Confidence How to use emerging technologies

in Chaos to combat grey zone threats

Foreword
In his 2019 book Goliath, Sean McFate cites the story of General Billy Mitchell, an American pilot during World War I,
who spent most of his life after the war predicting the importance of air power in future conflicts. For preaching his
ideas he was banished to the Pacific by his superiors. Whilst there, he produced a report predicting war between
Japan and America, initiated by a surprise Japanese attack from the air.
The response was a court martial and his subsequent resignation from the US military.
He continued to campaign tirelessly about the coming age of air warfare until his death in
1936. Five years later the Japanese attacked Pearl Harbour by surprise from the air, killing
more than 2400 people, destroying 188 aircraft and damaging or demolishing 8 warships.
What McFate’s example shows us is that changing established mindsets is difficult,
especially when it comes to the future of conflict. But change they must. We cannot
hope to win against nimble and adaptable aggressors if we are not willing to recalibrate
our thinking when confronted with new styles of engagement.
The 21st Century is being defined by perpetual turmoil and unpredictability. Our adversaries
understand how to use this to their advantage and, in many cases, how to engineer its
creation for their own ends. Grappling with the unorthodox approach of modern aggressors –
from organised criminals to hostile states and private militias – has become harder than we ever
imagined. Yet it is by no means futile. There is much we can do, not just to mitigate the impact
of our enemies but to get ahead of them and endure in this age of disorder.
At the same time, the emergence of a new challenge in 2020 - dealing with Covid-19 –
has changed our understanding of what it means to protect human life and global society.
It is the very definition of unpredictability and it will affect the role of defence and security
organisations for the foreseeable future. But as the threat from the disease eventually recedes,
the challenges of clandestine conflict will remain, and is likely to grow and develop in the wake
of the significant geopolitical change this disease has stimulated.
Amidst that environment, the economic ramifications of managing the pandemic will present
further uncertainty for defence and security organisations. Saddled with significant debt, many
nations will look to the defence community as an area for cost savings. In that fiscal climate,
emphasis will shift from investment in large and/or complex enhancement programmes to new
ways to do more with what already exists. The role of emerging technology will be vital in the race
to adapt what we already have for the new normal.
Success against this backdrop is going to require significant change in a number of
areas – from our appetite for risk, to the equipment we use, the skills we employ and possibly
even the Rules of Engagement that define our legal and ethical boundaries. Technology, and in
particular novel emerging technology, will play a role in them all. It will enable us to expose our
adversaries’ tactics, mask our own activities, respond with greater effect, and increase the speed
at which we can act. Understanding which ones to use, and how to integrate them as part of
adapting existing capabilities in a safe and assured manner is essential for making that possible.
There is no doubt that uncertainty will continue to be a characteristic of future defence and
security. However, of one thing we can be absolutely certain – if like Billy Mitchell’s superiors we
assume that what comes next will be the same as what went before we will not win, and we will
not be able to protect what matters most.
Andy Thorp,
Group Director - Business Development at QinetiQ
Introduction
The supremacy of Western forces in conventional military conflicts has driven adversaries to use alternative approaches
to achieve their aims. Such approaches explore the widest range of social, political, economic and military instruments
available to achieve maximum effect without provoking a conventional military response, or even being recognised as
formal acts of aggression.
Today’s adversaries will adapt through experimentation with emerging technologies at an early stage. They are experts at
the clandestine preparation of strategic conflict; and they emphasise the human, social, moral and cognitive domains, all
of which form a vital part of their doctrine. As a result, modern conflict has become more devious and covert.

This approach has generated many ‘buzzwords’ –
asymmetric, hybrid, 5th generation, and sub-threshold are
all names that have come to be associated with today’s
adversarial campaigns. But it is difficult to put a single
term around such a broad collection of activity, especially
one that can also encompass tactics which have yet to
emerge. Doing so is also unhelpful because it creates
additional confusion in an environment where clarity is so
essential to an effective response.
However, this report needs a way to refer to these types
of tactics and campaigns. The easiest way to articulate
this genre of engagement is to recognise its location –
within the ‘grey zone’ that sits between routine statecraft
and open military conflict. This is also the term most
regularly referenced during the research undertaken
to develop this report.
What the West is currently facing is not new. The
broad themes of sabotage, espionage, deception, and
encroachment, are enduring elements of conflict, relevant
as recently as the Cold War. They are simply now
enhanced by new technologies that accelerate their effect,
make them harder to identify, and improve their impact.
The doctrine and philosophy of conflict are perpetual.
Adversaries have just become more technologically
capable of achieving their desired outcomes, which has
allowed them to adapt faster, add greater variety to their
attacks, and increase the collective effect of their actions.
That has had an effect on the type of challenges Western
democracies now face, and because grey zone activities
rarely discriminate between the different remits of
defence and security forces, many of these challenges are
common to both. This includes integrating and analysing
vast amounts of data to create actionable intelligence;
improving resilience to online crime and cyber-attacks;
finding new ways to mask activities; and how to inject
new skills to better combat current threats. From the
perspective of deterrence, resilience, doctrine and tactics,
many Western nations need to consider how to forge a
more integrated response, aligned to the principles of
Fusion Doctrine, across all aspects of government, public
services, and national infrastructure
Emerging technologies may hold the key to success,
provided they can be employed in the right combinations,
and with sufficient assurances around safety, reliability
and operational readiness. But for many nations this
creates another dilemma. How can they deliver on
traditional defence and security commitments, whilst
simultaneously exploring the potential of novel ideas, all
without compromising current capability or affordability?
This is not a zero sum game. It is too early to abandon
more conventional military capability because that is
what generates influence with allies and deterrence with
adversaries. (This is a prime reason why grey zone
 tactics exist – because adversaries know that they are
overmatched on conventional capability.) It is also too
early to replace existing assets with new technology,
which is untested and unproven. The solution sits between
the current and the future, where emerging technologies
are not used to replace existing capabilities but to adapt
them to reflect the true nature of current global threats.
This ‘mission-led’ approach to innovation offers the
greatest potential return on investment. The challenge is
how to implement it quickly, effectively and with the right
level of certainty.
This report has been developed to provoke a new dialogue
around how organisations can harness the potential of
emerging technology to successfully adapt conventional
defence and security capabilities and mitigate the impact
of adversarial grey zone campaigns – be they organized
criminal gangs, international terrorist cells, or nation
states. It is based on the breadth of QinetiQ’s (and our
partners’) technology and engineering expertise, plus our
deep understanding of international defence and security
requirements, and our experience of creating, testing and
using new ways to protect what matters most.
Existing analyses tend to focus on where this type of Successfully responding to grey zone campaigns requires
conflict has come from and the challenges it presents. some difficult decisions and ultimately a trade-off between
This report is different. It recognises that adding to maintaining conventional deterrents and exploring new
that debate is not going to address the issue. Instead ones. Being able to make strategic and tactical changes
it explores the practicalities of countering grey zone that help balance those decisions is likely to be the best
campaigns now, by using the right combinations of approach in the short term. This report is designed to
emerging technology to adapt existing capabilities and support that process through visionary opinion that
make them better suited to neutralising such threats. advances the debate, and practical guidance that
supports immediate action.
It will:
- Outline the common challenges that grey zone activity
presents to both defence and security organisations, and
the most common modes of grey zone activity today;
- Offer the ten most promising types of technology
which offer the greatest potential for adapting existing
capabilities to these new threats;
- Provide guidance on how to bring these technologies
together in the right combinations for known grey zone
scenarios;
- Provide recommendations on how to adopt these
technologies in a safe and assured way.
Common challenges
for defence and security
Grey zone tactics don’t discriminate between defence and security targets, and neither should the West’s responses to such
tactics. Western organisations must tackle, in an integrated way, the capability gaps that these tactics reveal - rather than
seeing them as discrete challenges to address individually. Below are six of the most pressing challenges of grey zone conflict
that are common to defence and security organisations.

Challenge #1: Challenge #2: Challenge #3:

Creating information advantage
Whilst the West plans for conventional conflict, its adversaries
wage a knowledge-based war. Today, a potent narrative
has the power to disrupt, confuse, agitate, and radicalise.
Separating truth from lies and creating effective counter
narratives are key battlefields for victory.
The way to address this is to gather more intelligence,
process it faster, and fuse it to create a clearer picture. This
can then be used to diffuse adversarial tactics, and underpin
informed responses across both security and defence forces.
This is how you win the information war.
Improving cyber resilience
The scale and sophistication of organised crime is growing,
which presents an ever-increasing threat. The job of a cyber-
attacker is now made easier by the mix of technologies on
which our infrastructure relies. Some is old and some is new.
Lots may be located on premises, but more is moving to
private, hybrid, or public clouds.
It’s becoming harder to maintain resilience when the scale
of digital transformation makes the technology picture so
fragmented. Technical changes bring huge opportunities,
but also usher in new threats.
Improving threat detection
As threats have changed, identifying them has become
harder. The nature of grey zone campaigns is that they are
disguised, so a nation can be engaged in conflict without
even knowing it has been targeted.
Early detection is critical. Identifying unconventional tactics
requires significant focus. Improvements in information
gathering, processing and utilisation could boost Western
detection capabilities. This should be combined with a
change in Western perception about what constitutes
conflict today.
Challenge #4:
Adding covert capabilities
Western forces have successfully achieved conventional
deterrence. They must now achieve it in the grey zone.
As conflict becomes sneakier, it’s not enough to deter
adversaries only from open war.
The West needs to increase its ability to expose enemies’
clandestine actions, whilst improving its ability to mask its
own. This requires an adaptation of conventional assets to
improve their covert capabilities through the use of stealth,
autonomy and increased information gathering and
processing - the use of covert forces to neutralise
covert threats.
Challenge #5:
Adapting at pace
Defence and security organisations struggle to adapt quickly
enough to the changing threat landscape. The scale and
bureaucracy within defence and security forces can make
them slow to change. Adversaries, on the other hand, are
happy to work with off-the-shelf technology, nimbly adapting
as required.
There’s a lot that can be done to make Western forces able
to adapt faster and with greater impact. This includes adapting
some commercial best practice, and increasing the role of
experimentation in live environments, pushing innovation
from lab to user faster.
Challenge #6:
Introducing new skills
New skills must be continually introduced to counter
adversaries’ ever-evolving tactics. This is as much about
changing the way existing personnel are trained as new
recruitment. It means moving away from today’s linear
process of ‘train, deploy, return, train again’. Instead, training
must be linked to real operations to ensure it is always relevant.
It is also about extending training beyond the development
of conventional ‘muscle memory’ abilities into more cognitive
skills. Training can no longer be about pre-defined tasks.
It must evolve to become more about understanding how
to deploy existing cognitive skills proactively. If defence and
security can cross-fertilise training, both stand to benefit
from each other’s experience.
The role of emerging
technology in adapting
to meet grey zone challenges
The challenges outlined in the previous section threaten to back Western democratic nations into a corner.
Faced with an adversary willing to ‘fight dirty’, using unethical practices and improvised equipment, routes
to victory appear severed. Three options can be ruled out:

