Hybrid threats: Czech view

From Russian Annexation of Crimea to EU Hybrid Toolbox

Authors Zdeněk Rod and Tomáš Kolomazník


Hybrid warfare is not a new phenomenon. Hybrid aspects of this kind, such as incurring damage below the threshold of formally declared warfare, have been around since Ancient times. However, the technological revolution has also dramatically shaped this approach. Instruments such as information or malicious cyber-attacks are nowadays considered ordinary hybrid tools within the adversaries hybrid toolkits.

Although the hybrid aspects of warfare have been around for a long time, one of the first authors who firstly elaborated on the concept of hybrid warfare was the US military intellectual Frank Hoffman[1]. Hoffman, however, did not think of the concept as we do nowadays. He did not primarily associate it with Russia, China, Iran and so forth, but wanted to understand what it means when the US army wages counterinsurgency campaigns in Iraq. The US used a wide range of strategies and techniques to counter the insurgents, and so the insurgents combined a variety of symmetrical and asymmetrical strategies. However, Hoffman officially coined the concept in relation to the conflict between Israel and Hezbollah in 2006[2]. He observed that Hezbollah used a wide range of specific methods to counter Israel, such as cyberattacks or disinformation. Hoffman defined hybrid warfare as ‘any adversary that simultaneously and adaptively employs a fused mix of conventional weapons, irregular tactics, terrorism, and criminal behaviour in the battlespace to obtain their political objective[3].

Since 2006 the hybrid-warfare concept had been primarily discussed within the military and policy circles. This way of thinking changed in 2014 when Russia conducted the annexation of Crimea and further covert operation in Eastern Ukraine. Ofer Fridman[4] was one of the first authors to analyse the Russian hybrid interference in Ukraine. Friedman observed Russian interference, combining conventional and non-conventional strategies (the ‘little green men’, disinformation campaigns, economic warfare, cyber-attacks, subversion etc), can be considered as hybrid warfare. Russia had successfully targeted Ukrainian vulnerabilities at that time, exploiting the ambiguous state of the ‘gray zone’[5].

After 2014 the hybrid warfare concept emerged within NATO and later on EU circles. However, it is essential to remind that after 2014 hybrid warfare was primarily associated with malicious Russian actions in Ukraine. Hybrid warfare was widely understood in the Russian-Ukrainian conflict. On the contrary, academic circles were discussing whether Russian interference in Ukraine is hybrid warfare or just an asymmetrical war.

Furthermore, the understanding of hybrid warfare has tremendously shifted since 2015. Nowadays, hybrid warfare is not primarily associated with Russian operations abroad but also with other actors such as China, Iran and so forth. The hybrid-warfare problematique has been considerably shaped by NATO and the EU. Both organisations have designed and are still processing relevant and robust counter-hybrid mechanisms and initiatives. On the one side, the EU has been developing the so-called hybrid toolbox, which would serve as the EU common ground for countering hybrid interference. On the other side, NATO has developed the so-called NATO Counter Hybrid Support Teams, which were deployed in Montenegro and Lithuania. The development since 2015, however, can be characterised by many achievements and pitfalls. Those pitfalls mainly stem from the debate: what is hybrid warfare?; what do we mean by hybrid warfare?; can this activity be considered a tool of hybrid warfare? The problem of definition still has not been fully resolved, mainly due to the different countries perceptions of the concept. To illustrate, the Czech Republic does not even operate with the hybrid warfare concept. Still, it uses the term hybrid interference coined by the Czech Ministry of Defence in the so-called National Strategy for Countering Hybrid Interference, published in 2021.

This study aims to assess the hybrid warfare and hybrid threats problematique from 2014 holistically. In the forthcoming part, we will first present the research design of this paper. Then we will assess the definition of issues of hybrid warfare as well as potential definitions of this concept. In the following part, we will zoom in on the discussion concerning hybrid warfare within EU institutions. The EU dynamic will also be put in relation to NATO’s developments to maintain the coherency of the discussion. Nevertheless, we will primarily emphasize the EU as an actor countering the hybrid interference of foreign adversaries. Besides, the paper will assess the current challenges and issues the EU member states are tackling right now, such as the hybrid toolbox. In the end, the study will provide lessons learned and best practices which have evolved over the years and thus can be utilised in future developments.

