Digital Battlegrounds: Evolving Hybrid Kinetic Warfare

Hybrid warfare, also known as asymmetric warfare, is a strategy that combines conventional and unconventional tactics to weaken and defeat an adversary through non-traditional means. While traditional warfare involves the use of kinetic (physical) force to destroy the enemy’s assets, hybrid warfare uses both kinetic and non-kinetic methods to achieve its objectives. Non-kinetic tactics in hybrid warfare include cyberattacks on critical infrastructure, information warfare, disruptions to telecommunications, public services, and supply chain attacks.

Cyberattacks on critical infrastructure involve targeting systems essential for the functioning of a nation, such as power grids, transportation networks, and water supply systems. By incapacitating these, adversaries can cause extensive chaos and cripple a nation’s ability to respond to emergencies. Communications, emergency response systems, and telecommunication networks play a central role in the coordination and management of any conflict. They are the lifeline for relaying critical information and instructions, emergency and alert notifications, making real-time decisions, and maintaining command and control structures. A disruption or compromise of these assets could lead to severe consequences, such as misinformation or delayed decision-making.

In the early hours of the recent Israel-Hamas war, an example of coordinated cyber warfare pre-empting conventional engagement took place October 6th, at approximately 7:20pm, when a pro-Iranian hacktivist group, Cyber Av3ngers launched a DDoS attack against the electricity industry Independent System Operator, known by its Hebrew acronym Noga. Later posting a screenshot of the website being unreachable, claiming the compromise was caused by the coordinated DDoS attack facilitated by the group.

The display of hybrid warfare continued the following morning, October 7th at around 7:30am, when Anonymous Sudan, a group of religiously and politically motivated hacktivists from Sudan operating since early 2023, launched DDoS attacks against the Red Color, and AnonGhost hacktivist group spamming of false Red Alert system missile alerts via exposed vulnerable APIs. These alert systems automatically activate the public broadcast warning system when the signature of a rocket launch is detected originating in nearby Israeli communities and military bases, sending alerts to mobile devices, sounding a recorded female voice intoning the Hebrew words for Red Color (“Tzeva Adom“), and broadcast four times.

The loss of alerting and communication systems at the early stages of the conflict had catastrophic consequences and impacted the ability of both civilian and military personnel to respond effectively, achieving the immediate goal of exacerbating panic and confusion among the populace, aggravating chaos, and hindering emergency response efforts.

For instance, if a nation’s telecommunications system has been compromised during the conflict, the restoration of reliable communications could be delayed or even hampered entirely post-conflict. This could constrain the recovery efforts and pose an ongoing risk to the nation’s security, economy, public safety, and health. Worst case scenarios could be lingering malware implanted in critical systems during the conflict that could be activated at any time, causing further damage even after peace has been ostensibly restored.

The compromise of secure communication lines in any conflict can lead to the leak of sensitive operational details, potentially providing adversaries an advantage in a conflict. Nations must protect their telecommunication networks, ensuring robust, secure, and resilient information exchange throughout any crisis or conflict, potentially reducing casualties and losses to civilian populations and infrastructure.

The critical infrastructures most vulnerable to cyberattacks are power grids, water treatment facilities, and transportation systems. For instance, a successful attack on the power grid and water treatment facilities could disrupt the supply of electricity and jeopardize public health by disrupting the supply of clean water, leading to a cascade of failures across other critical sectors that rely on electricity and water for operations. 

Moreover, transportation systems are also at risk of being compromised and hindering emergency response efforts. In the face of hybrid warfare, nations must prioritize securing their critical infrastructures to prevent or mitigate damages caused by non-kinetic attacks. This includes implementing robust cybersecurity measures, conducting regular vulnerability assessments and simulations, and investing in necessary upgrades and redundancies.

