Caught between rising antagonism from the autocratic world and the prospect of an increasingly isolationist United States (or at the very least an exceptionally transactional one) this is an awful time to be a European  policymaker. Now should be a time of reflection for the EU and Western democracies in general on how best to increase the resilience of their economies and national security structures. Relying solely on the American security umbrella is clearly no longer feasible. For the member states of the EU this necessitates a rethink of the EU’s internal security framework. 

The EU’s internal security framework, which dates back to the 1990s, is a set of policies and institutional practices designed to keep EU member states safe via cooperation on issues such as terrorism, organised crime, cyber threats and border security. Its key components are the Schengen Agreement and institutions such as Europol, Frontex, and Eurojust, which facilitate the coordination of policing, judicial and border security matters. This cooperation was formally adopted in 2010 via the Internal Security Strategy, which particularly focused on crime and cybersecurity. 

The EU attempts to foster collaboration by balancing national security with the need for Europe-wide cooperation. This, of course, is its key weakness. The EU can identify issues, but it requires consensus to implement new measures to improve its internal security. The issue is not so much that internal security hasn’t been delegated to the EU (it absolutely should remain the preserve of the member states, as this creates a democratic mandate and makes such measures accountable to the European public) but rather that the member states have put little effort towards achieving a consensus in this field. They must now bear the consequences of their own lethargy which has left gaps in the EU’s internal security framework.

This is a disastrous time to have such a vulnerability. Not only has Trump's re-election undermined the EU’s reliance on American security structures, but it is also facing unprecedented strain in the form of hybrid attacks from rogue states. These attacks blend political, economic, and security dimensions. 

Nato’s official definition describes hybrid threats as those attacks which combine “military and non-military, as well as covert and overt means, including disinformation, cyber-attacks, economic pressure, the deployment of irregular armed groups and use of regular forces.” In essence they are a form of asymmetric warfare, and whilst asymmetric warfare itself is not a new concept, it has increasingly become the favoured tool of the world’s autocratic regimes. 

In the modern era, these tactics were largely absent from the public debate on security until they were quite dramatically brought to the public’s attention by Russia’s successful utilisation of them during its 2014 annexation of Crimea. To its credit the EU recognised the threat from these tactics and took steps to address the hybrid defence deficit in its internal security through the establishment of the Joint Communication on Countering Hybrid Threats in April 2016. The idea behind this Joint Communication was to create a coordinated response to these threats at the EU level via mutual assistance and the Lisbon treaty. This was a natural and necessary response to an ever-worsening geopolitical climate, but the job remains half done. 

The Joint Communication led to a variety of recommendations, the most important of which was to create a Hybrid Fusion Cell which could become a part of the European External Action Service’s (EEAS) Intelligence and Situation Centre (INTCEN). Since then, the Hybrid Fusion Cell has become an indispensable part of the bloc’s approach to hybrid threats, particularly because of its important role in information harmonisation. The Hybrid Fusion Cell via its bulletins, connections to other EU institutions and analysis lays the groundwork for a pan-European approach to tackling these threats. Its bulletins – which are distributed to the relevant EU institutions, bodies and of course to the national points of contact – ensure that the key stakeholders get the same up to date information on emerging asymmetric threats. 

Furthermore, the use of national points of contact has the added benefit of creating a liaison through which to facilitate a two-way flow of information. This allows the existing EU Intelligence and Situation Centre structure to receive and analyse classified open-source information on hybrid threats. This may seem mundane and technical, but it has been a huge step forward for the EU, allowing for smoother cooperation between EU member states and aiding EU institutions in establishing counter asymmetric threat protocols. However, besides information harmonisation, much of the EU’s internal security framework remains fragmented.  

In order to resolve this the EU must encourage and foster greater cooperation in the internal security arena. Internal security fragmentation has been a problem for the EU for a really long time. In 2003, Jorg Monar, Valsamis Mitsilegas and Wyn Rees wrote an excellent book, European Union and Internal Security: Guardian of the People?, on precisely this problem. They argued that the involvement of the EU in internal security matters was necessary for the safeguarding of European citizens because of the transnational nature of modern security challenges such as terrorism, cybercrime and organised crime (a modern reader should add hybrid threats to that list). This transnationality, they argue, renders member states ineffective when they try to counter these threats alone because modern threats extend beyond national borders and thus require international cooperation. 

The book suggests a democratic pooling of a limited set of strategic competencies to EU agencies and enhanced cooperation at the state-to-state level could alleviate this issue. Implicitly the solution advocated for by the book is a limited application of the principle of subsidiarity to the internal security sector, that is to say that those competences which cannot be sufficiently achieved at the national level should be transferred to the EU level via the consent of the member states. It was and has proved to be a timely book. Despite this, over 20 years later, the book could be written today and have the majority of its recommendations be the same, so little has changed. 