Research Design

As briefly illustrated in the previous chapter, this paper will zoom in on how the hybrid threats problematique has developed since 2014 within the EU and NATO platforms. Before the analysis is conducted, a short chapter concerning the definition of hybrid threats will be presented since many of the misinterpretations and misunderstandings in the EU and NATO stem from the different perceptions of hybrid threats. Next, in order to comprehensively comprehend this issue, the analysis will assess it in three steps. First, the analysis will look into the discursive sphere; thus, the political and strategic framework of the EU and NATO will be taken into account. To understand the attitudes towards hybrid threats in both institutions, one must comprehend how both institutions perceive them in their political and strategic documents. Second, the consecutive analysis will assess to what extent the institutional capabilities of both institutions are sufficient to deal with hybrid threats. In the third step, EU regulatory resilience measures towards hybrid threats will be elaborated since the regulatory sphere is the EU domain and not primarily NATO one. Moreover, during the entire analysis EU and NATO will not be assessed separately but rather horizontally. Lastly, based on the forthcoming analysis, potential best practices and lessons learned will be drawn and challenges influencing the discussion of the hybrid threat.

            Besides, the analysis is embedded in a specific case study. A qualitative methodology framework combining various text and contextual analysis methods is in place. The data will be collected from academic and policy-oriented literature and strategic or legislative documents.

Definition: Mission Impossible?

Since the article does not seek to dwell much on the different perceptions of the key concepts (hybrid threats, hybrid warfare, hybrid interference), it is crucial to briefly present the ongoing discussion on definition, whereas particular issues stem from this domain. Despite the growing conversations on hybrid threats in the international field, the common and widely understood definition still needs to be added. The lack of a common definition undermines the legitimacy of the concept itself. This lack of common ground stems from various factors. Some, such as Galeotti[6], argue that hybrid threats are part of some warfare. Others argue that hybrid threats can occur beyond the realm of war [7], so-called below the threshold of formally declared warfare[8].

Further actors stepped back from the hybrid warfare concept. They rather developed their own such as the Czech Ministry of Defence, and its hybrid interference concept coined in 2021 and reflected in the National Strategy for Countering Hybrid Interference[9]. The Czech Republic decided not to interfere with the traditional understanding of war and simultaneously understood that hybrid threats have the ability to occur beyond the scope of war. As mentioned in the introduction, the EU states began observing that hybrid threats cannot be purely associated just with what is happening in Ukraine. The hybrid interference concept overcomes the war concept debate. As the National Strategy for Countering Hybrid Threats points out “Hybrid interference involves both covert and overt actions by state as well as non-state actors (perpetrators of hybrid interference), which target vulnerable elements of democratic states and societies. The perpetrators’ aim is to disrupt the working of democratic institutions, rule of law processes, and internal security. They utilize political, diplomatic, information, military, economic, financial, intelligence, and other tools. Hybrid interference also makes use of legal and seemingly legitimate instruments to achieve hostile objectives and undermine the interests of the Czech Republic. The speed, scope, and intensity of hybrid interference have increased, partially as a result of new technology development.”[10]

If we turn away from the hybrid interference and warfare approach discussion, we immediately encounter different dimensions of the debate: What do we understand by hybrid threats? On the one hand, if we use the Czech case, we could designate it as all hybrid threats “under one roof” (meaning hybrid interference). On the other side, the perceptions of both other EU and NATO member states, however, can differ. For instance, Austria[11] primarily associates hybrid threats with massive disinformation campaigns, using social media to control the political narrative or to radicalise, recruit and directproxy actors. Spain[12], Poland and the Baltic states[13] believe that the so-called instrumentalisation of migration should be considered as another example of a hybrid threat and thus should broaden the definition of hybrid threats; they believe that massive flows of migrants coming across the Mediterranean Sea or from Belarus should be viewed as hybrid influencing by foreign actors.

Responding to the panoply of issues when searching for a common definition resulted in the EU in three dimensional understanding of hybrid threats embedded in the Cyber Diplomacy Toolbox, the Foreign Information Manipulation and Interference Toolbox (FIMI toolbox), and the newly emerging Hybrid Toolbox, which was first elaborated by the French presidency and is expected to be finished by the current Czech presidency in the Council of the EU. This internal differentiation is the result of a rather vague EU definition of hybrid threats definition from 2018 presented by the EU External Action Serice (EEAS): “Hybrid threats combine conventional and unconventional, military and non-military activities that can be used in a coordinated manner by state or non-state actors to achieve specific political objectives. Hybrid campaigns are multidimensional, combining coercive and subversive measures, using both conventional and unconventional tools and tactics. They are designed to be difficult to detect or attribute. These threats target critical vulnerabilities and seek to create confusion to hinder swift and effective decision-making[14]. In 2022, the EU sought to narrow the common definition by including information manipulation, cyber-attacks, economic coercion, the instrumentalization of migrants[15] and so forth. But still, the EU’s definition of hybrid threats seems to be open to discussion.

