Insider: Short of War

Welcome to the Irregular Warfare Initiative’s Insider: Short of War, where IWI transforms its thought provoking articles into compelling audio pieces. Our podcast bridges the gap between scholars, practitioners, and policymakers, offering in-depth analysis and expert commentary on the dynamic world of irregular warfare. Stay informed and engaged with the latest insights from leading voices in the field, right at your fingertips.

Listen on:

  • Podbean App
  • Spotify
  • Amazon Music
  • TuneIn + Alexa
  • iHeartRadio
  • PlayerFM
  • Listen Notes
  • Podchaser
  • BoomPlay

Episodes

Thursday Jul 25, 2024


Beijing's Long Game: Gray Zone Tactics in the Pacific
Published July 25th, 2024
By Brandon Tran
“During the progress of hostilities, guerillas gradually develop into orthodox forces that operate in conjunction with other units of the regular army… There can be no doubt that the ultimate result of this will be victory.”
-On Guerilla Warfare, by Mao Zedong
The expulsion of former Chinese defense ministers Li Shangfu and Wei Fenghe from the Chinese Communist Party (CCP) on June 27, 2024, is the latest development in a months-long series of personnel purges in the People’s Liberation Army (PLA). As President Xi Jinping continuously reforms the PLA to make it a “world-class military” capable of achieving the People’s Republic of China’s (PRC) national security objectives, these purges illustrate an underlying tension that stems from competing priorities. Because the PLA is the armed wing of the CCP, Xi Jinping must make tradeoffs in balancing regime loyalty and military competence when selecting PLA officers for senior positions. As a result of this and similar compromises, the PLA remains unprepared for direct confrontation with near-peer adversaries. To address this gap, China will continue leveraging irregular warfare activities to incrementally accomplish its strategic objectives while buying time to achieve the level of conventional force development it desires. This article will evaluate how China’s use of irregular warfare sets the stage for its conventional force development, given the context of the competing requirements for senior PLA officer promotion, the PLA’s guiding principles, and the role of the new defense minister, Dong Jun.
Loyalty and Experience within the CMC
By necessity, Xi Jinping’s selection of senior officials balances political loyalty with operational and command experience. While he favors aggressive and competent commanders capable of realizing his ambitions in the Indo-Pacific, these leaders must remain politically loyal to Xi’s rule. His selections for the Central Military Commission (CMC) in 2022 attest to this. In order of rank, they are Zhang Youxia, He Weidong, Li Shangfu (who has since been removed), Liu Zhenli, Miao Hua, and Zhang Shengmin. Xi’s appointment of senior leaders to the CMC  indicates  an attempt to balance loyalty and experience because many of his selections break precedent. Examples include Zhang Youxia and Liu Zhenli, both promoted despite Zhang being past retirement age and Liu being the youngest in his rank group. These exceptions to policy were made because both Zhang and Liu have combat experience from the Sino-Vietnamese border wars, a rare and valuable quality given that the PLA is largely untested and inexperienced in combat. In other unconventional moves, He Weidong was permitted to skip key career milestones before assuming his position on the CMC. At the same time, Miao Hua transitioned from a long Army career to become the Navy’s political commissar. Indeed, selection to senior leadership positions has also been based on personal connections and previous experience with Xi. He Weidong and Miao Hua worked with Xi back when he was a provincial official in Fujian, and both Zhangs hail from the same region as Xi, claiming membership in his infamous Shaanxi Gang.
Chinese Strategic Concepts
To put Xi’s priorities and the PLA’s irregular military operations into context, it is vital to understand the guiding principles that inform the PLA’s military philosophy. Since its founding, the PRC has adhered to a warfighting philosophy of Active Defense. Under this principle, conflict is believed to exist on a spectrum ranging from peace to kinetic war. As a result, the PLA assumes a proactive force posture, constantly assessing potential threats and carrying out activities below the threshold of kinetic war that could create a better geopolitical position for the PRC. Through Active Defense, the PLA would theoretically be able to accomplish its objectives while controlling escalation on the conflict continuum. 
In tandem with Active Defense is the concept of People’s War, incorporating lessons from the past century and a half and forming the backbone of the PLA’s tactics and strategies. From its inception by Mao during the Chinese Civil War to the present day, the idea of People’s War has gone through several revisions, but the crux remains the same. Warfighting proficiency must be pursued through all possible means at the tactical, operational, and strategic levels. The United States understands this in the modern context as being able to field a proficient joint force capable of combined arms and multi-domain operations.
However, due to having to include party loyalty as a prerequisite for promotion, the PLA suffers from an acute “Big Army Mentality” that prevents the realization of an effective joint force. Consider the service component composition of the 2022 CMC. Four of these officials are PLA Army officers, a Navy officer, and a Rocket Force officer, with no Air Force representation in the CMC. Because of the pervasive attitude in the PLA that favors the dominance of land forces, the PLA has struggled to integrate its different services, preventing it from executing seamless multi-domain operations in both war and peacetime. Wargames conducted by Chinese military leaders have shown that the PLA is not yet ready to face near-peer adversaries in conventional warfare. PLA publications and training orders frequently acknowledge these shortcomings, using phrases like the “Five Incapables,” “Two Incompatibles,” and “Three Whethers” to describe issues of inflexibility, poor training performance, and a general lack of readiness.
As a result of these weaknesses, and despite the PLA’s many modernization initiatives in recent years, the PLA still favors asymmetrical approaches and remains hesitant to embrace large-scale combat operations fully. This is best explained by the Chinese military concept of shi (勢), rendered in English as a “strategic configuration of power.” Under this framework, one’s military assets are arrayed to create an advantageous situation and physical power is applied at that particular moment to achieve victory. Returning to Active Defense and People’s War, shi (勢), when applied, would craft an unassailable position for the PLA and enable it to maximize its resources if conflict escalates to kinetic war. The PLA employs irregular tactics to create favorable geopolitical and battlefield conditions to achieve this objective, maximizing China’s strengths and neutralizing enemy advantages before conflict begins.
Irregular Warfare Activities
As military reforms continue, China will likely employ unconventional methods to achieve immediate security objectives. Recognizing its forces are not yet war-ready, China keeps tensions below the threshold for war through gray zone activities. The PLA uses warfighting, military deterrence, and military operations other than war to build capabilities and gather information, aiming to discourage adversaries or decisively defeat them if conflict arises. These activities are expected to intensify once military reforms and modernization are complete.
This strategy is already on display in the South China Sea. There, China optimizes anti-access and area-denial capabilities to prevent any significant and sustained challenge to Beijing’s territorial claims, all while remaining under the threshold for kinetic conflict. Components of this strategy consist of technological development, legal warfare, and expansion of China’s presence through manufactured islands.
Technological development in key areas of the maritime domain is intended to negate the West's advantages of firepower and experience to ensure Beijing’s dominance over other Southeast Asian states in the South China Sea. Legal warfare limits the range of potential responses to China’s actions by its adversaries yet still achieves PRC interests. Expanding China’s presence in the adjacent seas through conventional troop deployment and unconventional state entities ensures the persistence of Chinese influence. It enables China to continue its regional operations without escalating to war. All these activities require significant planning and expertise to function as intended and synchronize with other PLA activities, thus necessitating leadership with joint experience and knowledge.
The PRC bolsters its sea claims through conventional and unconventional means. Troop deployments and exercises, as well as the construction of artificial islands and commercial sea vessels, ensure a continuous Chinese presence that is hard for other maritime states to displace. These artificial islands provide strategic bases for sustainment and defense, which are crucial for sectoral control in naval warfare. Coupled with advances in military technology, this enables China to project its reach beyond the First Island Chain, effectively limiting the entry of other navies into the area.
The China Coast Guard (CCG) and the Maritime Militia are key in these irregular activities. Their vast number of assets and plausible deniability, under the guise of internal security, offer significant advantages. CCG and Maritime Militia vessels often target other ships with non-lethal means, preventing competing states from establishing a sustained maritime presence in the South China Sea while minimizing the risk of military escalation. The PRC frequently obstructs and evades attempts to enforce international law about maritime practices. This enables China to act with impunity in the South China Sea and provides the PRC the time and space to consolidate its claims within the Nine Dash Line. Again, these gray zone activities require considerable expertise and experience to avoid escalating tensions beyond China’s readiness.
The New Defense Minister
Further evidence that the PLA will continue to execute gray zone activities can be found in the appointment of the new Minister of Defense. On December 29, 2023, China announced the appointment of the PLA Navy (PLAN) commander Dong Jun as its new defense minister. Dong Jun previously served as the deputy commander of the East Sea Fleet, responsible for Taiwan Strait maritime issues and disputed islands in the East China Sea. After that, Dong was deputy commander of the Southern Theater Command, which oversees operations in the contested South China Sea. His operational experience in these strategically vital theater commands handling China’s most salient national security interests already makes him a desired candidate for promotion by conventional force standards alone.  Dong Jun also has extensive experience conducting gray zone activities because such operations are largely carried out by the PLA Navy and conducted in the Eastern and Southern Theater Commands’ areas of responsibility.
Also of note is the fact that Dong Jun is not sanctioned by the United States, unlike his predecessor, which suggests that he will be able to serve China effectively in military diplomacy. Dong’s recent engagements with US Secretary of Defense Lloyd Austin illustrate the role he is stepping into. These are the first of such meetings in over two years and reflect attempts to ease tensions between the two countries. Thus, Dong Jun’s promotion facilitates diplomatic engagement and enables China the time and space to develop conventional military capabilities and bring China’s military power to the immediate forefront. Military diplomacy reduces threat perceptions, preventing escalation along the continuum of conflict and enabling China to continue its activities in repositioning and improving the PLA.
Conclusion
Since the PLA is not ready for a direct confrontation, China will continue to bide its time and leverage gray zone activities to achieve its interests while preparing the PLA to be able to counterbalance any potential near-peer adversary. To this end, we should expect to see increased use of irregular warfare, coercion, and pressure in the maritime domain from the China Coast Guard and Maritime Militia, especially given the elevation of Admiral Dong Jun to the position of defense minister. With these developments, the PLA will step closer to towards its goal of being able to execute unified multi-domain operations. The United States and its partners must also prepare for the future challenges to come. 
Brandon Tran is a cadet at the United States Military Academy at West Point. He is majoring in International Affairs and Chinese.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Wednesday Jul 17, 2024

