Editor’s note: This article is part of a series, “Full-Spectrum: Capabilities and Authorities in Cyber and the Information Environment.” The series endeavors to present expert commentary on diverse issues surrounding US competition with peer and near-peer competitors in the cyber and information spaces. Read all articles in the series here.

Special thanks to series editors Capt. Maggie Smith, PhD of the Army Cyber Institute and MWI fellow Dr. Barnett S. Koven.


The term unconventional warfare (UW) is commonly misunderstood and subject to frequent calls for revision. The Department of Defense Dictionary defines UW as “activities conducted to enable a resistance movement or insurgency to coerce, disrupt, or overthrow a government or occupying power by operating through or with an underground, auxiliary, and guerrilla force in a denied area.” Originally considered the specialty of US Army Special Forces, UW’s scope and definition has expanded and, by 2015, included various components of the US government. Doctrinally, UW has three objectives: to coerce, disrupt, or overthrow an adversary. However, too often, the focus of UW discussions is centered on support to indigenous forces to enable the overthrow of an oppressive regime—rarely is the focus on coercion or disruption. Yet, an improved understanding of UW and, more specifically, the operational or strategic disruption of an adversary, will allow the US government to better recognize when our enemies apply UW techniques against the United States or our allies and partners.

This article examines UW from the perspective of great power competition and the current state of persistent engagement with one of our near-peer competitors, Russia. Today’s perpetual competition is the manifestation of great power competition as defined in the 2017 National Security Strategy and revisited in the Interim National Security Strategic Guidance released in 2021. Specifically, this article investigates Russian integrated operations in the information environment (OIE) and cyber domain as a form of continuous competition that falls below the threshold of open armed conflict. We assess Russia’s OIE effects and capabilities, our understanding of Russian OIE, and potential responses to Russian aggression.

The Problem

Russian OIE is executed with a specific purpose. However, the United States has failed to properly qualify these activities and the threat they pose to national security, affecting our ability to adequately counter and deter the threat. Much of the problem is rooted in the terminology applied toward understanding the problem of Russian OIE. Terms like “malign activities,” “influence operations,” and “disinformation” have all been used to describe Russian OIE, but none of the terms adequately capture OIE’s disruptive effects or Russia’s intent. The inadequacy of current terminology and the ways that certain terms can confuse rather than clarify Russia’s OIE is illustrated by the example of Eastern Europe.

Russian OIE in Eastern Europe and the Baltics

Over the past decade, Russia has worked to expand its sphere of influence and control into former Soviet or Warsaw Pact territory to the greatest extent possible without triggering a NATO Article 5 response. Russia has taken calculated measures to prevent Ukraine from controlling its easternmost territory through its continued involvement in the ongoing conflict over Crimea and the Donbas. Russian activity in the region effectively derailed, and ultimately prevented, Ukraine’s bid to join NATO and the European Union. Additionally, Russia’s threat to the Baltic states is increasing in ways that do not involve the use of military force. Instead, Russia has significantly increased its ability to access and influence the information environment.

An important aspect of operating in the information environment is the ability to conduct operations in and through cyberspace. To this end, Russia has invested heavily in cyber capabilities, increasing its ability to conduct destructive attacks in cyberspace and to exert pressure on Eastern Europe and the Baltic states. For example, in 2006, sparked by the Estonian decision to remove a Russian World War II memorial, the “Bronze Soldier,” Russia conducted an intensive, three-week-long cyberattack against Estonia. Later, in 2008, Russia conducted a coordinated military offensive that included cyber and kinetic attacks against Georgia to seize Abkhazia and North Ossetia. And, in June 2017, the Russians conducted the most destructive cyberattack to date, using malware known as NotPetya against Ukraine’s critical infrastructure and other targets.

Eastern European and Baltic Resilience in the Information Environment

Due to the ongoing threat of Russian aggression, the Baltic states (and Sweden) distribute detailed guidance to their populations regarding what to do in the event of a Russian military invasion. However, the Baltic nations are similarly well prepared for cyber engagements. In 2006, before the “Bronze Soldier” attack discussed above, Estonia presciently created its first Cyber Emergency Response Team, designed to mitigate the effects of Russian denial-of-service attacks. After the attack, Estonia further expanded its cyber incident response capabilities and created a cyber defense unit within the Estonian Defense League. Not surprisingly, Estonia continues to exhibit a high and expanding degree of cyber resiliency, and is internationally known for the NATO Cooperative Cyber Defence Center of Excellence established in 2008. Latvia soon followed Estonia’s lead and created NATO’s Strategic Communications Center of Excellence.