Furthermore, the widely accepted and generally sophisticated definition brings The European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE) in Helsinki, which is a source of inspiration to policymakers in the EU or NATO institutions as well as at the designated ministries of the member states. Hybrid CoE explains that hybrid threats can occur both in peace and war times and can be imposed by state and non-state actors. For example, they portray disinformation and interference in political debate or elections, critical infrastructure disturbances or attacks, cyber operations, different forms of criminal activities and, finally, an asymmetric use of military means and warfare[16].

Searching for a common definition of hybrid threats is a herculean task both for policymakers and scholars. On the one side, if the definition is brief without any concrete examples, experts tend to designate such a definition as vague and useless. On the other side, a rather complex and comprehensive definition portraying a wide range of hybrid threats is not preferable either since merely every threat can be understood in its hybrid threats nature. Obviously, the surge for common definition has yet to be concluded. And it might not even ever be. However, the scholar and policy community should continue trying it. Given that much has happened since 2014, it is as important as ever.

EU and NATO towards a Resilient Society

Hybrid threats and their implementation in strategic documents and other subsequent steps associated with the creation of institutions and the allocation of capabilities, both within NATO and the EU, began after 2014. Both institutions may have perceived these threats before 2014. Still, the debates and specific measures intensified during the last decade, and we can say that the Russian annexation of Crimea undoubtedly was the main trigger for detailed steps. Both organizations had to reflect on new challenges in the security environment, such as disinformation campaigns, cyber-attacks, terrorism, the crisis in the Middle East, poverty, and global financial volatility.

More than ever before, the nature and character of new threats led to the conclusion that security can no longer be ensured only by traditional, purely military means. It is increasingly becoming a society-wide phenomenon. The events of the last decade have thus shown that military capabilities alone will not ensure the security of a country or region, but it is necessary to ensure security in other sectors, such as energy, cyberspace, food and raw material base and, last but not least, the readiness and willingness of the civilian population to participate in the defence of the country.

In this respect, on the one hand, within NATO, we can see an effort to build defence capabilities, civil preparedness, and resilience in areas critical for collective defence, where seven areas have been defined. On the other hand, the EU has taken an approach to counter hybrid threats, which involves building societal resilience, including strengthening cyber security and strategic communication.[17]

If we were to characterize the activities within the EU and NATO in dealing with hybrid threats, we could divide them into several areas. The first area concerns the reflection of new threats in crucial political and strategic documents as a focus on creating a political and strategic framework for building capabilities and institutions. The second area is the building and developing capabilities and institutions dealing with hybrid threats. The third area relates to regulatory measures, significantly within European Union. A key aspect is an inter-institutional cooperation between the EU and NATO, which has dramatically intensified over the last decade.

Political and strategic framework

At the political and strategic level, a critical moment is the overall perception and definition of hybrid threats. This aspect then reflects the strategic documents and particular steps of the EU and NATO.

Since 2014, we can thus see a significant shift in the perception of hybrid threats and their anchoring in particular documents and communique. Successfully confronting hybrid threats does not only mean having the appropriate quality of military capabilities and technological superiority. It also requires the comprehensive preparedness of society and its various sectors. Therefore, since 2014, the EU has adopted a range of legislative acts, which have impacted multiple areas such as energy security, safeguarding of critical infrastructure, data protection, screening of foreign investments and transparency of political funding.

We could characterize the post-Crimea period as a shift in the approach to hybrid threats from the search for purely military tools to counter them to ensuring societal resilience, citizens’ trust in democratic institutions and the value orientation of member states. Another significant trend in understanding hybrid threats is the close cooperation of the EU and NATO, aiming to complement each other in facing hybrid threats and crises. We can follow these trends in the EU and NATO strategic documents.

Among the key milestones we could consider the EU Joint Framework on countering hybrid threats – a European Union Response (April 2016) focused on strengthening the protection of critical infrastructure and cybersecurity to fight radicalisation and violent extremism.

