ELISABETH BRAW i
Royal United Services Institute for Defence and Security Studies
BRIEFING PAPER The Case for Joint Military–Industry Greyzone Exercises
Elisabeth Braw BRIEFING PAPER 1
EXECUTIVE SUMMARY
Greyzone aggression is effective because it exploits gaps in countries’ defence. Virtually no liberal democracies are set up to defend themselves against a combination of non-kinetic attacks on civil society. It is, however, clear that the armed forces alone cannot defend their countries against this type of aggression. With businesses now finding themselves targets of geopolitically motivated aggression, such as cyber attacks, they can play a significant role in better defending themselves and, as a result, their countries of operation. Today, corporate crisis management exercises have a purely tactical scope, focusing on company-specific threats.
This paper proposes joint military–industry exercises to practise defence against greyzone aggression. Such exercises would, to some extent, mirror traditional military exercises. They would, however, be purely defensive in nature and include specific companies, which would volunteer to participate or be invited to do so. The exercises would be conducted under the authority of the interior ministry and would help the armed forces and participating companies to respond to a greyzone attack in a coordinated fashion. As with traditional military exercises, industry participation should involve participants at all levels up to the chief executive. A good model on which to build these are Sweden’s ‘total defence’ exercises, which were conducted until 1987 and resumed in 2019.
Businesses that participate in such joint greyzone exercises should be given International Organization for Standardization-style, industry-recognised certifications, which would signal their foresight and preparation to clients and consumers. Costs for the exercises should be borne by the armed forces, with participating businesses carrying their own costs. Key to the success of military–industry greyzone defence exercises would be the support and participation of top political decision-makers.
INTRODUCTION
The coronavirus pandemic has demonstrated a fundamental lack of preparedness for non-kinetic national contingencies around the world. In most advanced economies, the outbreak of the coronavirus pandemic caused confusion and panic, ranging from panic-buying by consumers to uncertainty among businesses about whether and how to maintain operations during the outbreak. In the UK, for example, many businesses in the hospitality sector – even those with takeaway and delivery services – were unable to remain open during the lockdown due to the lack of safety measures for operating during a pandemic.
This pandemic is not the last non-kinetic contingency likely to hit liberal democracies. On the contrary, greyzone aggression – aggression below ELISABETH BRAW 2
the threshold of kinetic violence – against liberal democracies is on the rise.1 While cyber attacks are the best known form of greyzone aggression, disinformation campaigns, as well as subversive actions that could, for example, see vital supply chains disrupted, also pose a significant threat. Indeed, the forms of greyzone aggression a hostile state can engage in is limited only by the imagination of that country’s officials. As demonstrated by Russia’s different ways of interfering with Western public discourse and elections,2 and China’s coercive diplomacy, officials in these countries have proven to be highly imaginative.3 In addition, extreme weather events and other contingencies caused by nature are similarly increasing, not least as a result of climate change.4
Such contingencies can cause damage as serious as that caused by a kinetic attack, especially in highly developed countries that depend on an intricate web of services functioning smoothly: power, internet, distribution of goods, ports, transportation and retail. A one-day disruption of, say, distribution centre software would cause an immediate crisis in the availability of food in an advanced economy. This paper calls this phenomenon the ‘convenience trap’. Developing countries are typically more accustomed to regular
1. NATO Strategic Communications Centre of Excellence’s list of areas of greyzone threats includes: territorial violation; non-governmental organisations; government-organised non-governmental organisations; espionage and infiltration; lawfare; agitation and civil unrest; exploitation of ethnic and cultural identities; media; cyber operations; coercion through threat or use of force. See NATO Strategic Communications Centre of Excellence, Hybrid Threats: A Strategic Communications Perspective (Riga: NATO Strategic Communications Centre of Excellence), p. 38. 2. Russian interference includes misinformation through media outlets such as Sputnik, spread of misinformation and disinformation on social media and attacks on election infrastructure. For a comprehensive review of Russian interference in the 2016 US elections, see US Senate Committee on Intelligence, ‘Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 US Election Volume 1: Russian Efforts Against Election Infrastructure With Additional Views’, report 116-XX, 116th Congress,
disruption. The average Nigerian company, for example, is expected to cope with an average 33 power cuts per month.5
The damage that greyzone aggression can cause makes defence against it imperative. While advanced economies have well-equipped armed forces that regularly exercise defence against kinetic aggression, they do not have whole-of-society exercises for greyzone scenarios or crises caused by nature (which can be exploited by hostile states). Only Sweden’s ‘total defence’ exercises come close. After a three-decade pause after the end of the Cold War, these exercises resumed in 2019.6
This paper seeks to understand how countries can better defend themselves against greyzone aggression. Greyzone actions occur below the threshold of war and this ambiguity can make it difficult for the targeted country to discern and then combat that aggression. This paper proposes that one way for targeted countries to address this serious vulnerability is to introduce joint military–industry greyzone defence exercises. It explains the utility of such exercises and proposes models for how they can be conducted.
