Professional Documents
Culture Documents
The response was a court martial and his subsequent resignation from the US military. Amidst that environment, the economic ramifications of managing the pandemic will present
He continued to campaign tirelessly about the coming age of air warfare until his death in further uncertainty for defence and security organisations. Saddled with significant debt, many
1936. Five years later the Japanese attacked Pearl Harbour by surprise from the air, killing nations will look to the defence community as an area for cost savings. In that fiscal climate,
more than 2400 people, destroying 188 aircraft and damaging or demolishing 8 warships. emphasis will shift from investment in large and/or complex enhancement programmes to new
ways to do more with what already exists. The role of emerging technology will be vital in the race
What McFate’s example shows us is that changing established mindsets is difficult, to adapt what we already have for the new normal.
especially when it comes to the future of conflict. But change they must. We cannot
hope to win against nimble and adaptable aggressors if we are not willing to recalibrate Success against this backdrop is going to require significant change in a number of
our thinking when confronted with new styles of engagement. areas – from our appetite for risk, to the equipment we use, the skills we employ and possibly
even the Rules of Engagement that define our legal and ethical boundaries. Technology, and in
The 21st Century is being defined by perpetual turmoil and unpredictability. Our adversaries particular novel emerging technology, will play a role in them all. It will enable us to expose our
understand how to use this to their advantage and, in many cases, how to engineer its adversaries’ tactics, mask our own activities, respond with greater effect, and increase the speed
creation for their own ends. Grappling with the unorthodox approach of modern aggressors – at which we can act. Understanding which ones to use, and how to integrate them as part of
from organised criminals to hostile states and private militias – has become harder than we ever adapting existing capabilities in a safe and assured manner is essential for making that possible.
imagined. Yet it is by no means futile. There is much we can do, not just to mitigate the impact
There is no doubt that uncertainty will continue to be a characteristic of future defence and
of our enemies but to get ahead of them and endure in this age of disorder.
security. However, of one thing we can be absolutely certain – if like Billy Mitchell’s superiors we
At the same time, the emergence of a new challenge in 2020 - dealing with Covid-19 – assume that what comes next will be the same as what went before we will not win, and we will
has changed our understanding of what it means to protect human life and global society. not be able to protect what matters most.
It is the very definition of unpredictability and it will affect the role of defence and security
organisations for the foreseeable future. But as the threat from the disease eventually recedes,
the challenges of clandestine conflict will remain, and is likely to grow and develop in the wake
Andy Thorp,
of the significant geopolitical change this disease has stimulated. Group Director - Business Development at QinetiQ
Introduction
The supremacy of Western forces in conventional military conflicts has driven adversaries to use alternative approaches
to achieve their aims. Such approaches explore the widest range of social, political, economic and military instruments
available to achieve maximum effect without provoking a conventional military response, or even being recognised as
formal acts of aggression.
Today’s adversaries will adapt through experimentation with emerging technologies at an early stage. They are experts at
the clandestine preparation of strategic conflict; and they emphasise the human, social, moral and cognitive domains, all
of which form a vital part of their doctrine. As a result, modern conflict has become more devious and covert.
This approach has generated many ‘buzzwords’ – What the West is currently facing is not new. The new skills to better combat current threats. From the
asymmetric, hybrid, 5th generation, and sub-threshold are broad themes of sabotage, espionage, deception, and perspective of deterrence, resilience, doctrine and tactics,
all names that have come to be associated with today’s encroachment, are enduring elements of conflict, relevant many Western nations need to consider how to forge a
adversarial campaigns. But it is difficult to put a single as recently as the Cold War. They are simply now more integrated response, aligned to the principles of
term around such a broad collection of activity, especially enhanced by new technologies that accelerate their effect, Fusion Doctrine, across all aspects of government, public
one that can also encompass tactics which have yet to make them harder to identify, and improve their impact. services, and national infrastructure
emerge. Doing so is also unhelpful because it creates The doctrine and philosophy of conflict are perpetual.
Emerging technologies may hold the key to success,
additional confusion in an environment where clarity is so Adversaries have just become more technologically
provided they can be employed in the right combinations,
essential to an effective response. capable of achieving their desired outcomes, which has
and with sufficient assurances around safety, reliability
allowed them to adapt faster, add greater variety to their
However, this report needs a way to refer to these types and operational readiness. But for many nations this
attacks, and increase the collective effect of their actions.
of tactics and campaigns. The easiest way to articulate creates another dilemma. How can they deliver on
this genre of engagement is to recognise its location – That has had an effect on the type of challenges Western traditional defence and security commitments, whilst
within the ‘grey zone’ that sits between routine statecraft democracies now face, and because grey zone activities simultaneously exploring the potential of novel ideas, all
and open military conflict. This is also the term most rarely discriminate between the different remits of without compromising current capability or affordability?