Irregular Warfare in the 21st Century: Autocracy’s Global Playbook
July 16, 2024 by Ania Zolyniak
Anne Applebaum, Autocracy, Inc. The Dictators Who Want to Run the World, (Penguin Random House 2024)
Irregular warfare (IW), often hailed as the oldest form of warfare, remains an enigma within the US defense apparatus and government at large. The Department of Defense (DoD) offers conflicting definitions, while Congress’s attempt at clarification in the National Defense Authorization Act (NDAA) for Fiscal Year 2024 only muddies the waters further. This definitional quagmire, as Lieutenant General (Ret.) Michael Nagata astutely observed, has left the United States struggling in its efforts to become “the most effective practitioner [of IW] around the world.”
While the United States grapples with semantics, its adversaries have wholeheartedly embraced IW as their preferred mode of confrontation. Autocratic forces, both in liberal and illiberal polities, are dismantling borders to establish a globalized support network that ensures their survival and enables their coordinated efforts to reshape the post-1989 world order.
Enter Anne Applebaum’s latest work, Autocracy, Inc.  Set for release on July 23rd, this book offers a compelling account of how autocrats are collectively fortifying their domestic and international power. Applebaum, a Pulitzer Prize-winning journalist for The Atlantic, isn’t breaking new ground in exposing this cooperative network. Hal Brands, Samantha Power, and Maria Stephan have been writing about autocratic forces working in tandem to spread their influence and nourish their survival since about 2021. Rather, the value of Autocracy, Inc. lies in its detailed analysis of modern autocratic cooperation, its juxtaposition of current challenges with historical episodes of repression, and its guidance on how to fight back.
In presenting her case, Applebaum paints an alarming picture of contemporary autocratic power and reach, while, perhaps unknowingly, revealing how the United States’ autocratic adversaries are coalescing around common IW advantages. Viewed through the lens of IW, Applebaum’s analysis makes clear that countering Autocracy, Inc.’s efforts requires both understanding their intricacies and investing in initiatives that undermine their efficacy while still embodying the very democratic values they are employed to dismantle.
Misinformation/Disinformation
Disinformation in warfare may be as old as war itself and is even permitted under international humanitarian law. However, Autocracy, Inc.’s tactics, depart from traditional disinformation campaigns in both kind and degree. Rejecting battlefield delimitations, autocrats pursue a “permanent and comprehensive struggle” against their opponents, exploiting globalized information and communication technologies. The Internet has become their potent IW tool, allowing autocratic forces to inject unrealities directly into foreign populations, bolstering their legitimacy while stoking political and social discord.
Having honed their distortion skills by constricting and contorting the information funnel vis-à-vis their populations, autocratic leaders now exploit global information networks. They employ tactics such as “information laundromats”—sites mimicking legitimate news organizations to propagate foreign-produced fake news. Russia, China, and Iran make their falsehoods appear local and credible to foreign audiences. Today, Russia can not only convince its own citizens about American biolabs or that Ukraine was responsible for the downing of Malaysia Airlines Flight 17 but also convince citizens—and even some decision-makers—in democratic societies of the same. Americans witnessed this first-hand last year when Republican congress members stalled military aid to Ukraine while reiterating Kremlin-bred falsehoods.
Applebaum also draws out the not-so-coincidental connections between seemingly isolated efforts of autocrats in Beijing, Moscow, Tehran, and elsewhere to use communication technologies to project their distortions around the world, poisoning the well of potential US partnerships with countries in Africa, Latin America, and beyond. She also warns that less malign forms of Beijing-controlled media are becoming increasingly available across the developing world, projecting softer, more favorable images of China in the hopes of accruing foreign support in a zero-sum game of global influence.
Lawfare
In terms of elusive American concepts, IW stands in good company with lawfare, recognized as first officially entering the American security lexicon in 2001—decades after China integrated it into its military doctrine in the 1960s. Today, the powers-that-be in Beijing, Moscow, Tehran, and the like have outgrown the limited categories of lawfare described in Orde Kittrie’s leading book on the subject. Autocratic forces are now working in harmony to rejigger the moral and legal underpinnings of the international system; gain influence and legitimacy at the expense of the United States and its allies; and normalize actions that, while currently illegal, are necessary to meet their autocratic objectives.
For example, Chinese talk of win-win cooperation and Russian amplification of a new multipolar world order are packaged to promote an idea of greater fairness and equality than the current US-centric world can offer. The normalization of the abnormal in Syria, where Russian and Syrian forces used UN coordinates to strike hospitals during the Syrian Civil War, further encapsulates how autocrats are seeking to rewire what is considered “acceptable” to serve their needs and interests. These autocratic forces are also pressing forward a narrative of the erosion of universal values, decrying notions of democracy, freedoms, and liberties as decadent or globalist. Take, for example, Putin’s portrayal of Russia’s war against Ukraine as “fighting for the freedom of not only Russia but the whole world” and that the “dictatorship of one hegemon…is decrepit.” It is not difficult to guess what “one hegemon” he is invoking. 
Autocrats have also learned to copy and paste the language of repressive legislation from one another to control their populations under the guise of “rule of law.” Uganda, Yemen, Cambodia, and several other countries have passed laws to “catch” activists pressing for reform that are modeled on Russian and Chinese anti-extremism legislation. Many of these laws also target NGOs, charities, and academic programs with possible foreign links or funding. Investigations and prosecutions are lodged against civic organizations and their members using laws criminalizing “foreign agents” and “terrorism.” These laws, while domestically aimed, amplify and legitimize autocratic accusations and narratives that anyone fighting for democratic reform poses a national security threat and is nothing but a US-sponsored foreign spy. Such portrayals cut deeply against American soft power.
Proxies and Security Assistance 
During the Cold War, proxy strategies earned a reputation as a means of conducting “war on the cheap” while avoiding direct, kinetic confrontation. Today, autocrats are capitalizing on proxy forces’ value to secure a better return on their IW influence and legitimacy-seeking investments. By financing not only traditional proxies like Hamas, Hezbollah, and Houthis rebels, which are linked to Iran but also modern private security and military forces, like Russia’s Wagner Group (or “Africa Corps”), Autocracy, Inc. seeks to generate new security dilemmas that put pressure on the democratic systems of its foes while helping its autocratic friends retain a firm, repressive grip over their populations. Indeed, these forces have started building their own sub-support network. Last fall, the Wall Street Journal reported, based on U.S. intelligence, that the Wagner Group was planning to send the Pantsir-S1, an anti-aircraft artillery system, to Hezbollah.
China has learned from watching Iran and Russia, slowly growing out its networks of proxies and private military and security companies. This growth, which helps autocrats expand their regional and global influence, has significant consequences in the modern era of great power competition where the struggle for influence is intentionally maintained below the level of armed conflict. China’s entry into the market of private security forces is coupled with its increasing exportation of its domestic security model. The proliferation of Chinese surveillance technology around the world not only raises Beijing’s global profile as a reliable provider of domestic security assistance vis-à-vis the United States but also creates an avenue for the technology’s legitimization and normalization, embedding Autocracy, Inc.’s values and interests in liberal and illiberal societies alike.
In warning that the political elites who depend on Chinese surveillance technology may feel obligated to align themselves politically with China to retain power, Applebaum nevertheless overlooks the complexities of contemporary great power security competition, making her claim seem speculative and attenuated even if there is evidence to support it. As Sheena Chestnut Greitens and Isaac Kardon have explained, while countries have sought to play the United States and China off each other to get the best deal for distinct security objectives, authoritarian leaders accepting U.S. aid may feel compelled to seek more Chinese domestic security assistance not because of some allegiance to China but because of a desire to balance against the view of the United States as “a conduit for promoting human rights and political liberties.”
Understanding the Mission and Fighting Back
After demonstrating how today’s autocrats are uniting to secure their survival and global status, Applebaum offers several recommendations for countering Autocracy, Inc. Among them is a directive to those committed to safeguarding democracy—in their own countries and abroad—to double down on their fidelity to democratic values. This includes promoting the notion of democracy and freedom as a real, viable alternative by using the legal avenues available in democracies to go after autocrats, their schemes, and their resources. It also means undermining autocratic forces in the Information War, including by supporting current programs set up to fight and expose the “epidemic of information laundering.” Such programs include the State Department’s Global Engagement Center (GEC), founded in 2023 to “pre-bunk” misinformation campaigns before they launch.
Implementing these strategies requires redirecting resources and channeling a new level of creativity. For example, in order to counter the spread of repressive Chinese security technology and assistance, the United States must find a way to develop security assistance packages that can compete with China’s while remaining committed to democratic values. Therefore, these efforts will need all the help they can get from policymakers and legislators.
Unfortunately, it looks like Washington may be headed in the opposite direction.
Last month, the House of Representatives passed its version of the 2025 NDAA. The 2024 NDAA included provisions for countering disinformation and propaganda campaigns; combating malign foreign influence domestically; protecting against undue influence; promoting public diplomacy through engagements like Radio Free Europe, Radio Free Africa, and Radio Free Americas; and supporting the GEC. The 2025 bill budgets for none of these. While the Senate version officially introduced last week by the chamber’s Armed Services Committee calls for coordinating and amplifying U.S. public messaging efforts with the GEC, a State Department official not authorized to speak publicly expressed to me his concern that, “as things stand, the U.S. government could lose its only congressionally mandated center for countering the threat of Russian and Chinese misinformation overseas.”
The impact of efforts like the GEC is real. My parents distinctly remember the lengths their families in Poland went through to tune into Radio Free Europe and the inspiration it gave everyday people who wanted to bring Poland out from under Soviet communism. They also remember living in constant fear of the Służba Bezpieczeństwa (Ministry of Internal Affairs Security Service) and Milicja Obywatelska (Citizens’ Militia), organizations responsible for the murders of democratic activists like Jerzy Popiełuszko and Grzegorz Przemyk.
Today, rather than funding secret police units, autocrats have learned how to economize on terror tactics by weaponizing information. Applebaum, the wife of Poland’s current foreign minister, discusses how a smear campaign ended in 2019 when a man who had watched state propaganda television from jail murdered a Polish opposition politician. On January 6, 2021, after disinformation about a democratic election and new administration drove a mob to storm the U.S. Capitol, my parents, who never once second-guessed their decision to come to America, questioned whether there was hope for democracy anywhere if it was not possible here—which is exactly what Autocracy, Inc. wants the world to believe.
In her 2021 article that evolved into this book, Applebaum lamented that “the bad guys are winning.” Yet, as she notes in her epilogue, all hope is not lost. Autocracy, Inc. can be stopped, but it requires effort from those living in liberal societies to “make the effort” to preserve their free and open way of life. This means learning to fight—and beat—Autocracy, Inc. and its subsidiaries in the IW arena they have mastered.  
Ania Zolyniak is a current JD candidate at Harvard Law School. She graduated with honors from Georgetown University’s Walsh School of Foreign Service in 2021 with a BS in Foreign Service. Prior to law school, Zolyniak worked at the Council on Foreign Relations and the National Academy of Sciences.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
Main Image: President of Russia Vladimir Putin with President of China Xi Jinping during Putin’s state visit to China, May 16, 2024 (Kremlin.ru via Wikimedia Commons)
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items