The intention is for this paper to serve as a resource for policymakers and business leaders in charge of shoring up defence against greyzone aggression in its different forms.
METHODOLOGY AND DEFINITIONS
This paper is based on interviews with industry and military leaders in Europe and the US, and a targeted review of existing literature. The paper also builds on debates and events organised by RUSI as part of its Modern Deterrence project,7 which focuses on how liberal democracies can better defend themselves against new and emerging threats through a whole-of-society approach.
The paper focuses on ‘high-income countries’, the definition used by the World Bank for countries with a GDP per capita of $12,536 or more.8 Most of these countries (including European countries, North America, Australia and New Zealand) are considered liberal democracies.
The paper’s area of focus, greyzone aggression, is defined here as ‘competitive interactions among and within state and non-state actors that fall between
5. The World Bank, ‘Power Outages in Firms in a Typical Month (Number)’,
the traditional war and peace duality’.9 Greyzone aggression is related, but not identical, to hybrid warfare, although in the public debate the two are often conflated. In Frank G Hoffman’s definition – commonly used by scholars and military planners – ‘hybrid threats incorporate a full range of different modes of warfare including conventional capabilities, irregular tactics and formations, terrorist acts including indiscriminate violence and coercion, and criminal disorder’.10 Given that all wars include at least some irregular elements, all wars could also be described as hybrid.
NON-KINETIC AGGRESSION AND GREYZONE EXERCISES: CONTEXT AND BACKGROUND Greyzone aggression is on the rise. This form of attack exploits the gap between crime and kinetic military actions, meaning it does not fall under the clear responsibility of the police or the armed forces. Because of this, greyzone attacks are an effective way of causing harm at minimal cost and risk. The 2017 NotPetya attack is a good example. The virus was originally targeted at Ukraine, where it brought down the state IT network and the power companies Ukrenergo and Kyivenergo.11 However, it subsequently spread around the world and hit a range of multinationals, including pharmaceutical giant Merck, shipping company Maersk and snack conglomerate Mondelez. In total, the virus caused damage worth around $10 billion.12
In its 2020 Cyber Readiness Report, the insurer Hiscox notes that the financial damage caused by greyzone attacks is increasing significantly. In the US, the median cost per cyber attack was $50,000, up from $10,000 the previous year. In Germany, the median damage rose from $10,000 to $82,000; in Spain, the figure rose from $5,000 to $74,000.13 Indeed, it is not the quantity of cyber attacks that is changing but their sophistication. According to Samu Konttinen, the CEO of the Finnish cyber security company F-Secure:
the volume of cyber attacks is not going up, but not down either. What’s changing is that cyber attacks have become more sophisticated, and they’re being directed against specific targets. Opportunist attackers, the sort of attackers who used to dominate, don’t care who the target is. They just want the money. Armed forces
9. Philip Kapusta, ‘The Gray Zone’, Special Warfare Magazine, October–December 2015,
are not opportunistic. They want to attack a particular country, not just any country. This is the direction in which cyber attacks are developing. They’re becoming so sophisticated that you can’t stop them.14
Companies will always be targeted by criminals, but today they are also increasingly targeted in cyberspace by hostile states and their proxies.