1 2
 vert displays of military strength have historically
O O
 vermatching firepower has given Western powers
been used to establish rapid dominance and
demoralise opposing forces. However, when an
adversary’s aggressions are not explicit, the use of
explicit force in response looks to the outside world
like excessive provocation. This gives the adversary
an opportunity to portray the defending force as the
aggressor, and provides them with justification for
further escalation.
the advantage for decades. It remains important
as a deterrent, and vital in the case of full war
breaking out – but in the grey zone it must
form part of a suite of tactics, rather than be
seen as a solution on its own. Multimillion-dollar
weaponry provides little advantage against
low-cost improvised devices, or other grey zone
threats such as cyber-attacks or propaganda. This
asymmetry is laid bare by the case of a US ally,
which in 2017 was reported as having launched
a $3m Patriot missile to shoot down a $200
consumer quadcopter.
The remaining option for defending against grey zone
aggression is to undergo a shift from firepower overmatch to
technological overmatch. To that end, we have identified ten
technology capability areas that can help the West reclaim its
advantage through technological superiority, without lowering
legal and ethical standards.
The following chapter examines each of these technology
capability areas in turn, drawing input from experts worldwide
on the current and future states of their specialist fields.
We also include a selection of innovative organisations to
watch in the coming years. The chapter comprises two
categories of capabilities:

3
- Front line – those deployed directly in grey zone competition.
 To fight fire with fire – that is, to ape adversaries’
unscrupulous tactics and use of unregulated - Supporting – those indirectly assisting grey zone operations
improvised weapons – would be to abandon the by aiding the design, manufacture, testing and assurance of
legal and ethical norms that the West has a duty the front line capabilities.
to defend. A race to the ethical bottom would only
serve to escalate aggression, resulting in avoidable
death, damage and casualties.
 Power Sources, Energy
Storage & Distribution Robotics &
Autonomous
Systems

Novel Systems,
Weapons & Effects

4 5 Secure Communications

FRONT LINE
& Navigation

3
6

2
Cyber &
Electromagnetic
7
Activities
Sensing, Processing
1 & Data Fusion

SUP 8
PORTING
9
Artificial Intelligence,
Analytics & Advanced
Computing

Platform and System

Design and Assessment

Advanced Materials &

Manufacturing Human Protection
& Performance
 1 2 3 4 5 6 7 8 9 10

Front line technology capability areas

AI, analytics and advanced computing
Popular depictions of the use of AI in film and television
often involve AI ‘brains’ implanted into robotic bodies, Dalith Steiger,
which attempt to enslave or destroy humanity. The reality SwissCognitive (Switzerland)
of AI lacks such immediate visual and emotional impact,
“Artificial intelligence promises benefits in industries such as agriculture, logistics, finance, defence
and so attracts less attention – but the technology
and security. In healthcare, AI has been shown to outperform radiologists at detecting cancers
can still be very dangerous in the wrong hands. The
in mammogram screenings. But despite this, we still need human doctors and specialists to
threat from AI chiefly lies in its ability to outpace human
understand patients’ mental circumstances, communicate findings with compassion, and provide
decision making, reaction and response. A hostile AI can
emotional support. The value in AI comes from finding the optimum combination of human
work endlessly to uncover and exploit vulnerabilities in
competency and machine capability and performance.
a target organisation’s cyber defences, or propagate
online disinformation faster than it can be refuted or Many of AI’s current limitations are due to human behaviours. Algorithms can take on the biases of
removed. The only way to counter hostile AI is through their creators, so to avoid that we need to understand human bias and why it happens - we now have
technologically superior AI countermeasures, resulting the chance to ‘unbias the bias’. We also to need manage expectations better. We have to get away
in a continual arms race between offensive and from the ‘Terminator’ mentality – believing this technology is evil – but there is equally a danger in
defensive technologies. relying too much on AI and not questioning it enough. To achieve the right balance of trust, we as
experts need to be transparent about the ethical decisions we make, what the technology can and
However, AI represents not just a threat, but an
cannot do, and the roles we expect it to play in society. We must demonstrate iterative development,
opportunity. Its ability to process massive volumes of
rather than pretending we have arrived at the final conclusion. And finally, we must understand the
data at pace lends itself perfectly to situational awareness.
ways in which AI can be used to cause harm, such as spreading fake news, and take steps to
By drawing and fusing data from multiple sources, the
tackle them.”
machine can deduce enemy locations and even model
predicted behaviours. It can then prioritise the most
urgent information and present it to the operator, avoiding
cognitive overload. In the grey zone, knowledge is power –
making AI, analytics and advanced computing vital tools.
 1 2 3 4 5 6 7 8 9 10

Cyber and electromagnetic activities

The cyber domain is a vital front in grey zone competition.
Hackers working for organised crime syndicates or a
hostile nation will target public services and critical
national infrastructure to inflict economic harm and exert
political pressure on rivals. They may also undertake
espionage to obtain intelligence or state secrets.
Technological developments like AI can help to mitigate
the threat, but equally important is an organisation’s
resilience – its ability to bounce back from an attack –
which is largely reliant on human training and behaviours.
Less discussed is the vulnerability of the electromagnetic
spectrum. Communications signals, including Wi-Fi and
GPS, can be jammed or spoofed for service denial or
misdirection. The effect can be just as catastrophic as a
cyber-attack, but it may be less obvious that an attack is
taking place and harder to determine the source. Specialist
technologies can flag and trace electromagnetic attacks,
but must be combined with human training and education
to ensure organisational resilience.

Amanda Widdowson,
Thales Cyber and Consulting (UK)
“In the cyber security domain, the human is often the weak link in the chain. The Iranian power plants affected by
the Stuxnet computer worm were self-contained systems, protected by an ‘air gap’ that prevented attackers gaining
access remotely. A virus could only be introduced as a result of risky employee behaviours, or poor site security
allowing attackers physical access to computers – and when somebody plugged in an infected USB stick, that’s
exactly what happened.

Organisations must understand risky behaviours and take steps to tackle them. Employees may write down their
passwords, or allow intruders to ‘tailgate’ them through secure doors. Training and social pressures can help to
mitigate these – nobody wants to be remembered as the employee who let the attacker in – but these can be
coupled with technological solutions, such as new authentication methods. For instance, facial recognition and
biometrics could replace security passes and eliminate passwords, removing two major vulnerabilities.

Digital transformation and the Internet of Things will make systems more connected. Where there were once air gaps,
there will be none – so once an attacker finds an entry point they can cause harm across a much wider network.
Identifying and securing those potential vulnerabilities has never been more important.”
 1 2 3 4 5 6 7 8 9 10

Novel systems, weapons and effects

Broadly, this technology capability area is about a wide
range of alternatives to kinetic weapons, but in the Mark Neice,
context of the grey zone, directed energy is the most Directed Energy Professional Society
relevant and therefore where this report focuses its
“Laser weapons began life as a Cold War era concept, but their migration from chemical to solid-
attention. In previous wars, the visual spectacle of ballistic
state around 15 years ago set them on the path to becoming a reality. Today’s combined beam fibre
bombardment served as a show of strength to deter
lasers address the size, weight and power (SWaP) challenges that previously made them impractical.
opposing forces, in the tactic known as ‘rapid dominance’,
Weapons of up to 50kW have already been successfully demonstrated, capable of tackling low-level
or ‘shock and awe’. Using the same approach against
threats like drones and fast inshore attack craft. Within the next few years, 100kW weapons will
aggressors acting below the threshold of war would
be able to counter high-end army threats like rockets, artillery, and mortars. Looking further ahead,
appear wildly disproportionate and would likely justify
anything over 150kW should be able to intercept anti-ship cruise missiles and similar threats. Laser
escalation on the enemy’s part. Directed energy can
weapons have so far been deployed on ships dues to the SWaP limitations, but recent advances have
achieve traditional military objectives – such as disrupting
allowed the US Army to mount a 50kW unit on a Stryker combat vehicle, and there are plans to trial
enemy communications or weapons production – but
smaller models on fighter jets.
covertly and deniably.
Lasers are not the only novel weapon gaining traction. While lasers create flaming wreckage,
Directed energy also addresses the asymmetric threat
electronic attack is more covert, disrupting systems with little trace. Jamming is a low-tech form
posed by militias equipped with inexpensive, improvised
of electronic warfare, which has a temporary effect – when the jammer is turned off, systems come
weaponry based on commercial off-the-shelf technology.
back online. But higher power weapons can produce longer lasting or permanent effects. The US Air
A ship could expend millions of dollars’ worth of munitions
Force has demonstrated the use of its Counter-electronics High Power Microwave Advanced Missile
defending against a swarm of cheap explosive-laden
Project (CHAMP) against facilities and infrastructure.
quadcopters, or a small fleet of rigid inflatable boats
(RIBs). Alternatively, a laser weapon could neutralise them International collaboration will drive these technologies forward, by working to solve challenges
at what is reported to be the cost of a dollar per shot. like energy storage and beam dissipation.”
 1 2 3 4 5 6 7 8 9 10

