strategic Cybersecurity Alliances
 
State-sponsored malicious cyber actors from China, Russia, North Korea, and Iran increasingly dominate the cyber threat landscape and are driven by geopolitical, economic, and military objectives. Moreover, adversaries develop capabilities for strategic ends, blurring the line between irregular and conventional warfare in cyberspace. Importantly, their efforts are not strictly unilateral, as evidence increasingly points toward formal and informal collaboration among rogue states in cyberspace. For example, Chinese and Russian cyber actors have been known to share malware and exploit kits, enabling more sophisticated attacks. Additionally, joint operations, like coordinated disinformation campaigns, have been observed, highlighting our adversaries’ willingness to coordinate influence operations.
 
Furthermore, China, Russia, North Korea, and Iran also leverage emerging technologies, like artificial intelligence (AI) and generative AI, to enhance their cyber capabilities. Disruptive technologies can enhance already sophisticated cyber operations and allow for automated attacks, deep-fakes, and advanced social engineering tactics. AI in cyber operations poses new challenges for cybersecurity defenders as it increases the complexity, scale, and pace of potential attacks. How these nations use cyber capabilities, and leverage asymmetric advantages for strategic ends, underscores the need for greater international cooperation and more robust policy coordination to counter these irregular threats.
 
People’s Republic of China
 
China's journey toward becoming a cyber power began in the early 2000s. At the helm is the Central Commission for Cybersecurity and Informatization (CCCI), chaired by President Xi Jinping, as well as the Ministry of State Security, the Ministry of Public Security, and the Cyberspace Administration of China. The “Great Firewall of China” exemplifies China’s commitment to information control, both domestically and internationally, and allows government control over the internet and information. By limiting domestic information access, the government controls the population’s understanding of other nations and restricts external access to Chinese-focused content, sites, etc.
 
A key component of China's cyber strategy is the concept of military-civil fusion, which encourages collaboration between the private sector and military and integrates resources. The fusion is evident in the activities of major Chinese tech firms like Huawei, Alibaba, and Tencent, which play significant roles in advancing China's cyber ambitions and provide irregular approaches to securing technological control over an increasing percentage of the world’s telecommunications and digital infrastructure outside China.
 
China's cyber strategy is also characterized by its use of state-sponsored hacking groups to conduct widespread and far-reaching cyber espionage and sabotage campaigns. The discovery of Volt Typhoon, a Chinese state-sponsored hacking group, and its activities underscores China's focus on gaining asymmetric advantage over the US and its allies by gaining persistent access to their critical infrastructure. The group uses the unconventional and irregular warfare tactic of “living off the land,” utilizing existing resources in the operating system of the targeted devices and systems rather than introducing new files that could trigger cybersecurity sensors or be more easily detected through forensic analysis. Volt Typhoon's objective appears to be long-term persistence within the target environment, or pre-positioning, giving China the placement and access to conduct future acts of sabotage and disruption.
 
Russian Federation
 
Russia's evolution as a cyber power began in the late 1990s and early 2000s and is encapsulated in initiatives like, the Information Security Doctrine of the Russian Federation. Moreover, Russia's cyber strategy is deeply rooted in the concept of political warfare and its understanding of cyberspace as a theater of military operations akin to land, sea, air, and space. However, political warfare for Russia includes a cognitive dimension that influences how they leverage cyberspace to achieve political outcomes. Russia’s approach to cyberspace, therefore, differs from the concepts espoused by US and other NATO-aligned nations and is characterized by a decentralized and asymmetric approach to cyber operations.
 
The Russian government views cyberspace as a critical domain for exerting influence and achieving geopolitical goals and their cyber ecosystem is a complicated tangle of state and non-state actors. The Federal Security Service, the Foreign Intelligence Service, and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation all have cyber units that conduct operations domestically and internationally. These agencies also recruit cybercriminals to carry out operations on their behalf, providing them with legal protection and resources in exchange for their services.
 
A key component of Russia's cyber strategy is the concept of information confrontation, an approach that integrates cyber operations, psychological operations, electronic warfare, and traditional military operations to achieve strategic objectives. Russia has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. For instance, Russian cyber actors have been implicated in attacks on US election systems, energy grid, water systems, and other critical sectors. The operations are designed to foster instability, leveraging cyber operations, cyber espionage, influence campaigns, and other asymmetric tactics as force multipliers in geopolitical conflicts.
 
Furthermore, Russia has a long history of integrating cyber operations into its broader military strategy, relying on cyber capabilities during conflicts, like its ongoing invasion of Ukraine. The integration of cyber operations into Russia's broader political warfare framework, reminiscent of Soviet-era "active measures," further complicates attribution and response measures. Importantly, Russia’s approach to leveraging cyber operations and capabilities to disrupt critical infrastructure, spread disinformation, and conduct espionage underscores its asymmetric and irregular approach to confrontation with Western powers.
 
Democratic People’s Republic of Korea
 
North Korea's growth as a cyber power also began in the early 2000s and is largely focused on leveraging its cyber capabilities to circumvent economic sanctions and finance its regime through illicit means. Directing North Korea’s cyber activity is its Reconnaissance General Bureau, with “Bureau 121” being responsible for conducting cyber espionage, financial theft, and disruptive cyberattacks. However, North Korea’s cyber capabilities are divided among several units, including the now-infamous Lazarus Group, Kimsuky, and APT37, known for their sophisticated cyber operations.
 
North Korea's cyber strategy seeks to develop defensive and offensive capabilities. On the defensive side, North Korea has invested heavily in protecting its critical infrastructure and sensitive data from cyberattacks. On the offensive side, North Korea has developed various capabilities to conduct cyber espionage, disinformation campaigns, and disruptive cyberattacks.
 
North Korea has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. One of the most notable North Korean cyber operations is the 2014 Sony Pictures hack but the most significant is likely the 2017 WannaCry ransomware. WannaCry ransomware infected more than 200,000 computers in over 150 countries, causing widespread disruption by encrypting files on infected computers and demanding ransom payments in cryptocurrency. The attack is an example of North Korea's ability to conduct large-scale disruptive cyber operations and the regime's willingness to engage in asymmetric and irregular attacks to fund its government.
 
Islamic Republic of Iran
 
Iran's cyber proliferation began after the Stuxnet attack in 2010, an attack that targeted Iran’s nuclear enrichment facilities. Stuxnet highlighted the vulnerability of Iran’s critical infrastructure to foreign intervention and pushed the regime to invest heavily in developing cyber capabilities. As a result, Iran's cyber strategy has been focused on retaliatory cyber capabilities and driven by its perception that it is engaged in an ongoing conflict with the West over its nuclear program and other geopolitical issues. Unlike China and Russia, which primarily engage in cyber espionage, or North Korea, which engages in cybercrime and theft, Iran’s regime views cyber operations as a means of retaliating against sanctions and other forms of pressure from the international community.
 
Similar to North Korea, Iran's cyber strategy focuses on the development of defensive and offensive capabilities. On the defensive side, Iran has invested in protecting its critical infrastructure and sensitive data from cyberattacks and crafted defensive cyber doctrine to guide how the regime repels and mitigates cyberattacks against Iran. Offensively, Iran has developed various capabilities to conduct cyber espionage, disinformation campaigns, and disruptive cyberattacks.
 
Iran’s focus on retaliatory capabilities makes them a particularly volatile cyber actor, that is willing and able to launch disruptive attacks with little warning. For example, a significant Iranian cyber operation was Operation Ababil, which disrupted services at US financial institutions through a series of distributed denial-of-service attacks between 2011 and 2013. The Iranian hacking collective, Izz ad-Din al-Qassam Cyber Fighters, carried out the attacks and is believed to be state-sponsored. The operation was designed to impact major US banks and is understood as the regime’s retaliation against economic sanctions.
 
To date, Iran has been implicated in numerous cyber espionage and disruptive activities targeting both governmental and private sector entities worldwide. The Shamoon attack, which targeted Saudi Aramco in 2012, is among the most notable Iranian cyber operations. The attack used malware to cause irreparable damage to thousands of computers, rendering them useless by overwriting the master boot record, partition tables, and most files with random data. Shamoon demonstrated Iran's ability to conduct large-scale destructive cyberattacks and highlighted its willingness to use asymmetric attacks to achieve strategic goals.
 
Implications for Global Security
 
China's, Russia's, North Korea's, and Iran's collaborative and individual cyber strategies have significant implications for global security. Their activities undermine the stability provided by NATO and Western powers, posing complex, asymmetric, and irregular challenges to international norms and, more broadly, cybersecurity. State-sponsored cyber operations, like state-sponsored terrorism or political violence, are sophisticated attempts to erode trust in digital infrastructure and government or institutional functions by disrupting the integrity, availability or confidentiality of data, services, and other aspects of online and physical security. For example, China's cyber activities, including Volt Typhoon, have heightened tensions with the US, particularly over Taiwan. Similarly, Russian cyber operations have exacerbated conflicts in the former Soviet Bloc nations and strained relations with Western nations.
 
The cyber collaboration between China, Russia, North Korea, and Iran varies in scope; however, its aim always aligns with political goals that negatively impact the existing rules-based world order. For example, Russia leverages malware to attack Ukraine, which was developed by Scarab, a Chinese government-linked cyber group, and shares techniques on how best to leverage AI for attacking targets and “living off the land” persistence to avoid detection by cyber defenders.
 
