Russia is using hybrid attacks to strike throughout Europe and even across the Atlantic: election interference in the U.S. and France; kidnappings and attempted assassinations in Estonia and Montenegro; cyber-attacks in Norway, Poland, Ukraine, and elsewhere. But the transatlantic community’s ability to respond is hindered by the rift between two organizations that should be leading the way: NATO and the EU.
Despite having 22 member states in common, the organizations have long talked with each other as if the commonality at their core does not exist. While they pay lip service to partnership and cooperation, NATO and the EU have struggled merely to communicate and coordinate, let alone implement anything together.
Recent years have brought increasing recognition of the need to overcome this impasse. Last year’s Joint Declaration touched off improvements in NATO-EU relations, and notable movement toward collective efforts includes the EU’s Joint Framework and Finland’s new European Center of Excellence for Countering Hybrid Threats (Hybrid COE). Supported by many NATO and EU nations, the Helsinki-based center will serve as a hub for collective analysis, joint exercises and training, and other activities.
But more is required. The two organizations must develop a rational, coordinated approach to Russian hybrid attacks, which are rising in frequency and sophistication. Coordination between NATO and the EU may not be easy, but there are several practical steps that the two organizations can undertake:
- Create a hub to monitor Russian activity, similar to NATO’s new hub for the south. This could be housed in Brussels with a joint NATO-EU unit, or perhaps in conjunction with NATO’s Joint Forces Command Brunsuum. It could also be coordinated at the new Hybrid COE in Helsinki. This hub—and existing hybrid intel units–should incorporate the ever-increasing threat analyses from private companies and non-governmental organizations such as cyber security firms and digital analysis centers.
- Establish an operational approach to coordinate cybersecurity entities, ranging from militaries and national computer emergency response teams (CERTs) to private players such as Internet service providers and in key sectors like electric grids and finance. This would be particularly important for high-end attacks, such as against multiple countries, where it would be crucial to have coordinated command-and-control processes, rules of engagement, and contingency plans. Given that most nations are unable to forestall Russian cyber efforts on their own, coordinated NATO-EU efforts should use the capabilities of more advanced cyber nations to support less-capable ones.
- Elevate cyber’s role in exercises. Network warfare’s current peripheral status inhibits the ability to test assumptions, see what works, and take stock of lessons. NATO and the EU should incorporate major cyber elements into exercises and training.
- Prepare for crisis management. Russia’s actions in Estonia, Ukraine, and Georgia demonstrate the potential for individual hybrid attacks to escalate into low-level conflict. To effectively deter and respond to these activities, NATO, the EU, and their nations should work to coordinate the activities of militaries, special forces, and national police and law enforcement agencies with institutional bodies, such as NATO Force Integration Units, multinational battalions, FRONTEX, and European Border Guard Teams. NATO and the EU should also set out coordinated contingency plans, conduct more integrated and frequent exercises, and establish shared resilience requirements for hybrid scenarios.
- Set up a NATO-EU Coordinating Council to extend cooperation on hybrid threats beyond today’s informal and limited efforts. Rather than existing as a formal structure that would add to bureaucratic tensions, the concept could be an informal but structured activity, in the same way as the well-established Proliferation Security Initiative. The Council would convene representatives from NATO and EU bodies, transatlantic national governments, and the private sector to discuss shared challenges and develop coordinated responses (i.e., diplomatic, economic, information, security and military actions). It would operate on a voluntary, consensus basis – similar to the Financial Stability Board – providing a much-needed platform for willing NATO and EU nations to engage, share insights and information, and outline action plans, which can then be implemented as chosen in each national context.
This is just a start. Much more must be done to deconflict and deepen coordination between NATO and the EU, so that their members’ collective capabilities may be put to most effective use against the hybrid challenges of today and tomorrow.