Live Fire Cuber Defence Exercise Locked Shields 2018 organised by NATO Cooperative Cyber Defence Centre of Excellence CREDIT Crown Copyright
The international live-fire cyber defence exercise, Locked Shields 2018 (Picture: Crown Copyright).

Comment: The increasing importance of the grey zone in the fight against Russia

Live Fire Cuber Defence Exercise Locked Shields 2018 organised by NATO Cooperative Cyber Defence Centre of Excellence CREDIT Crown Copyright
The international live-fire cyber defence exercise, Locked Shields 2018 (Picture: Crown Copyright).

The phrase 'grey zone' is being used on an increasingly common basis. 

It conjures up images of special forces operators conducting counter-terrorism raids in the darkness, cyber warriors typing frantically on keyboards to deliver a devastating attack and spies carrying out clandestine missions in hostile territory. 

All very exciting and the stuff of movies, novels and computer games, but is it a real threat and if so, why does this matter to the UK and Nato?  

The grey zone is the space between situations where nations are at peace with each other and when they are in outright conflict. 

There is a wide range of activities, missions and work that can be conducted here against different nations ranging from low-level intelligence collection or propaganda work through to sabotage in the run-up to war. 

It is a diverse and poorly defined space, but one that is of increasing importance to be able to both counter hostile acts and, if required, conduct them against other nations too. 

A residential building collapses after being hit by a Russian S-300 missile in Mykolaiv, Ukraine, in October 2022 (Picture: Zuma Press, Alamy Stock Photo).
A residential building collapses after being hit by a Russian S-300 missile in Mykolaiv, Ukraine, in October 2022 (Picture: Zuma Press, Alamy Stock Photo).

Events in, and linked to, the Russian invasion of Ukraine have made this an area of huge importance to Nato members, who now realise that, in deterring Russia, they must be able to straddle both the challenges of conventional deterrence with the ability to tackle the risks posed by grey zone operations. 

Russia has shown itself able to carry out these operations in a variety of ways. 

Effective use, for example, has been made of internet 'troll farms' and social media tools to cast doubt on news stories and shape public opinion. 

Skripal house working beginning 080119 CREDIT BFBS
Investigative work begins in 2018 at the house of former Russian intelligence officer Sergei Skripal after he and his daughter were poisoned with Russian nerve agent Novichok.

Whenever a controversial story emerges that puts blame on Russia – the shooting down of passenger jets like MH17, for example, or the assassination of dissidents overseas – within minutes of the story breaking, thousands of fake social media accounts will be used to try to change public perception. 

By creating doubt and constantly shifting the debate, Russia has shown it can do well in an information war – it doesn't need to 'win' such a war, it just needs there to be enough doubt that hostile narratives about events don't gain traction. 

In addition to these social media tools, the Russians are known to possess large and capable cyber forces that can be used to carry out cyberattacks targeting critical national infrastructure. 

Cyber Security MOD Crown Copyright Defence Imagery duotone
Illustration of someone initiating a cyber-attack (Picture: Crown Copyright).

This can be used in a variety of ways, from causing disruption to a neighbouring government's operations to preparing the ground for an invasion through widespread disruption. 

For example, the Baltic states have reported a range of cyber-attacks in recent years, aimed at disrupting their infrastructure, which seems to have come from Russia. 

In July 2022, for example, Russian hackers targeted Estonia with cyber-attacks in protest at decisions to cancel tourist visas and remove a Second World War-era memorial to Soviet soldiers. 

It's not just the use of Twitter and Facebook though – Russia is also well versed in carrying out more kinetic and sinister operations in this space. 

In recent years, evidence has emerged suggesting that Russian intelligence and special forces personnel have carried out the sabotage of munitions stores in Eastern Europe and carried out hostile reconnaissance of sensitive military sites in Scandinavia. 

In Norway, for example, an individual was arrested in October on suspicion of being a spy. 

Posing as a Brazilian academic, they were allegedly linked to the GRU (Russian military intelligence) as part of their globally-known 'illegals' programme to infiltrate undercover spies around the world. 