Moreover, the cyber strategies' collaborative and sophisticated characteristics pose significant challenges for cybersecurity defenders. Traditional cybersecurity measures are often insufficient to counter the advanced tactics used by state-sponsored actors. NATO and Western powers must adopt a comprehensive approach that includes enhancing defensive capabilities, leveraging advanced technologies, fostering international cooperation, and developing offensive cyber strategies to effectively counter these threats. By doing so, they can safeguard the stability and security that have been our world's cornerstone since World War II's end.
 
Evan Morgan is the Founder of Cyber Defense Army, a cybersecurity consultancy and services firm that incorporates geopolitical risk in their cybersecurity practices for clients. He is a United States Air Force veteran.
 
Editor's note: This article is part of Project Cyber, which explores and characterizes the myriad threats facing the United States and its allies in cyberspace, the information environment, and conventional and irregular spaces. Please contact us if you would like to propose an article, podcast, or event environment. We invite you to contribute to the discussion, explore the difficult questions, and help.
 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University's Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
Capt. Taiwan Veney, cyber warfare operations officer, watches members of the 175th Cyberspace Operations Group in the Hunter's Den at Warfield Air National Guard Base, Middle River, MD, June 3, 2017. (U.S. Air Force photo by J.M. Eddins Jr.)
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Beijing's Long Game: Gray Zone Tactics in the Pacific
Published July 25th, 2024
By Brandon Tran
“During the progress of hostilities, guerillas gradually develop into orthodox forces that operate in conjunction with other units of the regular army… There can be no doubt that the ultimate result of this will be victory.”
-On Guerilla Warfare, by Mao Zedong
The expulsion of former Chinese defense ministers Li Shangfu and Wei Fenghe from the Chinese Communist Party (CCP) on June 27, 2024, is the latest development in a months-long series of personnel purges in the People’s Liberation Army (PLA). As President Xi Jinping continuously reforms the PLA to make it a “world-class military” capable of achieving the People’s Republic of China’s (PRC) national security objectives, these purges illustrate an underlying tension that stems from competing priorities. Because the PLA is the armed wing of the CCP, Xi Jinping must make tradeoffs in balancing regime loyalty and military competence when selecting PLA officers for senior positions. As a result of this and similar compromises, the PLA remains unprepared for direct confrontation with near-peer adversaries. To address this gap, China will continue leveraging irregular warfare activities to incrementally accomplish its strategic objectives while buying time to achieve the level of conventional force development it desires. This article will evaluate how China’s use of irregular warfare sets the stage for its conventional force development, given the context of the competing requirements for senior PLA officer promotion, the PLA’s guiding principles, and the role of the new defense minister, Dong Jun.
Loyalty and Experience within the CMC
By necessity, Xi Jinping’s selection of senior officials balances political loyalty with operational and command experience. While he favors aggressive and competent commanders capable of realizing his ambitions in the Indo-Pacific, these leaders must remain politically loyal to Xi’s rule. His selections for the Central Military Commission (CMC) in 2022 attest to this. In order of rank, they are Zhang Youxia, He Weidong, Li Shangfu (who has since been removed), Liu Zhenli, Miao Hua, and Zhang Shengmin. Xi’s appointment of senior leaders to the CMC  indicates  an attempt to balance loyalty and experience because many of his selections break precedent. Examples include Zhang Youxia and Liu Zhenli, both promoted despite Zhang being past retirement age and Liu being the youngest in his rank group. These exceptions to policy were made because both Zhang and Liu have combat experience from the Sino-Vietnamese border wars, a rare and valuable quality given that the PLA is largely untested and inexperienced in combat. In other unconventional moves, He Weidong was permitted to skip key career milestones before assuming his position on the CMC. At the same time, Miao Hua transitioned from a long Army career to become the Navy’s political commissar. Indeed, selection to senior leadership positions has also been based on personal connections and previous experience with Xi. He Weidong and Miao Hua worked with Xi back when he was a provincial official in Fujian, and both Zhangs hail from the same region as Xi, claiming membership in his infamous Shaanxi Gang.
Chinese Strategic Concepts
To put Xi’s priorities and the PLA’s irregular military operations into context, it is vital to understand the guiding principles that inform the PLA’s military philosophy. Since its founding, the PRC has adhered to a warfighting philosophy of Active Defense. Under this principle, conflict is believed to exist on a spectrum ranging from peace to kinetic war. As a result, the PLA assumes a proactive force posture, constantly assessing potential threats and carrying out activities below the threshold of kinetic war that could create a better geopolitical position for the PRC. Through Active Defense, the PLA would theoretically be able to accomplish its objectives while controlling escalation on the conflict continuum. 
In tandem with Active Defense is the concept of People’s War, incorporating lessons from the past century and a half and forming the backbone of the PLA’s tactics and strategies. From its inception by Mao during the Chinese Civil War to the present day, the idea of People’s War has gone through several revisions, but the crux remains the same. Warfighting proficiency must be pursued through all possible means at the tactical, operational, and strategic levels. The United States understands this in the modern context as being able to field a proficient joint force capable of combined arms and multi-domain operations.
However, due to having to include party loyalty as a prerequisite for promotion, the PLA suffers from an acute “Big Army Mentality” that prevents the realization of an effective joint force. Consider the service component composition of the 2022 CMC. Four of these officials are PLA Army officers, a Navy officer, and a Rocket Force officer, with no Air Force representation in the CMC. Because of the pervasive attitude in the PLA that favors the dominance of land forces, the PLA has struggled to integrate its different services, preventing it from executing seamless multi-domain operations in both war and peacetime. Wargames conducted by Chinese military leaders have shown that the PLA is not yet ready to face near-peer adversaries in conventional warfare. PLA publications and training orders frequently acknowledge these shortcomings, using phrases like the “Five Incapables,” “Two Incompatibles,” and “Three Whethers” to describe issues of inflexibility, poor training performance, and a general lack of readiness.
As a result of these weaknesses, and despite the PLA’s many modernization initiatives in recent years, the PLA still favors asymmetrical approaches and remains hesitant to embrace large-scale combat operations fully. This is best explained by the Chinese military concept of shi (勢), rendered in English as a “strategic configuration of power.” Under this framework, one’s military assets are arrayed to create an advantageous situation and physical power is applied at that particular moment to achieve victory. Returning to Active Defense and People’s War, shi (勢), when applied, would craft an unassailable position for the PLA and enable it to maximize its resources if conflict escalates to kinetic war. The PLA employs irregular tactics to create favorable geopolitical and battlefield conditions to achieve this objective, maximizing China’s strengths and neutralizing enemy advantages before conflict begins.
Irregular Warfare Activities
As military reforms continue, China will likely employ unconventional methods to achieve immediate security objectives. Recognizing its forces are not yet war-ready, China keeps tensions below the threshold for war through gray zone activities. The PLA uses warfighting, military deterrence, and military operations other than war to build capabilities and gather information, aiming to discourage adversaries or decisively defeat them if conflict arises. These activities are expected to intensify once military reforms and modernization are complete.
This strategy is already on display in the South China Sea. There, China optimizes anti-access and area-denial capabilities to prevent any significant and sustained challenge to Beijing’s territorial claims, all while remaining under the threshold for kinetic conflict. Components of this strategy consist of technological development, legal warfare, and expansion of China’s presence through manufactured islands.
Technological development in key areas of the maritime domain is intended to negate the West's advantages of firepower and experience to ensure Beijing’s dominance over other Southeast Asian states in the South China Sea. Legal warfare limits the range of potential responses to China’s actions by its adversaries yet still achieves PRC interests. Expanding China’s presence in the adjacent seas through conventional troop deployment and unconventional state entities ensures the persistence of Chinese influence. It enables China to continue its regional operations without escalating to war. All these activities require significant planning and expertise to function as intended and synchronize with other PLA activities, thus necessitating leadership with joint experience and knowledge.
The PRC bolsters its sea claims through conventional and unconventional means. Troop deployments and exercises, as well as the construction of artificial islands and commercial sea vessels, ensure a continuous Chinese presence that is hard for other maritime states to displace. These artificial islands provide strategic bases for sustainment and defense, which are crucial for sectoral control in naval warfare. Coupled with advances in military technology, this enables China to project its reach beyond the First Island Chain, effectively limiting the entry of other navies into the area.
The China Coast Guard (CCG) and the Maritime Militia are key in these irregular activities. Their vast number of assets and plausible deniability, under the guise of internal security, offer significant advantages. CCG and Maritime Militia vessels often target other ships with non-lethal means, preventing competing states from establishing a sustained maritime presence in the South China Sea while minimizing the risk of military escalation. The PRC frequently obstructs and evades attempts to enforce international law about maritime practices. This enables China to act with impunity in the South China Sea and provides the PRC the time and space to consolidate its claims within the Nine Dash Line. Again, these gray zone activities require considerable expertise and experience to avoid escalating tensions beyond China’s readiness.
The New Defense Minister
Further evidence that the PLA will continue to execute gray zone activities can be found in the appointment of the new Minister of Defense. On December 29, 2023, China announced the appointment of the PLA Navy (PLAN) commander Dong Jun as its new defense minister. Dong Jun previously served as the deputy commander of the East Sea Fleet, responsible for Taiwan Strait maritime issues and disputed islands in the East China Sea. After that, Dong was deputy commander of the Southern Theater Command, which oversees operations in the contested South China Sea. His operational experience in these strategically vital theater commands handling China’s most salient national security interests already makes him a desired candidate for promotion by conventional force standards alone.  Dong Jun also has extensive experience conducting gray zone activities because such operations are largely carried out by the PLA Navy and conducted in the Eastern and Southern Theater Commands’ areas of responsibility.
Also of note is the fact that Dong Jun is not sanctioned by the United States, unlike his predecessor, which suggests that he will be able to serve China effectively in military diplomacy. Dong’s recent engagements with US Secretary of Defense Lloyd Austin illustrate the role he is stepping into. These are the first of such meetings in over two years and reflect attempts to ease tensions between the two countries. Thus, Dong Jun’s promotion facilitates diplomatic engagement and enables China the time and space to develop conventional military capabilities and bring China’s military power to the immediate forefront. Military diplomacy reduces threat perceptions, preventing escalation along the continuum of conflict and enabling China to continue its activities in repositioning and improving the PLA.
Conclusion
Since the PLA is not ready for a direct confrontation, China will continue to bide its time and leverage gray zone activities to achieve its interests while preparing the PLA to be able to counterbalance any potential near-peer adversary. To this end, we should expect to see increased use of irregular warfare, coercion, and pressure in the maritime domain from the China Coast Guard and Maritime Militia, especially given the elevation of Admiral Dong Jun to the position of defense minister. With these developments, the PLA will step closer to towards its goal of being able to execute unified multi-domain operations. The United States and its partners must also prepare for the future challenges to come. 
Brandon Tran is a cadet at the United States Military Academy at West Point. He is majoring in International Affairs and Chinese.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Irregular Warfare in the 21st Century: Autocracy’s Global Playbook