They can be targeted outside cyberspace as well. Today, companies in all sectors rely on complex supply chains that most often have global components. Businesses do not even have a full view over which companies are involved in their supply chain. An average car manufacturer relies on some 5,000 suppliers – these are tier-one suppliers.15 Each of the suppliers, in turn, may use some 250 tier-two suppliers. That means that a manufacturer may have 1.25 million suppliers, the vast majority of whom they would not know.16 Many of the contractors may supply a key component for which the manufacturer has no backup – these are known as single-source suppliers. Such suppliers could, at the direction of a government wishing to cause another country harm, disrupt supply chains with serious consequences. Though such attacks have (as far as is known in the public domain) not yet taken place, like cyber attacks they pose a serious risk to advanced economies. Cyber threats stemming from skilled adversaries – usually hostile states – may target suppliers, rather than large, better-defended corporations, where they can cause considerable harm both to the supplier and the supply chain. Advanced economies are particularly vulnerable to the convenience trap as they have reached such a high level of technological sophistication. Greyzone attacks can cause a small disruption leading to entire systems stalling or even collapsing.
States are aware of the potential for attacks on civil society, although the focus was, until recently, on terrorist groups as the primary threat. In its 2017 Risk Register,17 the UK government highlights the following risks:
• Attacks on crowded places. • Attacks on transport. • Attacks on infrastructure. • Cyber attacks on infrastructure. • Cyber attacks on services.
Even seemingly innocuous sectors, such as food retail, are highly vulnerable to disruption. Between 2010 and 2015, more than half of UK food suppliers decreased their stock levels, which means they are dependent on constant
14. Author telephone interview with Samu Konttinen, 18 June 2020. 15. Elisabeth Braw, ‘The Manufacturer’s Dilemma’, Foreign Policy, 27 April 2019. 16. Ibid. 17. Cabinet Office, ‘National Risk Register Of Civil Emergencies: 2017 Edition’, September 2017,
deliveries via their supply chains.18 However, because advanced economies are highly dependent on the efficient functioning of food supply chains, these sectors are (sometimes unknowingly) on the frontlines of greyzone warfare.
CURRENT EXERCISE SETUP FOR GREYZONE SCENARIOS Armed forces constantly exercise and prepare for a range of scenarios, including non–kinetic actions. Kinetic aggression is often preceded or accompanied by non-kinetic elements – this is called hybrid warfare. Indeed, hybrid warfare is now being taken more seriously by Western armed forces. Though their scenarios are typically not publicly available, NATO’s accessible exercise list includes some hybrid elements. It is, however, primarily focused on irregular hostile forces (‘little green men’) and cyber attacks.19 Businesses Armed forces focus much less on exercising defence against greyzone scenarios. This is because the armed forces are not primarily – and certainly participating in not solely – responsible for defence against such acts of aggression. greyzone exercises Defence against greyzone aggression, in fact, falls between the clear zones of responsibility. That is, of course, precisely why it is an attractive area for could be given hostile states to focus on. The NotPetya attack on Maersk demonstrates the International dilemma a greyzone attack poses. Since NotPetya was focused on a private Organization for company and was not an official attack on Denmark, it was unclear how or whether the Danish armed forces could punish the Russian attackers, Standardization especially since the link to the Russian government was not established (ISO)-style until much later. Maersk is, however, also Denmark’s largest company, and an attack that takes it down for a week – as was the case – affects certification Denmark as a country.