Monday Jul 01, 2024


The Digital Battlefield: How Social Media is Reshaping Modern Insurgencies
In the past two decades, the landscape of insurgency has undergone a profound transformation, driven by the rise of social media and increased global connectivity. This digital revolution isn't just changing how insurgents communicate—it's fundamentally reshaping the nature of insurgency itself. From the bustling streets of Mumbai to the war-torn landscapes of Syria and Ukraine, social platforms have become the new frontlines of modern conflict, reshaping recruitment strategies, operational tactics, and the very fabric of insurgent movements worldwide.
The Social Media Surge in Modern Conflict
The 2008 Mumbai attacks marked a pivotal moment in the use of social media in insurgencies. As gunfire echoed through the city, the world watched in real-time as Lashkar-e-Taiba militants used Twitter to coordinate their movements, evade security forces, and amplify their propaganda. This real-time use of social media allowed the attackers to respond dynamically to police actions and ensured worldwide visibility for their cause. It was a chilling preview of insurgents weaponizing digital platforms.
In the years since we've seen this digital arsenal expand and evolve. Today, groups like ISIS have turned social media into a global recruitment tool, their hashtags as potent as any propaganda poster. The 2014 #AllEyesOnISIS campaign exemplifies this power. It wasn't just a trending topic—it was a call to arms that swelled their ranks from 12-15,000 to a staggering 40,000 fighters from over 110 countries. This surge isn't just a military boost; it's a testament to the raw power of social media in modern conflict.
These platforms offer insurgents a digital Swiss Army knife with multiple functions. They serve as a global recruitment tool, reaching potential fighters across borders and continents. Real-time communication allows for swift, adaptable tactics, turning every smartphone into a command center. As a propaganda machine, social media amplifies messages and ideologies, with every user potentially becoming a broadcaster. Perhaps most crucially, these platforms boost morale by instantly sharing successes, attracting support, and creating a global community among disparate groups.
The Syrian Civil War provides another stark example of social media's impact. YouTube became a battleground of narratives, with rebel groups showcasing victories to rally support. The Free Syrian Army, an umbrella organization for various militant groups fighting against the Assad regime, launched its inaugural message on YouTube and other social media outlets. In 2013, a widely circulated video of rebels successfully taking control of the Menagh Air Base did more for morale than any rousing speech could have, demonstrating the immediate and far-reaching impact of digital content in modern insurgencies.
The Double-Edged Sword of Connectivity
The internet's explosive growth—usage up by 1,355% between 2000 and 2023—has been a game-changer for insurgent movements. By 2007, 80% of the world had mobile coverage, creating unprecedented global connectivity. For insurgents, this means unparalleled reach and adaptability. ISIS, for instance, effectively leveraged platforms like Twitter and Telegram to disseminate tactical manuals, tutorials, and propaganda videos. These materials covered various topics, from bomb-making to cyber-attacks, and were easily accessible to recruits worldwide. Disturbingly, they also published the names of hundreds of U.S. military personnel on social media, inciting followers to target these individuals.
Telegram emerged as ISIS's preferred platform due to its simple registration process, lax security protocols, and availability as an app for both mobile devices and computers. This allowed users to access an extensive library of ideological and spiritual content, operational tutorials, fundraising resources, and guidance on maintaining anonymity.
The Taliban's use of WhatsApp during their 2021 takeover of Afghanistan further illustrates this trend. As their fighters entered Kabul, they established a WhatsApp helpline to receive reports of violence and looting, mixing modern tech with medieval ideology. Despite eventual bans from Facebook and YouTube, the Taliban continued to engage with hundreds of thousands of followers on Twitter, even after consolidating their control.
However, this connectivity is a double-edged sword. The same tools that empower insurgents expose them to surveillance and counterintelligence efforts. An example is in 2005, Thai authorities introduced new identification standards for mobile phones, believing them to be a boon for separatist insurgents in southern Thailand. This move highlighted a global trend where governments recognized the potential of mobile communications for intelligence collection. The capacities of governments to tap into these communications vary, but the use of cell phones by potential activists generally enhances intelligence gathering opportunities for government forces. For instance, in Afghanistan, the expansion of cellular coverage significantly increased the ISAF’s ability to monitor communications. Today's groups face similar challenges, constantly balancing reach against security. The digital footprint left by social media activity can be tracked, analyzed, and used against insurgent groups, forcing them to evolve their tactics and platform usage constantly.
The Counterinsurgency Conundrum
For governments and militaries, this new digital landscape presents a maze of challenges and opportunities. The enemy can now recruit, plan, and strike from behind a screen, fundamentally changing the nature of counterinsurgency efforts. The expansive reach of social media complicates these efforts in unprecedented ways.
Some governments are fighting fire with fire, launching social media campaigns to counter insurgent narratives. The Nigerian military, for instance, has taken to posting videos, images, or messages, in an attempt to restore public confidence, invoke sympathy from a neutral population, curbing online firestorms, and win the narrative war online.
But effective countermeasures go beyond just posting content—they require a deep understanding of the digital battlefield. Tools like Livemap, which shows concentrations of online engagement, offer a glimpse into potential hotspots of insurgent activity. These can be analyzed and assessed as potential indicators of where insurgent organizations may be prospecting off social media networks.
Political jamming—repurposing widely circulated memes to disseminate counter-terrorist ideologies—holds the potential to address online radicalization. However, its effectiveness is hindered by the rapid sharing of content across digital platforms.
As insurgencies become more connected, they're not just linking people—they're tapping into the Internet of Things (IoT). This trend suggests that future insurgent activities will involve more cyber-related actions, potentially including tapping into IoT networks and using digital weapons like Stuxnet to cause physical damage or disrupt command and control systems across different domains.
The AI Wild Card
As we peer into the future of insurgency, artificial intelligence emerges as a potential game-changer that could reshape the conflict landscape. The applications of AI in insurgency are as diverse as they are concerning.
AI-powered propaganda campaigns could be precisely targeted to exploit societal divisions, manipulate public opinion, amplify grievances, recruit supporters, and sow confusion among opposing forces. Sophisticated cyber warfare, driven by AI algorithms, could identify and exploit vulnerabilities in government systems faster than any human hacker, enabling insurgents to orchestrate large-scale data breaches or disrupt critical communications networks.
In strategic planning, AI could enable insurgents to analyze vast amounts of data to identify weak points in government defenses, predict security force movements, and plan asymmetric attacks with greater precision and efficiency. While ethically controversial,  developing or acquiring AI-powered autonomous weapons systems—including drones, robotic weapons, or modified autonomous vehicles—could give small insurgent groups outsized military capabilities.
AI algorithms could also optimize insurgent operations in less visible ways. They could streamline fundraising efforts, manage illicit financial transactions, and optimize supply chains for weapons and resources, enabling insurgencies to operate more efficiently and clandestinely. Additionally, AI-driven surveillance systems could help insurgents monitor government forces, track individuals considered threats, and gather intelligence on potential targets or vulnerabilities.
These advancements in AI technology present a new frontier in the evolution of insurgency, one where the lines between physical and digital warfare become increasingly blurred. The potential for AI to level the playing field between state actors and insurgent groups adds a new dimension of complexity to future conflicts.
Navigating the New Normal
In a world where a tweet can be as powerful as a tank, adaptation is crucial for insurgents and counterinsurgents. The battle for hearts and minds is now largely fought online, and strategies must evolve to include robust digital components. This goes beyond censorship or network shutdowns—it's about engaging effectively and ethically in the digital space.
Preparedness for the unexpected is key. As technology evolves, so will the tactics of insurgents. The next significant threat might not come from a bomb but from a bot. The rise of direct-to-device satellite networks, like those offered by companies such as Viasat, potentially complicates law enforcement efforts by ensuring remote connectivity through secure satellite connections directly to a user's cell phone. These networks possess the capability to bypass traditional infrastructure, making them harder to intercept and monitor.
Education plays a crucial role, not just for those fighting insurgencies but for the general public. In an age where online radicalization can target anyone, digital literacy becomes a matter of national security. Understanding the mechanisms of online propaganda and the potential for manipulation through social media is essential for building resilience against insurgent narratives.
We must also grapple with the ethical implications of these new technologies. The balance between security and privacy and the challenge of countering extremist narratives without infringing on free speech require thoughtful consideration. As governments and tech companies work to moderate content and prevent the spread of extremist ideologies, they must navigate thorny questions about censorship, surveillance, and the limits of online freedom.
Conclusion
The digital revolution has transformed insurgency, turning social media platforms into weapons of war. As we navigate this new landscape, one thing is clear: the future of conflict will be shaped as much by clicks and code as by bullets and bombs. Adaptability, technological savvy, and ethical foresight will be our most valuable weapons in this digital arms race.
The insurgencies of tomorrow will be fought not just on the ground but in the vast, interconnected spaces of our digital world. They will leverage advanced technologies like AI and IoT, exploit the reach of social media, and adapt to new forms of connectivity like direct-to-device satellite networks. Countering these evolving threats will require a multifaceted approach that combines technological innovation, strategic communication, and a deep understanding of the digital ecosystem.
 The line between physical and digital conflict will continue to blur as we move forward. The challenges we face are complex, but so are the opportunities for creating more effective, ethical, and responsive approaches to counterinsurgency. By recognizing the pivotal role of social media and emerging technologies in shaping modern insurgencies, we can better prepare for future conflicts and work towards more stable, secure societies in an increasingly connected world.
Brandon Schingh holds master's degrees from Boston University and Arizona State University, where he focused on unconventional warfare in the Global Security program. His career spans military, law enforcement, and intelligence sectors. Schingh served as a noncommissioned officer in the US Army Airborne Infantry. He later worked as a Federal Air Marshal and as a CIA security contractor.
The views expressed are those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

Thursday Jun 27, 2024


Resilience and Resistance Post-Raisi: A Data-Centric Approach to Iran
June 27, 2024
 
By Dr. Robert S. Burrell and Dr. David R. DiOrio
 
The sudden death of Iranian President Ebrahim Raisi in a helicopter crash on May 19, 2024, may provide an opportunity to usher in a new destiny for the Iranian people. Many considered the hard-liner to be the Supreme Leader Khamenei’s enforcer in consolidating the clerics’ power through the executions of dissidents and the jailing of political prisoners. He mobilized America’s rivals by pursuing a military alliance with Russia and economic ties with China to weaken the grip of Western political and commercial dominance in the region. The former president was the mastermind of a proxy-based militarization campaign to make a Western presence in the Middle East so costly that the United States and its allies would withdraw. Despite the recent escalation of hostilities against Israel and the West, the United States remains committed to maintaining a forward presence to strengthen regional partnerships and protect vital trade routes.
 
The Islamic Republic of Iran will choose a new President on June 28, 2024. Iran’s Guardian Council, a conservative 12-member oversight board, chose six candidates: 5 far-right hardliners and one moderate, Masoud Pezeshkian, who is open to renewed diplomacy with the United States. The high popularity of Pezeshkian is a sign of the Iran people’s desire to seek less stringent Islamic codes and friendlier relations with the West. The election outcome is uncertain. The Supreme Council’s biased support toward and election of a far-right candidate may widen the prevalent trust gap and ignite widespread protest. Still, the successful election of the moderate may present a renewed opportunity to reduce historical tensions and establish a pro-Western partnership. This election presents an excellent opportunity to review our foreign policy stance and strategize our approach no matter the election’s direction.
 
Considering the considerable sea change in Iranian politics, we advise the DoD to take a fresh look at its analysis of one of America’s long-standing adversaries. Since 2021, two events have dramatically shifted the subject of irregular warfare within the Department of Defense. The first was House Resolution 5130, Consortium to Study Irregular Warfare Act of 2021. Congress mandated a more data-centric (not theoretical) analysis of irregular war. The second was the change of the irregular warfare definition released in Joint Publication 1: Volume 1, Joint Warfighting in August 2023, which expanded irregular warfare to encompass activities taken before conflict and during competition. The upcoming election and forming of a new government present an opportune time to design and implement a comprehensive operational plan to advance our national interests. We recommend utilizing a fact-based methodology (leveraging analytical data from top universities, financial institutions, governmental agencies, and nongovernmental organizations) to analyze the resilience of and resistance to current Iranian governance systems. Such an assessment can better inform DoD activities, force posture, and interagency collaboration to achieve U.S. national objectives, not just in the case of war but in competition.
 
The Islamic Republic has been a destabilizing force in the Middle East since its ascension to power after the Iranian Revolution in 1979. The Iranian leadership has provoked violent conflict and destructive activities to assert its hegemonic aspirations. Iran’s government is a complex blending of theocratic and political elements that pursues expanding Islamification in conformity with “Khomeinism,” a radicalized ideology to reassert Shi’ism as the dominant Islamic moral authority. Tehran views the United States and Israel as their main threats and focuses their foreign policy on eliminating their regional influence. With a relatively small regular military, the regime relies on specialized forces to lead a network of proxies that engage in surrogate terrorism, political agitation, and paramilitary violence as the main instruments of power projection. The best strategic approach to stabilize the political situation and curtail Iranian hostilities needs reconsideration.
 
The 2022 National Security Strategy delineates the current U.S.-Iranian policy initiatives. The U.S. is presently pursuing diplomacy backed by limited sanctions to dissuade Iran from threatening U.S. personnel and developing a nuclear weapon but stands prepared to use other means should diplomacy fail. The policy provides a commitment to stand with the Iranian people, striving for human rights and dignity. Strategic decision-makers should assess the resilience of the Islamic Republic by examining its perceived legitimacy by the Iranian people, who have demonstrated a significant measure of resistance against the abuses and corruption of the Tehran regime.
 
Given their ethnic, cultural, and, to a lesser extent, religious diversity, the Iranian people and the Muslim Shi’a community at large have mixed views on the regime’s strategic goals. The clerics profess that the Islamic Republic is the only righteous governance path within the Islamic world. Theocratic truth-seekers advocated a sociopolitical sect based upon traditional Shi’a jurisprudence, believing that global liberation movements against colonialist oppressors were a justified obligation. Many Iranians are skeptical of the regime’s professed commitment to jihad against the West because the policy has degenerated the country’s social conditions and heightened fears of unleashing external aggression. The Muslim World generally views Iran negatively, believing that a Shi'a worldview is not a legitimate moral authority and that Tehran's strategic approach does not contribute to peace and stability in the region.
 
The following chart utilizes governance metrics from the World Bank (accountability, stability, effectiveness, regulation controls, rule of law, and controlling corruption), along with fragility metrics from the Fund For Peace, to illustrate the Islamic Republic’s resiliency in comparison with Egypt, Turkey, and Saudi Arabia. The illustration provides a relative governance scale where a higher level of governance indicators represents a more capable, less corrupt, and more stable government. Lower governance metrics imply the regime is fragile and susceptible to violent or nonviolent social movements.
 