Power sources, energy storage and distribution

Most, if not all, of these front line capability areas rely
on electricity. In some cases this can be drawn from the Dr Michael Ling,
grid, but other scenarios require highly specialised energy Defence Science and Technology Group (Australia)
storage and power delivery systems. A laser directed
“There is a need to build customised batteries and power sources for specialised purposes, rather
energy weapon requires a system capable of delivering
than relying on one battery type for all applications. Many different cell chemistries are currently
massive bursts of power in a very short space of time
being explored as alternatives to the common lithium-ion battery, and we may see some genuine
– a supercapacitor for example. A battery used in front
breakthroughs in the next five years. Sodium-ion will be ideal for high-volume, low-cost applications
line applications, such as body-worn soldier systems or
like backup power or grid storage, although its low energy density makes it unsuitable for things like
unmanned vehicles, needs to strike a delicate balance
automotive. Solid state technology could offer a step-change if it ever gets out of the laboratories –
between size, weight and power so it can store enough
it has been in development for a while but it feels like progress has stalled. Sodium-ion is still in an
energy without hindering the movement of its human or
early stage of development, and its energy density is expected to improve over the coming years. It
robotic host. It may also need to be ruggedised to resist
has the unique strength of being able to be fully discharged without damage to its electrodes, making
damage and subsequent ignition.
it safe for air transportation.
Another important consideration for power provision
Military customers will need higher performance than that of most commercial batteries, so will push
in the grey zone is how to sustain operations when the
for higher cost specialised cells. Higher voltage cathodes can produce more energy using fewer cells,
electrical grid has been the target of an attack. Most
reducing the pack size and the voltage loss between cells. It is also worth bearing in mind that in
people keep a flashlight readily accessible at home in case
many military applications batteries are not required to have high charge-discharge lifecycles. Based
there is a power cut and the lights go out – organisations
on Australian experience, many batteries get discarded long before the usual lifecycle of (typically)
also need a contingency plan for operating if organised
1,000 discharges is reached. By relaxing this lifecycle constraint, it is possible to select electrode
criminals take down the grid. How will urgent messages be
chemistries with much higher energy density than currently possible in COTS products.
communicated to employees? How will security systems
be kept active? Organisations should review combinations In the immediate term, power demands can be met using clever combinations of existing
of batteries, generators, renewables and other novel power technologies, like batteries, fuel cells, supercapacitors and renewables. Together they can flatten
sources to keep vital systems online when the mains peaks and troughs to keep generators operating at their most efficient point. Stored energy also
supply is cut off. enables power to be delivered when the generator fails or must be switched off to minimise its
acoustic and thermal signatures.”
 1 2 3 4
Robotics and autonomous systems
In warfare, robots and autonomous systems often do
the jobs that humans can’t or won’t do – for example,
robots used for explosive ordnance disposal keep their
human operators safe. But in the grey zone, the use
of autonomous systems will be much more nuanced –
harnessing the collective power of multiple systems to
provide more granular situational awareness, and expand
the user’s sphere of influence.
An autonomous surveillance network, guarding a nuclear
power plant for example, may consist of several aerial and
ground-based vehicles equipped with sensors operating
on various parts of the spectrum, such as optical, radar
and lidar. The sensor data is fused into a single ‘map’
of activity in and around the perimeter. This is presented
to the operator, who can take any necessary action.
Alternatively, with the introduction of AI into the loop,
a robot may receive combined sensor data, recognise
suspicious activity, and automatically lock down areas
of the premises.
Robotics and autonomous systems also maintain
an important role as a deterrent against militaristic
aggression. As hostile nations encroach on others’
territory, using anti-access and area denial (A2/AD) tactics
to keep defending forces out of the region, the ability to
monitor and respond at standoff distance will be critical.
5 6 7 8 9 10
Melanie Rovery,
Jane’s (UK)
“Robotics and autonomous systems can take on the dull, dirty and dangerous roles in warfare.
Robots don’t get bored or fatigued; they can enter contaminated environments; and they allow
humans to carry out high-risk activities such as bomb disposal without putting lives on the line.
So, robots reduce casualties – but they also expand the fighting force by freeing up manpower
and getting into parts of the battlefield that were previously inaccessible. This contributes to
broader situational awareness and greater lethality.
The future of robotics is about how these robots work together – in swarms or as a distributed
network – and the supporting technologies needed to achieve that, one example being
communications. There is currently a focus on operating unmanned and autonomous systems
in GPS-denied environments. The US Defence Advanced Research Projects Agency (DARPA)
launched its Subterranean Challenge, exploring novel ways of navigating underground, such
as unmanned ground vehicles (UGV) for relay or to drop communication nodes.
Transmitting large amounts of data between systems results in a bunfight for bandwidth on
the battlefield. Computing needs to happen at the edge, using sensors that perform their own
processing. Active sensors also light up a platform like a Christmas tree, so edge processing can
also reduce detectable signatures, maintaining a low profile.
United States Air Force Colonel John Boyd described the ‘OODA loop’ – observe, orient, decide,
act – and observed that whoever can complete the loop fastest will win. Artificial intelligence and
autonomy will accelerate the OODA loop significantly. Nations will need to consider how to counter
threats from the use of increasingly autonomous weaponry by adversaries, or else asymmetry will
emerge between those willing and those unwilling to remove the human from the decision-making
loop in lethal operations.”
 1 2 3 4
Secure communications and navigation
Communication lies at the epicentre of virtually all grey zone
operations. Moving information around is fundamental to
building an intelligence picture on which to base strategic
decision-making. Connected systems, from robotic squadrons
to precision guided munitions, rely on communications
systems to navigate and coordinate. But, every movement
of information creates a potential threat vector. Private voice
calls or emails may be intercepted, giving away intelligence
or providing compromising material that could be used for
blackmail and extortion. Navigation signals, such as those from
global navigation satellite systems (GNSS), may be jammed or
spoofed, causing vital assets to misreport their own locations
or those of enemy targets.
Defence, security and critical infrastructure organisations must
maintain the ability to communicate independently of public
cellular networks, both to prohibit interception and enable
continuity in the event of an attack on the network. Similarly,
it is becoming increasingly important to secure GNSS signals
and receivers, to evade spoofing or jamming attacks and limit
enemies’ ability to pinpoint and track receiver locations.
5 6 7 8 9 10
Alan Lynn,
Cisco (US)
“Secure communications can be achieved by using military-specific equipment or by securing a commercial network
using classified techniques. Using commercial cell phones that have been modified makes a lot of sense out in the field,
as it decreases training time and makes multinational operations easier.
For example, using cell phones for mission-critical communications is now a viable option, as commercial
cell providers are able to provide higher throughput and security. The higher the frequency spectrum, the more data you
can push; and, a more focused beam makes it harder to find, jam or intercept the data.
Higher frequencies also require less power but this is dependent on the distance the data must travel.
Li-Fi (light wi-fi) is also a new option, as it uses visible and invisible light spectrum instead of the radio spectrum to
transmit data. It is difficult to pick up Li-Fi communications as long as the light is contained –
in a shelter, tent or building – so it does not compete with the rest of the electromagnetic spectrum.
And it’s not just the spectrum that must be secured, but the devices themselves. Biometric identifiers, like thumb print
and face or voice recognition, make it harder for hackers to break into devices and networks. Many commercial Multiple
Factor Identity (MFI) solutions now work well for the military and for governments.
Physical infrastructure, such as undersea fibre, must be protected too. Much of the world’s important communications
run on fibre infrastructure, so action should be taken to provide increased monitoring and deterrents to protect it.”
Prof Andrew Dempster,
University of New South Wales (Australia)
“A 2012 study by the US Department for Homeland Security found that 15 out of 18 critical infrastructure sectors relied
on GNSS for timing. By jamming or spoofing the signal, an attacker could cause the synchronised clocks to drift apart,
leading a power station to shut down and creating a cascade effect throughout the grid.
To protect against this, organisations can use multiple smart antennas that can identify where a signal is coming from.
If it is not coming from a satellite, that indicates a spoofing attempt. The third generation of satellite navigation brings
exciting developments, such as multiple signal frequencies. These make spoofing difficult, as the attacker would have to
replicate them all. Sovereign capability will grow in importance as geopolitical factors place more restrictions on global
data access.”
 1 2 3 4 5 6 7 8 9 10

Sensing, processing and data fusion

The key to grey zone advantage is awareness: of
adversaries’ locations, their activities, and their intent, of Dr Ronald Resmini,
public and political sentiment, and of the physical and George Mason University (US)
digital domains in which grey zone competition takes
“It’s an exciting time for remote sensing and data science, as new technologies bring about
place. Advances in sensor technology are creating new
a mini revolution. Multispectral and hyperspectral satellite imaging data are readily obtained by
opportunities to gather data from the physical world.
scientists working in many fields, such as geology, oceanography, meteorology and agriculture.
Sensors can also be fitted to increasingly versatile
Drones equipped with multi-band sensors can collect data from the air at low cost, and be integrated
platforms, such as cube satellites and unmanned vehicles,
with ground and satellite-based sensors to build a very detailed picture. The potential applications
which enable them to collect and transmit data from
are endless, but include better prediction and monitoring of weather, forest fires, droughts, famines,
previously inaccessible locations.
and floods.
However, the true value in new sensor technology can Artificial intelligence and machine learning can now do things with data that are not even possible
only be realised by what happens to the data once it is for humans. A machine can examine terabytes or even petabytes of data and identify patterns that
collected. A situational awareness picture will be pieced no human ever could. We can look at data going back 30 or 40 years – on global sulphur dioxide
together from networks of sensors stationed in multiple levels to understand the impact on climate change for example, or its relation to plate tectonics
locations and operating on different parts of the EM for clues on earthquake and volcanic eruption cycles.
spectrum. The raw data from these networks would be
Data synthesis used to be about downloading and manually working with huge volumes of data.
extremely time-consuming, if not impossible, for a human
Today, people want a product. They want to be able to see the sum of the collated data, and
to interpret – and so it must be processed and prioritised
technology is enabling that. For instance, using visual data from NASA’s Moderate Resolution
before being presented to the user in a format that can be
Imaging Spectroradiometer (MODIS) it is possible to make ‘movies’ that show the coming and going
easily understood and quickly acted upon. AI will play a
of vegetation over time, or the spread of urban environments. The tech makes the data accessible,
role in this, as will ‘smart sensors’ that process data at the
so you don’t need to be a remote sensing scientist to use it.”
edge to preserve comms bandwidth and reduce central
computing power demands.
 1 2 3 4
Supporting capability areas
Advanced materials and manufacturing
The grey zone’s rapidly shifting nature means new capability
must often be fast-tracked into service in response to emerging
and evolving threats. The ability to manufacture quickly and
at scale is therefore crucial to securing the advantage over
adversaries. Traditionally, a factory was set up to produce a
specific product or part, which would then be shipped to where
it was needed. In a grey zone environment, blockades on trade
routes and other territorial disputes could make this difficult.
Accelerating the pace of delivery and responding to changing
demands will require factories and their processes to become
less specialised and more adaptable. Product specifications
will be moved around the world digitally to suitably configured
factories near to the point of need. Items may even be
manufactured in situ; on board ships or in operating bases
using 3D printers.
Materials research also plays an important part in grey zone
competition. In particular, low-visibility materials are vital in
evading detection of covert assets by enemy sensors. There
is also a great deal of interesting work happening in the
field of superconductors, with applications in radar, energy
management and mine countermeasures, while nanomaterials
show promise for sensors and protective coatings.
5 6 7 8 9 10
Dr Nandini Chakravorti,
Manufacturing Technology Centre (UK)
“The world is moving to a sharing economy and manufacturing is no exception. Just as companies like Uber
and Airbnb have established successful business models without owning or operating physical assets, the
next manufacturing revolution will see a shift to Manufacturing as a Service (MaaS). Under the old capital
expenditure (capex) model, setting up a new manufacturing business required huge investment in equipment,
premises and infrastructure. These expensive assets were held under exclusive ownership, isolated and
duplicated between businesses. Under a new operating expenditure (opex) model, businesses will be able to
lease major assets, enabling them to channel their investment into research and development instead. This
creates more space for innovation and lowers the bar to entry for start-ups.
These changes are made possible by enhanced computing power and recent developments in connectivity;
including 5G, edge computing and the Internet of Things. They enable both the globalisation of intellectual
property and the localisation of production. A computer-aided design (CAD) file can be uploaded to the cloud
and distributed across multiple manufacturing sites. However, some of these new systems are vulnerable to
cyber-attacks, making cyber security vital.”
 1 2 3 4 5 6 7 8 9 10