regularly referenced during the research undertaken defence and security forces, many of these challenges are
This is not a zero sum game. It is too early to abandon
to develop this report. common to both. This includes integrating and analysing
more conventional military capability because that is
vast amounts of data to create actionable intelligence;
what generates influence with allies and deterrence with
improving resilience to online crime and cyber-attacks;
adversaries. (This is a prime reason why grey zone
finding new ways to mask activities; and how to inject
tactics exist – because adversaries know that they are Existing analyses tend to focus on where this type of Successfully responding to grey zone campaigns requires
overmatched on conventional capability.) It is also too conflict has come from and the challenges it presents. some difficult decisions and ultimately a trade-off between
early to replace existing assets with new technology, This report is different. It recognises that adding to maintaining conventional deterrents and exploring new
which is untested and unproven. The solution sits between that debate is not going to address the issue. Instead ones. Being able to make strategic and tactical changes
the current and the future, where emerging technologies it explores the practicalities of countering grey zone that help balance those decisions is likely to be the best
are not used to replace existing capabilities but to adapt campaigns now, by using the right combinations of approach in the short term. This report is designed to
them to reflect the true nature of current global threats. emerging technology to adapt existing capabilities and support that process through visionary opinion that
This ‘mission-led’ approach to innovation offers the make them better suited to neutralising such threats. advances the debate, and practical guidance that
greatest potential return on investment. The challenge is supports immediate action.
how to implement it quickly, effectively and with the right
It will:
level of certainty.
- Outline the common challenges that grey zone activity
This report has been developed to provoke a new dialogue presents to both defence and security organisations, and
around how organisations can harness the potential of the most common modes of grey zone activity today;
emerging technology to successfully adapt conventional
defence and security capabilities and mitigate the impact - Offer the ten most promising types of technology
of adversarial grey zone campaigns – be they organized which offer the greatest potential for adapting existing
criminal gangs, international terrorist cells, or nation capabilities to these new threats;
states. It is based on the breadth of QinetiQ’s (and our - Provide guidance on how to bring these technologies
partners’) technology and engineering expertise, plus our together in the right combinations for known grey zone
deep understanding of international defence and security scenarios;
requirements, and our experience of creating, testing and - Provide recommendations on how to adopt these
using new ways to protect what matters most. technologies in a safe and assured way.
Common challenges
for defence and security
Grey zone tactics don’t discriminate between defence and security targets, and neither should the West’s responses to such
tactics. Western organisations must tackle, in an integrated way, the capability gaps that these tactics reveal - rather than
seeing them as discrete challenges to address individually. Below are six of the most pressing challenges of grey zone conflict
that are common to defence and security organisations.
1 2
vert displays of military strength have historically
O O
vermatching firepower has given Western powers The remaining option for defending against grey zone
been used to establish rapid dominance and the advantage for decades. It remains important aggression is to undergo a shift from firepower overmatch to
demoralise opposing forces. However, when an as a deterrent, and vital in the case of full war technological overmatch. To that end, we have identified ten
adversary’s aggressions are not explicit, the use of breaking out – but in the grey zone it must technology capability areas that can help the West reclaim its
explicit force in response looks to the outside world form part of a suite of tactics, rather than be advantage through technological superiority, without lowering
like excessive provocation. This gives the adversary seen as a solution on its own. Multimillion-dollar legal and ethical standards.
an opportunity to portray the defending force as the weaponry provides little advantage against
The following chapter examines each of these technology
aggressor, and provides them with justification for low-cost improvised devices, or other grey zone
capability areas in turn, drawing input from experts worldwide
further escalation. threats such as cyber-attacks or propaganda. This
on the current and future states of their specialist fields.
asymmetry is laid bare by the case of a US ally,
We also include a selection of innovative organisations to
which in 2017 was reported as having launched
watch in the coming years. The chapter comprises two
a $3m Patriot missile to shoot down a $200
categories of capabilities:
consumer quadcopter.
3
- Front line – those deployed directly in grey zone competition.
To fight fire with fire – that is, to ape adversaries’
unscrupulous tactics and use of unregulated - Supporting – those indirectly assisting grey zone operations
improvised weapons – would be to abandon the by aiding the design, manufacture, testing and assurance of
legal and ethical norms that the West has a duty the front line capabilities.
to defend. A race to the ethical bottom would only
serve to escalate aggression, resulting in avoidable
death, damage and casualties.
Power Sources, Energy
Storage & Distribution Robotics &
Autonomous
Systems
Novel Systems,
Weapons & Effects
4 5 Secure Communications
FRONT LINE
& Navigation
3
6
2
Cyber &
Electromagnetic
7
Activities
Sensing, Processing
1 & Data Fusion
SUP 8
PORTING
9
Artificial Intelligence,
Analytics & Advanced
Computing
Amanda Widdowson,
Thales Cyber and Consulting (UK)
“In the cyber security domain, the human is often the weak link in the chain. The Iranian power plants affected by
the Stuxnet computer worm were self-contained systems, protected by an ‘air gap’ that prevented attackers gaining
access remotely. A virus could only be introduced as a result of risky employee behaviours, or poor site security
allowing attackers physical access to computers – and when somebody plugged in an infected USB stick, that’s
exactly what happened.
