Hybrid warfare, a complex strategy blending conventional military tactics with cyber, political, and economic pressures, poses a significant challenge to global security. Private entities, particularly those overseeing critical infrastructure (CI) and critical information infrastructure (CII), such as energy and telecommunications, have become both prime targets and essential defenders against such threats. Adversaries increasingly aim to exploit vulnerabilities within private sectors to disrupt national services and erode public trust. This article explores the dual role of private entities in hybrid warfare, emphasizing their strategic importance in defending national security. As hybrid threats evolve, these entities are not just passive targets but active partners in preparation, incident response, and crisis management. Their involvement, particularly in cybersecurity, makes them indispensable in developing comprehensive national defence strategies. However, the involvement of private companies also introduces legal complexities, especially concerning their status in conflict zones and responsibilities under international law. Existing policies and legal frameworks must evolve to address the changing nature of warfare; ensuring private entities are effectively integrated into national security strategies. This article advocates for stronger public-private partnerships, standardized cybersecurity practices, and clear legal frameworks that define the role of private entities. By leveraging their resources and expertise, governments can enhance resilience against hybrid threats.
The Role of Private Entities in Hybrid Warfare: Navigating Policy, Legal Frameworks and Cybersecurity Challenges
Hybrid warfare, a modern military strategy first proposed by Frank Hoffman, blends conventional and unconventional methods – including political warfare, cyber warfare, irregular tactics and non-military means such as economic pressure and foreign information manipulation and interference (FIMI) – to disrupt and disable an opponent’s actions without resorting to full-scale war. This complex and evolving threat to global security blurs the lines between traditional and non-traditional tactics, making it difficult to distinguish between combatants and civilians, as well as between times of war and peace.
In today’s increasingly digitalised world, hybrid warfare has become more prevalent, with private entities playing a central role in this evolving landscape. These entities – particularly those controlling or acting as major contributors to Critical Infrastructure (CI) and Critical Information Infrastructure (CII) such as energy, telecommunications, finance and associated databases – are vital to national security, and can be prime targets in hybrid conflicts. Adversaries often aim to disrupt essential services and undermine public confidence by targeting these key sectors. In cases where the primary governmental infrastructure may be too secure, it can be advantageous to target third-party providers that are critical to the functioning of CI or CII.
However, private entities are not merely passive targets; they are also strategic partners in defending against and responding to hybrid threats. Their involvement is crucial across multiple dimensions: preparation, incident response and the management of crises. These entities contribute significantly to pre-emptive planning and active response by leveraging their expertise in cybersecurity and managing complex networks. They are key to a resilient defence posture as their proactive engagement in information sharing and strategic planning makes them indispensable in formulating comprehensive security strategies that anticipate and mitigate hybrid threats, which is essential for national security.
Overall, hybrid warfare represents a significant and evolving threat to global security, necessitating the full integration of private entities into national and international security frameworks. These entities are not only targets but also essential partners in defending against and managing the multifaceted threats posed by modern warfare. Their expertise, resources and capacity for innovation make them indispensable allies in ensuring that nations are better prepared to face the complex challenges of hybrid warfare in today’s digitalised world.
Addressing policy gaps and enhancing legal frameworks
As hybrid warfare continues to evolve, existing policies and legal frameworks governing the involvement of private entities in national security must adapt to address emerging challenges. Currently, national policies vary widely in their approach to public-private partnerships (PPPs) in cybersecurity. While some sectors, such as finance and energy, have developed robust security protocols, others, like healthcare and telecommunications, lag behind.
At the international level, frameworks such as the Budapest Convention on Cybercrime and processes such as the United Nations’ Open-Ended Working Group (OEWG) on ICT security that provide guidelines for responsible state behaviour in cyberspace recognise the importance of public-private partnerships in trust building, sharing of technical expertise and improving collective responses. Further, many countries lack formal mechanisms that set standards or protocols to define the synergistic relationship required or to ensure compliance and do not always account for the rapidly changing nature of hybrid threats. To address these gaps, there is a need for greater emphasis on developing public-private partnerships that go beyond information sharing. These partnerships should include joint cyber defence exercises, regular security audits and the development of integrated response plans that involve both public and private stakeholders.
Furthermore, international legal frameworks must be updated to reflect the changing nature of warfare and the increasing involvement of private entities. New treaties or amendments to existing ones should explicitly define the responsibilities of private companies in hybrid conflicts and provide mechanisms for holding them accountable. Additionally, efforts should be made to standardise cybersecurity practices across industries and countries, possibly through the adoption of international standards such as ISO/IEC 27001, with incentives for compliance.
The legal complexities of private sector involvement in hybrid warfare
The involvement of private entities in hybrid warfare raises significant legal questions, particularly concerning their status and responsibilities under international law. The Geneva Conventions, which form the cornerstone of international humanitarian law, were designed for traditional state-based conflicts and do not adequately address the role of private corporations in modern warfare. This ambiguity has led to debates over whether private companies should be considered combatants or non-combatants and what legal protections they are entitled to in conflict zones.