Human protection and performance

New capabilities cannot be introduced safely or effectively
without first understanding how humans may interact with Al Whittle,
them. Unexpected human responses can undermine the Inzpire (UK)
advantages of technology. For example, certain processes
“One of the most dangerous phrases in any organisation is ‘we’ve always done it that way’ –
may be automated to reduce the cognitive burden on
because today’s threats are not the threats we’ve always faced. When identifying which skills are
the user – but this could inadvertently lead to boredom
needed in your workforce, those decisions must be based on an understanding of future threats,
and inattention, causing threats to be overlooked. This
not the leadership team’s past experiences. The tactics used by hostile groups are diversifying.
may hinder the emergency response, as the user tries
Their command structures are not hierarchical and can shift continually. These features make them
to make sense of the events leading up to the incident.
quicker to act, less predictable, and therefore more dangerous. In contrast, many high-security
All new technologies and procedures should therefore
organisations are very hierarchical and predictable, making them slower to respond - giving more
be developed with the human in mind, and tested in live
agile adversaries the advantage.”
exercises to expose hidden risks.
To regain the upper hand, organisations must train their people to be comfortable in chaos. They
Many hostile grey zone tactics exploit human weaknesses
must understand the touchpoints of a platform or system and how these can be exploited. Simulated
to achieve their aims – such as disinformation campaigns
environments are essential in this process. Most training involves testing and evaluating tactics or
that target people’s cognitive biases, or cyber-attacks
increasing employees’ competency in the workplace. Mistakes will be made – and when they happen
which leverage employees’ poor security practices to gain
in the live domain they are costly and very apparent to others. Simulation allows people to make
access to an organisation’s systems. Understanding how
mistakes and learn from them with little negative consequence.”
people respond to such campaigns gives clues as to how
best to protect against them, and how to potentially use
them against the adversaries in a way that overmatches
their own use of information warfare.
 1 2 3 4
Platform and system design and assessment
High-value platforms, like warships, tanks and fighter aircraft,
will remain a central element of warfare, at least for the
foreseeable future. Below the threshold of war, in the grey
zone, their primary role is to act as a deterrent against military
aggression. However, there is an apparent tension between
the long service lives of these platforms and the need to adapt
them quickly to tackle changing threats. When designing a
future platform, modularity will need to be factored in from the
very start. Essential functions will persist throughout its service
life, but its core capability must be readily augmented to serve a
multitude of roles. The impact of each new module on the core
capability’s performance will be modelled synthetically using a
‘digital twin’ of the platform, allowing the ‘real thing’ to enter live
testing and evaluation in a more advanced state of readiness.
A cultural shift is needed to make all of this possible.
Government defence departments have historically had a
very low risk appetite, demanding a degree of certainty that
is incompatible with rapid innovation. Companies in defence
have always been very protective of their intellectual property,
which is at odds with the collaborative approach required to
produce modular platforms. Future platform and system design
and assessment must break out of the silos of yesteryear
to take place within a culture of open collaboration and
experimentation. There also needs to be a shift in focus away
from platforms, and towards systems, that recognises why
hardware alone is useless without the information architectures
and supporting equipment that make it effective.
5 6 7 8 9 10
Catriona Savage,
University College London (UK)
“Designing and procuring large, complex platforms is a game of compromises. On the one hand there
is a drive to reduce risk, cost and time, which favours proven technology. On the other there is a need to
be responsive to new and diverse threats, favouring more innovative, emerging technologies. Our current
approach to procurement has evolved to favour the former, but not the latter, with budgets a further limiting
factor. Defence departments don’t usually have the money to buy lots of ships to carry out different tasks,
and so each ship they buy has to be capable of performing multiple roles. How then can we design platforms
that are both affordable and flexible, without sacrificing too much performance? This needs to be addressed
during the procurement process where it should be recognised that the cheapest vessel does not necessarily
offer the best value.
Modularity can offer a means of bridging the divide by using proven technology that we can adapt. The
starting point needs to be a platform that has been designed with this purpose in mind, so that the benefits
and challenges of modularity can be realised and overcome respectively. Being able to add or remove
different functional capabilities (depending on the ship’s role) can offer an opportunity to significantly reduce
the time and expense involved in upgrading and repurposing platforms. Platforms cannot remain the same
as the threats around them change. More change inevitably means more risk, but the answer is not to avoid
change but to anticipate it and embrace it. A shift in risk appetite is required to achieve this. By embracing
modularity, there must be acceptance that the platform may not represent the ideal solution at any one time
but that it is able to adapt to be an effective 80% solution for a wider range of roles over an extended life.
Alongside this, it’s critical that there is a robust system of knowledge management – a digital thread running
from the platform’s design to the end of its service life – which will help to manage any additional risk
resulting from continual change.”
Five modes of grey zone hostility
Having looked at the technology areas
relevant to grey zone competition, we
will now examine how, when and
why they should be applied. But first,
a note on specificity:
The inherent chaos of grey zone competition presents
innumerable types of danger. As such, this diversity
of threats (and the responses we can mount to them)
makes it foolish to rigidly assign specific technologies
to specific uses. Instead, defence and security decision-
makers must work with leaders in public services and Deniable attacks Information operations
critical infrastructure to maintain an understanding of all
vulnerabilities and the technological capabilities available, Deniability is a central theme of grey zone competition. There are two separate but complementary elements in an
drawing on different combinations to create ‘bespoke’ Adversaries may seek to sabotage a rival’s critical information operations strategy. First: achieving advantage
countermeasures to each threat. infrastructure or assassinate its citizens using methods by collecting information. Second: seeking to produce
that cannot be traced back to the instigator. Tactics an effect by disseminating information. The former
To address this issue, we will view each capability’s include communications jamming, hacking IT systems, encompasses intelligence gathering, reconnaissance,
potential applications through a lens of real-world launching chemical or biological attacks, and using surveillance and espionage. The latter includes
and hypothetical scenarios that represent grey-zone unmanned systems to cause disruption or damage. propaganda, deception and disinformation, or ‘fake news.’
aggressions. We have grouped the scenarios into the five This section of the report is concerned with defending
‘modes’, and the following sections explore each mode in against both, although proactive information collection
detail. Drawing on real-world and hypothetical scenarios, reappears in subsequent sections as a defence against
we identify combinations of emerging technologies and other modes of grey zone hostility.
how they can be used to win in the grey zone.

The five modes, their definitions, and our rationale for our
grouping of the scenarios, are as follows:
Use of proxy forces
A nation may leverage other nations’ military force to
achieve its aims, either overtly via formal agreements, or
covertly using deniable attacks or information operations
to provoke hostilities among third parties, which creates
favourable conditions for exerting influence. Governments
may sponsor terrorist groups or hire paramilitaries to act
in contravention of international humanitarian law, while
denying responsibility.
Economic coercion
There are numerous ways a state might aggressively wield
economic power, or limit that of its rivals. Trade sanctions
can force a rival government to capitulate to demands.
Denying access to trade routes or natural resources can
hold a nation’s economy hostage. Loaning money to a
country that cannot repay creates an obligation to settle the
debt in other ways.
Territorial encroachment
In the most extreme scenario, a state might one day
find itself occupied by enemy forces but unable to say
exactly how or when it happened. Troops may enter the
country under false pretences or even be welcomed in as
peacekeepers before gaining control. Aggressors may stake
spurious claims to disputed or neutral regions, or attempt to
incrementally seize territory from a sovereign state through
a process of attrition.

Defining the undefinable

We end this section with a caveat on terminology. Grey zone competition is vague and ambiguous by its nature, meaning there is a great deal of crossover between the modes of
conflict we have identified. An information operation may be conducted to obtain compromising material for use in extortion. Territorial encroachment may be the intended endgame
of economic coercion. Deniability runs throughout everything. Adversaries will combine and constantly switch these tactics, creating endless uncertainty and confusion. While it is
necessary to identify the themes that define grey zone competition, the reality defies silos. Consequently, these five modes cannot be tackled separately. To defend itself effectively,
a nation must develop an integrated strategy that cuts across all of them.
Deniable attacks
Scenario one: Cyber-attack on critical national infrastructure
Stuxnet has been called “the world’s
first digital weapon.” A virulent computer
worm, it was designed to exploit operating
system vulnerabilities in order to physically
affect machinery. It was believed to have
been used to limit Iran’s ability to produce
enriched uranium, by interfering with the speed of the
centrifuges used in the process. This type of malware
attack can be particularly effective because, to the
facility’s operators, it seems accidental. Significant time
and money may be invested in repairing what is believed
to be a mechanical fault, without ever addressing the
root cause. Stuxnet sought only to disrupt operations,
but similar techniques could be used against critical
infrastructure for catastrophic effect.
Mitigation
Preventing cyber-attacks has always been an arms race
between ‘white-hat’ penetration testers working to find and
fix vulnerabilities, and ‘black-hat’ hackers seeking to exploit
them. To find an edge, black-hats turn to more intelligent
technologies. AI and machine learning are now being used
to unearth vulnerabilities many times faster than any human.
As a result, the West must learn to counter that change - by
adapting its approach and entrusting some of its defences to
AI. If not, it will quickly fall behind.
Given that the number of more sophisticated attacks will
increase, organisations must shed today’s ‘fortress mentality’
of building firewalls and assuming nothing will get through.
Any future cyber strategy must also include a plan for recovery
following a successful attack. Coordinating that recovery when
an attack has taken out the power grid and communications
networks is an important consideration. Reliance on the
national grid and mobile networks must be augmented
by more resilient measures, based on newer technologies.
Traditional backup generators remain vital, but should be
backed by renewable energy sources paired with large-scale
battery storage, allowing continuity in case of fuel supply
issues. Mobile devices should be replaced with push-to-talk
satellite radio handsets, allowing secure communications
through encrypted channels during network outages.