Since businesses are frequent targets of aggression – from criminals as well as states – companies regularly conduct crisis-management exercises. Such exercises feature scenarios specific to the company or its sector, including kidnappings, bribery scandals or collapsing governments in developing countries where the business has operations. Indeed, while many companies have been affected by cyber attacks, the idea of their company being a strategic target of greyzone warfare is new to them. Many executives treat attacks on their companies as crimes rather than a product of hostile state aggression.20 However, executives in some countries, primarily Nordic and Baltic states, are becoming more aware of the changing nature of threats to their companies.
18. HM Government, ‘Food Statistics in Your Pocket 2017 – Global and UK Supply’, updated 9 October 2018,
Current corporate crisis-management exercises are primarily conducted in a table-top, role-play fashion.21 Such contingencies are the responsibility of the individual company and in some cases law enforcement agencies, not the armed forces. In their field of responsibility, in turn, the armed forces conduct table-top, computer-simulated and field exercises. Corporate crisis- management exercises are therefore poor preparation for greyzone attacks. Indeed, it would be impractical, not to say impossible, for a business to exercise greyzone defence on its own, simply because it would not be the only target and thus not the only entity required to react.
The crucial advantage of greyzone aggression vis-à-vis conventional kinetic aggression is that no single entity in the targeted country is responsible for defence against it. Though many countries have emergency management agencies, they can only coordinate the response, not single-handedly carry it out, and they would not be involved in any retribution against the attacker.
Western societies have struggled to find a rapid and effective response to the coronavirus pandemic. Greyzone attacks clearly differ from natural disasters in that the former has a hostile element. This severely complicates the response, as the targeted country must react without knowing the precise identity of the attacker and whether the aggression will comprise just the initial attack or is a prelude to others. Indeed, a greyzone attack may comprise several different elements and requires robust defence as a result.
‘The need for greyzone defence cannot be overstated’, argues Major General (ret.) Mats Engman, who leads the independent consultancy Independent Views and has many years of experience in national and international command post exercises.22 Effective defence against it clearly requires effective exercising. The most promising solution to date is Sweden’s ‘total defence’ exercises. During the Cold War, Sweden regularly conducted such exercises, which featured Soviet military attack scenarios and whole-of-society responses aimed at halting the advance of Soviet forces and keeping society functioning. The last such exercise was held in 1987, but after three decades, Sweden launched another one last year, Total Defence Exercise 2020, which will conclude in early 2021.23 The exercise is part of Sweden’s new total defence system, which was launched in 2015 and builds on Sweden’s Cold War framework.24 The resurrection and modernisation of the Cold War total defence system was primarily a reaction to Russia’s aggression against Ukraine, much of which was conducted in the greyzone.
21. Author observations; Waltteri Jokela, ‘Crisis Management Tool for Fortum Corporation’, February 2020,
Total Defence Exercise 2020 comprises the armed forces, a broad array of state institutions at the national, regional and local levels, the private sector, and volunteer organisations. In total, the exercise involves more than 400 entities, features a range of scenarios and includes greyzone elements.25 In the UK, the armed forces will carry out Exercise AGILE STANCE in autumn 2020, which has a partial civilian focus. Chief of the Defence Staff General Sir Nick Carter has raised crucial questions about societal resilience:
Do we know what ‘just in time logistics’ has done to our supply chains? Have we assured sovereign capability where we need it? Has our competitive procurement process shared risk with our suppliers as well as it might for our support solutions? And how do we improve the availability of our key platforms? What impact would Reserve, and Regular Reserve mobilisation have on our employers? These are all issues that must be tested, and our intention is to do just that in an exercise called AGILE STANCE next autumn. And we’ll need commitment from our industry partners to learn the necessary lessons and help us prepare to fight the war we might have to fight.26
JOINT ARMED FORCES–INDUSTRY GREYZONE EXERCISES The armed forces and industry rarely cooperate at an operational level, and when businesses play a role in military exercises it is in their capacity as commercial partners of the armed forces. For example, during NATO’s Trident Juncture 2018 exercise in Norway, Norwegian transportation companies contracted by the Norwegian armed forces participated.27 Their participation was, however, limited to providing logistics for the participating forces and the scenario did not involve an attack on Norwegian transportation companies.