Contributing to the Islamic Republic’s perceived illegitimacy includes significant human rights abuses, lack of religious freedom, corrupt judiciary, and poor social conditions. Governance indicators improve to the right on this comparison with countries that espouse transparency, combat corruption, and enforce the rule of law, which is more apparent in the regimes of Turkey and Saudi Arabia. The Erdogan government remains effective and enforces regulations, but nearly all its metrics remain lower than those of Saudi Arabia. Both Saudi Arabia's and Egypt's regimes remain unaccountable to their people, yet the House of Saud wields considerable strength in regulation control and the establishment of law and order. Compared with its near competitors, the Islamic Republic's governance indicators demonstrate that it is dramatically unsuccessful on all fronts, causing instability and fragility that a unified social movement or violent rebellion may exploit.
 
A lack of public confidence undermines the strength of the Islamic Republic. Iran's resiliency emanates from the people's perceptions and motivations, and poor governance performance erodes public trust. Iran's authoritarian system failed to produce meaningful political reform or social development. Severe restrictions on personal freedoms and a violent suppression of dissenting views diminish popular support for Tehran. These abuses foster resentment within the population and significantly degrade national morale and confidence in Iranian leadership. In a globalized world where information travels at the speed of the internet, social media exposes many Iranians to alternate political views and alluring social policies that make them question the efficacy of the cleric’s hard-line approach to the West.
 
Tehran’s low governance ratings and high fragility assessment pose a significant dilemma for the Islamic Republic and a considerable opportunity for the United States. The Iranian election process and new government formation may yield some valuable insights to steer our Iranian foreign policy. Should the United States promote: (1) a more resilient Iranian theocracy, (2) support external and internal resistance activities to collapse the regime, or (3) actively shape the strategic environment and defer to a future opportunity? A comprehensive assessment of the resilience metrics and exploring resistance strategies may lead U.S. policymakers to a more effective approach.
 
In conclusion, a fact-based methodology for analyzing the resilience and resistance of the Islamic Republic of Iran may inform U.S.-Iranian foreign policy decisions. The U.S. joint operational planning process and conventional war plans have not adequately addressed the competition domain in the Middle East. Current DoD force posture and activities appear merely reactive to current events. Utilizing a data-centric analysis, the DoD can measure the potential resistance within Iran, as well as identify the many nonviolent and violent groups opposing the Islamic Republic. The United States wields many instruments of national power – diplomatic, information, military, and economic – that can influence Iran’s resilience or support resistance to inspire and lead governance reforms. Making such choices requires an interdisciplinary approach and a thorough understanding of the operational environment.
 
Dr. Robert S. Burrell is a resilience and resistance interdisciplinary scholar using data-driven and human-centric methodologies to analyze intrastate conflict ranging from nonviolent protest through belligerency. He is a Senior Research Fellow at the Global and National Security Institute of the University of South Florida. From 2020-2024, he taught irregular warfare at Joint Special Operations University and was the former editor-in-chief of special operations doctrine from 2011-2014.
 
Dr. David R. DiOrio (CAPT Ret.) is a National Security Professional with a Doctor of Philosophy degree in Public Policy and Administration from Walden University. He served as the Deputy Director at the Joint Forces Staff College of the National Defense University and is currently Adjunct Faculty at the Joint Special Operations University.
 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University's Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Tuesday Jun 25, 2024

Cyber Attacks in Perspective: Cutting Through the Hyperbole
June 25, 2024 by Tom Johansmeyer
 
This article is part of the Irregular Warfare Initiative's Project Cyber, which explores and characterizes the myriad threats facing the United States and its allies in cyberspace, the information environment, and conventional and irregular spaces. Please contact us if you would like to propose an article, podcast, or event environment. We invite you to contribute to the discussion, explore the difficult questions, and help.
What would the most destructive and costly cyberattack in history look like? 
The Department of the Treasury is exploring a federal mechanism for providing relief capital to the insurance industry in the event of a major cyber catastrophe. While the prospect of a cyber incident sinking the insurance industry and leaving society exposed is intensely remote, it highlights an underlying problem with our understanding of the destructive capacity of cyberattacks—hyperbole. If the terror attacks of September 11, 2001, represented a failure of imagination, then the fear we have of a significant cyberattack represents a failure to keep our imaginations under control.
History shows that it is easier to imagine a catastrophe than to produce it, but it fails to explain why. The last twenty-five years of economic loss data suggest cyberattacks aren’t nearly as costly as the annual hurricanes and hailstorms we experience. 
So why are we so afraid?
In many ways, our fear can be attributed to the relative newness of cyber risks in human history, meaning they need to be better understood by the public and with many precedents. Additionally, our misunderstanding is related to the thin historical data we have on them and, more critically, that our historical data relies heavily on a few specific, recent cases—the most prominent being the 2017 NotPetya attack. With a $10 billion price tag and impacts across 65 countries,NotPetya was called “the most destructive and costly cyberattack in history.” But the numbers tell a different story, and relying on NotPetya as our catastrophic example may mean researchers and analysts are staring down a paper tiger. 
By exaggerating the effects of past attacks and framing them as but a taste of what’s to come, the cyber domain inspires fear in policy-makers, commanders, and the general public that is normally reserved for the most severe forms of kinetic warfare, such as nuclear strikes. As a result, cyber capabilities have become difficult tools to use, simply due to a fear that has not materialized which is based on hyperbolic claims. A misguided belief in their destructive power has effectively stifled innovation at all echelons—despite plenty of research suggesting the contrary. If there were ever a time for a hard reset on how cyber operations and their implications are perceived, this is it. If anything, cyber operations have proved to be de-escalatory, and by perpetuating a myth to the contrary, we lose access to an important alternative to traditional war. By setting the record on cyber straight, we take a step toward making the world a safer place.
How it started
NotPetya was born of war. Released three years after the start of hostilities in eastern Ukraine in 2014, NotPetya was one of several efforts by Russia to attack Ukraine in cyberspace. From 2014-2016, other Russian cyberattacks were operationally successful but often fell short of their desired impact. For example, the 2015 attack on the Ukrainian power grid is among the most effective attacks against an energy infrastructure. Still, only 230,000 people lost power for six hours—far short of what even a minor hurricane routinely achieves. 
What happened in 2017 was different. A tool developed by the Russian defense intelligence agency (GRU), NotPetya, was deployed after GRU hackers gained access to the servers of a small Ukrainian software company. The exploit relied on a Windows vulnerability and was embedded into the company’s software products, like the Ukrainian accounting software MeDoc, and intended to cause damage to large swaths of the Ukrainian economy. Made to look like its ransomware predecessor, Petya, NotPetya locked the systems it encountered and demanded a $300 payment. However, the ransomware “face” of NotPetya was another case of maskirovka—the attackers had little interest in collecting ransom payments but instead used the feature to confuse forensic analysts, making it harder for them to divine who was behind the attack. 
Although NotPetya has been attributed to Russia’s GRU, the code was derived from a leaked National Security Agency (NSA) tool called EternalBlue. A proverbial skeleton key of an exploit, EternalBlue, was used as part of the 2010 Stuxnetattack on the Natanz nuclear facility. After the tool was leaked, it was used in both the WannaCry and NotPetya attacks during the first half of 2017 and later in BadRabbit. Throughout 2017, therefore, waves of attack came with “roots [that] can be traced to the US.” The impact of those attacks underscores why the NSA sustained heavy criticism over hoarding zero-day vulnerabilities and developing powerful cyber tools that can be difficult to control. And it’s easy to see why. 
NotPetya quickly spread beyond Ukraine to cause an estimated $10 billion in economic damage worldwide. The United States, France, Denmark, and Germany were among the 65 countries affected. The attack’s costs mounted quickly. According to its two insurance policies, pharmaceutical company Merck sustained nearly $2 billion in damage. Maersklost $300 million, and the newly merged FedEx/TNT lost roughly $1 billion. The insurance industry experienced nearly $3 billion in losses, indicative of the attack’s scale. 
Meanwhile, the effects on NotPetya’s intended targets were far more modest. NotPetya is estimated to have impaired 0.5% of Ukraine’s gross domestic product (GDP). That amounts to $560 million, a significant but manageable cost. 
Further, in a twist of poetic justice, Russia also fell victim to NotPetya. After losing control of the malware, two of Russia’s largest companies, the energy company Rosneft and the financial institution Sberbank, joined several Russian companies, including banks, travel agencies, and telecommunications providers, on NotPetya’s list of victims. Although the source of the list of Russian victims is suspect (as a blog post comment that looks like it came from a troll farm), the effects on several of the named Russian companies are reported elsewhere—including The Independent, cyber security firm Group-IB, and of course TASS. 
Context is crucial
The global impact of NotPetya led the U.S. government to call it “the most destructive and costly cyberattack in history.” The declaration has since been amplified across the popular and academic press, cementing NotPetya’s place at the top of “most destructive cyberattack” lists and ingraining it into the still-early study of “cyber catastrophes.” The result is that NotPetya’s prominence in the literature has skewed our understanding of the threats associated with cyberattacks.
Based on my calculations and categorization, there have been 21 cyber catastrophes since 1998 and up to $310.4 billionin losses, adjusted for inflation. And among them, NotPetya is not the worst. Sure, the attack was significant, but adjusted for inflation, its $11.9 billion price tag is roughly 30% below the 25-year average for cyber catastrophe economic impacts. 
When the U.S. government announced NotPetya as “the most destructive and costly cyber-attack in history,” it kicked off a narrative disconnected from the reality of NotPetya and our understanding of catastrophic cyber events. Everyone—researchers, scholars, security professionals, journalists … etc. —heard “the most destructive” and ran with it. There are several reasons why.
Cyber warfare—and cyber operations conducted by nation-state actors—are already shrouded in hyperbole. Whether you look at the 2015 attack mentioned above on the Ukrainian power grid or turn to the more recent cyber activity that preceded the 2022 invasion of Ukraine (and persisted after), the answer is the same. Cyber weapons, in practice, are more bark than bite. And it’s not just Russia. Operation Glowing Symphony offers a rare case of the US military confirming its offensive cyber operations against ISIS targets online. The operation was an interesting, clever, and successful case of offensive cyber activity until the offense stopped. In the end, cyber operations are most impactful when prosecuted, but their effects taper over time, and recovery and reconstitution often come quickly after an operation is finished.
None of this makes for great storytelling, but great stories about cyberattacks do exist—take Cliff Stoll’s Cuckoo’s Egg, for example—but they also rely heavily on exaggeration and hyperbole to describe cyber threats and impacts. Part of this is simply reader engagement—cyber or otherwise. Everyone loves a bit of excitement, and the real-world implications of cyberattacks, real or imagined, get your heart pumping. 
The NotPetya story—rather than the NotPetya attack—is revealing. In late 2018, Wired Magazine published “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” which bakes hyperbole into the headline and never lets up. Throughout the piece, the author amplifies complex issues with nuance and considerable finesse to give a true-crime story feel. In many ways, reporting on cyberattacks reflects how reporting on bullets and bombs is more accessible than reporting on bits and bytes the human eye can’t see. Incorporating exaggeration and hyperbole makes a story interesting. 
The Wired article has gone on to feed academic journal articles and news stories worldwide. In many ways, the article did not contribute to the NotPetya narrative but became it. The article also amplified the original 2018 White House announcement about NotPetya, further entrenching the hyperbolic interpretation of the attack into the public psyche. 
A more context-appropriate reading of the 2018 White House announcement would convey that NotPetya was an attack of global importance worthy of the “international consequences” that followed, including sanctions and indictments. NotPetya was undoubtedly the costliest single cyberattack in more than a decade, and to date, it was the last cyber catastrophe event to exceed even $1 billion. The fact that NotPetya fails to live up to the exaggerated claim of being the costliest cyberattack in history does not diminish its importance, and a context-appropriate reading of the 2018 announcement would still drive that message home. 
The lesson
The NotPetya attack is an excellent example of why words matter. At face value, calling NotPetya “the most destructive” cyberattack set a benchmark for how we think about future cyberattacks on US systems and how policy-makers think about future cyber operations against adversary systems. It categorized the nexus of economic security and cyber catastrophe risk into a false and misleading model, which could lead to years of missed opportunities to refine how the US researches, develops, and employs offensive and defensive cyber capabilities. 
Understanding the accurate scale of NotPetya (and the broader history of economic losses from cyberattacks) will help to reset expectations and breathe new life into cyber operations at all echelons simply by giving a relatable sense of the destruction caused. This only works for the set of targets, though, where the economic impact is the consequence. Not all attacks are about money. 
Nation-states are also highly vulnerable to cyber espionage, theft of intellectual property, and other efforts to gain and use private information. Events like the SolarWinds cyberattack have shown the significant societal implications of espionage. SolarWinds exploited a vulnerability in the Orion network management system, which is used by nearly 30,000 public and private organizations—including local, state, and federal agencies to manage their IT resources. Despite having devastating national security implications for SolarWinds, the total economic impact fell short of $200 million, making it more than 90% smaller than the Equifax breach alone. Nonetheless, the attack caused a loss of trust in government-run cybersecurity efforts—an essential national and societal security impact. 
Because of measures like “loss of trust,” it’s difficult to estimate the total cost of cyber espionage campaigns. While it’s prudent to make “economic impact” one measure among a collection of measures used to gauge the severity of a cyberattack, non-financial implications must be contemplated, too. 
Why this matters for US military cyber operations
The enduring lesson of NotPetya and the US government’s public statements about the attack is straightforward: hyperbole constrains military cyber operations. Overstating NotPetya’s impact adds to the “cyber Pearl Harbor” myth and fosters a misguided understanding of offensive cyber capabilities as decisive weapons of mass destruction. Helping the public (and government stakeholders) understand how cyber operations can be—and have been—used for de-escalation will not only reduce the temperature of cyber fears but could provide new flexibility in a domain of limited action. Despite the expanded authorities granted to US Cyber Command in the 2018 NDAA, offensive cyber operations continue to be constrained by the mistaken belief that cyberattacks will precipitate an escalation ladder similar to nuclear strikes. However, research continues to demonstrate otherwise.
Unfortunately, operational use of the cyber domain is also impeded by relatability. We understand concepts like “lethality.” When I walked through Sarajevo a few years ago, its 30-year-old battle scars possessed intuitive meaning—I could see the impact of war. A similar, tangible representation of cost or loss doesn’t exist for cyberspace operations. Therefore, without something concrete to touch, see, feel, or see, an aura of novelty remains around cyberattacks and cyberspace operations that leave the door open to storytelling and hyperbole—with it, the exaggerated claims that make for a click-able headline. The first step, therefore, is presenting a clear and accurate representation of the damage caused by past cyberattacks. 
In addition to improving our reporting on cyber operations’ impacts and data collection efforts, we must find ways to make cyberspace more relatable. While a good story can solve the relatability problem when it is accurate, inflated accounts and hyperbole only give commanders and policymakers pause. Whether by comparing the damage caused by cyberattacks to natural disasters (which are much worse) or to the effects of kinetic warfare (also much worse), providing reference points for understanding the consequences of cyberattacks is long overdue for what was identified as a domain of warfare back in 1993. Analogous impacts on other domains may be imperfect. Still, they offer a first step toward eventually making the impacts of cyberattacks as intuitively relatable as bomb craters and war ruins.
Moving forward, researchers, journalists, government officials, and the public need to recognize how hyperbole is shaping the discussion about cyberattacks. Even seemingly gold-standard sources benefit from healthy skepticism and a grain of salt. Doing so could lead to a shift in US cyber strategy by enabling a more accurate assessment of risk and allowing for more aggressive pursuit of malicious cyber actors around the globe without the risk of escalation more common in traditional warfare. 
Tom Johansmeyer is a Ph.D. candidate at the School of Politics and International Relations at the University of Kent, Canterbury, researching the role of insurance at the nexus of cyber and economic security. 
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Wednesday Jun 19, 2024