Adapted countermeasures

Existing Adapted
Combination of firewalls Machine learning-driven
and manual penetration threat detection and penetration
testing to prevent testing match the pace of
cyber-attacks adversaries

Dependence on national Encrypted push-to-talk handsets

grid and mobile networks help co-ordinate the recovery
slows recovery effort offline
Standalone power generation
and storage provide energy
in blackouts
Scenario two: Electromagnetic attack on a financial institution
In financial services, timing is everything.
The system depends on a network of
precisely synchronised clocks that
allow banks to verify transactions and
protect against fraud. A small slip in
synchronisation can leave a bank unable
to account for vast sums of money, halting trading and
cutting-off consumer access to funds via ATMs and cash
registers. These clocks maintain synchronisation by
coordinating with the Global Navigation Satellite System
(GNSS), which is where the vulnerability lies. Through
readily accessible rudimentary equipment that costs only
a few hundred dollars, an adversary can jam or spoof the
GNSS signal, causing the clock’s timing to slip.
Mitigation Adapted countermeasures
Ground-based atomic clocks are often proposed
Existing Adapted
as a solution, as they can operate on parts of the
electromagnetic (EM) spectrum that are less prone to
Use of standard Use of atomic clocks –
interference. But, prevention is just the first part of a GNSS clocks - these these can safeguard against
counter-EM strategy. When an attack succeeds (and are vulnerable to jamming and spoofing
one will, eventually), every second that elapses before electromagnetic attack
the response increases costs. To react quickly, an
Human responders must Electromagnetic disruption
organisation must first be able to detect and diagnose
diagnose an EM attack by detection system used to
the attack. This is especially challenging, given that an
observing the symptoms immediately diagnose
EM attack’s symptoms are almost indistinguishable from the attack
other causes of network failure. Thankfully, detection
technologies are coming to market that address this
problem. Such technologies are a considerable step up
from the current reliance on human observation, and must
be part of any plan to identify and respond to EM attacks.
Scenario three: Using drones to shut down an airport
Approximately 1,000 commercial This is more reliable because it recognises the distinctive Adapted countermeasures
flights were diverted or cancelled disturbances caused by a drone’s rotors, and should be
across three days in December part of all future drone detection strategies. Existing Adapted
2018, amid reports of a
If detected, there are several ways to neutralise a drone. Drone detection depends 3D radar offers early
commercial off-the-shelf (COTS)
However, current methods that fit within regulatory on unreliable eyewitness detection and location
drone flying in London Gatwick
guidelines (like projectiles and nets) are hard to use reports of drone incursions
airport’s airspace. The incident affected around 140,000
against such nimble targets. A viable alternative is to use
passengers, cost the airlines an estimated £50m ($65m),
directed RF to interfere with the drone’s communications,
and produced a policing bill of almost £800,000 ($1m). It’s Hard-kill measures, such Directed RF counter-drone
take control from the pilot, or disrupt its flight control
impossible to put a figure on the total economic impact as projectiles or nets, system safely neutralises
systems. But regulatory barriers must be overcome to which are difficult to threats with precision
of the disruption - but it was felt domestically, and at the
allow decisive use of these tactics. In the meantime, deploy on target
airport’s many destinations. The effect of the incident can
airport operators rely on less effective methods.
be likened to a Denial of Service (DDoS) attack played
out in the physical world. Its deniability is underscored by
the fact that no drones were ever seized and no criminal
charges brought.

Mitigation
Detecting and tracking a drone can be challenging, due
to its agility and small size. A poor detection system may
be unable to differentiate between a drone and a benign
object like a bird or it may simply not detect the drone
at all. This can result either in false positives or failure to
flag legitimate threats. Today we rely on radio frequency
(RF) based detection systems that are vulnerable to
interference from other wireless signals, they can also
be evaded by drones operating on pre-programmed flight
plans. Acoustic sensors are another option, but are prone
to the same issues. The most effective step is to adopt
new technology in the form of three-dimensional radar.
Scenario four: An assassination by poisoning
In March 2018, Sergei Skripal, a former The use of sensor technology to detect evidence is Adapted countermeasures
Russian double agent for the UK’s vital in presenting a case for diplomatic or economic
intelligence services, was found unconscious, sanctions - whilst also acting to deter future attacks. Existing Adapted
convulsing and foaming at the mouth on a Fusing data from multiple sources provides more detail,
public bench in the English city of Salisbury. giving each individual operator the full picture - rather Multiple operators Fusing data from multiple
must share disparate sources gives each operator
Along with his daughter Yulia, Mr Skripal than each operator working from disparate, incomplete
information to build an the whole picture
was found to have come into contact with a Novichok information. Today, this is predominantly a manual intelligence picture
nerve agent. process, and this disparate information must be shared
between multiple parties. Labour-intensive monitoring of Manual monitoring and Smart sensing and AI data
Subsequent investigations implicated two Russian GRU review of CCTV footage processing reduces the
footage is required to build the legal case.
intelligence agents who were nearby at the time of the builds the case for burden of manual review
attacks. Openly assassinating a citizen on another nation’s As such, exploring a better approach through smart sanctions
soil is a big diplomatic risk, with strong potential to sensing technology with built-in AI is an important next
escalate into full-scale war. A hostile state may, therefore, step. Automatically prioritising the data and fusing
sanction a covert assassination to avoid legal or political it intelligently will reduce the cognitive
consequences. burden on operators; accelerating the
process and minimising the risk that
Mitigation crucial details are missed due
An unclaimed chemical or biological assassination is more to fatigue.
dangerous than a claimed attack because the source may
remain unknown and untraced, increasing the likelihood of
contamination among the general public. The symptoms
of poisoning may be mistaken for illness or drug overdose,
leading to delays in treatment or threat containment.

Governments, particularly local authorities, must

understand how to react when a suspected case is
reported. This means knowing how to gather and share
intelligence effectively between agencies. In Salisbury, the
link to GRU was established by evidence gathered from
public CCTV, alongside open-source information compiled
by investigative reporting outfit Bellingcat.
Using emerging technologies to counter deniable attacks
As these four very different scenarios demonstrate, a deniable attack can take many forms. But, all share common traits.

The first common trait: the aggressor’s objective. This is to inflict harm or sow fear As cyber-attackers adopt AI to quickly find and exploit vulnerabilities,
while being able to plausibly deny responsibility. The best countermeasure is to generate AI countermeasures will be needed in order to keep pace; scanning
evidence that negates that deniability. This is likely to rely heavily on CCTV networks to networks for anomalies and flagging them to operators. Sensors
track suspects’ movements. Good CCTV infrastructure already exists in most major towns and data fusion will play a critical role in
and cities, but manually reviewing footage from multiple cameras is resource-intensive, the detection and attribution of drone
and can exhaust an operator’s attention span in less than 20 minutes. or electromagnetic attacks; allowing
operators to identify, locate and
To reduce the resourcing requirement and cognitive burden, existing infrastructure can
neutralise unmanned aircraft or
be augmented with ‘smart sensors’ and data fusion techniques that prioritise data before
EM jammers, before they can
presenting it to the operator. This may be done at ‘the edge’ – a simple example being
cause irreversible damage.
cameras that only record when they detect movement – or post-capture, using AI-driven
image recognition software that trawls stored footage, selecting only the clips most likely Resilience in the event of an
to be significant. attack on critical national
infrastructure will come through
The second common trait: the way in which organisations and societies must prepare
technology that allows responders
for such attacks. For some of these scenarios, there are technologies that can help to
to operate without mains power
prevent an attack - such as firewalls for cyber-intrusion and secure GNSS receivers for
or telecommunications. Secure push-
electromagnetic attacks. Other scenarios cannot yet be prevented, and so the focus must
to-talk satellite radio will allow recovery
instead be on identifying that an attack has occurred and managing the consequences.
co-ordination via offline communication,
Organisations must be able to answer the following questions: while standalone electricity generation and
energy storage will aid continuity during
- Detection: How will you identify that an attack is taking place? an attack on the power grid. In all cases,
- Attribution: How will you diagnose the nature of the attack and pinpoint the source? organisations must train employees to
recognise emergencies and test their
- Resilience: What steps will you take to minimise disruption and recover quickly? responses in simulated attacks.
Information operations
Scenario one: Foreign electoral intervention
A 2017 report from the US Office of the Mitigation Adapted countermeasures
Director of National Intelligence (ODNI),
The sheer volume of online propaganda can exhaust citizens’
drawing on input from the FBI, CIA, and Existing Adapted
critical thinking. Institutions currently charged with finding and
NSA, concluded with ‘high confidence’
exposing the truth, such as the media and independent fact-
that Russian President Vladimir Putin Human approach - Human-machine teaming -
checking organisations, cannot keep up with the pace at which media and independent machine learning systems
ordered a propaganda campaign to
misleading content proliferates. fact checkers are characterise malign
influence the 2016 presidential election. Whether the
the front line against influence and flags data
campaign successfully altered the outcome is uncertain, The strategy needs to shift to human-machine teaming to
disinformation campaigns to dedicated teams of
but the intent is clear. Propaganda itself is nothing new, redress the balance. AI and machine learning can be used as counter-propagandists
but today’s technology equips propagandists with the an ‘disinformation early warning system’, monitoring the web for interrogation.
tools to make it more deceptive, less traceable, and for suspicious patterns - such as sudden spikes in mentions of
further reaching. AI enables the creation of convincing a particular topic among accounts registered in certain regions.
‘deep fake’ videos, which can make it appear that a public The machine can characterise patterns likely to indicate
figure is saying or doing something abhorrent. Content malign influence and then flag them to a human operator,
can be disseminated to millions of social media users who can interrogate the data. This approach may require a
via anonymous accounts. AI bots can amplify online dedicated team working as part of the government’s cyber
messages en masse to create an illusion of consensus. defence agency, sharing non-sensitive data with media and
All of these tactics and more are designed to erode independent fact checkers to encourage transparency
the target nation’s trust in its public institutions and and objectivity.
undermine its democratic decision-making ability.
Scenario two: Cell site simulators intercept
and falsify communications
During the ongoing occupation of Crimea
by Russian forces (see subsequent
chapter: Territorial Encroachment),
Ukrainian soldiers have received
demoralising and threatening text
messages from anonymous senders.
Examples including: “they’ll find your bodies when the
snow melts,” “leave and you will live,” and “nobody needs
your kids to become orphans”. Some messages falsely
claim that the soldiers’ superiors have abandoned them,
and there are even reports that texts have been sent to
soldiers’ families, informing them of their loved one’s
death in service.
The source of the messages is believed to be a ‘man-in-
the-middle’ attack (MITM). In this, a device masquerading
as a mobile phone signal tower – known as a ‘cell site
simulator’ or ‘international mobile subscriber identity
(IMSI) catcher’ – intercepts phone signals, allowing them
to be covertly monitored or spoofed. This allows highly
targeted messages to be sent to anyone whose phone is
tricked into connecting to the device.
Mitigation Adapted countermeasures
A combination of two factors creates a perfect storm for MITM
Existing Adapted
attacks. The first is the accessibility of cell site simulators,
which can be bought online at low cost and operated with
Unsecured personal Adopting secure
only moderate technical expertise. The second is the ‘bring devices vulnerable to communication handsets
your own device’ culture that now prevails across virtually all espionage and spoofing eliminate vulnerability
professions, including defence and security - the increased use
of personal devices in security-critical roles has created a new
3G and 4G networks 5G offers greater resistance
threat vector.
susceptible to man-in- via improved encryption
To safeguard against interception, Western defence and the-middle attacks using and verification – but
security organisations must move to push-to-talk satellite cell site simulators must be tested
radios or other secure handsets. This will reduce the potential
for spoofing, but not the issues posed by personal devices.
Fortunately, the advent of 5G networks offers a ray of hope.
These networks offer improved encryption and verification.
Thus, Western nations need to work on how best to augment
existing communication devices with 5G connectivity, and
how to encourage the use of personal devices that use 5G
as a primary connection. But there is a trade-off. The rollout
of a new generation mobile network creates the possibility of
unforeseen vulnerabilities; so thorough testing and assurance
will be critical in moving to 5G.
Scenario three: Erroneous reports of drones
shut down an airport
The previous chapter looked at Mitigation Adapted countermeasures
how a commercial off-the-shelf
To be confident of a drone false-positive at an airport requires
drone being used to disrupt Existing Adapted
a large body of evidence – one which gives a comprehensive
airport operations can be
oversight of the airspace and everything in it. A 3D radar
detected and neutralised. But Declaring absence of Lack of suspicious activity
system can find a drone when there is one present. But threat dependent on on 3D radar increases
what if there is no drone? It is
crucially, it can also be used over time, in the absence of elapsed time with confidence of absence of
now thought that two drones were involved in the London
intruders, to establish what the normal pattern-of-life looks zero sightings threat over shorter timescale
Gatwick incident, but at the time it was not clear whether
like. In the event of a hoax report, the airport can verify the
many of the reported sightings were genuine, hoaxes,
claim. Instead of waiting until sufficient time has passed
or honest mistakes by an anxious public caught up in
before reopening, the drone’s presence can be quickly
the media furore. It did not matter – the severe safety
ruled out, by comparing current airspace activity to the
implications of getting it wrong meant that if there was
established baseline.
any doubt at all, action had to be taken. The point is this:
an attacker could have achieved the same effect with a co-
ordinated series of manipulated images on social media
and a few hoax phone calls to the airport’s security team.
In the event of a hoax report, how do you prove there is not
a drone in your airspace?
Using emerging technologies to counter information operations
While a deniable attack produces a direct effect, such as a technological failure or the loss of life, an information operation
seeks to trick human targets into acting against their own interests. The ability to refute misinformation at scale and
communicate rebuttals to those being targeted is a matter of national security - but is impossible through human labour
alone. A shift to human-machine teams is required.