The NATO summit in Warsaw (2016) brought a more complex solution by accepting seven so-called baseline requirements that reflect the nations’ view on resilience, which focus on continuity of government, continuity of essential services, security of critical civilian infrastructure, and support to military forces with civilian means. The results of the Warsaw Summit are a certain shift in the approach to hybrid threats. We can see an effort for a comprehensive concept with a society-wide dimension. The similar approach we can see in NATO 2030 Expert Group’s Report “United for a New Era” from 2020 refer extensively to the concept of resilience.  

Besides, joint communication with the European Parliament, the European Council and the Council (2018) focused on increasing resilience and bolstering capabilities to address hybrid threats.[18] The document elaborates on hybrid threats, which mainly associates with cyber-attacks and disinformation.

The Strategic Compass for the EU is an important step in terms of the EU approach towards current security challenges. This document brings a comprehensive understanding of hybrid threats and the definition of particular concepts and tools for their elimination.[19]

Institutional background and capabilities building

The EU and NATO have built institutions and allocated capacities to counter hybrid threats. Within both organizations, we see several directions in this area. First of all, it is about creating rapid reaction forces that can be deployed within a short period in a crisis area. NATO started to build the Very High Readiness Joint Task Force (VJTF) and EU Rapid Deployment Capacity. Another tool is specialized teams of experts to help individual countries resolve a conflict or crisis, the Develop Rapid Cyber Response in NATO or CSDP mission experts in the EU.

A critical capacity is undoubtedly the Hybrid Center of Excellence for Countering Hybrid Threats, established on 11 April 2017. Compared to the NATO Cooperative Cyber Defence Centre of Excellence, it deals with hybrid threats more complexly. The institutional background in the EU was oriented in two directions, one directly related to the creation of new institutions, such as the mentioned CoE. The other direction was integrating or creating new elements within existing institutions; for example, the EU established a Hybrid Fusion Cell as part of the EU Intelligence and Situation Centre.

Finally, the EU opened the possibility to finance projects related to hybrid threats from the European Defense Fund. The philosophy of capacity building is thus complementary. NATO focuses more on the military aspect, which runs through all five domains, including cyberspace. In contrast, the EU works more with a societal part. The EU realizes that especially eastern flank countries are vulnerable and more affected by disinformation; therefore, East StratCom Task Force plays an essential role in protecting them.

EU regulatory resilience measures

EU regulatory measures are primarily related to creating such an environment in which the spread of disinformation would be eliminated. The EU’s effort is to limit the spread of disinformation, which compromises societal resilience by fomenting polarisation and radicalisation and undermines trust in public institutions. As there is evidence of Russian influence on elections in various countries over the last decade, these activities are crucial for the EU.’

Finally, the EU is trying to regulate key digital platforms like Facebook or Google. It defines the rules to tackle illegal content and disinformation. In the future, however, it will be crucial that all member countries adopt regulatory measures as soon as possible because resilience to hybrid threats cannot be attained without an EU-wide set of norms.

What’s next?

Influence operations and the spread of disinformation are currently the biggest challenges for the EU. The goal of these activities is primarily to undermine trust in institutions and values. Their forms can differ, from influencing elections to economic pressures.

The EU should integrate the experience from COVID-19, the war in Ukraine and influencing elections during the last years into specific tools. But, the experience of countries is different, especially the eastern flank countries are exposed to more pressure than western countries; it will take a lot of work to achieve a consensus regarding common tools and approaches. Along with this, there is also the issue of implementing the mentioned tools into national strategic documents. Moreover, the lack of consensus also often stems from the different perceptions of the hybrid threats among the EU member states. It can be generally said that the Central and Eastern European member states are more sensitive to hybrid threats than their Western neighbours. Besides, regarding EU cooperation, it is also vital to explore the potential use of the Solidarity Clause (Article 222 of the TFEU) and the mutual defence clause (Art. 42(7) of the TEU) in case of “a wide-ranging and serious hybrid attack[20].

The aforementioned issue on how to implement individual tools and approaches in practice was discussed by policy experts and scholars in October 2022 at the Conference on Strengthening Resilience and Countering Hybrid Interference in Prague, which took place as one of the crucial events of the Czech Presidency in the Council of the EU. Most experts agreed that the implementation level would be critical to the next phase of the fight against hybrid threats. It was generally believed that the EU was only at the beginning of this process. At the same time, it was said that the actual practical use of individual tools could be clearer and more narrowed[21].

However, these facts should be clarified at the earliest possible convenience. The EU is under pressure concerning the security situation. An example is the spread of disinformation narratives in connection with the war in Ukraine. Disinformation is snowballing, and the tools to defend it are inadequate; therefore, the EU can’t wait any longer and must take action.