Chinese Unconventional Threats in the Era of Great Power Competition
https://irregularwarfare.org/articles/chinese-unconventional-threats-in-the-era-of-great-power-competition/
June 18, 2024 by Leo Matthews, Kevin Hoerold
Would China ever take a page from Iran’s playbook and cultivate relationships with violent extremist organizations (VEOs)?
 
Despite its seeming improbability, the increasingly assertive actions of the People’s Republic of China (PRC) in Southeast Asia raise this compelling question. This article explores when, where, and how the PRC might use VEOs to further its political, military, and economic goals. An analysis of Southeast Asia identifies an intersection of the PRC’s goals with those of violent non-state groups in Myanmar, the Philippines, and the Indian border regions. In each case, the PRC could plausibly advance its national interests via a partnered or proxy relationship with select VEOs. The same method of analysis identifies when and where the PRC’s collaboration with VEOs would be unlikely due to competing financial and political interests.
 
Understanding China’s potential tactics and likely flashpoints for irregular warfare is vital for preparing effective countermeasures. Most importantly, the discussion of China’s unconventional levers of power serves as a warning against the complete separation of counterterrorism efforts from strategic competition with China.
 
Where Does the PRC Already Cooperate with Proxy Groups?
In perhaps the defining example of PRC engagement with armed non-state groups, Myanmar has been a testing ground for China’s emerging strategy. In the absence of a stable, effective central government in neighboring Myanmar, the PRC maintains mutually beneficial relationships with both the military government and a complex web of ethnic armed groups. PRC collaboration with the military government of Myanmar and numerous ethnic opposition groups demonstrates President Xi’s willingness to arm and fund non-state actors in the pursuit of economic and military interests.
 
The PRC’s interests in Myanmar are largely focused on the development of the 1,700-kilometer China-Myanmar Economic Corridor. First proposed as a standalone project by Beijing in 2017, the project includes oil and gas pipelines, road and rail links, and a deep-sea port located in the coastal city of Kyaukpyu. Upon completion of the corridor and Kyaukpyu Port, the PRC will obtain direct access to the Bay of Bengal and the wider Indian Ocean. This will secure an alternative energy and trade route through Myanmar, open up an easier passage to global markets for the PRC’s landlocked Yunnan-based industries, and help reduce Beijing’s vulnerable reliance on maritime energy imports through the Straits of Malacca. In addition to the economic dimensions of the Belt and Road Initiative (BRI) in Myanmar, there is a budding element of great power competition at play in Kyaukpyu. The port will grant the PRC another outpost in its “string of pearls” strategy to encircle India, intimidate neighbors, and challenge US naval hegemony in the Indian Ocean.
 
The PRC’s expansive BRI projects in Myanmar traverse a country embroiled in ethnic conflict and tenuously led by a military junta. Beijing’s strategic priority is the completion of the economic corridor and unimpeded flow of commerce, irrespective of the internal politics of Myanmar. Consequently, the PRC funds and arms multiple sides of the conflict to protect its investments, simultaneously engaging with violent non-state actors and the military government.
 
In lieu of an effective government partner in Myanmar to maintain order, particularly along the Chinese border states, Beijing works through various ethnic armed organizations (EAO), the local power brokers. The largest EAO, the twenty-thousand-strong United Wa State Army (UWSA), has enjoyed a close relationship with the PRC’s security services since its founding in 1989. The UWSA emerged in 1989 from the splintering of the Communist Party of Burma (CPB), which the PRC had supported with weapons and military equipment since 1968 to combat the nationalist Kuomintang forces that fled into northeastern Myanmar after the Chinese civil war.
 
In recent years, PRC weapons shipments to the UWSA have included heavy machine guns, HN-5A Man-Portable Air Defense Systems (MANPADS), artillery, armored fighting vehicles, and other sophisticated communications equipment. The UWSA further benefits from access to cross-border markets for Chinese currency, rubber and mining industries, construction technology, and communication networks. Although the PRC does not publicly endorse the political goals of the UWSA, Beijing employs the group as a proxy force to protect ongoing BRI projects, stem the flow of drugs into China, and crack down on cyber scam centers operating in remote areas near the Chinese border.
 
When necessary, the PRC leverages its relationship with the UWSA and other armed groups to exert pressure on the military government of Myanmar to concede contested territory near PRC investments. Meanwhile, the military government of Myanmar maintains diplomatic ties with Beijing and has purchased over $1 billion in arms and military equipment since 2021 for its war against the UWSA and other EAOs. In recent months, Beijing has pressured both sidesof the conflict into (short-lived) ceasefire agreements to reduce the violent interruptions of trade and construction.
 
The PRC is not picking sides in Myanmar but rather protecting its strategic interests and investments. Beijing’s demonstrated willingness to arm and fund ethnic armed organizations in Myanmar leads us to question what other regions present similar conditions for PRC collaboration with violent, non-state actors.
 
Where is China Most Likely to Leverage VEOs?
The Philippines and the India/Kashmir border present two such possibilities. The PRC’s interest in the Republic of the Philippines is two-fold. First, the PRC seeks to undermine the re-emergence of security ties between the Philippine government and the United States. Manila has recently undertaken strategic steps to deepen its relationship with the United States, marking a significant evolution in its foreign policy. This is underscored by the recent expansion of the US-Philippine Enhanced Defense Cooperation Agreement. Second, the PRC has actively pursued territorial claims in the South China Sea (SCS), employing a strategy that combines economic leverage and the enhancement of its soft powerwithin the Philippines. This multifaceted approach aims to sway Manila into acknowledging the PRC’s territorial assertions, highlighting a sophisticated blend of diplomacy and economic influence to advance its geopolitical interests in the region. In a recent escalation of tensions, the PRC has intensified its assertive actions in disputed maritime territories by deploying both coast guard vessels and civilian fishing fleets. The PRC’s use of VEOs as a proxy force would allow for plausible deniability on the international stage while weakening the Philippine government’s maritime operations in the SCS and straining US-Philippine relations.
 
The two most likely VEOs for the PRC to leverage are the New People’s Army (NPA) and the Islamic State East Asia (ISEA). The New People’s Army (NPA), the armed wing of the Communist Party of the Philippines (CPP), has a documented history of engaging in actions against US personnel and interests within the Philippines. Their violent history includes deadly attacks on US servicemembers, underscoring the significant threat the NPA poses to both national and international security interests in the region. The NPA’s stated aims are to overthrow the Philippine government and eliminate US influence in the Philippines, highlighting its ambitious objectives against both the central government and foreign presence. Formed in the image of Maoist revolutionaries, the NPA received direct funding and military suppliesfrom the Chinese Communist Party from 1969 until the 1976 normalization of Chinese-Philippine relations. This demonstrates the NPA’s predisposition to collaboration with the PRC as the Chinese Communist Party’s genesis serves as the inspiration behind the NPA’s movement.
 
ISEA also holds both the capability and intent to attack American and Philippine government interests. The ongoing conflict instigated by ISEA in the southern islands of the Philippines demands extensive efforts from the Philippine government in terms of time, manpower, and resources. This continuous engagement diverts Manila’s focus and resources from other national security priorities, potentially benefiting the PRC’s strategic position. However, the PRC’s longstanding campaign against Uyghur Muslims in Xinjiang, under the pretext of combating Islamic extremism, might make the PRC cautious about associating with a violent Islamist group like ISEA. The PRC would go to great lengths to keep a proxy partnership with ISEA highly confidential.
 
When evaluating the potential for future PRC engagement with VEOs in the Philippines, several indicators could signal an escalation of involvement. A noticeable enhancement in the weaponry and capabilities of these groups could serve as an early warning of increased support. Additionally, a rise in both the frequency and intensity of their attacks, particularly if these occur in tandem or close succession with PRC assertive actions in the West Philippine Sea, could suggest a level of coordination between these organizations and the PRC.
 
PRC support for certain VEOs in Kashmir, meanwhile, could provide strategic, economic, and security advantages to Beijing. The PRC’s primary regional interests are the protection of nearby BRI investments and the disruption of the Indian military presence along the Line of Actual Control (LAC). Pursuant to these interests, the PRC supports Pakistan’s territorial ambitions and stands to benefit indirectly from the actions Pakistan takes to exert its power in Kashmir via conventional and unconventional means.
 
Periodic PRC military incursions into Indian Kashmir, including a 2020 clash in the Galwan Valley that resulted in 120 Indian casualties, underscore the PRC’s willingness to violently escalate tensions in the region. In addition to conventional military engagements along the LAC, Beijing provides financial support to Pakistan, whose military occupies a second front with India along the Line of Control (LOC). Should the PRC wish to employ unconventional methods in its simmering conflict with India, Beijing may consider working with or through Kashmir-based VEOs.
 