An AI based early warning system – ‘radar for disinformation’ – could monitor

vast swathes of open source online activity, identifying patterns that indicate
hostile information operations. And a dedicated ‘rapid rebuttal team’, working as
part of the nation’s cyber defence agency, could coordinate with social media
companies, fact checking organisations, and traditional media outlets; curbing
disinformation’s spread.
But reliable data is key to dominating the information domain. Continually
amassing data establishes a baseline against which to measure interference
or disruption. This could be online data about chatter in social networks, or
real-world data about airspace activity. A good machine learning algorithm
can identify and flag deviations from normality, characterising them as threats
or benign. The humans in the loop can then focus their attention on resolving
threats, rather than monitoring and assessing the entire environment.
In addition to refuting disinformation, some circumstances make it possible to
influence the channels through which it is disseminated - limiting its circulation.
Government censorship of information in the public domain may be deemed
incompatible with a free democratic society, but working with social media
companies to develop tools for exposing disinformation may help users to
make better informed choices about the material they share; limiting hostile
propaganda’s legitimacy. For private communications, end-to-end encryption
(which will be built into 5G) can safeguard against interception. The most
sensitive communications should be conducted through secure channels that are
impervious to interception and espionage - like encrypted satellite radio handsets.
Use of proxy forces
Scenario one: Hostile state leveraging foreign fighting forces
History is replete with examples
of nations using proxies to
achieve military aims abroad
without committing their own
troops. There are ample reasons
– the first is economic.
For a developed nation, deploying its own army overseas
is expensive. In return for putting their lives on the line for
their country, soldiers can very reasonably expect a salary
and a pension – or compensation for their families,
if killed in service. To save money, an unscrupulous state
may outsource its military operations to the soldiers of
less developed nations, or private militias, who will do
the job for less.
The second reason is political. News of sovereign troops
being killed in unpopular foreign wars can quickly turn
the tide of public opinion. A government may therefore
use proxies to make a conflict more palatable to citizens.
The third reason is to evade accountability. Using proxies
makes it easier to conceal intent from other nations, or
deny involvement altogether. It can also provide cover
for aggressive and unethical tactics that contravene
international law, without those actions being attributable.
Mitigation Adapted countermeasures
The use of proxies, perhaps deploying in unmarked uniforms
Existing Adapted
or posing as allies or civilians, may form part of a concerted
attempt to make the battlespace more confusing and
Unmanned aerial systems Unmanned aerial systems
ambiguous to defending forces. Intelligence and data therefore for visual surveillance modified with software-
hold the key to disambiguating the battlespace. Signals defined multifunction
intelligence (SIGINT) technologies, fitted to military drones lidar for ISR
and other small airborne platforms, can build a virtual map
Disable communications Electronic and directed
of the enemy’s comms activity, identifying their key strategic
nodes using explosives or energy weaponry adopted
locations and establishing connections between individuals
other kinetic munitions to covertly disable enemy
and groups. Other intelligence, surveillance and reconnaissance communications
(ISR) technologies use multiple sensor types to ‘unmask’
enemy forces exploiting the fog of war. For example, software-
defined multifunction lidar (SDML) allows a single payload
to switch between several ISR and communications modes.
Functions include 3D mapping of a scene, such as a building
or compound; marking a target in the field; and characterising
unmarked or camouflaged vehicles – even offering clues
about their likely intent.
Not only can a proxy’s communications provide intelligence
through interception, they can also be interrupted - limiting
the proxy’s ability to operate entirely. Western states must
make greater use of jamming or spoofing to disable
enemy communication signals, and employ directed
energy weapons to covertly sabotage communications
nodes. Unlike explosives and other kinetic munitions,
these methods do not alert the enemy that an attack
has taken place; sowing confusion and uncertainty.
These technologies therefore have the power to break the
cohesion of enemy networks, as they attempt to fight in a
communications blackout.
Scenario two: Terrorism on home soil
Terrorist acts are broadly defined as
unlawful attacks, often on civilian targets,
in pursuit of political or ideological aims.
Though typically carried out by non-state
groups, these groups can be state-
sponsored. Terrorism’s manifestations
are diverse, and its tactics continually evolve in response
to changing security environments. The 21st century
began with atrocities involving passenger aircraft; such
as the devastating attacks of September 2001 and the
intercepted plot to blow up multiple transatlantic airliners
in 2006. Subsequent airport security reforms led attackers
to focus on softer targets, like the London Underground
bombings in 2007, and co-ordinated marauding attacks
involving multiple gunmen in Mumbai in 2008 and Paris
in 2015. Advances in surveillance and intelligence have
made it harder for groups to obtain weapons and bomb-
making materials, or plan attacks without discovery. This
has led to less sophisticated, less predictable strikes
by ‘lone wolves’ using unconventional weapons like cars
and kitchen knives. But, monitoring multiple, disparate
individuals suspected of plotting lone wolf attacks puts
a heavy burden on policing and security resources.
Mitigation Adapted countermeasures
Modern terrorist groups often lack a central command
Existing Adapted
structure, consisting instead of scattered, loosely affiliated
individuals and groups inspired by a common ideology. The
Human web monitoring AI and machine learning
so-called ‘Islamic State’ was among the first to recruit and user reporting of monitoring, coupled with big
internationally through social media. The information space extremist content online data for intelligence picture
remains a key battleground, in which AI and machine learning
will be vital to quickly identifying and removing extremist
Armed response Use of novel weapons to
content. Big data drawn from social media activity can help to
teams deployed to intervene covertly, reducing
trace content to its sources and, by monitoring online activity,
end hostage situations risk to hostages
even predict and intercept attacks.
Physical security measures can also help to protect the public
from attacks. Examples include defensive street infrastructure
or deployable vehicle arresting systems to stop cars being
driven into crowded public places. And, where an attack cannot
be prevented, governments should explore the adoption of
technologies that can help to bring it to a swift, safe resolution.
In future, novel weapons, such as those employing directed
energy, may be used to disarm or incapacitate terrorists
quickly, covertly and remotely.
Using emerging technologies to counter use of proxy forces
The importance of knowing one’s enemy has been reiterated since Sun Tzu wrote The Art of War in the 5th century, but
the modern use of proxies can make it a difficult principle to follow. Intelligence should be gathered from every available
source – and a connected world in which communication is ubiquitous provides ample opportunity. The physical
presence of proxy forces can be established, and their identities and loyalties deduced from their communications via
SIGINT and other ISR technologies, such as SDML.

Online activity also leaves clues (as demonstrated through open-source intelligence
investigations by outfits like Bellingcat), whilst AI can monitor enormous volumes of
online content in order to identify extremist activity. But, by blending the data from
multiple intelligence sources, it’s possible to see the whole picture - building a detailed
understanding of enemy locations and activities.

Once an enemy is known, they may need to be engaged in combat. In the absence of a
dedicated headquarters to attack, and with units spread out across regions or embedded
in civilian communities, disabling enemy communications through electronic weapons can
break their cohesion; isolating them and leaving them vulnerable. However, friendly forces
must maintain the ability to communicate through equipment that operates independently
of civilian infrastructure.

In hostage situations and other operations that pose a high risk to civilians, directed
energy may be used as an alternative to conventional weapons. Not only can this
minimise collateral damage, but the absence of noticeable effects can help to maintain
calm among civilians and avoid notifying the target that a response is underway -
extending the window in which to bring operations to a safe conclusion.
Economic coercion
Scenario: Adversary leverages ownership of critical assets
Throughout history, the capture or
destruction of critical infrastructure
has played a significant role in warfare
– from the aerial bombing of industry
in World War II, to the so-called Islamic
State’s seizure of Iraq’s biggest oil
refinery in 2014. But, in the grey zone, these aims are
achieved through economic might, not military force.
Infrastructure is not seized or destroyed, but bought.
Many media outlets have cited the example of Sri Lanka’s
ambitious project to build a port in its Southern Province,
on a key shipping route linking Asia and Europe, in 2008.
They reported that more than 85% of the multimillion-
dollar cost was footed by the Export–Import Bank of
China. But after the port opened in 2010, it failed to attract
the business needed to repay the initial investment and
subsequent loans. To settle the debt, Sri Lanka gave the
port (and 15,000 acres of its surrounding land) to the
Chinese government, in a 99-year deal. The transaction
has given China a strategic foothold in a region of
significant military and commercial importance.
Mitigation
In the cyber domain the key is equally technical, focused on
Investment in global infrastructure is not a threat in itself -
rigorous testing. The risks of relying on adversary-controlled
but the resulting ownership of that infrastructure can be.
digital infrastructure must be mitigated through thorough
For example, the owner of an international gas pipeline
technical analysis and examination - identifying backdoors and
can switch off the supply until certain political demands
other weaknesses that an attacker may exploit. Maintaining
are met. The owner of a port can militarise it to expand its
air gaps between the main infrastructure and critical local
sphere of influence in a region. The owner of a nation’s digital
systems also increases their security, whilst employee
infrastructure can build in backdoors that can be exploited to
training can reduce risky behaviours. The resilience measures
launch cyber-attacks. Keeping domestic infrastructure under
sovereign control may seem an obvious solution, but is not discussed in the ‘Deniable Attacks’ chapter of this report are
possible in all cases – particularly where assets like pipelines also highly relevant.
and fibre-optic cables cross international borders. In such
instances, it’s critical to understand how another nation’s
control of an asset or service could be leveraged for purposes Adapted countermeasures
of coercion - and implement measures to prevent or minimise
the threat. Existing Adapted
Traditionally, this required the application of direct military
Adversaries’ violent Adversaries’ purchase
force. But emerging technologies are beginning to offer a seizure or destruction of critical infrastructure
way to deliver the same outcome without crossing the of critical infrastructure disincentivised by capability
threshold of open war. In the case of a takeover of physical opposed with military overmatch at standoff range
territory – the greatest threat is the militarisation of this new force
space. For example, an enemy state may seek to expand its
strike range by positioning missiles on newly acquired terrain.
To counter this, opposing states must ensure their sphere of
influence overlaps with that of the adversary, by implementing
technologies that bring the enemy (and its offensive
capabilities) within striking distance – for example, satellites
and unmanned systems for reconnaissance, and advanced
long-range weaponry to bolster deterrence. This removes the
advantage of controlling the territory, along with the incentive
for an adversary to militarise this space.
Using emerging technologies to counter economic coercion
Launching a military response to another
nation’s economic endeavours is disproportionate
and arguably illegal, so any such direct interference
in those projects is likely to spark conflict.
The most appropriate responses are diplomatic
and economic – but conventional military power
is still necessary as a deterrent against the
exploitation of economic dominance for
military purposes.