British soldier at Skripal house 070918 CREDIT BFBS
British soldiers at Sergei Skripal's house on 7 September 2018.

Even more sinister is the way Russia has conducted assassination attempts across Europe at people that President Putin considers to be a threat. 

For example, in the UK, poison was used to assassinate dissident Alexander Litvinenko and attempt to kill former KGB Officer Sergei Skripal in Salisbury. 

The events led to a serious international crisis in relations with Nato.  

Other ways that Russia has sought to conduct grey zone operations are the way in which their underwater reconnaissance capability, seen in the use of a variety of highly capable submarines and surface ships to track pipelines and telecommunication cables to both tap them for intelligence operations and conduct sabotage. 

The explosion at the Nord Stream pipeline in the Baltic in October 2022 was almost certainly caused by Russian forces carrying out sabotage activity in a way that enabled plausible deniability.  

Image ID 2K7MT3T Baltic Sea Sweden 17 October 2022. Expressen on the site where an explosion occurred and damaged the gas pipeline Nord Stream 1 NOTE images must not be cropped CREDIT TT News Agency Alamy Stock Photo EXP 01122023
Photo shows damage to the gas pipeline Nord Stream 1 in the Baltic Sea. Photo taken on 17 October 2022 (Picture: TT News Agency / Alamy Stock Photo).

The last area where Russia has shown a willingness to work in the grey zone space is through the use of both 'Private Military Contractors' (PMCs) and the so-called 'little green men' (Spetsnaz and other special forces) to conduct military operations. 

For example, in Africa, the Wagner Group, a private company with extensive links to the Putin regime, has deployed thousands of troops across the continent to support a range of countries.

These troops function as mercenaries, providing military support when required to help these countries tackle insurgencies and ensure governments remain in power. 

While not formal armed forces, these mercenaries (often former serving personnel) have good access to training and equipment and represent a proxy tool of Russian government influence. 

The Wagner group was pivotal in enabling the Assad regime to remain in power in Syria and on at least one occasion, US Special Forces operating in Syria engaged in gun battles with Russians from the Wagner Group.

ad Member of the Wagner Group firing a machine gun 190722 CREDIT Wagner PMC
A member of the Wagner Group firing a machine-gun (Picture: Wagner PMC).

The so-called 'little green men' represents the most overt use of Russian troops in the grey zone space, involving the positioning of special forces troops ahead of wider military operations to help conduct recce, sabotage and other missions ahead of conflict and to cause disruption to opposing forces. 

These were seen in Crimea ahead of the Russian invasion in 2014, although they have seemingly had less success in the current conflict in Ukraine.  

Brought together, this represents a considerable range of threats that Nato needs to be ready to counter. 

But, doing so requires a potentially very different approach to investing in equipment and capabilities outside of normal military challenges. 

It also requires a rethink about how Nato deterrence policy works. 

NATO HQ Brussels Credit BFBS 270619
Nato's headquarters in Brussels.

How does an alliance which relies on nuclear weapons as a last resort to deter attack respond to a grey zone operation by Russia which provokes but doesn't result in an act of outright war? 

The answer seems to be that Nato will need to do a combination of things to tackle the challenges of the grey zone and in doing so, make difficult decisions about the balance of investment between conventional military capabilities and unconventional areas. 

The first challenge is to invest in intelligence collection and analysis resources that can track Russian activity and spot indicators of potential operations. 

This is a slow process that may take years to do well. 

Developing the means to break into Russian systems, develop agents in place and grow a good understanding of the potential operations under consideration. 

You also need to have effective intelligence-sharing protocols in place to make sure that Nato nations can forewarn others and put effective plans in place to counter and disrupt this sort of activity. 

Watch: Putin's relationship with the Wagner Group explained

This sort of investment is also difficult to sell to a sceptical public who may not believe until too late, the risk posed by Russian intelligence. 

In the intelligence business, every exposure of an operation that you have disrupted means taking a risk on showing your intelligence capabilities and levels of access. 

The Russians may be able to review what sort of techniques were used, find out how Nato penetrated their systems and take steps to remove it in future, thus making it harder for longer-term intelligence operations to succeed. 