Asymmetric weapons

This lack of progress has always been undesirable, but it has now become overtly dangerous. Hybrid warfare is increasingly becoming an integral part of Moscow's approach to the West and it’s not hard to see why. Hybrid attacks are useful asymmetric weapons with which to attack the West whilst avoiding all out war. When proxies are taken into account, they also provide an attractive level of plausible deniability. That Russia is choosing to rely on hybrid methods to mould its relationship with the West represents a recognition of the resource disparity that exists between itself and Nato. 

It is not alone, North Korea, Iran and China all use these tactics to various degrees and for different objectives. The EU now lives in a geopolitically precarious planet. A consortium of rogue states is eyeing up Western vulnerabilities for potential targeting. They believe that they can overcome the economic and political inefficiencies of their respective dictatorial models via asymmetric warfare which they hope can be used to reshape the global economy and international politics. The impetus for change in the EU has never been stronger and yet internal security remains weak in the public consciousness, drowned out by the cost of living and energy. This is not sustainable. 

Whether the EU wises up or not, Russia will not stop. It has been in a process of ratcheting up its hybrid attacks on the democratic world since 2014. In many ways the Siloviki never truly changed their antagonistic approach towards the West post-Cold War but rather opted for strategic hibernation. That hibernation is long over. 

The Australian Strategic Policy Institute reports that the Russian intelligence services have been conducting a series of arson attacks in Poland, Germany, Lithuania, Latvia and Czechia throughout 2024. The APSI also reports that Russia has been behind other sabotage attempts such as flying drones over Stockholm airport, jamming  civil aviation GPS systems in the Baltic states and weaponising migration, usually via directing migrants into neighbouring European countries but also reportedly via Libyan proxies. 

Putin is hoping to take advantage of the gaps in the EU’s internal security to sabotage the bloc’s military aid to Ukraine, whilst using migration, cybercrime and disinformation to soak up precious resources that could be expended on other security dimensions. He, alongside other tyrants, has found migration particularly potent in its ability to spur a far-right backlash. These backlashes frequently benefit the Kremlin because of the extreme right’s russophile and isolationist tendencies. With US President Joe Biden recently giving the green light for Ukraine to use long range missiles supplied by the US to strike Russia, it is not at all far-fetched to suggest that Russia will be looking to these methods for retaliation. Only greater EU consensus and cooperation can mitigate this. 

What’s worse, Russia is not the only player in this wretched game. Bashar al Assad may have faded from European headlines, but his regime is currently pumping Captagon, a type of amphetamine, into the European black market via the Mediterranean. To the east, Belarus aids Russia in weaponising migration, whilst Turkey uses it for diplomatic leverage. 

Which leaves the elephant in the room: China. Currently, China’s preoccupation in the EU is with industrial espionage which it hopes can help it close its economic gap with the US and prepare its strategic sectors for greater Western ostracisation. Given the EU’s poor record of thwarting hybrid attacks, it’s likely that a serious Chinese commitment to interference along Russian lines would be seriously deleterious for the EU’s security. 

We should remember that industrial espionage may not be as overtly aggressive as a sabotage campaign or assassination plots, but it is still extremely damaging. Every year the European economy loses €60 billion in stolen trade secrets and intellectual property, with emerging sectors like telecommunications and renewable energy particularly vulnerable. This is a serious challenge for European economic competitivity and should not be taken lightly. In short, hybrid attacks are expensive to deter but cheap to employ. 

Most EU officials and European politicians are aware of this. Indeed, former Finnish President Sauli Niinistö has suggested that the EU needs its own intelligence agency to help member states deal with such threats. The agency would be based of the Five Eyes network which has operated on similar lines for decades tying together the intelligence agencies of the United States, Australia, Canada, New Zealand and the United Kingdom. Niinistö believes that moving to the EU level would service the blocs “strategic and operational needs”. He points to a specific need for an “an anti-sabotage network” to protect infrastructure. 

Unfortunately, the likelihood of this occurring is low, the pooling of security competences is unpopular, and Commission President Ursula Von der Leyen has maintained that “we all know that intelligence gathering is primarily the responsibility of member states”. Von der Leyen and other EU leaders have instead opted for a more diplomatic approach that sees the current status quo upgraded via improvements to “the flow of information, information gathering and intelligence gathering”. Greater information harmonisation is never bad, but it cannot sufficiently rectify the hybrid threat blackhole. 

The time has come for the member states to be bold. European security depends on it. They must come to a new consensus on internal security which involves at least some degree of delegation to the EU level. Should they fail, then things can only get worse. 

Owen Walden-Harris is a freelance journalist specialising in geopolitics, anthropology and European affairs. He has a strong interest in the practical mechanics behind political and institutional decision making having studied EU law, regulation and political theory at the College of Europe.