To exercise defence against greyzone threats, this paper argues that the armed forces – working in conjunction with law enforcement, given the nature of the threats – and industry need to conduct joint exercises focusing on greyzone scenarios.28 Industry participation should clearly focus on sectors that are vital to national security in a broader sense. In the UK, such exercises would be a useful addition to the government’s Fusion Doctrine, which was introduced in 2018 with the aim of improving whole-of-
25. Försvarsmakten [Armed Forces of Sweden], ‘Totalförsvarsövning 2020’ [‘Total Defence Exercise 2020’]. 26. Nick Carter, ‘Annual Chief of the Defence Staff Lecture’, speech given at RUSI, 5 December 2019,
government responses to asymmetric threats.29 Exercises should address scenarios relevant to the participating sectors and must be conducted in accordance with laws regulating domestic military activities.
Joint military–industry greyzone exercises would be outside the conventional activities of both the armed forces and business but are nonetheless necessary. A first step could be for a greyzone component to be added to already planned national military exercises. The selection of private sector participants could be done according to a combination of national security priorities and private sector interest – the armed forces and other government agencies could invite specific companies, and businesses could also apply to participate. Participation would be based on a company’s relevance to national security and economic prosperity as well as their ability to field a team comprising relevant members at all levels of the organisation. Engman notes that ‘it is especially important to exercise greyzone defence Companies would jointly with the private sector as privatisation since the end of the Cold War means that much critical national infrastructure is now privately owned’.30 be invited to apply National security would need to be considered more broadly and align with a and would be country’s risk register. To this end, it would be beneficial if blue-light services also participated in the exercises. selected by armed forces exercise Extensive private sector participation would be vital to the effectiveness of greyzone exercises. Just as existing military exercises involve soldiers leaders based on and officers ranging from very junior to very senior, participation by staff their role in wider members at all levels of the organisation would help companies understand national security the operational requirements of a greyzone situation. It would also provide C-level executives with enough knowledge to make solid greyzone preparation plans for their respective companies, an area that shareholders are likely to examine closely as greyzone aggression increases. Shareholders will, for example, want to know that companies are able to continue operations in an attack like NotPetya, which left Maersk virtually paralysed for several days.31 While the government should carry the cost for the exercises including all logistics, companies should cover the expense for their own participation, primarily staff time. This should be treated as an investment in building up resilience in crisis rather than a wasted expense. In 2019, the Norwegian aluminium giant Norsk Hydro was targeted by a cyber attack that forced
29. HM Government, ‘National Security Capability Review’, 28 March 2018,
the company to operate ‘using pen and paper’, without the ability to rely on technology. The attack cost Norsk Hydro up to $75 million.32
A serious weakness of existing corporate crisis-management exercises is that they rarely involve top executives but are situated at the middle-manager level. Indeed, joint military–industry exercises would have the added benefit of teaching private sector representatives about current national security threats. The government could also create additional national security courses, linked to the exercises, for private sector representatives. This connects to this paper’s proposal that countries should consider introducing national security courses for rising managers in all parts of society.33 Finland conducts such courses to great effect.34
One should, of course, bear in mind the diverse and complex structures of large corporations. Not all parts of a large company may be relevant to greyzone exercises. Some top executives may not be able to allocate time for exercises, while others may be located in another country. Nevertheless, as the experience of Maersk, Merck and Mondelez makes clear, despite the inconvenience, it is prudent to take geopolitical aggression seriously.