It is a constant balancing act and, at times, Nato may need to decide to permit a Russian operation to succeed in order to protect hard-won access and insight into the Russian system. 

The next thing to be done is wider investment in the cyber and Special Forces area, putting more investment into countering Russian cyber capabilities. 

For example, everything from trolls and low-level 'hacktivists' up to dedicated cyber-attacks by the Russian state. 

Exercise Army Cyber Spartan 5 was an offensive and defensive cyber exercise on a live network with the aim to attract the widest talent December 2021 CREDIT Crown Copyright
Exercise Army Cyber Spartan 5, held in December 2021, was an offensive and defensive UK cyber exercise on a live network with the aim to attract the widest talent (Picture: Crown Copyright).

Grey zone operations are typified by the willingness of the Russians to conduct audacious and blatant cyber-attacks and bank that Western responses will not necessarily be effective. 

The West's cyber capabilities will need to be ramped up to both deter Russia from carrying out high-risk cyber-attacks and provide an ability to, if required, respond in kind. 

For the UK, this will mean a need to invest more in the National Cyber Force – an elite organisation intended to provide robust cyber defence for the UK, drawn from both GCHQ and the Armed Forces. 

Meanwhile, Special Forces (SF) represent an area where Nato can expand troops to tackle the challenges posed by Russian actors more widely. 

For example, one of the classic SF roles is the training and mentoring of other nations' armies or providing advice and assistance to friendly governments. 

This sort of small-scale training team can have a significant effect in raising professional standards and stiffening morale among armies. 

Watch: Ranger Regiment – What it means to be part of an elite infantry regiment.

In locations like Africa, where Russian mercenaries are used through private armies like the Wagner Group, there is an opportunity for the West to provide a counter-offer in the form of access to training and support. 

For the British Army, this may see the deployment of Special Forces teams, about which the UK Government will never comment and of the so-called 'Ranger' battalions which carry out specialist training in countries. 

By deploying these training teams to fragile states, British support, particularly when combined with effective aid and other training, may be instrumental in helping reduce Russian access and power around the world and make it harder for the Russian regime to use private armies as a source of funding and illicit war fighting. 

Another key area for investment is tackling the threat posed by Russian maritime special forces teams. 

The likely sabotage of the Nord Stream pipeline shows that Russia can when the political will exists, carry out spectacular sabotage operations to both disrupt the West and send a message about Russian reach and capability. 

Tackling this requires heavier investment in Anti-Submarine Warfare (ASW) platforms like new ships capable of finding and tracking submarines, additional maritime patrol aircraft to monitor them and developing a better understanding of the maritime underwater environment. 

Watch: The first of the Royal Navy's new frigates, HMS Glasgow, sailed down the River Clyde for the first time in November 2022.

For the UK, this means more ASW frigates like the Type 26, the first of which is HMS Glasgow.

In mid-November, the Royal Navy ordered five more of these ships, meaning a total of eight will be built over the next few years. 

With their state-of-the-art sonars, torpedoes and Merlin helicopters, the Type 26 will work closely with other Nato ships and the RAF P8 maritime patrol aircraft to monitor and track Russian submarine movements and ensure they don't pose a threat to critical sea cables. 

In addition to this commitment, the Royal Navy is also gaining two new 'Multi-Role Ocean Surveillance Ships' (MROS), the first of which will enter service shortly. 

Crewed by the Royal Fleet Auxiliary, these ships will be used to carry out longer-term surveillance of cables, track Russian activity and conduct reconnaissance of the cables to confirm whether the Russians have tampered with them. 

Understanding this will be crucial to ensure the UK and Nato can spot where Russian forces are conducting sabotage or intelligence collection and provide a means of conducting robust counter-surveillance of them.  

Moving away from the physical capabilities needed, the other key thing needed to tackle the threat of Russian grey zone operations is the development of an effective 'playbook' (response options) to tackle this sort of act. 

It is easy to communicate and send a diplomatic response during a crisis, or during wartime to respond militarily. 