July 16, 2024 by Ania Zolyniak
Anne Applebaum, Autocracy, Inc. The Dictators Who Want to Run the World, (Penguin Random House 2024)
Irregular warfare (IW), often hailed as the oldest form of warfare, remains an enigma within the US defense apparatus and government at large. The Department of Defense (DoD) offers conflicting definitions, while Congress’s attempt at clarification in the National Defense Authorization Act (NDAA) for Fiscal Year 2024 only muddies the waters further. This definitional quagmire, as Lieutenant General (Ret.) Michael Nagata astutely observed, has left the United States struggling in its efforts to become “the most effective practitioner [of IW] around the world.”
While the United States grapples with semantics, its adversaries have wholeheartedly embraced IW as their preferred mode of confrontation. Autocratic forces, both in liberal and illiberal polities, are dismantling borders to establish a globalized support network that ensures their survival and enables their coordinated efforts to reshape the post-1989 world order.
Enter Anne Applebaum’s latest work, Autocracy, Inc.  Set for release on July 23rd, this book offers a compelling account of how autocrats are collectively fortifying their domestic and international power. Applebaum, a Pulitzer Prize-winning journalist for The Atlantic, isn’t breaking new ground in exposing this cooperative network. Hal Brands, Samantha Power, and Maria Stephan have been writing about autocratic forces working in tandem to spread their influence and nourish their survival since about 2021. Rather, the value of Autocracy, Inc. lies in its detailed analysis of modern autocratic cooperation, its juxtaposition of current challenges with historical episodes of repression, and its guidance on how to fight back.
In presenting her case, Applebaum paints an alarming picture of contemporary autocratic power and reach, while, perhaps unknowingly, revealing how the United States’ autocratic adversaries are coalescing around common IW advantages. Viewed through the lens of IW, Applebaum’s analysis makes clear that countering Autocracy, Inc.’s efforts requires both understanding their intricacies and investing in initiatives that undermine their efficacy while still embodying the very democratic values they are employed to dismantle.
Misinformation/Disinformation
Disinformation in warfare may be as old as war itself and is even permitted under international humanitarian law. However, Autocracy, Inc.’s tactics, depart from traditional disinformation campaigns in both kind and degree. Rejecting battlefield delimitations, autocrats pursue a “permanent and comprehensive struggle” against their opponents, exploiting globalized information and communication technologies. The Internet has become their potent IW tool, allowing autocratic forces to inject unrealities directly into foreign populations, bolstering their legitimacy while stoking political and social discord.
Having honed their distortion skills by constricting and contorting the information funnel vis-à-vis their populations, autocratic leaders now exploit global information networks. They employ tactics such as “information laundromats”—sites mimicking legitimate news organizations to propagate foreign-produced fake news. Russia, China, and Iran make their falsehoods appear local and credible to foreign audiences. Today, Russia can not only convince its own citizens about American biolabs or that Ukraine was responsible for the downing of Malaysia Airlines Flight 17 but also convince citizens—and even some decision-makers—in democratic societies of the same. Americans witnessed this first-hand last year when Republican congress members stalled military aid to Ukraine while reiterating Kremlin-bred falsehoods.
Applebaum also draws out the not-so-coincidental connections between seemingly isolated efforts of autocrats in Beijing, Moscow, Tehran, and elsewhere to use communication technologies to project their distortions around the world, poisoning the well of potential US partnerships with countries in Africa, Latin America, and beyond. She also warns that less malign forms of Beijing-controlled media are becoming increasingly available across the developing world, projecting softer, more favorable images of China in the hopes of accruing foreign support in a zero-sum game of global influence.
Lawfare
In terms of elusive American concepts, IW stands in good company with lawfare, recognized as first officially entering the American security lexicon in 2001—decades after China integrated it into its military doctrine in the 1960s. Today, the powers-that-be in Beijing, Moscow, Tehran, and the like have outgrown the limited categories of lawfare described in Orde Kittrie’s leading book on the subject. Autocratic forces are now working in harmony to rejigger the moral and legal underpinnings of the international system; gain influence and legitimacy at the expense of the United States and its allies; and normalize actions that, while currently illegal, are necessary to meet their autocratic objectives.
For example, Chinese talk of win-win cooperation and Russian amplification of a new multipolar world order are packaged to promote an idea of greater fairness and equality than the current US-centric world can offer. The normalization of the abnormal in Syria, where Russian and Syrian forces used UN coordinates to strike hospitals during the Syrian Civil War, further encapsulates how autocrats are seeking to rewire what is considered “acceptable” to serve their needs and interests. These autocratic forces are also pressing forward a narrative of the erosion of universal values, decrying notions of democracy, freedoms, and liberties as decadent or globalist. Take, for example, Putin’s portrayal of Russia’s war against Ukraine as “fighting for the freedom of not only Russia but the whole world” and that the “dictatorship of one hegemon…is decrepit.” It is not difficult to guess what “one hegemon” he is invoking. 
Autocrats have also learned to copy and paste the language of repressive legislation from one another to control their populations under the guise of “rule of law.” Uganda, Yemen, Cambodia, and several other countries have passed laws to “catch” activists pressing for reform that are modeled on Russian and Chinese anti-extremism legislation. Many of these laws also target NGOs, charities, and academic programs with possible foreign links or funding. Investigations and prosecutions are lodged against civic organizations and their members using laws criminalizing “foreign agents” and “terrorism.” These laws, while domestically aimed, amplify and legitimize autocratic accusations and narratives that anyone fighting for democratic reform poses a national security threat and is nothing but a US-sponsored foreign spy. Such portrayals cut deeply against American soft power.
Proxies and Security Assistance 
During the Cold War, proxy strategies earned a reputation as a means of conducting “war on the cheap” while avoiding direct, kinetic confrontation. Today, autocrats are capitalizing on proxy forces’ value to secure a better return on their IW influence and legitimacy-seeking investments. By financing not only traditional proxies like Hamas, Hezbollah, and Houthis rebels, which are linked to Iran but also modern private security and military forces, like Russia’s Wagner Group (or “Africa Corps”), Autocracy, Inc. seeks to generate new security dilemmas that put pressure on the democratic systems of its foes while helping its autocratic friends retain a firm, repressive grip over their populations. Indeed, these forces have started building their own sub-support network. Last fall, the Wall Street Journal reported, based on U.S. intelligence, that the Wagner Group was planning to send the Pantsir-S1, an anti-aircraft artillery system, to Hezbollah.
China has learned from watching Iran and Russia, slowly growing out its networks of proxies and private military and security companies. This growth, which helps autocrats expand their regional and global influence, has significant consequences in the modern era of great power competition where the struggle for influence is intentionally maintained below the level of armed conflict. China’s entry into the market of private security forces is coupled with its increasing exportation of its domestic security model. The proliferation of Chinese surveillance technology around the world not only raises Beijing’s global profile as a reliable provider of domestic security assistance vis-à-vis the United States but also creates an avenue for the technology’s legitimization and normalization, embedding Autocracy, Inc.’s values and interests in liberal and illiberal societies alike.
In warning that the political elites who depend on Chinese surveillance technology may feel obligated to align themselves politically with China to retain power, Applebaum nevertheless overlooks the complexities of contemporary great power security competition, making her claim seem speculative and attenuated even if there is evidence to support it. As Sheena Chestnut Greitens and Isaac Kardon have explained, while countries have sought to play the United States and China off each other to get the best deal for distinct security objectives, authoritarian leaders accepting U.S. aid may feel compelled to seek more Chinese domestic security assistance not because of some allegiance to China but because of a desire to balance against the view of the United States as “a conduit for promoting human rights and political liberties.”
Understanding the Mission and Fighting Back
After demonstrating how today’s autocrats are uniting to secure their survival and global status, Applebaum offers several recommendations for countering Autocracy, Inc. Among them is a directive to those committed to safeguarding democracy—in their own countries and abroad—to double down on their fidelity to democratic values. This includes promoting the notion of democracy and freedom as a real, viable alternative by using the legal avenues available in democracies to go after autocrats, their schemes, and their resources. It also means undermining autocratic forces in the Information War, including by supporting current programs set up to fight and expose the “epidemic of information laundering.” Such programs include the State Department’s Global Engagement Center (GEC), founded in 2023 to “pre-bunk” misinformation campaigns before they launch.
Implementing these strategies requires redirecting resources and channeling a new level of creativity. For example, in order to counter the spread of repressive Chinese security technology and assistance, the United States must find a way to develop security assistance packages that can compete with China’s while remaining committed to democratic values. Therefore, these efforts will need all the help they can get from policymakers and legislators.
Unfortunately, it looks like Washington may be headed in the opposite direction.
Last month, the House of Representatives passed its version of the 2025 NDAA. The 2024 NDAA included provisions for countering disinformation and propaganda campaigns; combating malign foreign influence domestically; protecting against undue influence; promoting public diplomacy through engagements like Radio Free Europe, Radio Free Africa, and Radio Free Americas; and supporting the GEC. The 2025 bill budgets for none of these. While the Senate version officially introduced last week by the chamber’s Armed Services Committee calls for coordinating and amplifying U.S. public messaging efforts with the GEC, a State Department official not authorized to speak publicly expressed to me his concern that, “as things stand, the U.S. government could lose its only congressionally mandated center for countering the threat of Russian and Chinese misinformation overseas.”
The impact of efforts like the GEC is real. My parents distinctly remember the lengths their families in Poland went through to tune into Radio Free Europe and the inspiration it gave everyday people who wanted to bring Poland out from under Soviet communism. They also remember living in constant fear of the Służba Bezpieczeństwa (Ministry of Internal Affairs Security Service) and Milicja Obywatelska (Citizens’ Militia), organizations responsible for the murders of democratic activists like Jerzy Popiełuszko and Grzegorz Przemyk.
Today, rather than funding secret police units, autocrats have learned how to economize on terror tactics by weaponizing information. Applebaum, the wife of Poland’s current foreign minister, discusses how a smear campaign ended in 2019 when a man who had watched state propaganda television from jail murdered a Polish opposition politician. On January 6, 2021, after disinformation about a democratic election and new administration drove a mob to storm the U.S. Capitol, my parents, who never once second-guessed their decision to come to America, questioned whether there was hope for democracy anywhere if it was not possible here—which is exactly what Autocracy, Inc. wants the world to believe.
In her 2021 article that evolved into this book, Applebaum lamented that “the bad guys are winning.” Yet, as she notes in her epilogue, all hope is not lost. Autocracy, Inc. can be stopped, but it requires effort from those living in liberal societies to “make the effort” to preserve their free and open way of life. This means learning to fight—and beat—Autocracy, Inc. and its subsidiaries in the IW arena they have mastered.  
Ania Zolyniak is a current JD candidate at Harvard Law School. She graduated with honors from Georgetown University’s Walsh School of Foreign Service in 2021 with a BS in Foreign Service. Prior to law school, Zolyniak worked at the Council on Foreign Relations and the National Academy of Sciences.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
Main Image: President of Russia Vladimir Putin with President of China Xi Jinping during Putin’s state visit to China, May 16, 2024 (Kremlin.ru via Wikimedia Commons)
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items