Cyber operations, largely driven by technological advances within the private sector, pose additional challenges to international law. While cyberattacks may not result in immediate physical damage, their psychological, economic and political impacts can be profound. This raises questions about whether such acts constitute a use of force under Article 2(4) of the United Nations Charter and what responsibilities private entities bear in preventing their infrastructure from being used to launch cyberattacks.
To address these legal challenges, there is a need for greater harmonisation between national and international legal frameworks. This could involve the development of global standards for cybersecurity and hybrid warfare, as well as the establishment of international oversight mechanisms to ensure compliance.
Moving towards a synergistic approach to hybrid warfare
The complexities of hybrid warfare demand a synergistic approach that fully integrates private entities into both national and international security frameworks. Given their control over key aspects of critical infrastructure and their advanced technological capabilities, private companies are not just participants in the defence ecosystem but are strategic partners whose proactive involvement is essential for an effective global response to hybrid threats. Their expertise in cybersecurity, incident management and public communication plays a crucial role in fortifying national defences and ensuring resilience against cyberattacks and other forms of hybrid warfare.
A truly synergistic approach necessitates the creation of integrated cybersecurity frameworks that position private entities as key stakeholders. These frameworks should be grounded in international standards and should mandate actions such as breach reporting, regular security audits and continuous threat assessments. By embedding private companies into these processes, governments can leverage their specialised knowledge and resources to enhance national security measures. Moreover, recognising the critical role that private entities play, governments should incentivise their compliance with these frameworks through economic benefits like tax breaks or preferential treatment in government contracts for companies that meet or exceed cybersecurity standards. Private entities are critical elements of the supply chain, often acting as the single point of failure (SPOF). At this critical part of the supply chain, a failure can disrupt the entire process or system, leading to inefficiencies, delays or even total failure. Thus, it is critical to not only identify these entities but to work with them during incident response planning, as an attack on one such entity has potential to lead to disruption of CI and CII.
To optimise collaboration between the public and private sectors, several practical steps are essential. Establishing secure platforms for real-time threat intelligence sharing is one such step, ensuring that both sectors are aligned in their understanding of emerging threats and can respond swiftly and cohesively. Regular joint threat assessment meetings are also critical, allowing for the continuous exchange of insights and the refinement of strategies based on the latest threat intelligence. These meetings should involve key private entities that manage critical infrastructure, as their operational insights are invaluable in shaping effective defence strategies. Furthermore, designated points of contact with sufficient authority should be established within both the public and private sectors to ensure timely and coordinated responses to cyber incidents. These points of contact should be empowered to make quick decisions during crises, facilitating rapid mobilisation of resources and expertise. By maintaining open lines of communication and clear roles within this integrated framework, both sectors can act swiftly and effectively in the face of hybrid threats.
Seamless information sharing between private entities and government agencies is essential for situational awareness and planning. However, concerns about data leaks – and the resulting potential for damage to a corporate reputations or competitive positions – often hinder private-sector cooperation. To encourage more robust sharing, legal safeguards must be in place to protect sensitive information provided by private entities. These safeguards could include non-disclosure agreements, clear legal frameworks to limit the exposure of proprietary information, and regulations ensuring that shared data is used solely for national security purposes. By creating a secure and legally protected environment for information sharing, the government can build trust with the private sector, making companies more willing to share critical threat intelligence, incident data and vulnerabilities without fear of legal or reputational repercussions. This, in turn, enhances the overall resilience and effectiveness of both public and private sector responses to hybrid warfare threats.
Beyond technical and operational collaboration, private entities also have a crucial role in managing public perception. Through transparent communication and accurate information dissemination, they can help maintain public confidence in the resilience of critical services, thereby reducing the fear and uncertainty that adversaries often seek to exploit. By providing clear and accurate information about ongoing threats and the measures being taken to address them, these entities help to mitigate the psychological and social impact of hybrid attacks, ensuring societal stability. In the face of hybrid warfare, controlling the narrative and maintaining social stability is as important as good technical defences, and it requires a coordinated effort between private entities and government agencies.
A synergistic approach to hybrid warfare is not merely about integrating private entities into existing security frameworks; it is about recognising and harnessing their full potential as strategic partners. By fostering robust public-private partnerships, creating integrated cybersecurity frameworks and ensuring seamless collaboration, governments can significantly enhance their ability to defend against the multifaceted threats posed by hybrid warfare. The proactive involvement of private entities in all stages of conflict management – from planning and prevention to response and recovery – will be crucial in building a resilient, secure and stable global environment.
Conclusion
The involvement of private entities in hybrid warfare presents both challenges and opportunities for national and international security. As this form of warfare continues to evolve, it is imperative that policies, legal frameworks and cybersecurity practices adapt to address the complexities of modern conflicts.
Private entities play a critical role in defending against hybrid threats, and their integration into national and international security frameworks is essential for enhancing global responses to these threats. By developing robust public-private partnerships, updating legal frameworks and adopting integrated cybersecurity practices, governments and private companies can work together to create a more secure and resilient cyberspace.
As policymakers, diplomats, intelligence analysts and law enforcement officials continue to grapple with the challenges of hybrid warfare, it is clear that the role of private entities will only become more important. Future research and policy development should focus on further exploring the legal and ethical implications of private sector involvement in hybrid conflicts, as well as identifying new ways to strengthen collaboration between the public and private sectors.