But grey zone operations are difficult because they are either covert or designed to be hard to call out. 

This means Nato must work carefully to develop ways to respond that call Russia to account for its actions and inflict sufficient punishment that the Russian state realises there is a cost attached to its actions, which may not be worth paying. 

The business of attribution is key here – gaining evidence of Russian activity and providing beyond reasonable doubt that Russia was behind it is going to be vital. 

Nato will need to work out how to analyse and assess evidence and show the trail of activity that proves Russia was behind something. 

How novichok works animation gfx 040321 CREDIT BFBS.jpg
How does Novichok work?

During the Skripal crisis, where Russian agents smeared the nerve agent Novichok on a door handle in Salisbury, the UK had to work hard with Nato partners to prove the scientific evidence, show the evidence trail from the arrival of the agents through to their departure and then show the Russian States guilt in this matter. 

This is a complex task, requiring working with top secret intelligence material which has to be released, law enforcement officials to look for evidence of a crime and other parts of government to put together a narrative that blames Russia which other states believe. 

Getting attributions right is perhaps the single most important thing Nato must do when tackling Russian activity. 

Image ID W0N2J5 Alexander Petrov and Ruslan Boshirov, suspects in the attempted murder of former Russian spy Sergei Skripal and his daughter Yulia CREDIT UPI Alamy Stock Photo EXP 01122023
Alexander Petrov and Ruslan Boshirov, suspects in the attempted murder of former Russian spy Sergei Skripal and his daughter Yulia (Picture: UPI / Alamy Stock Photo).

Being able to show that Russia is behind these acts helps build a compelling narrative that will, over time, help isolate the country internationally. 

It will create long-term economic damage and make other nations less willing to engage with or work in alliances with Russia. 

By showing their actions in a way that cannot be ignored, Nato can help make the opportunity cost of carrying out these acts too high for Russia to see the value in conducting them. 

The challenge is getting the response right. 

If you do too much in one go – for example, close embassies, reduce trade, expel diplomats who are probably spies and so on – then while this has a short-term effect, it also means the Russians have nothing to lose in future. 

Alternatively, if you respond using cyber means or other niche capabilities, it means burning your access and ability to do something in future, in order to achieve a short-term effect now. 

When is the right time to use the 'box of tricks' and what is the threshold to do so, knowing that if you use it now, it won't be available in the future? 

Getting the balance right between inflicting a painful punishment for their acts, while also leaving enough in reserve to be used in future is the challenge – go too strongly too quickly and Russia will be both wounded and emboldened, knowing that there is literally nothing left to be done against it. 

Meanwhile the wider challenge is getting the balance right for military and wider national security spending. 

Tackling the Russian grey zone threat means investment in very niche and specialist areas of military and intelligence capabilities, but these cannot necessarily be used on the battlefield. 

For Nato, the challenge is striking a balance between investing in cyber and intelligence to stop the near-term grey zone threat, while also ensuring there is enough credible 'heavy military' like tanks, air defence missiles and fighter jets to deter and defend against a conventional Russian attack. 

As budgets become increasingly stretched as a result of economic problems and high inflation, governments will need to make difficult decisions about where to invest and where to take risks on national security capability. 

This may result in hard choices taken like scrapping older equipment or not investing in new vehicles or munitions in order to protect and enhance the response to the grey zone.

Such moves may be unpopular politically and publicly, but they will be vital to ensure that Nato can respond effectively to the threat posed by Russia in the unconventional space.

This article is the latest contribution in our Lima Charlie columnist section.

This is part of a series featuring unattributed contributions from experts and insiders providing opinion, insight and analysis on today's Armed Forces, the wider politics of the military and observations on military life.

Under the pseudonym Lima Charlie, our contributors aim to explore the issues facing the military and their comment remains unattributed to allow our writers to present their analysis candidly and under one editorial voice.

Join Our Newsletter


Hydra: The next-gen drone armed with laser-guided Brimstone missiles

Ukrainian troops impress British Army instructors during leadership course

M1A1 Abrams: All you need to know about Ukraine's latest Western tank