The Digital Battlefield: How Social Media is Reshaping Modern Insurgencies
In the past two decades, the landscape of insurgency has undergone a profound transformation, driven by the rise of social media and increased global connectivity. This digital revolution isn't just changing how insurgents communicate—it's fundamentally reshaping the nature of insurgency itself. From the bustling streets of Mumbai to the war-torn landscapes of Syria and Ukraine, social platforms have become the new frontlines of modern conflict, reshaping recruitment strategies, operational tactics, and the very fabric of insurgent movements worldwide.
The Social Media Surge in Modern Conflict
The 2008 Mumbai attacks marked a pivotal moment in the use of social media in insurgencies. As gunfire echoed through the city, the world watched in real-time as Lashkar-e-Taiba militants used Twitter to coordinate their movements, evade security forces, and amplify their propaganda. This real-time use of social media allowed the attackers to respond dynamically to police actions and ensured worldwide visibility for their cause. It was a chilling preview of insurgents weaponizing digital platforms.
In the years since we've seen this digital arsenal expand and evolve. Today, groups like ISIS have turned social media into a global recruitment tool, their hashtags as potent as any propaganda poster. The 2014 #AllEyesOnISIS campaign exemplifies this power. It wasn't just a trending topic—it was a call to arms that swelled their ranks from 12-15,000 to a staggering 40,000 fighters from over 110 countries. This surge isn't just a military boost; it's a testament to the raw power of social media in modern conflict.
These platforms offer insurgents a digital Swiss Army knife with multiple functions. They serve as a global recruitment tool, reaching potential fighters across borders and continents. Real-time communication allows for swift, adaptable tactics, turning every smartphone into a command center. As a propaganda machine, social media amplifies messages and ideologies, with every user potentially becoming a broadcaster. Perhaps most crucially, these platforms boost morale by instantly sharing successes, attracting support, and creating a global community among disparate groups.
The Syrian Civil War provides another stark example of social media's impact. YouTube became a battleground of narratives, with rebel groups showcasing victories to rally support. The Free Syrian Army, an umbrella organization for various militant groups fighting against the Assad regime, launched its inaugural message on YouTube and other social media outlets. In 2013, a widely circulated video of rebels successfully taking control of the Menagh Air Base did more for morale than any rousing speech could have, demonstrating the immediate and far-reaching impact of digital content in modern insurgencies.
The Double-Edged Sword of Connectivity
The internet's explosive growth—usage up by 1,355% between 2000 and 2023—has been a game-changer for insurgent movements. By 2007, 80% of the world had mobile coverage, creating unprecedented global connectivity. For insurgents, this means unparalleled reach and adaptability. ISIS, for instance, effectively leveraged platforms like Twitter and Telegram to disseminate tactical manuals, tutorials, and propaganda videos. These materials covered various topics, from bomb-making to cyber-attacks, and were easily accessible to recruits worldwide. Disturbingly, they also published the names of hundreds of U.S. military personnel on social media, inciting followers to target these individuals.
Telegram emerged as ISIS's preferred platform due to its simple registration process, lax security protocols, and availability as an app for both mobile devices and computers. This allowed users to access an extensive library of ideological and spiritual content, operational tutorials, fundraising resources, and guidance on maintaining anonymity.
The Taliban's use of WhatsApp during their 2021 takeover of Afghanistan further illustrates this trend. As their fighters entered Kabul, they established a WhatsApp helpline to receive reports of violence and looting, mixing modern tech with medieval ideology. Despite eventual bans from Facebook and YouTube, the Taliban continued to engage with hundreds of thousands of followers on Twitter, even after consolidating their control.
However, this connectivity is a double-edged sword. The same tools that empower insurgents expose them to surveillance and counterintelligence efforts. An example is in 2005, Thai authorities introduced new identification standards for mobile phones, believing them to be a boon for separatist insurgents in southern Thailand. This move highlighted a global trend where governments recognized the potential of mobile communications for intelligence collection. The capacities of governments to tap into these communications vary, but the use of cell phones by potential activists generally enhances intelligence gathering opportunities for government forces. For instance, in Afghanistan, the expansion of cellular coverage significantly increased the ISAF’s ability to monitor communications. Today's groups face similar challenges, constantly balancing reach against security. The digital footprint left by social media activity can be tracked, analyzed, and used against insurgent groups, forcing them to evolve their tactics and platform usage constantly.
The Counterinsurgency Conundrum
For governments and militaries, this new digital landscape presents a maze of challenges and opportunities. The enemy can now recruit, plan, and strike from behind a screen, fundamentally changing the nature of counterinsurgency efforts. The expansive reach of social media complicates these efforts in unprecedented ways.
Some governments are fighting fire with fire, launching social media campaigns to counter insurgent narratives. The Nigerian military, for instance, has taken to posting videos, images, or messages, in an attempt to restore public confidence, invoke sympathy from a neutral population, curbing online firestorms, and win the narrative war online.
But effective countermeasures go beyond just posting content—they require a deep understanding of the digital battlefield. Tools like Livemap, which shows concentrations of online engagement, offer a glimpse into potential hotspots of insurgent activity. These can be analyzed and assessed as potential indicators of where insurgent organizations may be prospecting off social media networks.
Political jamming—repurposing widely circulated memes to disseminate counter-terrorist ideologies—holds the potential to address online radicalization. However, its effectiveness is hindered by the rapid sharing of content across digital platforms.
As insurgencies become more connected, they're not just linking people—they're tapping into the Internet of Things (IoT). This trend suggests that future insurgent activities will involve more cyber-related actions, potentially including tapping into IoT networks and using digital weapons like Stuxnet to cause physical damage or disrupt command and control systems across different domains.
The AI Wild Card
As we peer into the future of insurgency, artificial intelligence emerges as a potential game-changer that could reshape the conflict landscape. The applications of AI in insurgency are as diverse as they are concerning.
AI-powered propaganda campaigns could be precisely targeted to exploit societal divisions, manipulate public opinion, amplify grievances, recruit supporters, and sow confusion among opposing forces. Sophisticated cyber warfare, driven by AI algorithms, could identify and exploit vulnerabilities in government systems faster than any human hacker, enabling insurgents to orchestrate large-scale data breaches or disrupt critical communications networks.
In strategic planning, AI could enable insurgents to analyze vast amounts of data to identify weak points in government defenses, predict security force movements, and plan asymmetric attacks with greater precision and efficiency. While ethically controversial,  developing or acquiring AI-powered autonomous weapons systems—including drones, robotic weapons, or modified autonomous vehicles—could give small insurgent groups outsized military capabilities.
AI algorithms could also optimize insurgent operations in less visible ways. They could streamline fundraising efforts, manage illicit financial transactions, and optimize supply chains for weapons and resources, enabling insurgencies to operate more efficiently and clandestinely. Additionally, AI-driven surveillance systems could help insurgents monitor government forces, track individuals considered threats, and gather intelligence on potential targets or vulnerabilities.
These advancements in AI technology present a new frontier in the evolution of insurgency, one where the lines between physical and digital warfare become increasingly blurred. The potential for AI to level the playing field between state actors and insurgent groups adds a new dimension of complexity to future conflicts.
Navigating the New Normal
In a world where a tweet can be as powerful as a tank, adaptation is crucial for insurgents and counterinsurgents. The battle for hearts and minds is now largely fought online, and strategies must evolve to include robust digital components. This goes beyond censorship or network shutdowns—it's about engaging effectively and ethically in the digital space.
Preparedness for the unexpected is key. As technology evolves, so will the tactics of insurgents. The next significant threat might not come from a bomb but from a bot. The rise of direct-to-device satellite networks, like those offered by companies such as Viasat, potentially complicates law enforcement efforts by ensuring remote connectivity through secure satellite connections directly to a user's cell phone. These networks possess the capability to bypass traditional infrastructure, making them harder to intercept and monitor.
Education plays a crucial role, not just for those fighting insurgencies but for the general public. In an age where online radicalization can target anyone, digital literacy becomes a matter of national security. Understanding the mechanisms of online propaganda and the potential for manipulation through social media is essential for building resilience against insurgent narratives.
We must also grapple with the ethical implications of these new technologies. The balance between security and privacy and the challenge of countering extremist narratives without infringing on free speech require thoughtful consideration. As governments and tech companies work to moderate content and prevent the spread of extremist ideologies, they must navigate thorny questions about censorship, surveillance, and the limits of online freedom.
Conclusion
The digital revolution has transformed insurgency, turning social media platforms into weapons of war. As we navigate this new landscape, one thing is clear: the future of conflict will be shaped as much by clicks and code as by bullets and bombs. Adaptability, technological savvy, and ethical foresight will be our most valuable weapons in this digital arms race.
The insurgencies of tomorrow will be fought not just on the ground but in the vast, interconnected spaces of our digital world. They will leverage advanced technologies like AI and IoT, exploit the reach of social media, and adapt to new forms of connectivity like direct-to-device satellite networks. Countering these evolving threats will require a multifaceted approach that combines technological innovation, strategic communication, and a deep understanding of the digital ecosystem.
 The line between physical and digital conflict will continue to blur as we move forward. The challenges we face are complex, but so are the opportunities for creating more effective, ethical, and responsive approaches to counterinsurgency. By recognizing the pivotal role of social media and emerging technologies in shaping modern insurgencies, we can better prepare for future conflicts and work towards more stable, secure societies in an increasingly connected world.
Brandon Schingh holds master's degrees from Boston University and Arizona State University, where he focused on unconventional warfare in the Global Security program. His career spans military, law enforcement, and intelligence sectors. Schingh served as a noncommissioned officer in the US Army Airborne Infantry. He later worked as a Federal Air Marshal and as a CIA security contractor.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

