Understanding Hybrid Warfare

Author: Multinational Capability Development Campaign (MCDC)

Hybrid what?

There is no clear definition yet. There are rather some descriptions, such as:

A hybrid crisis is a combination of two or more crises between which a link can exist (not necessarily) and which can reinforce each other.

Hybrid warfare is a military strategy that uses political war and mixes conventional war, irregular war and cyber war with other methods with a strong influence, such as fake news, diplomacy and intervention in foreign elections.

However, it is known that the aggressor tries to avoid retaliation. Hybrid warfare is typically tailored to stay below the clear detection radar and response thresholds.

The cases on which this study is based are:

–    Iran’s activities in Syria
Use of Gas and loans by Russia as a means of pressure in Ukraine
IS in Syria and Iraq
Hybrid warfare in an urban context
Cyber ​​used by Russia

Two things are clear on this subject: nobody understands it fully, but everyone thinks it’s a problem

That is why there is a need to take 2 steps

Step 1: A common language (understanding the subject and communicating about it smoothly)

Step 2: An analytical framework

Step 1: Understand

There is no clear definition yet, as we wrote earlier, but there are descriptions, eg:

“The synchronized use of multiple power tools tailored to specific vulnerabilities across the entire spectrum of social functions, in order to achieve synergies.”

They often fall back on the speed, volume and ubiquity of digital technology.

It is important to recognize that multiple power tools are used in multiple dimensions and at different levels simultaneously in a synchronous way. This allows the actor to use various MPECI (Military, Political, Economic, Civil, Information) resources that they have available to create synchronic attack packages that are tailored to perceived or suspected vulnerabilities. The instruments of power used will depend on the capabilities of the actor and on these vulnerabilities, as well as on the political objectives of the actor and his planned way to achieve his goals. As in all conflicts with wars, the characteristic of hybrid warfare will depend on the context.

Hybrid threat does not lend itself to classical threat analysis for, among others, the following reasons:

–    A wide set of MPECI tools
Vulnerabilities across societies are being exploited in a way that we normally do not think of
Syncing and the way that is done are unpredictable.
Uses the exploitation of ambiguities, creativity and our understanding of warfare to keep his attacks invisible
A hybrid attack can remain unnoticed until it is too late.

We will therefore have to learn to look differently at conflicts in the future.


Step 2: the Analytical Framework:

The analytical framework is structured with three components:

–    Critical functions and vulnerabilities
Synchronization of resources
Effects and non-linearities (complexities)

We give a brief explanation of these three components

Critical functions and vulnerabilities

Critical functions here are activities about the PMESII (Political, Military, Economic, Social, Infrastructure, Information) spectrum that, when they are no longer carried out, can lead to an interruption of services on which society depends.

They can all be divided into a combination of actors, infrastructures and processes. They all have vulnerabilities.

Synchronization of resources

Synchronization (syncing) is the ability of the attacker to coordinate effective power tools (MPECI) in time, space and with certain goals to achieve a desired effect. With this he can achieve greater effects than with overt coercion. Benefits for the attacker are:

Use tailored resources and vulnerabilities

Compulsion but remain under the radar of the detection thresholds and response thresholds

Easier to escalate and de-escalate different MPECI simultaneously

Effects and non-linearities (complexities)

Effects are changes in the condition of the target. They can not be properly controlled by the attacker because one can no longer predict a linear sequence of effects. Causality becomes increasingly difficult to show and predict as more elements of the MPECI are used and vary.



One has to set up “BTIMs” to learn recognize and know things:

Baselines, Thresholds, Indicators, Monitoring in real time, from the philosophy: “You do not know what is abnormal if you do not know what is normal and if you do not measure what the evolution is”

For the baselines, a list and assessment of social critical functions must be made. Indicators must help determine whether an attack is in progress or is starting. Thresholds help determine what the normal / abnormal operation is.

Without knowing what is normal, nothing can begin.

Unfortunately no real examples of existing “BTIMs” are given in the document.

What are the recommendations of this document?

–    Make regular national self-assessment of critical functions and the vulnerabilities of all sectors and of society.
Improve the classic threat analysis so that it contains the following tools and possibilities: Political, Economic, Civil, International and research how these resources can be synchronized in an attack on vulnerabilities
Create a national methodology for coordinating self-assessment and threat analysis specifically for: understanding, detecting, responding to hybrid threats
Internationalize, work together coherently across borders.

Conclusion: Here I am going to be a contrarian.

The study finds that the framework is a visual tool for responding during a hybrid attack.

That seems wrong to me. In addition to the BTIMs that have to be set up, and which must be able to function separately from the framework, the visual tool i.m.h.o. will rather remain a tool for analysis afterwards.

The tool does, however, provide an explanation of what information must be preserved during the crisis.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields. Since 2012, he has been working at the Crisis Centre of the Flemish Government (CCVO), where he has progressed in BCM, risk management, and crisis management. Since August 2021, he has been a knowledge worker for the CCVO. As of January 2024, he works at the Department of Chancellery and Foreign Affairs of the Flemish Government. Here, he combines BCM, risk management, and crisis management to create a tailored form of resilience management to meet the needs of the Flemish Government.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts