Companies Play a Key Role in Hybrid Influencing

Companies Play a Key Role in Hybrid Influencing

Key Takeaways:

  • The business community and its companies are an inseparable part of the society and, therefore, targets of hybrid influencing as well. 
  • The role of the business community has grown over the past decades as companies have increasingly assumed ownership of the services and started running them in sectors such as telecommunications, media and energy.
  • Moreover, the public sector and authorities are increasingly dependent on technologies, resources and services provided by companies in the private sector to support their core functions and fulfill their mission. 
  • While an individual company may not necessarily be the final or even the key target of an operation, it can be instrumental in reaching the final strategic goal, such as gaining long-term access to decision-makers or their networks.
  • Because of this, it is important to build proper corporate security functions in the companies, raise awareness among the owners, leadership and employees, and exchange security-related information between companies and within the supply and value chains.
  • Moreover, cooperation with the authorities provides a platform for the companies to counter hybrid threats. 

A Short Introduction to the Hybrid Threats and Influencing

Hybrid threats and influencing is a wide and continuously evolving concept. The influencing activity can target, for example, political decision-making, activities conducted by the authorities, the business community and its activities or any combination of these. Hybrid activity takes advantage of the vulnerabilities identified in its targets, whether they are individuals, organizations or society as a whole. Fundamentally, hybrid threats and hybrid influencing are usually carried out as state-level power games in which the states use both traditional and atypical instruments of power in a carefully orchestrated manner to reach their goals. They aim to do this without breaching the threshold of detection or, in more severe cases, the threshold of traditional, and often costly, war.

What makes detailed definition of hybrid threats particularly challenging is that hybrid actors behind the influencing activities engage in their actions utilizing the old well-known tactics, but also have access to new tools and methods that have not yet been utilized before, or even thought to be possible to be weaponized in support of a political agenda. These activities include old tricks such as bribing or coercing individuals into co-operation, but also new tools that society-wide digitalization has brought along, such as cyber espionage and attacks, penetration of critical infrastructure, and information operations utilizing social media.

It may often be hard to attribute these activities to a certain country or organization since the activities are often conducted by a proxy operator such as a third state, front organization or shell company, organized crime or an individual operator. At times, political or economic realities may prohibit the targets from re- porting the attacks or attributing them to a certain perpetrator.

The nature of hybrid operations usually falls within the realms of classic diplomacy, information operations, military threats and economic influence. In practice, hybrid influence operations are manifested in gaining political influence, launching disinformation campaigns, stealing and leaking confidential information, con- ducting airspace incursions and other aggressive military maneuvers as well as pressing economic sanctions, fueling corruption and luring others in by politically motivated economic cooperation.

As its name suggests, hybrid influencing combines more than one form of exercising influence in support of achieving the perpetrator’s political goal. This combination of activities does not necessarily happen at the same time in a concurrent fashion. The activities can be sequenced like in the case of electoral meddling: the cyber penetration of the target system is followed by leaking the materials, sometimes even fabricated ones, which are deemed to cause the most damage. Sometimes these activities can occur over a longer period of time, ranging from years to even decades. The activities may be dispersed both geographically and organizationally, which makes it hard for the victims and authorities to connect the dots and identify an ongoing hybrid operation or campaign.

It is noteworthy that hybrid activities are not necessarily destructive or make their targets feel threatened in the short term; sometimes hybrid influencing occurs in the form of preferential treatment or through offering a great deal. Nevertheless, this serves the grander strategic goals of the hybrid actor. Moreover, it may be true that smaller, tight-knit societies like Finland constitute a more difficult target for hybrid influencing due to the tight societal networks and the role of reciprocal trust in them. However, once these are breached, the hybrid actor may gain extensive and comprehensive access to the targets of their influence activities.

The Business Community Plays an Important Role in Hybrid Influencing

The business community and its companies are an inseparable part of the society and, therefore, targets of hybrid influencing as well. The role of the business community has grown over the past decades as companies have increasingly assumed ownership of critical infrastructure and the services, and started running them in sectors such as tele- communications, media and energy. Previously, these were delivered either by local municipalities, regional authorities or the state. Typically, the companies also continue to take care of these critical services and infrastructure both in normal situations and at times of crisis. Moreover, the public sector and authorities are increasingly dependent on technologies, resources and services provided by companies in the private sector to support their core functions and to fulfill their mission.

While an individual company may not necessarily be the final or even the key target of an operation, it can be instrumental in reaching the final strategic goal, such as gaining long-term access to decision-makers or their networks. In an ongoing hybrid operation, one company may be subjected to a cyber-attack, another one to an information operation, a third one to a hostile takeover and a fourth one to a classic break-in. None of the targets have visibility into the whole operation. Since hybrid influencing requires an understanding of the targets’ vulnerabilities to succeed, the operations are typically preceded by information collection efforts over a long period of time. The following collection methods include: infiltration of the target organization; utilizing traditional human intelligence methods; penetrating the target’s information systems by the means of a cyber-attack, or a combination of these and other methods.

The business community in general, and the companies in particular, play an important role in hybrid influencing activity. Because of this, it is important to build proper corporate security functions in the companies, raise awareness among the owners, leadership and employees, and exchange security-related information between companies and within the supply and value chains. Moreover, cooperation with the authorities provides a platform for the companies to counter hybrid threats. Examples of such cooperation include exchanging information with the authorities; participating in training initiatives conducted by the authorities, ensuring preparedness on a national level; and engaging in exercises related to building and testing capabilities for countering hybrid threats locally and nationally.

Some Insights from the Finnish Business Community

Earlier this year Helsinki Region Chamber of Commerce launched an investigation to gain insights on how the business community and its companies here in Finland see and understand hybrid threats; what kind of phenomena are hybrid threats and hybrid influencing; how are companies targeted with hybrid threats and activity, and how are the local companies preparing against such threats. In addition to gaining insights from the members of the business community, the investigation together with the final report it produced served the purpose of increasing the awareness of hybrid threats among the members of the Finnish business community. 

Key takeaways from the report on business community's views on hybrid threats included:

  • Finnish companies reported that they have identified hybrid influencing targeting them, the most common the identified influencing is among the large companies, every fifth of them report being targeted by hybrid influencing of some sorts;
  • companies recognize the linkage between hybrid influencing and national security, and the companies are worried that hybrid influencing will impact our national policies and lead to an erosion of Finnish sovereignty;
  • companies are willing to share information with Finnish authorities, when they identify suspicious activities;
  • and more than 3 out of 4 companies would like to have authorities to prepare material, such as guides, and organize training events to support companies in their preparedness to face hybrid threats.

The results in the report were based on the information collected from more than 700 companies in Finland, which answered the questionnaire sent to them. The investigation and the report are a part of Helsinki Region Chamber of Commerce’s activities that enhance corporate security. Helsinki Region Chamber of Commerce has more than 7,000 member companies representing all business sectors. Chambers of commerce in Finland have more than 20,000 member companies in total.

----------

Acknowledgements:

This article is an edited excerpt from "Business Community and Hybrid Threats 2018" report that was co-authored together with Panu Vesterinen and Chris Fogle. The full report was published by Helsinki Region Chamber of Commerce and it is available at http://view.24mags.com/mobilev/bbc43250c51aa3c0b599cb18066f3c2b. The header picture is an edited part of the original report's front page.

Pasi E.

Hybrid Threats | Disinformation | Cyber Security | Societal Resilience | International Relations

5y
Like
Reply

To view or add a comment, sign in

Insights from the community

Explore topics