Imagine an adversary’s generation of economic power as analogous to the

manufacture of a sword. You can’t stop them from manufacturing the weapon,
but it is possible to make wielding it ineffective – for example, by building armour to
deflect the blade, and designing better weapons to outmatch it. Similarly, our ‘cyber
armour’ must be robust enough to deter and deflect attacks, and our ‘cyber weapons’
more capable. Achieving technological dominance removes an adversary’s incentive to
weaponise its economic power, and without the need for provocative or unethical action.
 Territorial encroachment

© Crown Copyright 2020

Scenario one: Adversary seizes control of strategic sea lane
Around a third of the world’s Similar disputes could soon be seen in the northern Adapted countermeasures
shipping is believed to pass hemisphere, as melting Arctic sea ice, driven by climate
through the South China change, opens up new shipping lanes and untapped oil Existing Adapted
Sea each year, carrying an and gas reserves in the region. Russia is already seeking
Visual or radar tracking UAV-mounted signals
estimated $3trn in trade. geological evidence to justify the expansion of its Arctic
of vessels in the area, intelligence technology
This, along with its huge fish border northwards, while Canada and the US stake sometimes unable to to better ascertain
stocks and oil reserves, makes it one of the planet’s competing claims in the Beaufort Sea. distinguish between vessels’ intent
most strategically important maritime regions – and civilian and hostile craft
consequently one of the most fiercely contested. Several Mitigation
nations have claims to territory based on their inhabitation Should an adversary be suspected of attempting to seize Manned patrol vessels Low-observable unmanned
of the region’s islands, but many such claims are disputed. a vital shipping route, evidence must be gathered to justify or aircraft conduct vehicles, operated from a
diplomatic or military intervention. Traditionally, this is reconnaissance, risking manned ship positioned at
China is keen to assert its presence, but understands the escalation standoff distance
achieved through cameras or radar, but these are now less
consequences of overtly invading islands. So, it’s devised
effective. For example; China has started to use deceptive
a novel solution – building its own. Around 2013 it began
tactics to mask its true intent; such as fishing boats that
dredging sand and depositing it on rocky outcrops and
conduct covert surveillance operations. Instead, nations
reefs. It claimed to be constructing lighthouses and other
must adapt their approach and monitor the types of signal a
navigational aids, but subsequent years have seen the
vessel emits and receives, using signals intelligence (SIGINT)
addition of airstrips, ports, radar facilities and reinforced
technology to identify suspicious activity and determine intent.
bunkers. While China continues to deny military intent,
This type of reconnaissance is best conducted using low-
Admiral Philip Davidson, commander of the US Indo-Pacific
observable airborne and subsea unmanned vehicles, as the
Command, had said: “China is now capable of controlling
presence of manned vehicles risks escalating tensions.
the South China Sea in all scenarios short of war with
the United States.”
Scenario two: Annexation of sovereign territory by a hostile state
In early 2014, Ukraine was Mitigation Adapted countermeasures
recovering from a series of
As with encroachment at sea, evidence of malicious intent
mass protests and violent
is essential to justifying and mounting a defence. The land Existing Adapted
clashes that toppled the
environment poses both hindrances and opportunities for the Single or few SIGINT Multiple SIGINT sources
government and ousted
defending force. Populated, congested environments provide sources to monitor providing data that is
President Viktor Yanukovych.
cover for insurgents, but their use of local infrastructure movements of individuals then fused to build a
Amid the chaos, mysterious non-uniformed soldiers appeared
can be leveraged through SIGINT to identify them, monitor or groups tactical picture
in Crimea, taking control of government buildings and airports.
their movements, and determine their intent. However, the
Telecommunications infrastructure was disabled and fibre-optic Destroying enemy Covertly disabling enemy
increasing availability of encrypted channels creates a need
cables tampered with, isolating the region from the outside infrastructure using infrastructure using
to augment intelligence collection with smarter signals projectiles or explosives directed energy
world. Pro-Kremlin rallies were held in the streets, demanding a
intelligence tools. This will allow defence and security teams
referendum on Crimea’s accession to Russia. The referendum
to draw smaller scraps of information from a broader range of
was held, with 95 per cent in favour - although its legitimacy
sources, combining them into a more meaningful picture.
has been questioned against a background of military
occupation and reports of voter intimidation. But ultimately, The West must also be more proactive in how it uses new
Russia took Crimea without a fight. technologies. Capabilities that enable deniable attacks may
The annexation of sovereign territory may be the ultimate be appropriate to slow the advance of hostile forces, limiting
goal of an aggressive grey zone strategy, with the aggressor their ability to co-ordinate. This may include cyber-attacks,
employing every trick in the book to create the ideal conditions or the deployment of directed energy weapons to disable
for occupation. In seizing Crimea, Russia took advantage of communications nodes or other important assets. Counter-
the power vacuum left by the ousted President. It exploited propaganda efforts, like those discussed in the Information
divided loyalties among the region’s people, based on a deep Operations chapter, may also be needed to limit the spread
understanding of public sentiment and the ability to influence of disinformation; preventing the kind of public confusion that
it. And, it leveraged defectors from Ukraine’s armed forces, adversaries can exploit.
including the deputy commander of its navy, Sergei Yeliseyev;
who in 2014 became deputy chief of Russia’s Baltic Fleet.
These events show that encroachment can occur with little
resistance – if information operations and deniable attacks can
generate sufficient instability, and if coercion is used to weaken
loyalties among the right people.
Using emerging technologies to counter territorial encroachment
Once an adversary has seized control of a region, any attempt to retake it is likely to require traditional military force,
which in turn is likely to escalate into full conflict. If the adversary captures the region without open or significant violence,
the recovering/rescuing military force may be the one to fire the first shot – handing the adversary an immediate
advantage in the battle for hearts and minds. The best strategy is therefore one of prevention and deterrence, which
requires adapting existing assets to be more effective at distance.

The key is detailed intelligence and situational awareness. The defending force must
understand and unmask the adversary’s true intent, both to stay ahead of the threat and
to produce evidence of wrongdoing - should escalation become necessary. This cannot be
achieved through a traditional, visible military presence. Troops, tanks or aircraft carriers
in contested regions are likely to provoke conflict – so it’s vital that reconnaissance can
be conducted covertly, and at standoff distances. Operating from a neutral location,
the defending force can draw on sensor data from multiple sources, including satellites
and low-visibility unmanned systems in the contested region. This data can be relayed
through secure comms channels to a data fusion engine, which will turn it into actionable
intelligence, presenting it to the operator through an intuitive interface.

The adversary must also be shown they cannot win in the event of escalation. While
overt displays of conventional military power in the contested region are impractical,
they can take place in neutral territory, through collaborative live exercises between
international allies. These serve multiple purposes: mission rehearsal in case of the need
for intervention, testing and assurance of tactics and hardware, and a display of force to
deter encroachment. Of course, exercises in friendly territory alone can’t fully replicate
the geography and conditions of the contested region. Factors such as ocean currents,
prevailing winds and land relief in the disputed zone may differ significantly from those
in the training environment, creating unknowns for forces in theatre. To bridge this gap,
geographic data can be used to generate realistic simulations of local conditions.
By augmenting live exercises with virtual training, trainees can gain a better
understanding of the region, increasing combat readiness.
Five modes of grey zone
Scenario: Cyber-attack on utilities
Existing
- Manual pen testing
- Dependence on national grid
- Dependence on mobile
networks
Scenario: EM attack on bank
Existing
- GNSS clocks
- Manual identification
of attack
Deniable attacks Information operations
Scenario: Drones shut down airport Scenario: Foreign electoral intervention
Adapted Existing Adapted Existing Adapted
- Machine learning driven - Eyewitness reports - 3D radar for early detection - Manual fact checking to - Human-machine teaming to
pen testing - Hard kill measures - Directed RF counter identify disinformation identify disinformation
- Standalone power generation (nets and projectiles) drone system
and storage
- Encrypted push to talk
handsets
Scenario: Assassination by poisoning Scenario: False text messages
Existing Adapted Existing Adapted
Adapted - Disparate information shared - Disparate information fused - Unsecured personal devices - Secure handsets
- Manual CCTV monitoring - Smart sensing and AI-driven - 4G networks
- Atomic clocks CCTV review
- EM detection system
 Use of proxy forces
Scenario: Proxy fighting force enters city
Existing
- Drones for visual surveillance
- Detectable explosives to
disable comms
Scenario: Terrorist attack on office
Existing
- Manual web monitoring
- Armed response teams for
hostage situations
Adapted
- Drones for signals intelligence
- Undetectable directed energy
weapons to disable comms
Adapted
- AI-based web monitoring
- Novel covert weapons to
reduce risk to hostages
Economic coercion
Scenario: Adversary purchases and
turns off oil refinery
Existing
- Military force employed to
seize control
Territorial encroachment
Scenario: Adversary seizes sea lane
Existing
Adapted
- Radar tracking of vessels
- Capability overmatch deters in area
adversary from initial - Manned patrol vessels
purchase conduct reconnaissance
Scenario: Annexation
of sovereign territory
Existing
- Few signals intelligence
sources
- Destroy enemy infrastructure
using explosives or
projectiles
Adapted
- UAV signals intelligence to
assess vessels’ intent
- Covert unmanned vehicles
operated at standoff distance
Adapted
- Multiple intelligence sources
fuse data to build
tactical picture
- Covert disabling of enemy
infrastructure using directed
energy weapons
handsets
Recommendations
The technologies in this report should be part of the West’s strategy to adapt to the nature of current threats. But
adopting them is only half the battle. Doing so in a safe, assured, and effective way is more complex and relies on making
several overarching strategic changes, all of which relate to the culture, methodology and doctrine of conflict.
The recommendations that follow are designed as underpinning principles on which to base the implementation of
emerging technologies. If adopted, they will assure these changes for operational use and accelerate the defence and
security transformation process.