Another, distinctly Baltic, development in cyber defense occurred in Lithuania: in 2015, the Lithuanians created the “elves,” a volunteer network of citizens charged with monitoring the internet for Russian disinformation. The Czech Republic is also an innovative leader in combating Russian disinformation and created the Centre Against Terrorism and Hybrid Threats in 2017. Finland similarly created the European Centre of Excellence for Countering Hybrid Threats, which cooperates with NATO states. This, coupled with support from US Cyber Command and foreign internal defense activities, makes the Baltic and Eastern European nations very competent and capable defenders in cyberspace and much of the information environment.

Russian OIE in the United States

Russia has also extended its cyber reach into the domestic United States. On March 16, 2021 the Office of the Director of National Intelligence released the declassified intelligence community assessment of foreign threats to the 2020 US federal elections. The report specifically identifies Russia as interfering in those elections with the intent of exacerbating preexisting social divisions and undermining American’s trust and confidence in democratic institutions. The intelligence community assessment states that a range of Russian government organizations participated in the influence operations, using Russian state and proxy actors to affect public perceptions in a strategic and calculated manner. A key element of Moscow’s strategy was its use of proxies linked to Russian intelligence that pushed influence narratives—including misleading or unsubstantiated allegations against political figures, media organizations, US officials, and even private US citizens.

Russia’s influence campaigns during the 2020 election cycle are only a small part of Russian OIE, which includes the hacking of the Democratic National Committee in 2016, the recent SolarWinds hack, and other activities. Russia’s ability to reach directly into the US domestic information environment enables Russian shaping operations and gives the Russians access to, and influence in, the US public sphere.

Russian OIE and Disruption

Broadening the aperture from the tactical application of cyber warfare to the more expansive and inclusive zone of OIE allows us to better understand the characteristics of Russian aggression in the information space. Understanding OIE is crucial to exerting dominance in the information environment. For example, the inability to comprehend the strategic scope of Russian OIE in Crimea in 2014 prevented a quick response from Ukraine and Western allies and partners, which allowed Russia enough freedom of movement to shape the domestic information environment before quickly mobilizing its ground forces—a move that took the Ukrainians and the West by surprise.

In short, Russian OIE is used in two ways: as either a main or a supporting effort. OIE with the intent of disruption was the main effort for Russian interference in the 2016 and 2020 US presidential elections. In Georgia, Russian OIE was a precursor to armed conflict and was used to shape the information environment before ground troops were mobilized. History dictates that Russia will continue to make use of OIE in future engagements—as a supporting or a main effort—including in any action Russia chooses to take against NATO.

US Cognitive Tools

Comparatively, Russian OIE far exceeds US capabilities. Recently, the Irregular Warfare Annex to the 2018 National Defense Strategy affirmed that the United States is engaged in global competition to advance its interests and gain enduring strategic advantage. Additionally, DoD’s approach to irregular warfare encompasses both competition and conflict with potential state adversaries. The annex encourages DoD to take the initiative and engage in asymmetric and indirect efforts to erode an adversary’s power, influence, and will. DoD should also adopt proactive, dynamic, and unorthodox approaches to irregular warfare to shape, prevent, and prevail against adversaries. In doing so, it will maintain favorable regional balances of power. Activities like information support operations, cyberspace operations, countering threat networks, counter–threat finance, civil-military operations, and security cooperation can help shape the information environment. Finally, acknowledging that state adversaries and their proxies increasingly seek to prevail in the information environment using irregular warfare tactics, the annex indicates that irregular warfare tactics can also proactively shape conditions to the United States’ advantage in great power competition.

The annex also reaffirms irregular warfare–specific missions, like UW. Even though UW—as currently defined—requires underground, auxiliary, and guerrilla forces, a key UW objective is disruption, and we argue that disruption is the objective of Russian OIE. Additionally, in today’s interconnected world—where human perception is easily influenced—Russia’s use of witting and unwitting proxies (instead of underground, auxiliary, and guerrilla forces) to conduct its OIE achieves a similar effect. Indeed, disruption per UW is what Russian OIE accomplished during the 2020 US elections.

Russian OIE against the United States has included influence operations to undermine public confidence in the US electoral process, and to exacerbate current social and political divisions within the US population. Russia also uses proxy actors to affect public perceptions and proxies linked to Russian intelligence to push influence narratives through social media. Because cognitive perceptions are primarily formed and shaped via interconnected cyber and information environments, Russia does not need the traditional components of UW (underground, auxiliary, and guerrilla forces) to disrupt.

Yet, the terms “disruption” and “disrupt” are not defined by the DoD Dictionary or the Irregular Warfare Annex despite being a UW objective targeted at a government or occupying power. The US Army does offer a tactical-level definition of “disrupt,” but that definition fails when the intended effect is political. Joint Doctrine Note (JDN) 1-19 of 2019, though not an authoritative document, contains a suggested definition for disrupt: “temporarily interrupt the enemy’s activities or the effectiveness of enemy organizations by interdiction, subversion, or coercion.” In this case, JDN 1-19’s use of the word “enemy” (instead of “adversary”) is intentional, as the definition is intended to apply to armed conflict, not activities or competition executed below the threshold of war.