Resilience and Resistance Post-Raisi: A Data-Centric Approach to Iran
June 27, 2024
 
By Dr. Robert S. Burrell and Dr. David R. DiOrio
 
The sudden death of Iranian President Ebrahim Raisi in a helicopter crash on May 19, 2024, may provide an opportunity to usher in a new destiny for the Iranian people. Many considered the hard-liner to be the Supreme Leader Khamenei’s enforcer in consolidating the clerics’ power through the executions of dissidents and the jailing of political prisoners. He mobilized America’s rivals by pursuing a military alliance with Russia and economic ties with China to weaken the grip of Western political and commercial dominance in the region. The former president was the mastermind of a proxy-based militarization campaign to make a Western presence in the Middle East so costly that the United States and its allies would withdraw. Despite the recent escalation of hostilities against Israel and the West, the United States remains committed to maintaining a forward presence to strengthen regional partnerships and protect vital trade routes.
 
The Islamic Republic of Iran will choose a new President on June 28, 2024. Iran’s Guardian Council, a conservative 12-member oversight board, chose six candidates: 5 far-right hardliners and one moderate, Masoud Pezeshkian, who is open to renewed diplomacy with the United States. The high popularity of Pezeshkian is a sign of the Iran people’s desire to seek less stringent Islamic codes and friendlier relations with the West. The election outcome is uncertain. The Supreme Council’s biased support toward and election of a far-right candidate may widen the prevalent trust gap and ignite widespread protest. Still, the successful election of the moderate may present a renewed opportunity to reduce historical tensions and establish a pro-Western partnership. This election presents an excellent opportunity to review our foreign policy stance and strategize our approach no matter the election’s direction.
 
Considering the considerable sea change in Iranian politics, we advise the DoD to take a fresh look at its analysis of one of America’s long-standing adversaries. Since 2021, two events have dramatically shifted the subject of irregular warfare within the Department of Defense. The first was House Resolution 5130, Consortium to Study Irregular Warfare Act of 2021. Congress mandated a more data-centric (not theoretical) analysis of irregular war. The second was the change of the irregular warfare definition released in Joint Publication 1: Volume 1, Joint Warfighting in August 2023, which expanded irregular warfare to encompass activities taken before conflict and during competition. The upcoming election and forming of a new government present an opportune time to design and implement a comprehensive operational plan to advance our national interests. We recommend utilizing a fact-based methodology (leveraging analytical data from top universities, financial institutions, governmental agencies, and nongovernmental organizations) to analyze the resilience of and resistance to current Iranian governance systems. Such an assessment can better inform DoD activities, force posture, and interagency collaboration to achieve U.S. national objectives, not just in the case of war but in competition.
 
The Islamic Republic has been a destabilizing force in the Middle East since its ascension to power after the Iranian Revolution in 1979. The Iranian leadership has provoked violent conflict and destructive activities to assert its hegemonic aspirations. Iran’s government is a complex blending of theocratic and political elements that pursues expanding Islamification in conformity with “Khomeinism,” a radicalized ideology to reassert Shi’ism as the dominant Islamic moral authority. Tehran views the United States and Israel as their main threats and focuses their foreign policy on eliminating their regional influence. With a relatively small regular military, the regime relies on specialized forces to lead a network of proxies that engage in surrogate terrorism, political agitation, and paramilitary violence as the main instruments of power projection. The best strategic approach to stabilize the political situation and curtail Iranian hostilities needs reconsideration.
 
The 2022 National Security Strategy delineates the current U.S.-Iranian policy initiatives. The U.S. is presently pursuing diplomacy backed by limited sanctions to dissuade Iran from threatening U.S. personnel and developing a nuclear weapon but stands prepared to use other means should diplomacy fail. The policy provides a commitment to stand with the Iranian people, striving for human rights and dignity. Strategic decision-makers should assess the resilience of the Islamic Republic by examining its perceived legitimacy by the Iranian people, who have demonstrated a significant measure of resistance against the abuses and corruption of the Tehran regime.
 
Given their ethnic, cultural, and, to a lesser extent, religious diversity, the Iranian people and the Muslim Shi’a community at large have mixed views on the regime’s strategic goals. The clerics profess that the Islamic Republic is the only righteous governance path within the Islamic world. Theocratic truth-seekers advocated a sociopolitical sect based upon traditional Shi’a jurisprudence, believing that global liberation movements against colonialist oppressors were a justified obligation. Many Iranians are skeptical of the regime’s professed commitment to jihad against the West because the policy has degenerated the country’s social conditions and heightened fears of unleashing external aggression. The Muslim World generally views Iran negatively, believing that a Shi'a worldview is not a legitimate moral authority and that Tehran's strategic approach does not contribute to peace and stability in the region.
 
The following chart utilizes governance metrics from the World Bank (accountability, stability, effectiveness, regulation controls, rule of law, and controlling corruption), along with fragility metrics from the Fund For Peace, to illustrate the Islamic Republic’s resiliency in comparison with Egypt, Turkey, and Saudi Arabia. The illustration provides a relative governance scale where a higher level of governance indicators represents a more capable, less corrupt, and more stable government. Lower governance metrics imply the regime is fragile and susceptible to violent or nonviolent social movements.
 