Organisations must understand risky behaviours and take steps to tackle them. Employees may write down their
passwords, or allow intruders to ‘tailgate’ them through secure doors. Training and social pressures can help to
mitigate these – nobody wants to be remembered as the employee who let the attacker in – but these can be
coupled with technological solutions, such as new authentication methods. For instance, facial recognition and
biometrics could replace security passes and eliminate passwords, removing two major vulnerabilities.
Digital transformation and the Internet of Things will make systems more connected. Where there were once air gaps,
there will be none – so once an attacker finds an entry point they can cause harm across a much wider network.
Identifying and securing those potential vulnerabilities has never been more important.”
1 2 3 4 5 6 7 8 9 10
The five modes, their definitions, and our rationale for our
grouping of the scenarios, are as follows:
Use of proxy forces Economic coercion Territorial encroachment
A nation may leverage other nations’ military force to There are numerous ways a state might aggressively wield In the most extreme scenario, a state might one day
achieve its aims, either overtly via formal agreements, or economic power, or limit that of its rivals. Trade sanctions find itself occupied by enemy forces but unable to say
covertly using deniable attacks or information operations can force a rival government to capitulate to demands. exactly how or when it happened. Troops may enter the
to provoke hostilities among third parties, which creates Denying access to trade routes or natural resources can country under false pretences or even be welcomed in as
favourable conditions for exerting influence. Governments hold a nation’s economy hostage. Loaning money to a peacekeepers before gaining control. Aggressors may stake
may sponsor terrorist groups or hire paramilitaries to act country that cannot repay creates an obligation to settle the spurious claims to disputed or neutral regions, or attempt to
in contravention of international humanitarian law, while debt in other ways. incrementally seize territory from a sovereign state through
denying responsibility. a process of attrition.
Adapted countermeasures
Existing Adapted
Combination of firewalls Machine learning-driven
and manual penetration threat detection and penetration
testing to prevent testing match the pace of
cyber-attacks adversaries
Mitigation
Detecting and tracking a drone can be challenging, due
to its agility and small size. A poor detection system may
be unable to differentiate between a drone and a benign
object like a bird or it may simply not detect the drone
at all. This can result either in false positives or failure to
flag legitimate threats. Today we rely on radio frequency
(RF) based detection systems that are vulnerable to
interference from other wireless signals, they can also
be evaded by drones operating on pre-programmed flight
plans. Acoustic sensors are another option, but are prone
to the same issues. The most effective step is to adopt
new technology in the form of three-dimensional radar.
Scenario four: An assassination by poisoning
In March 2018, Sergei Skripal, a former The use of sensor technology to detect evidence is Adapted countermeasures
Russian double agent for the UK’s vital in presenting a case for diplomatic or economic
intelligence services, was found unconscious, sanctions - whilst also acting to deter future attacks. Existing Adapted
convulsing and foaming at the mouth on a Fusing data from multiple sources provides more detail,
public bench in the English city of Salisbury. giving each individual operator the full picture - rather Multiple operators Fusing data from multiple
must share disparate sources gives each operator
Along with his daughter Yulia, Mr Skripal than each operator working from disparate, incomplete
information to build an the whole picture
was found to have come into contact with a Novichok information. Today, this is predominantly a manual intelligence picture
nerve agent. process, and this disparate information must be shared
between multiple parties. Labour-intensive monitoring of Manual monitoring and Smart sensing and AI data
Subsequent investigations implicated two Russian GRU review of CCTV footage processing reduces the
footage is required to build the legal case.
intelligence agents who were nearby at the time of the builds the case for burden of manual review
attacks. Openly assassinating a citizen on another nation’s As such, exploring a better approach through smart sanctions
soil is a big diplomatic risk, with strong potential to sensing technology with built-in AI is an important next
escalate into full-scale war. A hostile state may, therefore, step. Automatically prioritising the data and fusing
sanction a covert assassination to avoid legal or political it intelligently will reduce the cognitive
consequences. burden on operators; accelerating the
process and minimising the risk that
Mitigation crucial details are missed due
An unclaimed chemical or biological assassination is more to fatigue.
dangerous than a claimed attack because the source may
remain unknown and untraced, increasing the likelihood of
contamination among the general public. The symptoms
of poisoning may be mistaken for illness or drug overdose,
leading to delays in treatment or threat containment.