Further, the DoD Dictionary defines subversion as “actions designed to undermine the military, economic, psychological, or political strength or morale of a governing authority.” This definition includes a political effect and helps explain the intent behind Russian OIE for many of the historical examples provided above. Ultimately, Russian OIE was aimed at undermining political strength or morale with the further intent of causing political disruption. Section 1097 of the 2017 National Defense Authorization Act also acknowledges the political element of UW, mandating that DoD develop a strategy “to counter unconventional warfare threats posed by adversarial state and non-state actors.” However, it remains difficult to develop a strategy to counter an activity when doctrinal definitions fail to capture the true intent of an adversary’s activities.

During the Cold War, the United States and the Soviet Union selectively applied force to prevent further escalation, maintaining a constant state of tension below the level of armed conflict. In fact, many place the Cold War and our current great power competition squarely in a segment of the conflict continuum known as the “gray zone.” The gray zone is characterized by “intense political, economic, informational, and military competition more fervent in nature than normal steady-state diplomacy, yet short of conventional war.” But the concept is hardly new. George Kennan identified US Cold War foreign policy as, “political warfare,” which was recently reimagined as “unconventional warfare in the gray zone.” In the gray zone, UW is a shaping effort or a main effort and UW tactics are often used prior to the deployment of conventional forces.

Recommendations

Though disruption as operational intent may sound innocuous, it is not. As a nation, our inability to recognize Russian OIE as a form of UW intended to undermine US democratic institutions and sow civil discord places us at a disadvantage when countering or executing OIE ourselves. During the Cold War, we engaged in a nuclear arms race and the intent was deterrence. The cost of war became too great, and the doctrine of mutually assured destruction prevented escalation. Presently, despite being in an era that occupies the same segment on the conflict continuum as the Cold War, Russian OIE continues undeterred. Russia has strategically developed and deployed capabilities that directly engage populations, and by extension, their representative governments. Russian OIE actively disrupts the flow of information, disrupts democratic processes and institutions, and causes disruption to preexisting social norms.

To prevent Russian OIE, we recommend several steps the United States should take to deter future OIE and to conduct OIE ourselves, if necessary. Like the mutually assured destruction doctrine of the Cold War, the United States must arm itself with weapons designed to counter and deter Russian OIE capabilities. Where the Cold War required man-portable antitank weapons to counter Soviet armored forces’ numerical advantage, the current gray zone competition requires a similar doctrine for the information environment to curb the threat of escalation and keep engagements below the threshold of armed conflict.

DoD should revise professional military education to include UW and foster widespread understanding of UW as a form of warfare marked by persistent engagement and requiring constant attention. The competition continuum, as outlined in JDN 1-19, should be revised by moving “disrupt” as an activity of armed conflict to an activity that also takes place in competition below the threshold of armed conflict. Further, to emphasize the impact of Russian OIE and its disruptive effects on our democracy, the revision of “disrupt” should be issued within authoritative guidance, concurrent with a revision of joint doctrine. Within Army doctrine specifically, a doctrinal adjustment to the definition of “insurgency” is required and should include nonviolent tactics, techniques, and procedures (e.g., organized use of subversion and violence or nonviolence).

New policies are required to emphasize doctrinal changes. Policy should recognize adversarial disruption through OIE as UW (subversion to disrupt), opening the door for the United States to conduct similar offensive operations in response. To maintain flexibility, policy should authorize OIE for disruption by, with, and through witting or unwitting indigenous organizations—offensively or defensively. Finally, to effectively use OIE and better counter its effects on our own population and government, the United States needs to normalize the use of OIE in the gray zone to disrupt our adversaries and dominate the information space in great power competition.

Otto C. Fiala, PhD, JD works for Lukos LLC as a task lead and editor, contracted to the Department of Defense. Immediately prior, he was a resistance and resilience planner at SOCEUR, where he was also the chief editor and an author of the Resistance Operating Concept. He is also a research associate at the National Consortium for the Study of Terrorism and Responses to Terrorism at the University of Maryland and a retired USAR civil affairs colonel.

Jim Worrall is a retired US Army Special Forces lieutenant colonel with thirty years in the US Army, twenty-one of those working in SOF. Since retiring, Jim has spent the last four and a half years working in the EUCOM AOR. He is a graduate of the Chilean War College and holds a master’s degree in international relations from the University of Miami.

The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.

Image credit: J.M. Eddins Jr., US Air Force