Contributing to the Islamic Republic’s perceived illegitimacy includes significant human rights abuses, lack of religious freedom, corrupt judiciary, and poor social conditions. Governance indicators improve to the right on this comparison with countries that espouse transparency, combat corruption, and enforce the rule of law, which is more apparent in the regimes of Turkey and Saudi Arabia. The Erdogan government remains effective and enforces regulations, but nearly all its metrics remain lower than those of Saudi Arabia. Both Saudi Arabia's and Egypt's regimes remain unaccountable to their people, yet the House of Saud wields considerable strength in regulation control and the establishment of law and order. Compared with its near competitors, the Islamic Republic's governance indicators demonstrate that it is dramatically unsuccessful on all fronts, causing instability and fragility that a unified social movement or violent rebellion may exploit.
 
A lack of public confidence undermines the strength of the Islamic Republic. Iran's resiliency emanates from the people's perceptions and motivations, and poor governance performance erodes public trust. Iran's authoritarian system failed to produce meaningful political reform or social development. Severe restrictions on personal freedoms and a violent suppression of dissenting views diminish popular support for Tehran. These abuses foster resentment within the population and significantly degrade national morale and confidence in Iranian leadership. In a globalized world where information travels at the speed of the internet, social media exposes many Iranians to alternate political views and alluring social policies that make them question the efficacy of the cleric’s hard-line approach to the West.
 
Tehran’s low governance ratings and high fragility assessment pose a significant dilemma for the Islamic Republic and a considerable opportunity for the United States. The Iranian election process and new government formation may yield some valuable insights to steer our Iranian foreign policy. Should the United States promote: (1) a more resilient Iranian theocracy, (2) support external and internal resistance activities to collapse the regime, or (3) actively shape the strategic environment and defer to a future opportunity? A comprehensive assessment of the resilience metrics and exploring resistance strategies may lead U.S. policymakers to a more effective approach.
 
In conclusion, a fact-based methodology for analyzing the resilience and resistance of the Islamic Republic of Iran may inform U.S.-Iranian foreign policy decisions. The U.S. joint operational planning process and conventional war plans have not adequately addressed the competition domain in the Middle East. Current DoD force posture and activities appear merely reactive to current events. Utilizing a data-centric analysis, the DoD can measure the potential resistance within Iran, as well as identify the many nonviolent and violent groups opposing the Islamic Republic. The United States wields many instruments of national power – diplomatic, information, military, and economic – that can influence Iran’s resilience or support resistance to inspire and lead governance reforms. Making such choices requires an interdisciplinary approach and a thorough understanding of the operational environment.
 
Dr. Robert S. Burrell is a resilience and resistance interdisciplinary scholar using data-driven and human-centric methodologies to analyze intrastate conflict ranging from nonviolent protest through belligerency. He is a Senior Research Fellow at the Global and National Security Institute of the University of South Florida. From 2020-2024, he taught irregular warfare at Joint Special Operations University and was the former editor-in-chief of special operations doctrine from 2011-2014.
 
Dr. David R. DiOrio (CAPT Ret.) is a National Security Professional with a Doctor of Philosophy degree in Public Policy and Administration from Walden University. He served as the Deputy Director at the Joint Forces Staff College of the National Defense University and is currently Adjunct Faculty at the Joint Special Operations University.
 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University's Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Cyber Attacks in Perspective: Cutting Through the Hyperbole
June 25, 2024 by Tom Johansmeyer
 