The first common trait: the aggressor’s objective. This is to inflict harm or sow fear As cyber-attackers adopt AI to quickly find and exploit vulnerabilities,
while being able to plausibly deny responsibility. The best countermeasure is to generate AI countermeasures will be needed in order to keep pace; scanning
evidence that negates that deniability. This is likely to rely heavily on CCTV networks to networks for anomalies and flagging them to operators. Sensors
track suspects’ movements. Good CCTV infrastructure already exists in most major towns and data fusion will play a critical role in
and cities, but manually reviewing footage from multiple cameras is resource-intensive, the detection and attribution of drone
and can exhaust an operator’s attention span in less than 20 minutes. or electromagnetic attacks; allowing
operators to identify, locate and
To reduce the resourcing requirement and cognitive burden, existing infrastructure can
neutralise unmanned aircraft or
be augmented with ‘smart sensors’ and data fusion techniques that prioritise data before
EM jammers, before they can
presenting it to the operator. This may be done at ‘the edge’ – a simple example being
cause irreversible damage.
cameras that only record when they detect movement – or post-capture, using AI-driven
image recognition software that trawls stored footage, selecting only the clips most likely Resilience in the event of an
to be significant. attack on critical national
infrastructure will come through
The second common trait: the way in which organisations and societies must prepare
technology that allows responders
for such attacks. For some of these scenarios, there are technologies that can help to
to operate without mains power
prevent an attack - such as firewalls for cyber-intrusion and secure GNSS receivers for
or telecommunications. Secure push-
electromagnetic attacks. Other scenarios cannot yet be prevented, and so the focus must
to-talk satellite radio will allow recovery
instead be on identifying that an attack has occurred and managing the consequences.
co-ordination via offline communication,
Organisations must be able to answer the following questions: while standalone electricity generation and
energy storage will aid continuity during
- Detection: How will you identify that an attack is taking place? an attack on the power grid. In all cases,
- Attribution: How will you diagnose the nature of the attack and pinpoint the source? organisations must train employees to
recognise emergencies and test their
- Resilience: What steps will you take to minimise disruption and recover quickly? responses in simulated attacks.
Information operations
Scenario one: Foreign electoral intervention
A 2017 report from the US Office of the Mitigation Adapted countermeasures
Director of National Intelligence (ODNI),
The sheer volume of online propaganda can exhaust citizens’
drawing on input from the FBI, CIA, and Existing Adapted
critical thinking. Institutions currently charged with finding and
NSA, concluded with ‘high confidence’
exposing the truth, such as the media and independent fact-
that Russian President Vladimir Putin Human approach - Human-machine teaming -
checking organisations, cannot keep up with the pace at which media and independent machine learning systems
ordered a propaganda campaign to
misleading content proliferates. fact checkers are characterise malign
influence the 2016 presidential election. Whether the
the front line against influence and flags data
campaign successfully altered the outcome is uncertain, The strategy needs to shift to human-machine teaming to
disinformation campaigns to dedicated teams of
but the intent is clear. Propaganda itself is nothing new, redress the balance. AI and machine learning can be used as counter-propagandists
but today’s technology equips propagandists with the an ‘disinformation early warning system’, monitoring the web for interrogation.
tools to make it more deceptive, less traceable, and for suspicious patterns - such as sudden spikes in mentions of
further reaching. AI enables the creation of convincing a particular topic among accounts registered in certain regions.
‘deep fake’ videos, which can make it appear that a public The machine can characterise patterns likely to indicate
figure is saying or doing something abhorrent. Content malign influence and then flag them to a human operator,
can be disseminated to millions of social media users who can interrogate the data. This approach may require a
via anonymous accounts. AI bots can amplify online dedicated team working as part of the government’s cyber
messages en masse to create an illusion of consensus. defence agency, sharing non-sensitive data with media and
All of these tactics and more are designed to erode independent fact checkers to encourage transparency
the target nation’s trust in its public institutions and and objectivity.
undermine its democratic decision-making ability.
Scenario two: Cell site simulators intercept
and falsify communications
During the ongoing occupation of Crimea Mitigation Adapted countermeasures
by Russian forces (see subsequent
A combination of two factors creates a perfect storm for MITM
chapter: Territorial Encroachment), Existing Adapted
attacks. The first is the accessibility of cell site simulators,
Ukrainian soldiers have received
which can be bought online at low cost and operated with
demoralising and threatening text Unsecured personal Adopting secure
only moderate technical expertise. The second is the ‘bring devices vulnerable to communication handsets
messages from anonymous senders.
your own device’ culture that now prevails across virtually all espionage and spoofing eliminate vulnerability
Examples including: “they’ll find your bodies when the
professions, including defence and security - the increased use
snow melts,” “leave and you will live,” and “nobody needs
of personal devices in security-critical roles has created a new
your kids to become orphans”. Some messages falsely 3G and 4G networks 5G offers greater resistance
threat vector.
claim that the soldiers’ superiors have abandoned them, susceptible to man-in- via improved encryption
and there are even reports that texts have been sent to To safeguard against interception, Western defence and the-middle attacks using and verification – but
soldiers’ families, informing them of their loved one’s security organisations must move to push-to-talk satellite cell site simulators must be tested
death in service. radios or other secure handsets. This will reduce the potential
for spoofing, but not the issues posed by personal devices.