Almost 24 hours after the initial Israel-Hamas attacks, Cyber Av3ngers and Anonymous Sudan demonstrated the capability or claimed responsibility for taking down or compromising the Israel Electric Corporation (IEC), impacting components or function of the Iron Dome system, and exfiltration of confidential information from the DORAD Power Plant.

In addition to these exploits, a third group, Killnet, a Russia-aligned hacktivist group, claimed responsibility for the DDoS attack taking down the Government of Israel website and the outage of Discount Bank Israel’s website.

Beyond the critical infrastructure, the banking sector, which operates largely online, can be significantly impacted by cyberattacks. Assault on financial infrastructure can lead to disrupted transactions, inaccessible bank accounts, and a loss of public confidence in the financial system. Ensuing chaos can not only affect individuals and businesses but can also destabilize entire economies. Thus, the protection of these public services is paramount in building a resilient society capable of withstanding hybrid warfare.

In addition to financial sectors and services, the disruption of basic public services could potentially demoralize a civilian population. Healthcare, a central pillar of any society, is heavily dependent on technology and communication networks for the effective delivery of services. If these systems are compromised, it could severely hinder access to timely medical care, creating a public health crisis. Lives can be lost due to delayed treatments and surgeries, and critical health data can be manipulated or stolen, jeopardizing patient privacy and trust.

Intricately linked to the effective functioning of a society, the supply chain represents another critical system that can be exploited in hybrid warfare. While not immediately identified as an element of the Hamas-Israeli conflict, compromising elements of the supply chain, vulnerabilities can be introduced into essential systems. This holds true for sectors as broad-ranging as weapon manufacturing to the delivery of basic goods. For instance, in the context of the defense industry, tampering with the manufacturing process of weaponry can lead to the production of faulty equipment, impairing military readiness and jeopardizing the safety of personnel.

In civilian life, disruption in the supply chain of essential goods can lead to shortages of food, medicine, or fuel, stirring panic among the public, and straining emergency response capabilities. Furthermore, supply chain attacks can also serve as a conduit for cyber threats. By infiltrating the devices and software used in different stages of the supply chain, malicious actors can gain unauthorized access to sensitive information, cause system failures, or plant malware that can be activated at a later date. It is, therefore, critical for nations to secure the integrity of their supply chains, ensuring the continuity of services and the safety of their populations.

In the aftermath of hybrid warfare, it is crucial for nations to undertake a comprehensive review of their critical infrastructure and systems to identify and remedy any remaining vulnerabilities. This process will be essential in mitigating the risk of future disruptions and ensuring the resilience and safety of the affected population in the long term. Even after the cessation of hostilities, systems or infrastructure compromised during hybrid warfare can remain vulnerable, underlining the latent risks associated with this type of conflict. The damage inflicted during a battle may have enduring repercussions, extending the period of disruption and potentially leading to long-term instabilities.

Hybrid Kinetic Warfare represents a significant and evolving threat to national security, economic stability, and societal well-being, with potential impacts not only immediate but also long-lasting. The kinetic and non-kinetic components of this warfare serve to magnify its damaging potential, impacting not just the physical infrastructure but also the very systems and networks that underpin a nation’s functioning.

The post-conflict vulnerabilities and persistent threats underscore the necessity for robust preventative measures and comprehensive recovery strategies. It is crucial for nations to understand and anticipate these risks, secure their supply chains, and bolster their resilience to withstand and recover from such attacks.

A proactive and thorough approach to addressing these challenges can help mitigate future disruptions and safeguard the population. Furthermore, international collaboration and information sharing could play a key role in combating the menace of hybrid warfare, contributing to global peace and security.

Paul Veeneman

With over 28 years of experience across various industries including Transportation, Oil & Gas, Healthcare, Manufacturing and Defense, Paul has been actively working within the United States Critical Infrastructure sectors, agencies, and organizations, addressing challenges, providing guidance, insight, and innovation in Operations Technology (OT), Industrial Control Systems (ICS), IoT, IIoT, SCADA cybersecurity and risk management knowledge, expertise, and education.