Within Indian Kashmir, Pakistan exercises varying levels of control over a network of Islamist VEOs opposed to Indian rule in the region. The jihadi organizations offer an alternative to conventional military force, operating within urban environments and conducting guerrilla warfare against the Indian government. Pakistan provides jihadists, via its Inter-Services Intelligence (ISI), with funding, weapons, equipment, and a safe haven to train for their perennial struggle against Indian rule in Kashmir.
 
The primary organizations directly associated with Pakistan are Jaish-e-Muhammad (JeM) and Lashkar-e-Taiba (LeT, renamed Jamaat-ud-Dawa in 2022), as well as Harakat-ul Jihad Islami (HUJI), and Hizbul Mujahideen (HM). ISI does not enjoy the same relationship with ISIS or al-Qa‘ida-affiliated groups whose global vision for Kashmir as part of a worldwide Islamic caliphate are at odds with the secular Pakistani state.
 
Beijing is unlikely to engage directly with Islamist VEOs but could work through existing ISI channels to indirectly fund or arm groups such as JeM or LeT. Using Pakistan as an interlocutor builds upon decades-old relationships between the ISI and select VEOs while providing a level of deniability to the PRC, publicly committed to opposing radical Islamist movements. In fact, from September to December 2023, multiple Indian media outlets reported on alleged evidence of PRC support to Pakistan-backed militants in Kashmir. Although uncorroborated in Western reporting, the stories claim Chinese military technology, including drones, encrypted communications devices, and advanced weaponry, have been supplied to LeT and JeM via the ISI. While far from definitive proof of PRC engagement, the news stories reveal an existing Indian narrative of Chinese involvement with Pakistan’s network of jihadist groups in Kashmir.
 
Where China is Unlikely to Leverage VEOs
The conditions identified in South Asia, which may accommodate a relationship between the PRC and VEOs, are not replicated in South America or Africa. From the Revolutionary Armed Forces of Colombia–People’s Army (FARC) in Colombia to the plethora of VEOs across Africa, both regions offer vectors for VEO engagement, but the PRC’s extensive economic and diplomatic investments suggest such a partnership would be highly unlikely.
 
The PRC will work with and through partner governments or institutions to pursue its economic and strategic interests whenever possible. The emphasis on infrastructure development, economic growth, and fostering long-term partnerships under the BRI framework (as opposed to geographic ambitions) suggests a strategic preference for stability and cooperative engagement over the contentious and unpredictable nature of VEOs. To this end, the PRC has fostered relationships with governments across Africa and South America and voiced support for local counterterrorism efforts.
 
Engagement with a VEO is an inherently high-risk endeavor, only likely to happen when the PRC lacks a cooperative, effective government partner and does not jeopardize its regional investments.
 
Conclusion
In examining these key geopolitical hotspots, it is clear that China acts based on its own self-interest. This analysis suggests that the PRC might go beyond traditional forms of international engagement, employing unconventional methods to further its strategic national objectives. Specifically, the PRC may work with VEOs as a novel approach to increase its regional influence. VEOs are appealing because they can disrupt, subvert, or distract. Therefore, China’s potential use of VEOs to project power indirectly requires a coordinated counterterrorism response. Understanding Beijing’s possible future tactics is crucial for developing effective countermeasures against these unconventional threats.
 
Kevin Hoerold is a General Wayne A. Downing Scholar of the Combating Terrorism Center at West Point. He holds a MA in Security Studies from Georgetown University and BS in Management and Financial Economics from Norwich University.
 
Leo Matthews is an instructor at the United States Military Academy’s Social Sciences Department. He holds a MA in Security Studies from Georgetown University and BS in Civil Engineering from the United States Military Academy.
 
Views expressed in this article solely reflect those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
 
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Thursday Jun 13, 2024

https://irregularwarfare.org/articles/combatting-russian-lawfare-with-a-cognitive-shield/
June 13, 2024 by Armenak Ohanesian
On February 24, 2022, Putin formally announced Russia’s invasion of Ukraine. In his remarks, Putin attempted to justify his actions in part by citing the UN Charter and the right to self-defense. Putin’s argument was unpersuasive in a legal sense and widely condemned by the international legal community. Nonetheless, his attempt demonstrated Russia’s intent to present distorted interpretations of the law to create an illusion of legitimacy for the invasion. Since his speech, the Russian government has repeatedly abused and weaponized domestic and international law to support its war against Ukraine.
Russia’s weaponization of the law is part of its strategy to satisfy Russian domestic opinion, sow discord between Ukraine and its allies, and maintain international support for its activities. Perhaps most insidious, however, is that Russia’s disregard for the law is also malevolently anthropocentric, intended to both exploit and affect the most vulnerable target: the human being and its cognition. In this respect, Russia’s blatant abuse of the law is meant to degrade Ukraine’s will to fight by undermining justice and flouting accountability.
The essence of Russian lawfare is not the correctness of its legal arguments but how law and facts are used to shape the perception of its invasion of Ukraine among domestic, regional, and international audiences. When it comes to waging lawfare, Russia brazenly crafts and deploys malign narratives by manipulating facts, distorting the meaning of international obligations, passing nonsensical domestic legislation, and rendering ridiculous legal judgments. In this way, lawfare is just one part of Russia’s broader disinformation and propaganda efforts. The typology of Russian lawfare has been well-explored: some researchers distinguish up to 36 types of Russian lawfare, depending on the warfare domain and legal environment. These activities undermine the idea of justice and the rule of law and, in many cases, are presented as justifications for specific Russian military activities and objectives in Ukraine. 
Today, new technologies enhance the threat of Russian lawfare. Russia already abuses social media to spread disinformation about its invasion globally. New tools, such as large language models, make such campaigns easier, cheaper, and more effective. Disinformation campaigns can corrupt legal environments by undermining facts, biasing juries, or otherwise creating evidence-resistant beliefs and amplifying basic instincts like hatred. 
Consequently, effectively countering Russian lawfare requires recognizing human cognition as a battlefield and combatting Russian disinformation more broadly. Governments and the sources of international law—namely customary law, treaties, and statutes of international courts—should be designed to reflect a benevolently anthropocentric approach that prioritizes human cognitive resilience against lawfare and disinformation. Governments, militaries, and civil societies must erect a ‘cognitive shield’ to resist the Russian disinformation efforts that underpin its abuse of the law. This shield should focus on five pillars and be integrated into the grand strategy of multi-domain operations.
The cognitive shield includes the following:
Narrative Analysis: Governments should continuously monitor, gather, and organize sources of malevolent foreign narratives to track their activity and targets. For example, big data processing and sentiment analysis tools could do such monitoring. Indeed, such tools are already being developed, including several by Ukrainian experts directly responding to Russian disinformation campaigns. These tools have been successfully used in Ukraine to uncover and mitigate Russian attempts to promote pro-Moscow insurgencies in Ukraine. Debunking false narratives is central to combatting Russian lawfare, which frequently attempts to distort historical facts. Enhancing these capabilities would strengthen the international legal community’s ability to tell fact from fiction and blame Russia for employing such information campaigns. 
Proactive Information Campaigns, Educational Initiatives, and Civil-Military Cooperation: Governments should start or build upon existing efforts to promote ‘cognitive self-resilience skills’ like critical thinking and fact-checking techniques among all levels of society, cultivating media literacy and the ability to recognize disinformation on one’s own. This strategy paves the way for a pre-bunking approach, preemptively exposing weaponized narratives before they are deployed, including in legal environments. Several national governments and regional bodies are already working on these initiatives and should be considered models for other governments interested in doing the same.
Legislative Efforts to Protect Human Cognition: National and international legislative bodies should pass measures to protect mental health and the integrity of cognitive processes, including perception, memory, and decision-making. These functions should be considered fundamental human rights and principles protected by international humanitarian law. At the same time, legislative bodies must criminalize cyberattacks and AI-enabled disinformation campaigns. Indeed, implementing such protections in international law would require significant efforts within the United Nations, particularly the UN International Law Commission. This would include amendments to the Geneva Conventions and the Statute of the International Court of Justice or Responsibility of States for Internationally Wrongful Acts (2001). Similar provisions must also be reflected in international criminal law, such as the Rome Statute of the International Criminal Court. The goal of these efforts is significant: to introduce a new principle in the law of war that protects human cognition and to hold accountable the states that violate it.
Interdisciplinary Integration: New insights from neurosciences such as neurobiology, psychoneuroimmunology, and psychology will continue to help explain the specific neural mechanisms that must be protected from disinformation. Just as there are mechanisms capable of artificially inducing negative reactions like hatred, there are also mechanisms that can neutralize these reactions. For example, a recent meta-analysis of 42 studies found that psychological “inoculation” (e.g., teaching people about common misinformation strategies) can improve a person’s ability to assess the credibility of new information independently. Government and international legal bodies must maintain awareness of these scientific advances to create new means of protecting citizens against disinformation.
Military Cognitive Strategies: Besides building resilience among civilians, governments need to adopt strategies to combat disinformation in their militaries. A striking example of the importance of such strategies is the Russian attempt to exploit allegations of corruption at the highest levels of power in Ukraine to undermine Ukraine’s will to fight. Indeed, corruption in Ukraine is a long-standing and systemic issue. Many Ukrainians of military age who left the country after Russia’s invasion state that they do not want to fight for a corrupt government. 
From my personal experience—as both a lawyer and a combatant in Ukraine—I am disappointed about the absence of a robust justice system in Ukraine. However, it’s important not to overlook the paradox of ‘perverse transparency,’ when anti-corruption efforts expose previously unnoticed corruption, thereby creating a misleading impression of increasing corruption. Russian intelligence services have leveraged Ukrainian anti-corruption efforts to generate high-profile news stories, which Russian media channels further exploit to discredit Ukrainian authorities to Western and Ukrainian audiences, including Ukrainian soldiers. Military doctrines must account for information campaigns exploiting narratives designed specifically to undermine a population’s will to fight by emphasizing the importance of cognitive resilience among its troops and populations that may be called upon to serve in the future.
Notably, the pillars of the cognitive shield are mutually reinforcing. For example, narrative analysis tools developed by governments or private industry can be improved by incorporating new findings from neuroscience studies. These tools can then be better applied in resilience-building educational initiatives and inform the drafting of legislative and military doctrine.
Whether local or global, conflict remains fundamentally a clash of wills, making it inherently a cognitive battle. Russian attempts to legally justify its invasion of Ukraine are a stark reminder of the vital role of cognitive resilience. Indeed, proactive and creative strategies necessitate relentless political commitment, but they are essential to safeguard the cognitive integrity of individuals committed to the ideals of freedom.
Armenak Ohanesian is Ukrainian lawyer, practiced in litigation, international arbitration, and criminal law. Post-Russian invasion, he served in the Ukrainian Armed Forces, including roles as an infantry soldier, combat medic, and artillery commander, notably in the Izium Counteroffensive and the Battle of Bakhmut. Decorated for his service, he now leads legal studies at IKAR, focusing on international law and cognitive warfare.
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Tuesday Jun 11, 2024