The source of the messages is believed to be a ‘man-in-
the-middle’ attack (MITM). In this, a device masquerading Fortunately, the advent of 5G networks offers a ray of hope.
as a mobile phone signal tower – known as a ‘cell site These networks offer improved encryption and verification.
simulator’ or ‘international mobile subscriber identity Thus, Western nations need to work on how best to augment
(IMSI) catcher’ – intercepts phone signals, allowing them existing communication devices with 5G connectivity, and
to be covertly monitored or spoofed. This allows highly how to encourage the use of personal devices that use 5G
targeted messages to be sent to anyone whose phone is as a primary connection. But there is a trade-off. The rollout
tricked into connecting to the device. of a new generation mobile network creates the possibility of
unforeseen vulnerabilities; so thorough testing and assurance
will be critical in moving to 5G.
Scenario three: Erroneous reports of drones
shut down an airport
The previous chapter looked at Mitigation Adapted countermeasures
how a commercial off-the-shelf
To be confident of a drone false-positive at an airport requires
drone being used to disrupt Existing Adapted
a large body of evidence – one which gives a comprehensive
airport operations can be
oversight of the airspace and everything in it. A 3D radar
detected and neutralised. But Declaring absence of Lack of suspicious activity
system can find a drone when there is one present. But threat dependent on on 3D radar increases
what if there is no drone? It is
crucially, it can also be used over time, in the absence of elapsed time with confidence of absence of
now thought that two drones were involved in the London
intruders, to establish what the normal pattern-of-life looks zero sightings threat over shorter timescale
Gatwick incident, but at the time it was not clear whether
like. In the event of a hoax report, the airport can verify the
many of the reported sightings were genuine, hoaxes,
claim. Instead of waiting until sufficient time has passed
or honest mistakes by an anxious public caught up in
before reopening, the drone’s presence can be quickly
the media furore. It did not matter – the severe safety
ruled out, by comparing current airspace activity to the
implications of getting it wrong meant that if there was
established baseline.
any doubt at all, action had to be taken. The point is this:
an attacker could have achieved the same effect with a co-
ordinated series of manipulated images on social media
and a few hoax phone calls to the airport’s security team.
In the event of a hoax report, how do you prove there is not
a drone in your airspace?
Using emerging technologies to counter information operations
While a deniable attack produces a direct effect, such as a technological failure or the loss of life, an information operation
seeks to trick human targets into acting against their own interests. The ability to refute misinformation at scale and
communicate rebuttals to those being targeted is a matter of national security - but is impossible through human labour
alone. A shift to human-machine teams is required.
Online activity also leaves clues (as demonstrated through open-source intelligence
investigations by outfits like Bellingcat), whilst AI can monitor enormous volumes of
online content in order to identify extremist activity. But, by blending the data from
multiple intelligence sources, it’s possible to see the whole picture - building a detailed
understanding of enemy locations and activities.
Once an enemy is known, they may need to be engaged in combat. In the absence of a
dedicated headquarters to attack, and with units spread out across regions or embedded
in civilian communities, disabling enemy communications through electronic weapons can
break their cohesion; isolating them and leaving them vulnerable. However, friendly forces
must maintain the ability to communicate through equipment that operates independently
of civilian infrastructure.
In hostage situations and other operations that pose a high risk to civilians, directed
energy may be used as an alternative to conventional weapons. Not only can this
minimise collateral damage, but the absence of noticeable effects can help to maintain
calm among civilians and avoid notifying the target that a response is underway -
extending the window in which to bring operations to a safe conclusion.
Economic coercion
Scenario: Adversary leverages ownership of critical assets
Throughout history, the capture or Mitigation
destruction of critical infrastructure In the cyber domain the key is equally technical, focused on
Investment in global infrastructure is not a threat in itself -
has played a significant role in warfare rigorous testing. The risks of relying on adversary-controlled
but the resulting ownership of that infrastructure can be.
– from the aerial bombing of industry digital infrastructure must be mitigated through thorough
For example, the owner of an international gas pipeline
in World War II, to the so-called Islamic technical analysis and examination - identifying backdoors and
can switch off the supply until certain political demands
State’s seizure of Iraq’s biggest oil other weaknesses that an attacker may exploit. Maintaining
are met. The owner of a port can militarise it to expand its
refinery in 2014. But, in the grey zone, these aims are air gaps between the main infrastructure and critical local
sphere of influence in a region. The owner of a nation’s digital
achieved through economic might, not military force. systems also increases their security, whilst employee
infrastructure can build in backdoors that can be exploited to
Infrastructure is not seized or destroyed, but bought. training can reduce risky behaviours. The resilience measures
launch cyber-attacks. Keeping domestic infrastructure under
Many media outlets have cited the example of Sri Lanka’s sovereign control may seem an obvious solution, but is not discussed in the ‘Deniable Attacks’ chapter of this report are
ambitious project to build a port in its Southern Province, possible in all cases – particularly where assets like pipelines also highly relevant.
on a key shipping route linking Asia and Europe, in 2008. and fibre-optic cables cross international borders. In such
They reported that more than 85% of the multimillion- instances, it’s critical to understand how another nation’s
dollar cost was footed by the Export–Import Bank of control of an asset or service could be leveraged for purposes Adapted countermeasures
China. But after the port opened in 2010, it failed to attract of coercion - and implement measures to prevent or minimise
the business needed to repay the initial investment and the threat. Existing Adapted
subsequent loans. To settle the debt, Sri Lanka gave the
Traditionally, this required the application of direct military
port (and 15,000 acres of its surrounding land) to the Adversaries’ violent Adversaries’ purchase
force. But emerging technologies are beginning to offer a seizure or destruction of critical infrastructure
Chinese government, in a 99-year deal. The transaction
way to deliver the same outcome without crossing the of critical infrastructure disincentivised by capability
has given China a strategic foothold in a region of
threshold of open war. In the case of a takeover of physical opposed with military overmatch at standoff range
significant military and commercial importance.
territory – the greatest threat is the militarisation of this new force
space. For example, an enemy state may seek to expand its
strike range by positioning missiles on newly acquired terrain.
To counter this, opposing states must ensure their sphere of
influence overlaps with that of the adversary, by implementing
technologies that bring the enemy (and its offensive
capabilities) within striking distance – for example, satellites
and unmanned systems for reconnaissance, and advanced
long-range weaponry to bolster deterrence. This removes the
advantage of controlling the territory, along with the incentive
for an adversary to militarise this space.
Using emerging technologies to counter economic coercion
Launching a military response to another
nation’s economic endeavours is disproportionate
and arguably illegal, so any such direct interference
in those projects is likely to spark conflict.
The most appropriate responses are diplomatic
and economic – but conventional military power
is still necessary as a deterrent against the
exploitation of economic dominance for
military purposes.
The key is detailed intelligence and situational awareness. The defending force must
understand and unmask the adversary’s true intent, both to stay ahead of the threat and
to produce evidence of wrongdoing - should escalation become necessary. This cannot be
achieved through a traditional, visible military presence. Troops, tanks or aircraft carriers
in contested regions are likely to provoke conflict – so it’s vital that reconnaissance can
be conducted covertly, and at standoff distances. Operating from a neutral location,
the defending force can draw on sensor data from multiple sources, including satellites
and low-visibility unmanned systems in the contested region. This data can be relayed
through secure comms channels to a data fusion engine, which will turn it into actionable
intelligence, presenting it to the operator through an intuitive interface.
The adversary must also be shown they cannot win in the event of escalation. While
overt displays of conventional military power in the contested region are impractical,
they can take place in neutral territory, through collaborative live exercises between
international allies. These serve multiple purposes: mission rehearsal in case of the need
for intervention, testing and assurance of tactics and hardware, and a display of force to
deter encroachment. Of course, exercises in friendly territory alone can’t fully replicate
the geography and conditions of the contested region. Factors such as ocean currents,
prevailing winds and land relief in the disputed zone may differ significantly from those
in the training environment, creating unknowns for forces in theatre. To bridge this gap,
geographic data can be used to generate realistic simulations of local conditions.
By augmenting live exercises with virtual training, trainees can gain a better
understanding of the region, increasing combat readiness.
Five modes of grey zone
Deniable attacks Information operations
Scenario: Cyber-attack on utilities Scenario: Drones shut down airport Scenario: Foreign electoral intervention
Scenario: Proxy fighting force enters city Scenario: Adversary purchases and Scenario: Adversary seizes sea lane
turns off oil refinery
Existing Adapted Existing Adapted
Existing Adapted
- Drones for visual surveillance - Drones for signals intelligence - Radar tracking of vessels - UAV signals intelligence to
- Detectable explosives to - Undetectable directed energy - Military force employed to - Capability overmatch deters in area assess vessels’ intent
disable comms weapons to disable comms seize control adversary from initial - Manned patrol vessels - Covert unmanned vehicles
purchase conduct reconnaissance operated at standoff distance
1
Adopt the principles of Fusion Doctrine The first is to move the integration of defence and of modern society. The increased digitisation of national
We have already established that grey zone security from operations to strategy. Whilst many nations infrastructure processes has made it a target for state
campaigns do not discriminate between defence and are building joint operational capabilities designed to and non-state actors alike, and has increased the number
security operations, and do not ignore public services integrate tactical activity, it is at the strategic level where of potential ways into the fabric of Western democracies.