Another question, according to experts, is a lack of straightforward interoperability with NATO’s Strategic Concept. The EU and its Strategic Compass focus instead on regional perspectives and do not provide any view on the EU’s strategic position in the world. Therefore, the Strategic Compass should also reflect on this aspect[22].

At the same time, the global dimension of the Strategic Compass could be a possibility for the implementation of experience in dealing with hybrid threats in other parts of the world, an example being Taiwan. In general, the Strategic Compass is a realistic document that reflects on current security challenges, especially in Europe. To the contrary, developing it into a document that would reflect a long-term global strategy is still possible.

[1] Hoffman, Frank G. (2007). Conflict in the 21st Century: The Rise of Hybrid Wars. Arlington: Potomac Institute for Policy Studies.

[2] Hoffman, Frank G. (2006). Lessons from Lebanon: Hezbollah and Hybrid Wars. FIPRI, 2006, https://www.fpri.org/article/2006/08/lessons-from-lebanon-hezbollah-and-hybrid-wars/.

[3] Hoffman, Frank G. (2009). Hybrid vs. Compound War.  Armed Forces Journal, October 1, 2009.

[4] Fridman, Ofer (2018). Russian “Hybrid Warfare”: Resurgence and Politicization. Oxford University Press.

[5] Atlantic Council (2022) perceives the the „gray zone“ as a set of activities that occur between peace (or cooperation) and war (or armed conflict). A multitude of activities fall into this murky in-between—from nefarious economic activities, influence operations, and cyberattacks to mercenary operations, assassinations, and disinformation campaigns.

[6] See Galeotti, Mark (2016). Heavy Metal Diplomacy: Russia’s Political Use of Its Military in Europe Since 2014. London: European Council on Foreign Relations.

[7] See Šimečka, Michal and Tallis, Benjamin (2016). Collective Defence in the Age of Hybrid Warfare (Prague: IIR)

[8] Hybrid CoE (2022). Hybrid Threats as a Concept, https://www.hybridcoe.fi/hybrid-threats-as-a-phenomenon/.

[9] Czech Ministry of Defence (2021). National Strategy for Countering Hybrid Interference (Prague: CZ MoD).

[10] ibid

[11] Federal Ministry Republic of Austria (2022). Hybrid Threats, https://www.bmeia.gv.at/en/european-foreign-policy/global-issues/hybrid-threats/.

[12] Euroactiv (2022). Spain wants NATO to flag migration as ‘hybrid threat’ in policy roadmap, 9.6. 2022, https://www.euractiv.com/section/defence-and-security/news/spain-wants-nato-to-flag-migration-as-hybrid-threat-in-policy-roadmap/.

[13] Golubeva, Marija (2022). Baltics Bring Down the Shutters on Free Migration, October 2022, https://cepa.org/article/baltics-bring-down-the-shutters-on-free-migration/.

[14] Zandee, Dick and Meer, Sico van der and Stoetman, Adája (2021). Countering hybrid threats Steps for improving EU-NATO cooperation. Haag: Clingendael.

[15] EEAS (2022). Countering hybrid threats, March 2022, https://www.eeas.europa.eu/eeas/countering-hybrid-threats_en.

[16] Hybrid CoE (2022). Hybrid Threats as a Concept, https://www.hybridcoe.fi/hybrid-threats-as-a-phenomenon/.

[17] See Jacuch, Andrzej (2020). Countering Hybrid Threats: Resilience in the EU and NATO’s Strategies. The Copernicus Journal of Political Studies, 1 (2020), pp. 5–26.


[19] EEAS (2022). A Strategic Compass for Security and Defence, https://www.eeas.europa.eu/eeas/strategic-compass-security-and-defence-1_en.

[20] Galleoti, Mark (2017). Solidarity, Securitisation, and Europe in an Age of Hybrid Threats. CEPSR, 2017, pp. 1–6.

[21] Besides the discussion about the forthcoming EU Hybrid Toolbox, other panels also considered how to bolster resilience in Eastern Partnership countries, how hybrid threats can influence internal security and the future of the EU-NATO Cooperation in Resilience. The whole conference’s reasoning was that the Czech Republic perceives resilience towards hybrid threats as a crucial topic in its security and defence planning

[22] Gyevai, Balint (2022). The Strategic Compass and the Future if EU Foreign Policy, https://www.lymec.eu/the_strategic_compass_and_the_future_of_eu_foreign_policy.