Because table-top exercises cannot provide a full picture of unfolding events, greyzone exercises would need to include a computer-simulated component as well. Computer-simulated exercises would not be challenging to organise; armed forces in most Western countries use computer systems into which they enter exercise backgrounds, scenarios and details. ‘The challenge would be to identify private sector representatives who could help develop greyzone scenarios. Greyzone aggression is such a new concept to the private sector, which is precisely why defence against it needs to be practiced, there simply aren’t many executives with this expertise’, said Engman.35
As the armed forces are ultimately responsible for national security and have valuable experiences in planning and conducting exercises, they are also best positioned to lead greyzone exercises, including logistical arrangements. This would, of course, be based on their level of authority in accordance with national laws. As well as participating in developing exercise background and scenarios, businesses would select and send employees from every organisational level to the exercise. Doing so would not just mirror the proven way in which armed forces conduct exercises but also allow businesses to test and map their response to crises beyond their own operations in a realistic setting. Considering the harm the coronavirus pandemic has caused to business continuity – especially in its early stages – it is in the best interest of business to be better prepared for future contingencies.
32. Warwick Ashford, ‘Norsk Hydro Cyber Attack Could Cost up to $75m’, Computer Weekly, 23 July 2019. 33. Elisabeth Braw, ‘Stop Worrying and Learn to Love the Military-Industrial Complex’, Wall Street Journal, 2 January 2019. 34. Ibid. 35. Author telephone interview with Mats Engman, 30 July 2020. BRIEFING PAPER 11
Corporate interest levels may pose a challenge. Though the need for better greyzone preparedness should be clear to executives, the case for cooperation with the government may be less so. Referring to general corporate cooperation with the government in cyber security (though not specifically greyzone exercises), US Cyberspace Solarium Commissioner Chris Inglis, a former deputy director of the FBI, explained that:
In the area of cyber infrastructure, we have three clusters in the private sector: companies that operate on top of the digital infrastructure, companies that build digital infrastructure and companies that innovate in digital infrastructure. The latter group is not very interested in working with the government on issues of national security. They think of themselves as global even as they enjoy the protection of a particular country, for example the United States. You have to demonstrate to them that the government is a reliable partner, which you can for example do by providing information.36
That would be a promising approach for the government to pursue with joint greyzone exercises as well. The Enduring Security Framework, a US government initiative where private sector leaders are briefed on national security issues, is a good basis on which to build.37 Indeed, regular government briefings to business leaders focusing on national security risks should be part of liberal democracies’ preparations for greyzone aggression.
In addition, companies could be incentivised through certification. Businesses participating in greyzone exercises could, for example, be given International Organization for Standardization (ISO)-style certification,38 which would signal to their shareholders, customers and potential customers that they have reached a high standard of preparedness.
Another potential challenge is that sceptics could suspect joint military–industry greyzone exercises of being the first step towards a new ‘military–industrial complex’, an unhealthy closeness between the military and industry. In a similar vein, human rights advocates may argue that while such exercises might work in liberal democracies, in emerging democracies close collaboration between the armed forces and industry might pose a threat to certain citizens. This might be the case for companies that have access to individuals’ personal information. In Egypt, the government has been accused of using spyware to monitor opposition activists.39 Singapore, Israel and South Korea have used mobile phones, credit cards and CCTV to
36. Author telephone interview with Chris Inglis, 23 April 2020. 37. Cybersecurity and Infrastructure Security Agency, ‘Cipac Cross Sector Enduring Security Framework Working Group Agendas’, last updated 11 December 2019,
‘track and trace’ during the coronavirus pandemic, without asking individuals’ permission, raising concerns that such information could be used for more sinister purposes as well.40 Even though joint military–industry greyzone exercises would be extremely unlikely to pose a risk to individual citizens in advanced economies, this is nevertheless a fear that could be put to rest through rules barring businesses from sharing customers’ individual details with the armed forces.
Conversely, the involvement of private sector employees without security clearance in military-linked activities might pose a challenge. It could be overcome in two ways: greyzone exercises could either be generic, with the armed forces not using classified information; or private sector participants could be required to sign confidentiality agreements. Transmission of classified information to private sector participants would also need to be addressed, as regular commercial infrastructure cannot be used for classified information.