and critical infrastructure. An effective response more connected thinking is required. The way these This means those responsible for the security of everything
needs to mirror that stance and be based on fusing organisations gather and share intelligence; the way they from power stations to banks and broadcast infrastructure
the knowledge, skills and tools of them all. That is plan future capability; the way they share resources; and have to be considered as an extended part of any national
not to say that defence and security teams aren’t the way they share doctrinal and concept development security service, and therefore incorporated into the
already working together. In many countries they are should be connected at the outset to better reflect grey strategic integration of defence and security required to
doing so very successfully, and the overall rhetoric zone campaign characteristics. mitigate the threat of grey zone campaigns.
around modern threats is moving strongly towards The second is to swell this integration of defence
greater recognition of the need to combine skills and and security forces to encompass public services and
experience. But there are two ways in which this critical infrastructure to bring to life the principles of
can improve. Fusion Doctrine. The responsibility for national security has
expanded into the foundation systems
2 3 4
Make innovation mission-led Embrace positive experimentation in practice Make testing perpetual and dynamic
Any technology changes designed to adapt A
dapting at the pace of relevance requires a different The constant process of experimentation
conventional capability need to be driven by the attitude to risk than Western defence and security above does not diminish the need to assure new
outcomes that users need to achieve. Today’s organisations currently accommodate. Some states technology before it gets into the hands of users.
culture often leads to a top down approach, where are better than others at recognising the role of Indeed, given the response to grey zone challenges
senior decision makers take a technology-led experimentation in conflict, but overall there is a requires broadening the role of conventional assets,
pathway to change. This often leaves the end user significant mismatch between the appetites of allies and a wider range of capabilities will now need to be
without significant input, and the end result lacking adversaries to experiment with unproven technologies to verified, validated, and optimised before they
optimisation for operational effect. achieve their objectives. Some of that is rightfully due to are adopted.
the legal and ethical boundaries Western states refuse
A mission-led approach to innovation ensures that To match the pace at which threats change, a more
to cross. But a lot comes from entrenched systems
all new ideas – be they about equipment, process dynamic process of test and evaluation is required.
and processes that are optimised for precision and
or doctrine – are driven solely by the mission The speed at which adversaries create, adopt and
certainty, often at the cost of timeliness and impact for
outcomes users have to achieve, and never be discard new tools means we need to switch to a
the user. This approach makes sense when bringing
compromised by any individual’s or organisation’s perpetual cycle of assurance that uses a constant
submarines or aircraft carriers into service, where
agenda. As Western nations progress their adaption ‘test, train, evaluate’ approach to relentlessly
there is a need to produce an acceptance specification
to grey zone conflict it is imperative that the improve performance, safety, and operational effect.
and assure the asset for 20 years or more. But such a
innovative change required is mission-led from That cycle needs to start at the conceptual stages
process is incompatible with tackling short-term hybrid
the outset, guided by the people actually engaged of the adaption process, run through every stage of
threats, which may evolve beyond recognition or even
in the fight. A major consideration for achieving development, and remain active during operational
disappear within months. The requirement is to act
this change is that the proliferation of technology use to be truly effective.
immediately and adopt a willingness to use experimental
has significantly increased the number of people
technologies, tools and techniques at an earlier stage of Using live testing alone makes that process
involved in conflict, and they can be distant from any
readiness in live environments as part of a continuous expensive and complex. Introducing a greater mix
territory that is being disputed. This means conflict
cycle of learning and optimisation. Experimentation of synthetic and live testing that can harness the
will not conform to set piece scenarios so tracking
and prototyping are designed to explore potential. power of simulation and modelling is better suited
the rapid changes to each mission as they occur
They prioritise acting at high speed and at low cost, to a dynamic approach. Where live testing is still
and ensuring constant alignment will be a critical
compromising on performance in the early stages of required, there should be a rebalancing from fixed
part of maintaining mission-led innovation.
development. Adjusting the direction of travel therefore to mobile so the evaluation sits with, or is taken to
requires more than just a series of technical changes. the platform to reduce the time out of service. The
It requires a shift in the defence and security mindset, use of a digital thread is an important part of this
one which stimulates a more systemic approach to change. Having a single assured thread of data
introducing innovation. This needs to be part of a to which all trusted parties contribute and have
continuous cycle of learning, development and adoption access, speeds up the process of integrating and
– assessing how new technologies and systems allow sharing test and evaluation evidence in a secure
forces to operate differently, and constantly adapting to way, making incremental assurance faster.
reflect those findings.
5 6
Encourage an open architecture environment Make training more effective easily between traditional fighting skills to those
M
any in-service defence and security systems are built A consistent feature throughout the previous section is required for effective protection, deterrence,
using proprietary architectures. This means the digital the need for training to enable users to effectively employ assurance and civil support.
blueprints on which they are based are electronically emerging technologies either standalone or as part of a And third, training should be more collaborative.