This article is part of the Irregular Warfare Initiative's Project Cyber, which explores and characterizes the myriad threats facing the United States and its allies in cyberspace, the information environment, and conventional and irregular spaces. Please contact us if you would like to propose an article, podcast, or event environment. We invite you to contribute to the discussion, explore the difficult questions, and help.
What would the most destructive and costly cyberattack in history look like? 
The Department of the Treasury is exploring a federal mechanism for providing relief capital to the insurance industry in the event of a major cyber catastrophe. While the prospect of a cyber incident sinking the insurance industry and leaving society exposed is intensely remote, it highlights an underlying problem with our understanding of the destructive capacity of cyberattacks—hyperbole. If the terror attacks of September 11, 2001, represented a failure of imagination, then the fear we have of a significant cyberattack represents a failure to keep our imaginations under control.
History shows that it is easier to imagine a catastrophe than to produce it, but it fails to explain why. The last twenty-five years of economic loss data suggest cyberattacks aren’t nearly as costly as the annual hurricanes and hailstorms we experience. 
So why are we so afraid?
In many ways, our fear can be attributed to the relative newness of cyber risks in human history, meaning they need to be better understood by the public and with many precedents. Additionally, our misunderstanding is related to the thin historical data we have on them and, more critically, that our historical data relies heavily on a few specific, recent cases—the most prominent being the 2017 NotPetya attack. With a $10 billion price tag and impacts across 65 countries,NotPetya was called “the most destructive and costly cyberattack in history.” But the numbers tell a different story, and relying on NotPetya as our catastrophic example may mean researchers and analysts are staring down a paper tiger. 
By exaggerating the effects of past attacks and framing them as but a taste of what’s to come, the cyber domain inspires fear in policy-makers, commanders, and the general public that is normally reserved for the most severe forms of kinetic warfare, such as nuclear strikes. As a result, cyber capabilities have become difficult tools to use, simply due to a fear that has not materialized which is based on hyperbolic claims. A misguided belief in their destructive power has effectively stifled innovation at all echelons—despite plenty of research suggesting the contrary. If there were ever a time for a hard reset on how cyber operations and their implications are perceived, this is it. If anything, cyber operations have proved to be de-escalatory, and by perpetuating a myth to the contrary, we lose access to an important alternative to traditional war. By setting the record on cyber straight, we take a step toward making the world a safer place.
How it started
NotPetya was born of war. Released three years after the start of hostilities in eastern Ukraine in 2014, NotPetya was one of several efforts by Russia to attack Ukraine in cyberspace. From 2014-2016, other Russian cyberattacks were operationally successful but often fell short of their desired impact. For example, the 2015 attack on the Ukrainian power grid is among the most effective attacks against an energy infrastructure. Still, only 230,000 people lost power for six hours—far short of what even a minor hurricane routinely achieves. 
What happened in 2017 was different. A tool developed by the Russian defense intelligence agency (GRU), NotPetya, was deployed after GRU hackers gained access to the servers of a small Ukrainian software company. The exploit relied on a Windows vulnerability and was embedded into the company’s software products, like the Ukrainian accounting software MeDoc, and intended to cause damage to large swaths of the Ukrainian economy. Made to look like its ransomware predecessor, Petya, NotPetya locked the systems it encountered and demanded a $300 payment. However, the ransomware “face” of NotPetya was another case of maskirovka—the attackers had little interest in collecting ransom payments but instead used the feature to confuse forensic analysts, making it harder for them to divine who was behind the attack. 
Although NotPetya has been attributed to Russia’s GRU, the code was derived from a leaked National Security Agency (NSA) tool called EternalBlue. A proverbial skeleton key of an exploit, EternalBlue, was used as part of the 2010 Stuxnetattack on the Natanz nuclear facility. After the tool was leaked, it was used in both the WannaCry and NotPetya attacks during the first half of 2017 and later in BadRabbit. Throughout 2017, therefore, waves of attack came with “roots [that] can be traced to the US.” The impact of those attacks underscores why the NSA sustained heavy criticism over hoarding zero-day vulnerabilities and developing powerful cyber tools that can be difficult to control. And it’s easy to see why. 
NotPetya quickly spread beyond Ukraine to cause an estimated $10 billion in economic damage worldwide. The United States, France, Denmark, and Germany were among the 65 countries affected. The attack’s costs mounted quickly. According to its two insurance policies, pharmaceutical company Merck sustained nearly $2 billion in damage. Maersklost $300 million, and the newly merged FedEx/TNT lost roughly $1 billion. The insurance industry experienced nearly $3 billion in losses, indicative of the attack’s scale. 
Meanwhile, the effects on NotPetya’s intended targets were far more modest. NotPetya is estimated to have impaired 0.5% of Ukraine’s gross domestic product (GDP). That amounts to $560 million, a significant but manageable cost. 
Further, in a twist of poetic justice, Russia also fell victim to NotPetya. After losing control of the malware, two of Russia’s largest companies, the energy company Rosneft and the financial institution Sberbank, joined several Russian companies, including banks, travel agencies, and telecommunications providers, on NotPetya’s list of victims. Although the source of the list of Russian victims is suspect (as a blog post comment that looks like it came from a troll farm), the effects on several of the named Russian companies are reported elsewhere—including The Independent, cyber security firm Group-IB, and of course TASS. 
Context is crucial
The global impact of NotPetya led the U.S. government to call it “the most destructive and costly cyberattack in history.” The declaration has since been amplified across the popular and academic press, cementing NotPetya’s place at the top of “most destructive cyberattack” lists and ingraining it into the still-early study of “cyber catastrophes.” The result is that NotPetya’s prominence in the literature has skewed our understanding of the threats associated with cyberattacks.
Based on my calculations and categorization, there have been 21 cyber catastrophes since 1998 and up to $310.4 billionin losses, adjusted for inflation. And among them, NotPetya is not the worst. Sure, the attack was significant, but adjusted for inflation, its $11.9 billion price tag is roughly 30% below the 25-year average for cyber catastrophe economic impacts. 
When the U.S. government announced NotPetya as “the most destructive and costly cyber-attack in history,” it kicked off a narrative disconnected from the reality of NotPetya and our understanding of catastrophic cyber events. Everyone—researchers, scholars, security professionals, journalists … etc. —heard “the most destructive” and ran with it. There are several reasons why.
Cyber warfare—and cyber operations conducted by nation-state actors—are already shrouded in hyperbole. Whether you look at the 2015 attack mentioned above on the Ukrainian power grid or turn to the more recent cyber activity that preceded the 2022 invasion of Ukraine (and persisted after), the answer is the same. Cyber weapons, in practice, are more bark than bite. And it’s not just Russia. Operation Glowing Symphony offers a rare case of the US military confirming its offensive cyber operations against ISIS targets online. The operation was an interesting, clever, and successful case of offensive cyber activity until the offense stopped. In the end, cyber operations are most impactful when prosecuted, but their effects taper over time, and recovery and reconstitution often come quickly after an operation is finished.
None of this makes for great storytelling, but great stories about cyberattacks do exist—take Cliff Stoll’s Cuckoo’s Egg, for example—but they also rely heavily on exaggeration and hyperbole to describe cyber threats and impacts. Part of this is simply reader engagement—cyber or otherwise. Everyone loves a bit of excitement, and the real-world implications of cyberattacks, real or imagined, get your heart pumping. 
The NotPetya story—rather than the NotPetya attack—is revealing. In late 2018, Wired Magazine published “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” which bakes hyperbole into the headline and never lets up. Throughout the piece, the author amplifies complex issues with nuance and considerable finesse to give a true-crime story feel. In many ways, reporting on cyberattacks reflects how reporting on bullets and bombs is more accessible than reporting on bits and bytes the human eye can’t see. Incorporating exaggeration and hyperbole makes a story interesting. 
The Wired article has gone on to feed academic journal articles and news stories worldwide. In many ways, the article did not contribute to the NotPetya narrative but became it. The article also amplified the original 2018 White House announcement about NotPetya, further entrenching the hyperbolic interpretation of the attack into the public psyche. 
A more context-appropriate reading of the 2018 White House announcement would convey that NotPetya was an attack of global importance worthy of the “international consequences” that followed, including sanctions and indictments. NotPetya was undoubtedly the costliest single cyberattack in more than a decade, and to date, it was the last cyber catastrophe event to exceed even $1 billion. The fact that NotPetya fails to live up to the exaggerated claim of being the costliest cyberattack in history does not diminish its importance, and a context-appropriate reading of the 2018 announcement would still drive that message home. 
The lesson
The NotPetya attack is an excellent example of why words matter. At face value, calling NotPetya “the most destructive” cyberattack set a benchmark for how we think about future cyberattacks on US systems and how policy-makers think about future cyber operations against adversary systems. It categorized the nexus of economic security and cyber catastrophe risk into a false and misleading model, which could lead to years of missed opportunities to refine how the US researches, develops, and employs offensive and defensive cyber capabilities. 
Understanding the accurate scale of NotPetya (and the broader history of economic losses from cyberattacks) will help to reset expectations and breathe new life into cyber operations at all echelons simply by giving a relatable sense of the destruction caused. This only works for the set of targets, though, where the economic impact is the consequence. Not all attacks are about money. 
Nation-states are also highly vulnerable to cyber espionage, theft of intellectual property, and other efforts to gain and use private information. Events like the SolarWinds cyberattack have shown the significant societal implications of espionage. SolarWinds exploited a vulnerability in the Orion network management system, which is used by nearly 30,000 public and private organizations—including local, state, and federal agencies to manage their IT resources. Despite having devastating national security implications for SolarWinds, the total economic impact fell short of $200 million, making it more than 90% smaller than the Equifax breach alone. Nonetheless, the attack caused a loss of trust in government-run cybersecurity efforts—an essential national and societal security impact. 
Because of measures like “loss of trust,” it’s difficult to estimate the total cost of cyber espionage campaigns. While it’s prudent to make “economic impact” one measure among a collection of measures used to gauge the severity of a cyberattack, non-financial implications must be contemplated, too. 
Why this matters for US military cyber operations
The enduring lesson of NotPetya and the US government’s public statements about the attack is straightforward: hyperbole constrains military cyber operations. Overstating NotPetya’s impact adds to the “cyber Pearl Harbor” myth and fosters a misguided understanding of offensive cyber capabilities as decisive weapons of mass destruction. Helping the public (and government stakeholders) understand how cyber operations can be—and have been—used for de-escalation will not only reduce the temperature of cyber fears but could provide new flexibility in a domain of limited action. Despite the expanded authorities granted to US Cyber Command in the 2018 NDAA, offensive cyber operations continue to be constrained by the mistaken belief that cyberattacks will precipitate an escalation ladder similar to nuclear strikes. However, research continues to demonstrate otherwise.
Unfortunately, operational use of the cyber domain is also impeded by relatability. We understand concepts like “lethality.” When I walked through Sarajevo a few years ago, its 30-year-old battle scars possessed intuitive meaning—I could see the impact of war. A similar, tangible representation of cost or loss doesn’t exist for cyberspace operations. Therefore, without something concrete to touch, see, feel, or see, an aura of novelty remains around cyberattacks and cyberspace operations that leave the door open to storytelling and hyperbole—with it, the exaggerated claims that make for a click-able headline. The first step, therefore, is presenting a clear and accurate representation of the damage caused by past cyberattacks. 
In addition to improving our reporting on cyber operations’ impacts and data collection efforts, we must find ways to make cyberspace more relatable. While a good story can solve the relatability problem when it is accurate, inflated accounts and hyperbole only give commanders and policymakers pause. Whether by comparing the damage caused by cyberattacks to natural disasters (which are much worse) or to the effects of kinetic warfare (also much worse), providing reference points for understanding the consequences of cyberattacks is long overdue for what was identified as a domain of warfare back in 1993. Analogous impacts on other domains may be imperfect. Still, they offer a first step toward eventually making the impacts of cyberattacks as intuitively relatable as bomb craters and war ruins.
Moving forward, researchers, journalists, government officials, and the public need to recognize how hyperbole is shaping the discussion about cyberattacks. Even seemingly gold-standard sources benefit from healthy skepticism and a grain of salt. Doing so could lead to a shift in US cyber strategy by enabling a more accurate assessment of risk and allowing for more aggressive pursuit of malicious cyber actors around the globe without the risk of escalation more common in traditional warfare. 
Tom Johansmeyer is a Ph.D. candidate at the School of Politics and International Relations at the University of Kent, Canterbury, researching the role of insurance at the nexus of cyber and economic security. 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Chinese Unconventional Threats in the Era of Great Power Competition
https://irregularwarfare.org/articles/chinese-unconventional-threats-in-the-era-of-great-power-competition/
June 18, 2024 by Leo Matthews, Kevin Hoerold
Would China ever take a page from Iran’s playbook and cultivate relationships with violent extremist organizations (VEOs)?
 
Despite its seeming improbability, the increasingly assertive actions of the People’s Republic of China (PRC) in Southeast Asia raise this compelling question. This article explores when, where, and how the PRC might use VEOs to further its political, military, and economic goals. An analysis of Southeast Asia identifies an intersection of the PRC’s goals with those of violent non-state groups in Myanmar, the Philippines, and the Indian border regions. In each case, the PRC could plausibly advance its national interests via a partnered or proxy relationship with select VEOs. The same method of analysis identifies when and where the PRC’s collaboration with VEOs would be unlikely due to competing financial and political interests.
 
Understanding China’s potential tactics and likely flashpoints for irregular warfare is vital for preparing effective countermeasures. Most importantly, the discussion of China’s unconventional levers of power serves as a warning against the complete separation of counterterrorism efforts from strategic competition with China.
 
Where Does the PRC Already Cooperate with Proxy Groups?
In perhaps the defining example of PRC engagement with armed non-state groups, Myanmar has been a testing ground for China’s emerging strategy. In the absence of a stable, effective central government in neighboring Myanmar, the PRC maintains mutually beneficial relationships with both the military government and a complex web of ethnic armed groups. PRC collaboration with the military government of Myanmar and numerous ethnic opposition groups demonstrates President Xi’s willingness to arm and fund non-state actors in the pursuit of economic and military interests.
 
The PRC’s interests in Myanmar are largely focused on the development of the 1,700-kilometer China-Myanmar Economic Corridor. First proposed as a standalone project by Beijing in 2017, the project includes oil and gas pipelines, road and rail links, and a deep-sea port located in the coastal city of Kyaukpyu. Upon completion of the corridor and Kyaukpyu Port, the PRC will obtain direct access to the Bay of Bengal and the wider Indian Ocean. This will secure an alternative energy and trade route through Myanmar, open up an easier passage to global markets for the PRC’s landlocked Yunnan-based industries, and help reduce Beijing’s vulnerable reliance on maritime energy imports through the Straits of Malacca. In addition to the economic dimensions of the Belt and Road Initiative (BRI) in Myanmar, there is a budding element of great power competition at play in Kyaukpyu. The port will grant the PRC another outpost in its “string of pearls” strategy to encircle India, intimidate neighbors, and challenge US naval hegemony in the Indian Ocean.
 
The PRC’s expansive BRI projects in Myanmar traverse a country embroiled in ethnic conflict and tenuously led by a military junta. Beijing’s strategic priority is the completion of the economic corridor and unimpeded flow of commerce, irrespective of the internal politics of Myanmar. Consequently, the PRC funds and arms multiple sides of the conflict to protect its investments, simultaneously engaging with violent non-state actors and the military government.
 