June 4, 2024 by William Akoto
Original article published on the Irregular Warfare Initiative's website.
Editor’s note: This article is part of Project Proxies and Partners, which explores the promises and pitfalls of security cooperation in war, at peace, and in between. We invite you to contribute to the discussion, explore the difficult questions, and help influence the future of proxies and partners. Please contact us if you would like to propose an article, podcast, or event.
In September 2001, operatives for Procter & Gamble were caught diving in dumpsters outside a Unilever facility in Chicago in search of documents and other discarded items containing confidential information about Unilever’s hair care products business. To avoid litigation and the negative publicity that often accompanies such disputes, the companies quietly reached a negotiated settlement where Procter & Gamble agreed to not use any of the information obtained. This early example illustrates the ongoing vulnerability companies face regarding data security. In today’s corporate environment where digital data storage is the norm, companies now have to be wary of not only paper documents but also discarded storage devices like hard drives, USBs, and even old office equipment that might store digital data. 
Companies also have to worry about the increasing trend of nation-state-backed hackers trying to infiltrate corporate networks. This is part of a worrying shift in state-sponsored espionage from traditional intelligence gathering primarily targeted toward military and political secrets to the targeting of information held by private firms and other commercial enterprises that perform research and produce innovation critical to national economic growth and prosperity. Perpetrators often aim to use this information to leapfrog rivals’ technological advancements and to gain a competitive edge in the global marketplace. This is emblematic of modern interstate conflict, where the lines between economic, military, and political rivalry are blurred. 
In this article, I aim to highlight the rising tendency of states to engage in cyber economic espionage and how cyber proxies—hackers for hire—are playing an increasingly central role in these efforts. Two brief examples illustrate this trend. 
In 2017, APT10—a Chinese state-sponsored cyber proxy group believed to be linked to China’s Ministry of State Security—conducted a massive espionage operation dubbed Operation Cloud Hopper. This group is an example of what are known as Advanced Persistent Threat (APT) groups—hackers that engage in prolonged and targeted cyber campaigns against specific entities such as government agencies, companies, or other strategically important targets to steal information, disrupt operations, or spy on activities. In the Cloud Hopper operation, the group targeted managed service providers (MSPs)—companies that manage IT services for multiple businesses. The techniques used included spear-phishing to gain initial access, followed by the deployment of various malware tools to establish persistence and facilitate the exploration and extraction of valuable data.
The operation, distinctive in its scale and focus on commercial secrets rather than traditional military or political intelligence, was global, affecting countries across Asia, Europe, and North America. It spanned a wide range of industries including technology, telecommunications, and pharmaceutical companies. Targeting such a diverse array of industries highlights the strategic nature of the campaign and its aim to gain economic advantages through the theft of trade secrets and other sensitive corporate information.
The SolarWinds hack, identified in late 2020, is another significant incident that, although primarily seen as an intelligence-gathering operation, had substantial implications for economic espionage. This sophisticated attack involved the insertion of malicious code into the software updates of SolarWinds’ Orion platform, a widely used network management tool. Believed to be conducted by Russian intelligence services, this campaign compromised the systems of numerous US government agencies, top enterprises, and technology firms, allowing the attackers to spy on business activities and potentially steal valuable corporate and technology secrets. The breach not only exposed vast amounts of sensitive information but also revealed vulnerabilities in the software supply chain.
The Strategic Use of Cyber Proxies
These high-profile incidents raise important questions about why states choose to use proxy hackers for such operations. Academic researchers who have wrestled with this question suggest that states often use cyber proxies because it allows them to leverage specialized skills, expertise, tools, and capabilities that the proxies have but which might be missing from state intelligence agencies or are prohibitively expensive to develop in-house. The activities of cyber proxies tend to fall in the gray areas of international law and politics, which makes them very appealing to states that want to reap the benefits of the proxy’s activities while avoiding responsibility if the activities are discovered. 
For instance, despite suspicions and probable cause, the lack of concrete, publicly-disclosed evidence explicitly linking China and Russia to the Cloud Hopper and SolarWinds operations respectively allowed them to deny involvement, thereby avoiding international sanctions, retaliatory cyberattacks, and other diplomatic consequences. Even when criminal indictments are issued for cyber espionage operations, they typically target individual hackers or the organizations directly involved, rather than the states that sponsor them. This separation enables the state sponsors to maintain a façade of non-involvement and continue their cyber operations under the veil of secrecy.
Proxies also serve another very important function: they can help states hide their true cyber capabilities from their adversaries. Even if state intelligence agencies have the necessary tools, capabilities, and personnel to successfully execute a cyber operation, it might still be beneficial to use cyber proxies so that adversaries do not become aware of these capabilities. 
This is an important benefit for states that wish to maintain strategic ambiguity in cyberspace as norms in the cyber realm continue to develop. For example, Fancy Bear—a cyber proxy affiliated with Russian military intelligence (GRU) that uses sophisticated tactics and techniques—has been concretely linked to the hacking of the Democratic National Committee (DNC) during the 2016 US presidential election. However, direct attribution to the GRU remains circumstantial rather than definitive. This potentially allows the GRU to mask its true cyber capabilities.
How States Manage Their Cyber Proxies
States employ a variety of models in their relations with their cyber proxies. For example, the United States uses nontraditional cyber proxies such as defense contractors and security companies like Lockheed Martin and BAE Systems, whose software products, personnel, and services are often employed in the infiltration, degradation, or destruction of adversary computer systems. It maintains a close relationship with these proxies, allowing for strict oversight and control over their targeting choices and operational techniques. Conversely, countries like Iran and Syria tend to maintain more operational distance from their proxies, offering material and ideological backing in exchange for the proxies’ commitment to targeting designated firms, political foes, and other entities. 
Russia maintains an even larger separation from its proxies, often refraining from direct guidance and allowing them free rein regarding targets and methods. In many cases, the only link between the proxy and Russian authorities is that they willingly turn a blind eye to the activities of the proxy despite having the capacity to crack down. This raises the intriguing possibility that some of these hacker groups may be acting as proxies of the Russian state without even being aware of it.
Putin and senior Kremlin officials frequently express admiration for these “patriotic” hackers while denying any knowledge of their activities. Putin has asserted that “Hackers are free people, like artists … ” so if they are patriotically minded will “ … do what they see as their part to fight Russia’s enemies.” In this way, the Russian government can deny knowledge of these proxies while reaping the benefits of their activities without admitting the involvement of government agencies.
Traditional Intelligence vs Economic Espionage
Regardless of whether states use government agents or proxy hackers for cyber operations, the logic that once guided traditional espionage—where information flowed from those who had it to those who needed it—does not appear to apply when it comes to economic espionage. In a recently published research paper, I show that contrary to earlier beliefs, countries with similar economic structures and technological capabilities are more likely to engage in economic espionage against each other (as opposed to those with dissimilar structures and capabilities). The reason? The stolen information is more applicable and immediately beneficial to the perpetrator. For example, it is of little use to steal technology to manufacture solar panels if you do not have factories and a technically capable workforce that can profitably leverage that information.
By focusing on rivals with similar economic structures and technological capabilities, perpetrators can refine their competitive strategies and enhance their own industrial and technological bases. Importantly, this strategy is less about filling gaps in knowledge and more about advancing in an already closely contested field. This dynamic has a profound policy implication for the likely future of interstate conflict: as states continue to develop and closely guard their technological innovations, the arena of interstate rivalry is likely to shift increasingly towards more covert forms of conflict. 
This evolution suggests that except in a few instances, traditional forms of diplomacy and military confrontation may give way to an irregular warfare landscape where subterfuge and indirect aggression increasingly become the norm. In particular, states with similar economic and technological capabilities will increasingly find themselves not only competitors in the global marketplace but also clandestine rivals in a continuous struggle for technological supremacy. This scenario necessitates a reevaluation of national security strategies to prioritize cybersecurity and intelligence in anticipation of these less overt, but equally impactful forms of conflict.
In addition, diplomatic relations will likely become more complicated, as states may publicly adhere to norms of peaceful coexistence and cooperation while privately engaging in aggressive cyber operations. This combination of open cooperation with covert aggressive cyber tactics can strain international trust and cooperation, potentially leading to a more fragmented international system where states are increasingly wary of their counterparts’ intentions.
Confronting Economic Espionage and the Use of Cyber Proxies
If the United States is to respond effectively to the emerging risk posed by the use of state-sponsored cyber proxies, it needs a better understanding of how to mitigate their use and activities. In a research paper, I gathered new data on over 100 hacker groups around the world and their state sponsors to examine which accountability mechanisms are effective in mitigating the use of cyber proxies. My research indicates that the use of proxies is rare in states that have robust domestic accountability mechanisms. This is particularly true in countries where citizens can hold their elected leaders accountable for actions carried out by cyber proxies through vertical accountability mechanisms such as elections and other democratic practices. In contrast, trying to curb the use of cyber proxies using horizontal accountability mechanisms such as congressional and regulatory oversight bodies is significantly less effective. 
These insights have important policy implications aimed at addressing the issue of cyber proxies. Firstly, they suggest that pressure from citizens and civil society organizations could be effective in reducing reliance on cyber proxies in countries where vertical accountability structures are effective. One practical way to implement this is to increase the number of attributions of cyber operations to proxies and their state sponsors. The act of attributing cyber attacks to state sponsors, even when the evidence is not concrete, could prompt pressure from citizens and civil society groups for governments to desist from such operations, potentially deterring future attacks. 
Additionally, my findings imply that reliance on policies that predominantly aim to combat the use of cyber proxies through regulatory and other state oversight mechanisms are ineffective. For instance, despite numerous international agreements aimed at curbing state-sponsored cyber activities like the 2015 agreement between the United States and China to refrain from cyber-enabled theft of intellectual property for commercial advantages, activities attributed to Chinese state-sponsored actors have continued unabated.
With regard to economic espionage, my research holds important lessons for US national cybersecurity policy. For example, the current US National Cyber Strategy emphasizes building a resilient cyber infrastructure, deterring adversaries, and promoting American prosperity by fostering a secure cyberspace that supports US national interests and economic growth. While the strategy recognizes the importance of international cooperation, it primarily focuses on deterring adversarial actions through strength. It does not sufficiently capitalize on the important finding that the primary economic espionage threats are likely to come from nations with similar technological advancements and economic profiles. This includes perennial rivals China and Russia but also allies like France, Germany, and Britain. Given the tendency for similar economies to target each other in economic espionage activities, the US could refine its strategy by fostering deeper, more targeted intelligence-sharing partnerships with countries that are at similar levels of technological and economic development.
As technological advancements reshape the contours of international relations, understanding the strategic calculations that drive states to engage in cyber economic espionage and to use proxies is increasingly crucial. This is important not only to secure states’ economic interests but also to preserve international peace and stability in an increasingly interconnected world.
William Akoto is an Assistant Professor of Global Security in the Department of Foreign Policy & Global Security at American University’s School of International Service. His research is primarily focused on examining how states leverage cyber and other emerging technologies in the pursuit of national security objectives. Details of his past, current, and forthcoming research projects are available on his website at willakoto.com.
The views expressed are those of the author(s) and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.
If you value reading the Irregular Warfare Initiative, please consider supporting our work. And for the best gear, check out the IWI store for mugs, coasters, apparel, and other items.