‘locked’ so they cannot be updated without reference conventional capability. Earlier in this report we looked at Regular training with allies reinforces the message
back to the Original Equipment Manufacturer (OEM). As the need for new skills across both defence and security. about how powerful integrated responses can be,
the proprietary architectures are also typically out of date Alongside the expansion of skills into more cognitive and it provides a visible deterrent for adversaries no
they require significant, time-consuming and expensive fields, the process of training itself needs to change matter what novel tactics they may be exploring for
work to implement updates and fully re-test to ensure radically to increase both relevance and effectiveness. grey zone conflict.
system integrity has been maintained. This makes it
First it needs to modernise as part of a wider
impossible to quickly improve the functionality of assets
transformation. The linear
by adding new innovative algorithms, software or devices
process of ‘train – deploy –
that could make them better suited to countering grey
return – train again’ no longer
zone threats. Given those threats now emerge rapidly
matches the constant nature
and morph regularly, the West’s reliance on closed
of grey zone campaigns or
architectures is going to prove a major hurdle to
the unpredictability of their
speedy adaption.
impact. Training should be a
Moving to a defence environment based on open constant process not a set piece of
architectures – where digital blueprints are shared activity so defence and security forces
so other trusted organisations can work with them can continuously adapt to changes in the
to test new ideas – is a debate gathering pace, and environment and incorporate new skills into the
one this report encourages. The challenge for defence way they operate. More training should take place during
and security organisations is balance. How can such deployment to shorten the timeframe for achieving
critical systems be open enough to enable greater maximum strategic effect. This is particularly important
flexibility and faster adaption, whilst remaining when force numbers are reduced but strategic effect
closed enough to minimise the threat of exposure needs to be maintained.
to external vulnerabilities and protect the core
Second, the spread of learning and development tools
installed performance?
needs to widen to make the most of novel technologies
The opportunity is considerable. If attitudes to open including simulation, AI and autonomy. This is
architectures improve, the ability to ‘plug and play’ particularly important given defence and security forces
with new innovation will give Western nations a way to should always be training across multiple generations
become more agile in the face of increasingly sneaky and incoming personnel are likely to be more
and nimble adversaries. Finding a way to change those comfortable with new ways of learning. It also enables
attitudes by demonstrating the required balance of a shift from basic ‘muscle memory’ training to more
openness and security is achievable should be a priority. cognitive training that enables individuals to shift more
Conclusion
The world in which we live and work has changed dramatically in 2020. But many of the threats facing Western states
remain constant regardless of the upheaval caused by Covid-19. Even as the unprecedented impact of this disease has
unfolded, grey zone tactics have continued to be implemented by adversaries. Some have taken advantage of the chaos
caused by the pandemic. A few have even targeted efforts to combat its progress, seeking to undermine those initiatives,
or to advance their own approaches through unethical means. But in many cases the grey zone tactics that have presented
themselves this year have been no different than those before Covid-19 hit. The suppression established legal frameworks
in Hong Kong for example, is a clear tactic for expanding China’s control over its territories and should be considered
‘business as usual’ in a grey zone world.
What has changed is a greater recognition that defence, security and civil environments Emerging technologies, and the science, research, and engineering required to implement
no longer function as individual domains. The support from military and security teams them effectively with suitable assurance, are vital for enabling that level of adaption.
for civil authorities and public services in many countries during the pandemic’s early The myriad of technology options available can make that complex. This report has
stages is a demonstration of how the need for all aspects of safety and security in society highlighted where bets should be placed and investments made. It has also suggested
need to combine their resources and skills to protect what matters most. As this report that technologies alone cannot meet the need. There are several underpinning changes
has highlighted several times, grey zone tactics do not discriminate between them, so any that will convert concept into reality – including more appropriate training, a more dynamic
response must be integrated to be successful. approach to test, more open technical underpinnings, and a greater acceptance of the role
of experimentation. They represent the difference between success and failure.
This presents an opportunity for Western nations who have the ability to connect the dots
across the constituent parts of their societies to create a more robust and secure stance. Western states must therefore free themselves of the age-old approaches that that have
This is an important step in being able to both deter and combat adversarial campaigns bound their ability to adapt at the pace of relevance for decades. If they can do this, they
in the grey zone. But this is only one part of the challenge. To truly succeed they need to will be able to harness the potential of emerging technologies, adapt their conventional
match the pace and agility of those adversaries but in a safe and assured way, all within capabilities with ease, and have a far better chance of neutralising the threats that keep
a financially constrained environment. That means making hard choices. It also means coming from those willing to engage in grey zone tactics.
adapting to a new approach that can deliver greater results in less time for less money.
Cody Technology Park
Ively Road, Farnborough
Hampshire, GU14 0LX
United Kingdom
+44 (0)1252 392000
insights@QinetiQ.com
www.QinetiQ.com
QINETIQ/20/03337