In lieu of an effective government partner in Myanmar to maintain order, particularly along the Chinese border states, Beijing works through various ethnic armed organizations (EAO), the local power brokers. The largest EAO, the twenty-thousand-strong United Wa State Army (UWSA), has enjoyed a close relationship with the PRC’s security services since its founding in 1989. The UWSA emerged in 1989 from the splintering of the Communist Party of Burma (CPB), which the PRC had supported with weapons and military equipment since 1968 to combat the nationalist Kuomintang forces that fled into northeastern Myanmar after the Chinese civil war.
 
In recent years, PRC weapons shipments to the UWSA have included heavy machine guns, HN-5A Man-Portable Air Defense Systems (MANPADS), artillery, armored fighting vehicles, and other sophisticated communications equipment. The UWSA further benefits from access to cross-border markets for Chinese currency, rubber and mining industries, construction technology, and communication networks. Although the PRC does not publicly endorse the political goals of the UWSA, Beijing employs the group as a proxy force to protect ongoing BRI projects, stem the flow of drugs into China, and crack down on cyber scam centers operating in remote areas near the Chinese border.
 
When necessary, the PRC leverages its relationship with the UWSA and other armed groups to exert pressure on the military government of Myanmar to concede contested territory near PRC investments. Meanwhile, the military government of Myanmar maintains diplomatic ties with Beijing and has purchased over $1 billion in arms and military equipment since 2021 for its war against the UWSA and other EAOs. In recent months, Beijing has pressured both sidesof the conflict into (short-lived) ceasefire agreements to reduce the violent interruptions of trade and construction.
 
The PRC is not picking sides in Myanmar but rather protecting its strategic interests and investments. Beijing’s demonstrated willingness to arm and fund ethnic armed organizations in Myanmar leads us to question what other regions present similar conditions for PRC collaboration with violent, non-state actors.
 
Where is China Most Likely to Leverage VEOs?
The Philippines and the India/Kashmir border present two such possibilities. The PRC’s interest in the Republic of the Philippines is two-fold. First, the PRC seeks to undermine the re-emergence of security ties between the Philippine government and the United States. Manila has recently undertaken strategic steps to deepen its relationship with the United States, marking a significant evolution in its foreign policy. This is underscored by the recent expansion of the US-Philippine Enhanced Defense Cooperation Agreement. Second, the PRC has actively pursued territorial claims in the South China Sea (SCS), employing a strategy that combines economic leverage and the enhancement of its soft powerwithin the Philippines. This multifaceted approach aims to sway Manila into acknowledging the PRC’s territorial assertions, highlighting a sophisticated blend of diplomacy and economic influence to advance its geopolitical interests in the region. In a recent escalation of tensions, the PRC has intensified its assertive actions in disputed maritime territories by deploying both coast guard vessels and civilian fishing fleets. The PRC’s use of VEOs as a proxy force would allow for plausible deniability on the international stage while weakening the Philippine government’s maritime operations in the SCS and straining US-Philippine relations.
 
The two most likely VEOs for the PRC to leverage are the New People’s Army (NPA) and the Islamic State East Asia (ISEA). The New People’s Army (NPA), the armed wing of the Communist Party of the Philippines (CPP), has a documented history of engaging in actions against US personnel and interests within the Philippines. Their violent history includes deadly attacks on US servicemembers, underscoring the significant threat the NPA poses to both national and international security interests in the region. The NPA’s stated aims are to overthrow the Philippine government and eliminate US influence in the Philippines, highlighting its ambitious objectives against both the central government and foreign presence. Formed in the image of Maoist revolutionaries, the NPA received direct funding and military suppliesfrom the Chinese Communist Party from 1969 until the 1976 normalization of Chinese-Philippine relations. This demonstrates the NPA’s predisposition to collaboration with the PRC as the Chinese Communist Party’s genesis serves as the inspiration behind the NPA’s movement.
 
ISEA also holds both the capability and intent to attack American and Philippine government interests. The ongoing conflict instigated by ISEA in the southern islands of the Philippines demands extensive efforts from the Philippine government in terms of time, manpower, and resources. This continuous engagement diverts Manila’s focus and resources from other national security priorities, potentially benefiting the PRC’s strategic position. However, the PRC’s longstanding campaign against Uyghur Muslims in Xinjiang, under the pretext of combating Islamic extremism, might make the PRC cautious about associating with a violent Islamist group like ISEA. The PRC would go to great lengths to keep a proxy partnership with ISEA highly confidential.
 
When evaluating the potential for future PRC engagement with VEOs in the Philippines, several indicators could signal an escalation of involvement. A noticeable enhancement in the weaponry and capabilities of these groups could serve as an early warning of increased support. Additionally, a rise in both the frequency and intensity of their attacks, particularly if these occur in tandem or close succession with PRC assertive actions in the West Philippine Sea, could suggest a level of coordination between these organizations and the PRC.
 
PRC support for certain VEOs in Kashmir, meanwhile, could provide strategic, economic, and security advantages to Beijing. The PRC’s primary regional interests are the protection of nearby BRI investments and the disruption of the Indian military presence along the Line of Actual Control (LAC). Pursuant to these interests, the PRC supports Pakistan’s territorial ambitions and stands to benefit indirectly from the actions Pakistan takes to exert its power in Kashmir via conventional and unconventional means.
 
Periodic PRC military incursions into Indian Kashmir, including a 2020 clash in the Galwan Valley that resulted in 120 Indian casualties, underscore the PRC’s willingness to violently escalate tensions in the region. In addition to conventional military engagements along the LAC, Beijing provides financial support to Pakistan, whose military occupies a second front with India along the Line of Control (LOC). Should the PRC wish to employ unconventional methods in its simmering conflict with India, Beijing may consider working with or through Kashmir-based VEOs.
 
Within Indian Kashmir, Pakistan exercises varying levels of control over a network of Islamist VEOs opposed to Indian rule in the region. The jihadi organizations offer an alternative to conventional military force, operating within urban environments and conducting guerrilla warfare against the Indian government. Pakistan provides jihadists, via its Inter-Services Intelligence (ISI), with funding, weapons, equipment, and a safe haven to train for their perennial struggle against Indian rule in Kashmir.
 
The primary organizations directly associated with Pakistan are Jaish-e-Muhammad (JeM) and Lashkar-e-Taiba (LeT, renamed Jamaat-ud-Dawa in 2022), as well as Harakat-ul Jihad Islami (HUJI), and Hizbul Mujahideen (HM). ISI does not enjoy the same relationship with ISIS or al-Qa‘ida-affiliated groups whose global vision for Kashmir as part of a worldwide Islamic caliphate are at odds with the secular Pakistani state.
 
Beijing is unlikely to engage directly with Islamist VEOs but could work through existing ISI channels to indirectly fund or arm groups such as JeM or LeT. Using Pakistan as an interlocutor builds upon decades-old relationships between the ISI and select VEOs while providing a level of deniability to the PRC, publicly committed to opposing radical Islamist movements. In fact, from September to December 2023, multiple Indian media outlets reported on alleged evidence of PRC support to Pakistan-backed militants in Kashmir. Although uncorroborated in Western reporting, the stories claim Chinese military technology, including drones, encrypted communications devices, and advanced weaponry, have been supplied to LeT and JeM via the ISI. While far from definitive proof of PRC engagement, the news stories reveal an existing Indian narrative of Chinese involvement with Pakistan’s network of jihadist groups in Kashmir.
 
Where China is Unlikely to Leverage VEOs
The conditions identified in South Asia, which may accommodate a relationship between the PRC and VEOs, are not replicated in South America or Africa. From the Revolutionary Armed Forces of Colombia–People’s Army (FARC) in Colombia to the plethora of VEOs across Africa, both regions offer vectors for VEO engagement, but the PRC’s extensive economic and diplomatic investments suggest such a partnership would be highly unlikely.
 
The PRC will work with and through partner governments or institutions to pursue its economic and strategic interests whenever possible. The emphasis on infrastructure development, economic growth, and fostering long-term partnerships under the BRI framework (as opposed to geographic ambitions) suggests a strategic preference for stability and cooperative engagement over the contentious and unpredictable nature of VEOs. To this end, the PRC has fostered relationships with governments across Africa and South America and voiced support for local counterterrorism efforts.
 
Engagement with a VEO is an inherently high-risk endeavor, only likely to happen when the PRC lacks a cooperative, effective government partner and does not jeopardize its regional investments.
 
Conclusion
In examining these key geopolitical hotspots, it is clear that China acts based on its own self-interest. This analysis suggests that the PRC might go beyond traditional forms of international engagement, employing unconventional methods to further its strategic national objectives. Specifically, the PRC may work with VEOs as a novel approach to increase its regional influence. VEOs are appealing because they can disrupt, subvert, or distract. Therefore, China’s potential use of VEOs to project power indirectly requires a coordinated counterterrorism response. Understanding Beijing’s possible future tactics is crucial for developing effective countermeasures against these unconventional threats.
 
Kevin Hoerold is a General Wayne A. Downing Scholar of the Combating Terrorism Center at West Point. He holds a MA in Security Studies from Georgetown University and BS in Management and Financial Economics from Norwich University.
 
Leo Matthews is an instructor at the United States Military Academy’s Social Sciences Department. He holds a MA in Security Studies from Georgetown University and BS in Civil Engineering from the United States Military Academy.
 
Views expressed in this article solely reflect those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.