logo die linke 530x168
Left Party of Germany

The West attempts hybrid resistance

The EU and NATO are training for their joint rapid response in the event of a crisis with three coordinated exercises. The simulated threat comes from Russia, hackers, the caliphate, immigrants and globalisation critics

By Matthias Monroy

On 1 September the European Union and NATO will start their shared "EU Parallel and Coordinated Exercise 2017" (EU PACE17). This is according to a Council Document published online by the British civil rights organisation Statewatch. The two alliances will test their crisis management structures over six weeks.

NATO is responsible for leading the exercise, the section organised by it is referred to as "NATO CMX17". The NATO is also responsible for escalating hypothetical scenarios with daily "injections". This also incorporates the "EU CYBRID 2017" short cyber exercise, which will see EU defence ministers test the political reaction to cyber-attacks on 7 September in Tallinn, Estonia.

There is a particular focus on so-called hybrid threats, for which there is no uniform definition. In security policy discourse, these refer to coordinated activities by state and non-state actors. This includes military and para-military action, as seen in Ukraine, as well as cyber-attacks or destabilisation through "fake news". Applying this logic, hybrid threats are below the threshold of armed conflict. Political and military reactions are made more difficult as the attacking party is hidden.

Russia referred to as "Froterre"

Although the description also applies to Western military operations in Latin America, Iraq or Libya, hybrid threats are generally ascribed to Russia. This is also reflected in "EU PACE17": the geopolitical setting of the exercise features a "quasi-democratic country" taking an increasingly clear stance against the European Union in economic and military terms.

Russia is referred to here as "Froterre". Its values are described as being opposed to those of the West. While elections are held in 2018, there is no serious opposition in "Froterre". The imaginary state could in this respect also allude to Turkey or China. There is however a particular threat posed by the special "cyber capabilities" of this government, which has access to "hackers, hacktivists, and the national media". Like Russia, "Froterre" is regularly suspected of being behind hybrid attacks. However, evidence of this is lacking, both in real life and in the exercise.

Here, a further cyber threat comes into play, specified in the exercise as "APT MANTICORE WOLF" and "APT CHMIERA WOLF". This is undoubtedly an allusion to the two "Advanced Persistent Threat" (APT) groups 28 and 29, also referred to as "fancy bear" and "cosy bear". For some time, APT 28 and 29 were viewed as state actors. In the interim, German security chiefs have backpedalled somewhat and consider that these could also be patriotic hackers. This context is also imagined in the EU-NATO exercise. There, "APT MANTICORE WOLF" represents attacks on military institutions, while "APT CHIMERA WOLF" specialises in industrial espionage in the "oil-sector".

"Organizing riots disguised as demonstrations"

The West is also threatened by a "newborn extremist state"(NEXSTA), which aims as a "religious sect" to establish a caliphate worldwide. As with "Froterre", it is also understood that their ideology clashes with the European way of life. Western countries are rejected by NEXSTA as decadent and a threat to religious values. The caliphate’s fighters wish to spread their culture through Europe with persuasion, pressure and terror. NEXSTA uses methods of digital propaganda, but has only limited cyber capabilities. However, they hope to enlist "hackers" for this.

In the exercise, an "anti-globalisation group" (AGG) is also wreaking havoc. It is described as an international movement specialised in "organizing riots disguised as demonstrations". This may be an attempt to discredit the G20 protests in Hamburg; the planning document for the PACE exercise is dated the week after the summit. According to the paper, the AGG is particularly active on social media. Its methods also include sending mass emails, described as "spamming".

Anonymous donations via cryptocurrency

Unlike the anti-globalisation movement, the AGG is supposed to represent an organisation that finances anti-military and anti-racist NGOs in EU member states. The groups supported are especially critical of the European Union’s military presence in the Mediterranean.

This may draw parallels with the conspiracy theories surrounding billionaire George Soros, who according to right-wing groups has been fuelling migratory flows into the EU with the targeted injection of funds. However, the AGG’s wealth does not come from the stock market, but rather from states hostile to the EU. The largest donor is the imaginary state "Froterre", with additional funds coming as cryptocurrency from anonymous donors.

Finally, there are of course the migrants in the Mediterranean. In the hypothetical scenario in the EU exercise, the fight against the migrants’ facilitators is dubbed "Operation AIFOS". In real life, the AIFOS military mission is called SOPHIA and operates planes, boats and submarines along the Libyan coast. Both AIFOS and SOPHIA have their EU headquarters in Rome.

Military reaction to cyber threats?

The European Union and NATO must now take strategic and operational measures against the shark tank of five major "threats". Responsibility for these lies with the staff teams in Brussels, on the EU-side this is the European External Action Service. The exercises do however bear the hallmarks of the current Estonian European Council Presidency. This may be the reason why they were organised together with NATO‘s Cooperative Cyber Defence Centre of Excellence (CCDCoE), which is located in Tallinn.

An interesting question is whether training will also occur above the threshold of an armed conflict. This could mean that the cybersphere becomes a site of conflict started by a conventional attack on a member state. In this way, cyber-attacks on member states could lead to EU and NATO responding with military action.

In addition to the civilian and military structures of the European External Action Service, several divisions of the European Commission and the Council are involved in EU PACE17. The EU published their instruments last year in a "playbook". Information arriving from various sources, including satellite reconnaissance, comes together at the EU Intelligence and Situation Centre INTCEN. The European External Action Service has established a "Hybrid Fusion Cell" there to combat hybrid threats.

Finally, the Brussels team for "Strategic Communication" (STRATCOM) is to be launched. This was established to use counter-propaganda to counteract the anticipated propaganda and disinformation associated with hybrid threats.

In the three EU and NATO exercises, STRATCOM takes on the only non-fictional role together with the Council’s press office: public communication of how the placeholders for Russia, hackers, the caliphate, migrants and critics of globalisation can be successfully combatted. The department in Brussels is to draw up core messages for this and consider which audience in particular is to be addressed with these in September. The five great threats facing the West assumed by the EU and NATO are thus also likely to become talking points in the run-up to the Bundestag election.

Translation: German Bundestag