1
 Adopt the principles of Fusion Doctrine
We have already established that grey zone
campaigns do not discriminate between defence and
security operations, and do not ignore public services
and critical infrastructure. An effective response
needs to mirror that stance and be based on fusing
the knowledge, skills and tools of them all. That is
not to say that defence and security teams aren’t
already working together. In many countries they are
doing so very successfully, and the overall rhetoric
around modern threats is moving strongly towards
greater recognition of the need to combine skills and
experience. But there are two ways in which this
can improve.
The first is to move the integration of defence and
security from operations to strategy. Whilst many nations
are building joint operational capabilities designed to
integrate tactical activity, it is at the strategic level where
more connected thinking is required. The way these
organisations gather and share intelligence; the way they
plan future capability; the way they share resources; and
the way they share doctrinal and concept development
should be connected at the outset to better reflect grey
zone campaign characteristics.
The second is to swell this integration of defence
and security forces to encompass public services and
critical infrastructure to bring to life the principles of
Fusion Doctrine. The responsibility for national security has
expanded into the foundation systems
of modern society. The increased digitisation of national
infrastructure processes has made it a target for state
and non-state actors alike, and has increased the number
of potential ways into the fabric of Western democracies.
This means those responsible for the security of everything
from power stations to banks and broadcast infrastructure
have to be considered as an extended part of any national
security service, and therefore incorporated into the
strategic integration of defence and security required to
mitigate the threat of grey zone campaigns.
2 3
 Make innovation mission-led
Any technology changes designed to adapt
conventional capability need to be driven by the
outcomes that users need to achieve. Today’s
culture often leads to a top down approach, where
senior decision makers take a technology-led
pathway to change. This often leaves the end user
without significant input, and the end result lacking
optimisation for operational effect.
A mission-led approach to innovation ensures that
all new ideas – be they about equipment, process
or doctrine – are driven solely by the mission
outcomes users have to achieve, and never be
compromised by any individual’s or organisation’s
agenda. As Western nations progress their adaption
to grey zone conflict it is imperative that the
innovative change required is mission-led from
the outset, guided by the people actually engaged
in the fight. A major consideration for achieving
this change is that the proliferation of technology
has significantly increased the number of people
involved in conflict, and they can be distant from any
territory that is being disputed. This means conflict
will not conform to set piece scenarios so tracking
the rapid changes to each mission as they occur
and ensuring constant alignment will be a critical
part of maintaining mission-led innovation.
Embrace positive experimentation in practice
A
 dapting at the pace of relevance requires a different
attitude to risk than Western defence and security
organisations currently accommodate. Some states
are better than others at recognising the role of
experimentation in conflict, but overall there is a
significant mismatch between the appetites of allies and
adversaries to experiment with unproven technologies to
achieve their objectives. Some of that is rightfully due to
the legal and ethical boundaries Western states refuse
to cross. But a lot comes from entrenched systems
and processes that are optimised for precision and
certainty, often at the cost of timeliness and impact for
the user. This approach makes sense when bringing
submarines or aircraft carriers into service, where
there is a need to produce an acceptance specification
and assure the asset for 20 years or more. But such a
process is incompatible with tackling short-term hybrid
threats, which may evolve beyond recognition or even
disappear within months. The requirement is to act
immediately and adopt a willingness to use experimental
technologies, tools and techniques at an earlier stage of
readiness in live environments as part of a continuous
cycle of learning and optimisation. Experimentation
and prototyping are designed to explore potential.
They prioritise acting at high speed and at low cost,
compromising on performance in the early stages of
development. Adjusting the direction of travel therefore
requires more than just a series of technical changes.
It requires a shift in the defence and security mindset,
one which stimulates a more systemic approach to
introducing innovation. This needs to be part of a
continuous cycle of learning, development and adoption
– assessing how new technologies and systems allow
forces to operate differently, and constantly adapting to
reflect those findings.
4
Make testing perpetual and dynamic
The constant process of experimentation
above does not diminish the need to assure new
technology before it gets into the hands of users.
Indeed, given the response to grey zone challenges
requires broadening the role of conventional assets,
a wider range of capabilities will now need to be
verified, validated, and optimised before they
are adopted.
To match the pace at which threats change, a more
dynamic process of test and evaluation is required.
The speed at which adversaries create, adopt and
discard new tools means we need to switch to a
perpetual cycle of assurance that uses a constant
‘test, train, evaluate’ approach to relentlessly
improve performance, safety, and operational effect.
That cycle needs to start at the conceptual stages
of the adaption process, run through every stage of
development, and remain active during operational
use to be truly effective.
Using live testing alone makes that process
expensive and complex. Introducing a greater mix
of synthetic and live testing that can harness the
power of simulation and modelling is better suited
to a dynamic approach. Where live testing is still
required, there should be a rebalancing from fixed
to mobile so the evaluation sits with, or is taken to
the platform to reduce the time out of service. The
use of a digital thread is an important part of this
change. Having a single assured thread of data
to which all trusted parties contribute and have
access, speeds up the process of integrating and
sharing test and evaluation evidence in a secure
way, making incremental assurance faster.
5 6
Encourage an open architecture environment
M
 any in-service defence and security systems are built
using proprietary architectures. This means the digital
blueprints on which they are based are electronically
‘locked’ so they cannot be updated without reference
back to the Original Equipment Manufacturer (OEM). As
the proprietary architectures are also typically out of date
they require significant, time-consuming and expensive
work to implement updates and fully re-test to ensure
system integrity has been maintained. This makes it
impossible to quickly improve the functionality of assets
by adding new innovative algorithms, software or devices
that could make them better suited to countering grey
zone threats. Given those threats now emerge rapidly
and morph regularly, the West’s reliance on closed
architectures is going to prove a major hurdle to
speedy adaption.
Moving to a defence environment based on open
architectures – where digital blueprints are shared
so other trusted organisations can work with them
to test new ideas – is a debate gathering pace, and
one this report encourages. The challenge for defence
and security organisations is balance. How can such
critical systems be open enough to enable greater
flexibility and faster adaption, whilst remaining
closed enough to minimise the threat of exposure
to external vulnerabilities and protect the core
installed performance?
The opportunity is considerable. If attitudes to open
architectures improve, the ability to ‘plug and play’
with new innovation will give Western nations a way to
become more agile in the face of increasingly sneaky
and nimble adversaries. Finding a way to change those
attitudes by demonstrating the required balance of
openness and security is achievable should be a priority.
Make training more effective easily between traditional fighting skills to those
A consistent feature throughout the previous section is required for effective protection, deterrence,
the need for training to enable users to effectively employ assurance and civil support.
emerging technologies either standalone or as part of a And third, training should be more collaborative.
conventional capability. Earlier in this report we looked at Regular training with allies reinforces the message
the need for new skills across both defence and security. about how powerful integrated responses can be,
Alongside the expansion of skills into more cognitive and it provides a visible deterrent for adversaries no
fields, the process of training itself needs to change matter what novel tactics they may be exploring for
radically to increase both relevance and effectiveness. grey zone conflict.
First it needs to modernise as part of a wider
transformation. The linear
process of ‘train – deploy –
return – train again’ no longer
matches the constant nature
of grey zone campaigns or
the unpredictability of their
impact. Training should be a
constant process not a set piece of
activity so defence and security forces
can continuously adapt to changes in the
environment and incorporate new skills into the
way they operate. More training should take place during
deployment to shorten the timeframe for achieving
maximum strategic effect. This is particularly important
when force numbers are reduced but strategic effect
needs to be maintained.
Second, the spread of learning and development tools
needs to widen to make the most of novel technologies
including simulation, AI and autonomy. This is
particularly important given defence and security forces
should always be training across multiple generations
and incoming personnel are likely to be more
comfortable with new ways of learning. It also enables
a shift from basic ‘muscle memory’ training to more
cognitive training that enables individuals to shift more
Conclusion
The world in which we live and work has changed dramatically in 2020. But many of the threats facing Western states
remain constant regardless of the upheaval caused by Covid-19. Even as the unprecedented impact of this disease has
unfolded, grey zone tactics have continued to be implemented by adversaries. Some have taken advantage of the chaos
caused by the pandemic. A few have even targeted efforts to combat its progress, seeking to undermine those initiatives,
or to advance their own approaches through unethical means. But in many cases the grey zone tactics that have presented
themselves this year have been no different than those before Covid-19 hit. The suppression established legal frameworks
in Hong Kong for example, is a clear tactic for expanding China’s control over its territories and should be considered
‘business as usual’ in a grey zone world.

What has changed is a greater recognition that defence, security and civil environments
no longer function as individual domains. The support from military and security teams
for civil authorities and public services in many countries during the pandemic’s early
stages is a demonstration of how the need for all aspects of safety and security in society
need to combine their resources and skills to protect what matters most. As this report
has highlighted several times, grey zone tactics do not discriminate between them, so any
response must be integrated to be successful.
This presents an opportunity for Western nations who have the ability to connect the dots
across the constituent parts of their societies to create a more robust and secure stance.
This is an important step in being able to both deter and combat adversarial campaigns
in the grey zone. But this is only one part of the challenge. To truly succeed they need to
match the pace and agility of those adversaries but in a safe and assured way, all within
a financially constrained environment. That means making hard choices. It also means
adapting to a new approach that can deliver greater results in less time for less money.
Emerging technologies, and the science, research, and engineering required to implement
them effectively with suitable assurance, are vital for enabling that level of adaption.
The myriad of technology options available can make that complex. This report has
highlighted where bets should be placed and investments made. It has also suggested
that technologies alone cannot meet the need. There are several underpinning changes
that will convert concept into reality – including more appropriate training, a more dynamic
approach to test, more open technical underpinnings, and a greater acceptance of the role
of experimentation. They represent the difference between success and failure.
Western states must therefore free themselves of the age-old approaches that that have
bound their ability to adapt at the pace of relevance for decades. If they can do this, they
will be able to harness the potential of emerging technologies, adapt their conventional
capabilities with ease, and have a far better chance of neutralising the threats that keep
coming from those willing to engage in grey zone tactics.
Cody Technology Park
Ively Road, Farnborough
Hampshire, GU14 0LX
United Kingdom
+44 (0)1252 392000
insights@QinetiQ.com
www.QinetiQ.com

QINETIQ/20/03337