CONCLUSION AND POLICY RECOMMENDATIONS
Recently, greyzone warfare has been intensely discussed in liberal democracies, including the UK. This is especially the case since Russia’s annexation of Crimea in 2014. Some steps have been taken to improve defence against such attacks, primarily through better cyber defence. Sweden has resurrected its ‘total defence’ exercises, and the US Cyberspace Solarium Commission has put forward valuable proposals to ensure the continuity of the economy. To date, however, no comprehensive greyzone defence model exists.41 This is a serious vulnerability, not least because the West’s adversaries operate with considerable state–industry cohesion. This is an advantage that authoritarian countries have over liberal democracies.
But liberal democracies can defend themselves better against greyzone warfare than is currently the case. This paper argues that joint military–industry cooperation could be the most appropriate defence against non-kinetic acts of aggression. Such cooperation could be achieved through greyzone exercises within the following framework:
• The exercises would be conducted jointly by the armed forces and selected businesses and led by the armed forces, operating under interior ministry authority and involving regional and local government representatives.
40. Arjun Kharpal, ‘Use of Surveillance to Fight Coronavirus Raises Concerns About Government Power After Pandemic Ends’, CNBC, 26 March 2020. 41. Reports exist but they have not yet been implemented in policy. See, for example, Multinational Capability Development Campaign, ‘MCDC Countering Hybrid Warfare Project: Countering Hybrid Warfare’, March 2019,
• Corporate participation would take place on a voluntary basis. Companies would be invited to apply and would be selected by armed forces exercise leaders based on their role in wider national security, including transportation, food production, distribution and retail, as well as their ability to field teams with members from all levels of the organisation. • As exercise participation would not be mandatory for businesses, no new legislation would be needed. • The exercises should be conducted regularly, each time involving a different group of companies (perhaps sector specific) and with both table-top and computer-simulated exercise elements. • To incentivise private sector participation, governments should consider ISO-style certification of businesses that have successfully completed at least one greyzone exercise. • Challenges include confidentiality of information (both classified information belonging to the armed forces and customer data from businesses). Such challenges could be addressed by making participation contingent on keeping data secure.
Exercises would yield highly valuable insights for both the armed forces (and thus the government) and individual businesses, which they could use to individually strengthen their greyzone defence, and which the government could also use in national security planning. Greyzone exercises would signal to the West’s competitors that even though the state and industry are less cohesive in liberal democracies than in authoritarian countries, their different components are willing and able to work together to strengthen their resilience to greyzone aggression. This would act as a deterrent. The knowledge gained in the exercises would also be useful in overseas crises when Western governments send assistance teams and often buy services from private companies. The ability to send a package of soldiers, blue-light specialists and private sector teams jointly trained in greyzone scenarios would increase the efficiency of the assistance and aid the donor country’s soft power efforts.
The ultimate success of the exercises, and thus their deterrence value, however, depends on the participation of political leaders. With political leaders playing a part in greyzone exercises, their countries would be well prepared to defend themselves against greyzone attacks – and their adversaries would know it.
ABOUT THE AUTHOR
Elisabeth Braw is a Senior Research Fellow at RUSI and directs the Modern Deterrence Project. About RUSI
The Royal United Services Institute (RUSI) is the world’s oldest and the UK’s leading defence and security think tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is a research-led institute, producing independent, practical and innovative analysis to address today’s complex challenges.
Since its foundation in 1831, RUSI has relied on its members to support its activities. Together with revenue from research, publications and conferences, RUSI has sustained its political independence for 189 years.
The views expressed in this publication are those of the author(s), and do not necessarily reflect the views of RUSI or any other institution.
Published in 2020 by the Royal United Services Institute for Defence and Security Studies. RUSI is a registered charity (No. 210639).
This work is licensed under a Creative Commons Attribution – Non-Commercial – No-Derivatives 4.0 International Licence. For more information, see
Royal United Services Institute for Defence and Security Studies Whitehall London SW1A 2ET United Kingdom +44 (0)20 7747 2600 www.rusi.org
RUSI is a registered charity (No. 210639)