Best Practices in the Application of the Concept of Resilience: Building Hybrid Warfare and Cybersecurity Capabilities in the Hungarian Defense Forces
In its Global Strategy for foreign and security policy, the EU applies resilience as a comprehensive concept of internal and external security. In parallel, at the 2016 Summit in Warsaw, Allied leaders decided to boost NATO’s resilience to the full spectrum of threats. Each NATO member needs to be resilient to a major shock caused by a natural disaster, failure of critical infrastructure, a hybrid or an armed attack. Hybrid warfare, including cyberattacks, is recognized as a significant security challenge.
The National Security Strategy of Hungary, adopted in 2020, confirms that the primary international framework of Hungary's security and defense policy is NATO and EU membership and highlights the need to enhance the country’s resilience against hybrid attacks. This article provides analysis of the application of the concept of resilience in the Hungarian defense sector and introduces the resilience development of the Hungarian Defence Forces against hybrid threats, including their cyber component, while generating options for the decision-makers regarding the military and information instruments of national power. The author identifies potential hybrid threats against Hungary, a possible cyberattack scenario, and lines of effort to achieve a feasible level of resilience to such threats. He takes account of the political and military environment, as well as wider national issues in view of hybrid threats and main features and dilemmas of cyber warfare, thus aiming to facilitate the application of the concept of resilience in Hungary.
This article provides an overview of maturity levels and assessment methodologies for the evaluation of cybersecurity and resilience in relation to their applicability and usefulness at sectoral and national levels. Reference maturity models and assessment frameworks, such as CERT Resilience Management Model, Cybersecurity Capacity Maturity Model for Nations, C2M2 (Cybersecurity Capability Maturity Model) are compared and analyzed for their applicability in designing and implementing national cybersecurity strategies and programs to achieve cyber resilience. Cyber readiness indexes are also outlined in view of their use to indicate possible improvements. The author explores the development of national cybersecurity strategies with focus on cyber maturity and provides examples. A maturity-based approach for the Bulgarian cyber resilience roadmap is also described within the context of the evolving cyber-empowered hybrid threats and the need for an institutionalized collaborative public-private resilience.
The concept of resilience has roots in many disciplines, making the pursuit of a unified theory very attractive but also very difficult. Yet this has not stopped scholars and politicians from attempting to claim resilience as their flagship concept and build a canon for the 21st century around it. This tendency to reduce or totalize resilience has spawned a host of taxonomies, each seeking to offer the final word on the definitional debate. I argue that this desire to create a unified theory of resilience misapplies the concept, ignores the dynamics of its emergence and the polysemic nature of its use in theory, policy and practice. This malleability makes resilience at once both a very attractive logic for dealing with uncertainty and a dangerous pathway towards embedding untempered algorithmic systems of coercive prediction into the governance of everyday life. In understanding the emergence of the resilience concept, one must appreciate both the positive and negative potential of this flexible and adaptive notion. I close by suggesting that resilience has gained such traction in recent years in no small part because it represents a shift in the onto-politics of our time, but that we must be careful about which type of resilience gets enacted.
Serbia, the largest country of the Western Balkans, faces a historical choice concerning its future political orientation. Although this choice has been on the agenda since the late 1990s, it will remain unresolved for some time to come. The country’s transformation has been moving forward. However, short of integration in western institutions, first of all in the European Union, the process is incomplete and other major players in the international system, first of all Russia but to some extent also China, attempt to influence Belgrade in a direction favorable to their interest. Rational choices in regard to economic integration, trade and investment, and the effects of consolidating democracy should drive Serbia in the direction of the West. However, as demonstrated by some cases, there are factors other than rational choice. Emotional association with Russia, orthodox Christianity, the Russian backing of Serbia in the dispute of the latter with Kosovo, as well as Moscow’s sophisticated influence playing on the West’s step-by-step advancement and hesitation help Russia better establish itself in Serbia. That results in an inconclusive situation that requires attention to avoid the continuation of hesitancy and uncertainty in the long run. China potentially offers an alternative, primarily as a trade partner and investor. However, its interests in Serbia’s future orientation may be different from Moscow’s as its investments may offer higher returns if Belgrade becomes a member of the European Union sooner rather than later.
Deterrence theory has since its inception justified the build-up and maintenance of weapons arsenals assumingly guaranteeing our survival. However, we do not know whether deterrence theory works in practice: major wars may have been avoided for many other reasons than fear of punishment or (other) high costs. Skepticism towards cyber deterrence is used to justify unilateral, punitive, even preventive, pre-emptive, or continuous action against assumed adversaries. Nuclear weapons-centric deterrence, stressing the avoidance of reckless state behavior, could be improved to face the contemporary, technology-infused realities, where zero-tolerance of error or incidents, vital in the nuclear realm, is not realistic. As a result, we have come to accept or denounce cyber operations based on their targets and effects. As a contribution to achieving responsible state behavior in cyberspace, the author suggests utilizing cost calculation, the underlying assumption of deterrence theory, to the fullest: to include the promise of rewards in our policy options.
Cross-domain Coercion as Russia’s Endeavor to Weaken the Eastern Flank of NATO: A Latvian Case Study
Cross-domain coercion is tangible on NATO’s Eastern flank and characterized by the use of derogatory propaganda, fake news, financial assets in the Latvian banking system, Russian-based organized crime, and various military elements. This study on cross-domain coercion, however, concentrates also on the cohesion of the Latvian population, existing gaps within society, and its susceptibility to being exploited by Russia. To acquire data for this study, the author conducted interviews with representatives of the Eastern flank countries and performed an extensive literature review. To determine the root causes of vertical division in the society, the “5 WHYs” method was used. This research has proved that the presence of a Russian minority and the Russian-based organized crime minority can be a good base to create unrest and that Russia is able to influence the internal policy of a country when the Russian economic footprint exceeds 12 % of GDP. The demographics and the cohesion (including vertical and horizontal divisions) of the society are factors determining the resistance of Latvia. The triumph of the populist parties during the October 2018 parliamentary elections reflect the trend that the nation is tired of the corrupt and ineffective government rather than that it is drifting towards Russia. In a broader scope, it is expected that cross-domain coercion will increase and Russia will test the cohesion of NATO.