Sunday Jun 09, 2024

June 6, 2024 by Jacob Ware, Sam Rosenberg
https://irregularwarfare.org/articles/d-days-bodyguard-of-lies-intelligence-and-deception-in-normandy/
The heroes who stormed the beaches of Normandy on June 6, 1944, eighty years ago today, faced a rainstorm of gunfire as they disembarked from their landing crafts. Over 4,000 lost their lives in the initial landings, which nevertheless succeeded in establishing an Allied beachhead in Adolf Hitler’s Atlantic Wall.
The toll could have been even worse had safer passage not been ensured by a secretive army of spies and decoys that, beginning in 1943, wove an elaborate deception to convince their Axis adversaries that the landing would be later and further north. In the words of Winston Churchill, the front-line soldiers were protected by a “Bodyguard of Lies” that carefully protected the true location and intentions of the landings at five beaches in Normandy.
The D-Day deception operation stands as a powerful example of the essential blend of irregular warfare methods with conventional tactics. As we witness brutal combat in Ukraine and anticipate potential future conflict in the Indo-Pacific, the lessons from June 1944 are more pertinent than ever. Integrating tactical and strategic deception to support traditional warfare, involving civilians alongside the military, and the critical importance of avoiding large-scale conventional war due to its immense costs are lessons that continue to resonate today. 
The D-Day Deception
As the Second World War approached its turning point, an inevitable Allied assault on occupied Europe, Allied leaders gathered at Tehran to devise their strategy. The odds appeared against them: despite Germany’s forces being spread thin across 2,600 kilometers of Atlantic coastline, the Axis held a force advantage, outmanning the landing force in France by an estimated 60 divisions to 37. Cunning and misdirection would need to complement the brute force of men and armor that would be hurled against Hitler’s European fortress. In the words of Jon Latimer, “Deception would play a crucial role in producing a ratio of forces necessary for Allied victory in the battle of the build-up and permitting a break-out.”
Operation Bodyguard was established in 1943 as the overall deception strategy to mislead the German High Command about the timing and location of the inevitable Allied invasion of Europe. Under this overarching plan, the main thrust was Operation Fortitude, which was itself divided into two smaller campaigns: Fortitude North, which would feint at Norway, and Fortitude South, which promised an attack at the Pas-de-Calais in northern France. Fortitude combined both physical deception and signals intelligence to construct the ruse. For example, the Allies invented out of thin air the United States First Army Group, commanded by General Patton, and mustered the paper command in southeast England, supporting the idea that the invasion would strike directly across the English Channel at Calais. Dummy inflatable military hardware was spread across the area, hoping to attract spy planes, while the infamous Ghost Army created fake shoulder patches to accompany and announce the arrival of the phantom units.
The deception was furthered by British intelligence’s exemplary Double Cross system, masterfully recounted in Ben MacIntyre’s Double Cross: The True Story of the D-Day Spies. By 1944, British counterintelligence confidently believed it controlled every German spy in the United Kingdom. Fortitude put this network of double agents to work, steadily feeding handlers in Berlin a diet of false reports that contributed to incorrect beliefs about the Allied order of battle. In one case, double agents “Mutt” and “Jeff” transmitted false reports about a fictitious British Army amassing in Scotland to join the Soviets in an invasion of Norway. The trick worked, with Hitler sending one of his divisions to Scandinavia just weeks before D-Day. The intelligence network was so extensive that stories still emerge today—like the women codebreakers stationed at the US Foreign Service Institute, who stole Japanese diplomatic messages describing German defenses on the French coast, further contributing to the deception’s success. 
The deception plans were joint operations involving multiple branches of the Allies’ armed forces. Operation Glimmer, Taxable, and Big Drum formed the naval component of Operation Bodyguard. Like Fortitude South and the Double Cross system, these efforts aimed to deceive the German forces about the invasion beaches in France. Small fleets, equipped with radar-reflecting balloons and devices simulating large convoys, maneuvered off Cap d’Antifer and Pas-de-Calais to create the illusion of impending naval assaults northeast of Normandy. Confused by the feint, the Germans in Calais reported an invasion fleet and even sent airplanes to investigate. 
Civilians also played a significant role in Allied deception and intelligence operations. By 1944, the French Resistance numbered an estimated 500,000 members in many different groups, most of whom came under the umbrella of the French Forces of the Interior (FFI). Operating in small groups called Maquis, resistance fighters engaged in sabotage, targeting Nazi supply routes and reinforcements. The FFI’s intelligence-gathering efforts also provided the Allies with invaluable information about German troop movements and fortifications, directly supporting the impending landings. In one case, as recounted in Cornelius Ryan’s classic The Longest Day, an FFI sector chief identified an artillery piece sited for Utah Beach and managed to transmit a message to London about the potential threat. On the morning of D-Day, he was overjoyed when an Allied destroyer arrived off the coast and blasted the artillery piece with a precise bombardment. “They got the message!” he cried. 
The Maquis’ coordinated closely with Allied strategy. On June 5, the BBC broadcasted coded messages to alert the French Resistance about the imminent invasion, setting off plans to sabotage railways (the Green Plan), main roads (the Tortoise Plan), and telecommunication networks (the Purple Plan), along with launching guerilla attacks against German troops. More than 90 three-man Jedburgh teams, comprising American, British, and Free French operatives, parachuted into France throughout 1944 to facilitate this coordination on the ground. The first team, codenamed “Hugh” dropped in on the evening of 5/6 June and linked up with the head of the resistance in the Indre area, near Châteauroux. In June and July, the “Jeds” helped disrupt German communications in Normandy. By August, teams worked with the British Special Air Service in Brittany, orchestrating guerrilla attacks and providing intelligence that hastened the Allied advance. These Jedburgh teams, the forerunners of modern special operations forces, provided leadership, training, and communications support, amplifying the impact of the Resistance’s efforts. 
Once the invasion began, the Allies relied on tactical deception to further confuse the German defenders. As part of Operation Titanic, another subcomponent of Operation Bodyguard, the British Royal Air Force and Special Air Service dropped hundreds of dummy parachutists far from the actual landing areas in Normandy. Known as “Ruperts” to the British and “Oscars” to the Americans, these decoys were equipped with noise makers and explosives to simulate an actual airborne assault. British commandos even jumped with some of the dummies and played recordings of gunfire and men shouting to sell the ruse further. The plan had the intended effect, with the Germans sending a division reserve away from Omaha and Gold beaches and the 101st drop zones to search for the suspected paratroopers. When members of the German 7th Army discovered the dummies, General Hans Speidel ordered a decreased level of alert for his soldiers, leaving them less prepared for the actual invasion.
Perhaps the most challenging—and, in turn, impressive—aspect was that the deception could not end when the invasion began. It had to continue, convincing the enemy the true invasion was, in fact, a feint and the initial (deceptive) intelligence remained accurate. Three days after the invasion, Spaniard Juan Pujol García (Agent Garbo) transmitted to his handlers that most companies had stayed behind in England, expanding upon the lie that the main thrust of the assault would cross the Strait of Dover and hit Calais. The Ultra intercepts, made possible by the codebreakers at Bletchley Park breaking the Enigma code, offered invaluable proof that the Germans continued to believe the Fortitude ruse instead of the catastrophic and physical evidence that the invasion was already underway. It would take seven weeks for the German High Command to redeploy resources from Calais to Normandy. By then, the Allied beachhead was secure. Germany’s delay was the ultimate success of Operation Bodyguard. If the element of surprise is essential in war, then the ability to maintain and even extend the element of surprise is perhaps the most impressive triumph. 
Although debates endure about the importance of Bodyguard and Fortitude, largely over skepticism that the inflatable hardware was ever actually seen and insistence that German espionage incompetence was the ultimate culprit, there is little doubt that the deception at least contributed to the tremendous success of the D-Day landings. In the immediate aftermath of Fortitude, the German High Command awarded (Double) Agent Garbo the Iron Cross for his efforts. If nothing else, as Lt. Jason Carminati writes, “Although the Nazi regime had unique institutions that contributed to the operation’s success, the Allies’ planning and execution of various deception techniques were more impactful to the success at Normandy because German weaknesses were discovered and exploited.”
Deception Today and Tomorrow
Deception, of course, remains an integral part of warfare, deployed by both friends and foes. During the first months of Russia’s full-scale invasion of Ukraine, echoing the Rupert dolls of World War II, Ukrainian defenders employed mannequins from local stores to confuse Russian forces. Drone footage captured Russians wasting valuable artillery on a trench system manned only by these decoys. As the war progressed, Kyiv expanded its deception efforts, with civilian companies like Inflatech and Metinvest creating realistic decoys of Ukrainian weapons and vehicles, complete with multispectral signatures, causing further Russian munitions to be squandered on fake targets. 
When preparing for the initial counteroffensive in Kharkiv in September 2022, Kyiv aimed to convince its adversaries that the counteroffensive would target Kherson in the south. Using media leaks, encouraging popular resistance as “shaping” operations, and amassing troops in the south, Ukrainian military planners succeeded in drawing Russian forces to defend Kherson, leaving the Kharkiv salient largely unprotected. The eventual offensive shattered Russian lines, liberating some 12,000 square kilometers, including the strategic crossroads at Izium. (Impressively, Ukrainian forces also liberated Kherson two months later.) 
In contrast, the failed Ukrainian offensive in the summer of 2023 highlighted the challenges of deception. The Ukrainian military failed to mislead Moscow about their intention to penetrate Russian lines protecting Melitopol and the Azov coast. Despite shaping operations along the Russian defensive line, particularly in Bakhmut, the Ukrainian government’s insistence in early June that “Plans love silence” and warnings against rumors did not materially weaken the entrenched Russian defenses.
Just as the French Resistance played a central role in the success of D-Day through deception and intelligence operations, Ukrainian citizens have become crucial to their country’s current conflict. Early in the war, the Territorial Defense Forces, made up of citizen volunteers, were instrumental in repelling the initial Russian assault on Kyiv. As the war progressed, Ukrainian civilians took on various wartime responsibilities, from raising funds for the Ministry of Defense to crowdsourcing military gear and weapons to developing targeting and intelligence for the armed forces. Remarkably, the Ukrainian government even launched an app, Diia, allowing citizens to report on Russian troop movements and defenses directly.  
Deception can also be deployed at the strategic level and is often weaponized by non-state actors. Just four months before Hamas’s October 7 Einsatzgruppen-like thunder run across the Gaza border, a former Knesset member had written that Hamas and Israel enjoyed a “strategic détente” and that “Hamas doesn’t seem to be eager to change the existing equation in order to challenge Israel.” Hamas’s strategic deception contributed to the total failure of the Israel Defense Forces to protect the borderlands near the Gaza strip—they were unable to access many of the kibbutzim until hours after the initial attack. After the fact, deception can reveal not just cunning and secrecy on the part of the deceiver but also complacency and ineptitude among the deceived.
However, the lessons for modern warfare might apply even more strongly to strategic competition. As the US escalates its saber-rattling with China, it fences with an enemy that makes deception a core concept of its strategy, using tactics such as decoy targets and disguising military equipment as civilian vehicles to mislead adversaries and protect assets.  Beijing even employs local militia forces to provide camouflage support for important potential targets.  And yet, ironically, “American dominance in conventional warfare has contributed to perceptions that deception is unnecessary, or is a technique for weaker powers,” as Fabian Villalobos and Scott Savitz observe. “But successful deception activities enhance force protection, preserve combat power, and add complexity for the adversary—facts that are often underappreciated.”
D-Day stands as a stark reminder of the cost of traditional warfare and the importance of avoiding it whenever possible. As the US inevitably ramps up its industrial capability to prepare for total warfare with China, it should also pay equal attention to the range of irregular capabilities—from espionage and intelligence to information warfare and cyberoperations—that will better prepare it to deceive and avoid being deceived by the enemy. As Seth Jones writes in Three Dangerous Men, “Chinese military strategy generally aims to avoid a conventional war. China’s goal is to weaken and surpass the United States without fighting.” 
US success in the coming years will not be defined by victories in conventional military battles with China, Russia, or any other adversary but by avoiding such confrontations through cunning, creativity, and deception.
 
Correction (June 7, 2024): In the article, it was previously stated that more than 90 three-man Jedburgh teams parachuted into France on the night of June 5/6. The correct information is that these teams parachuted into France throughout 1944. The corrected sentences now read: “More than 90 three-man Jedburgh teams, comprising American, British, and Free French operatives, parachuted into France throughout 1944 to facilitate this coordination on the ground. The first team, codenamed ‘Hugh,’ dropped in on the evening of 5/6 June and linked up with the head of the resistance in the Indre area, near Châteauroux.”
Jacob Ware is a research fellow at the Council on Foreign Relations and an adjunct professor at Georgetown University’s Walsh School of Foreign Service and DeSales University. He is also a visiting fellow at the University of Oslo’s Center for Research on Extremism, and the co-deputy editorial director of the Irregular Warfare Initiative. With Bruce Hoffman, he is the co-author of God, Guns, and Sedition: Far-Right Terrorism in America.
Sam Rosenberg is an Army Strategist preparing for an assignment to US Army Europe and Africa in Wiesbaden, Germany, and the co-deputy editorial director of the Irregular Warfare Initiative. Commissioned as an infantry officer in 2006 from West Point, Sam has served in Iraq, Afghanistan, and Eastern Europe. He holds a master’s degree in Security Studies from Georgetown University and a PhD in Public Policy from the University of Texas at Austin. 
Views expressed in this article solely reflect those of the author and do not reflect the official position of the Irregular Warfare Initiative, Princeton University’s Empirical Studies of Conflict Project, the Modern War Institute at West Point, or the United States Government.

Image

Your Title

This is the description area. You can write an introduction or add anything you want to tell your audience. This can help potential listeners better understand and become interested in your podcast. Think about what will motivate them to hit the play button. What is your podcast about? What makes it unique? This is your chance to introduce your podcast and grab their attention.

Copyright 2024 All rights reserved.

Version: 20241125