The first panel set the scene by examining how adversaries attack today, from hybrid operations to cyber strikes. Experts on Russian modus operandi, alongside voices from industry and government, outlined the facts of current attacks, exposing the tools, tactics and patterns shaping today’s threat landscape.
Panellists: Mrs. Ivana Stradner, Ms. Patti Morrissey, Lt. Gen. Hubert Cottereau, and Mr. Dave Maasland
Key Takeaways:
- Cyber and information operations constitute an active battlespace in a protracted hybrid war
Russia is already conducting continuous, coordinated campaigns across cyber, physical, and cognitive domains, blending state agencies, criminal networks, and proxies. Infrastructure sabotage, influence activities, and advanced cyber strikes are designed to weaken Western societies without triggering open conflict.
- Russian strategy is offensive, integrated, and counter-value, targeting what the West depends on most
The adversary employs a whole-of-government doctrine built on reflexive control, plausible deniability, and attacks on logistics, energy, communications, and societal confidence. The aim is to reshape the global order while staying below formal thresholds. This integrated, multi-domain approach contrasts sharply with the West’s defensive posture.
- Western vulnerability stems from structural asymmetry, fragile infrastructure, and lack of strategic imagination
Western systems rely heavily on digitization and efficiency, which makes their critical infrastructure easier to target with fast, scalable operational-technology and cyber attacks. At the same time, legal constraints, fragmented decision making, and compliance-driven organizational cultures slow Western institutions and prevent them from keeping pace with adversary innovation. The key deficit is not information but imaginative leadership capable of translating knowledge into timely, threat-informed action.
- Hybrid and cognitive warfare is cumulative, not episodic, requiring detection of patterns over time
Adversaries generate effects across multiple domains by interfering in election, manipulating social narratives, probing of defences, and carrying out coordinated acts of sabotage. Defensive exposure alone is insufficient; counter-influence, strategic communication, and willingness to impose dilemmas are essential to disrupt hostile campaigns and regain initiative.
- Resilience requires whole-of-society mobilisation: integrated civil–military action, responsible industry, and digital literacy
Effective deterrence depends on operationalising multi-domain coordination, strengthening public–private cooperation, and protecting key technologies. Private industry must treat cyber resilience as a strategic responsibility, while societies require broad digital literacy to withstand manipulation. Without societal, technical, cognitive, and organizational resilience, both democracy and national security remain at risk.
Summary of the panel discussion:
The session explored how Russia is waging ongoing, largely non-kinetic warfare against the West, especially through cyber operations and cognitive/information campaigns. Speakers argued that many Western political, military, and corporate leaders lack knowledge on the real capabilities of cyber and hybrid tools, leading to underestimation of risk and slow adaptation.
In cyber, Russia has moved from poorly coordinated efforts to highly coordinated campaigns involving state services, cybercrime groups, and “hacktivist” proxies. They increasingly share tools, use expensive zero-day vulnerabilities, and have dramatically reduced preparation time, from months to weeks, for major attacks on operational technology and energy infrastructure. Western critical infrastructure is described as not ready for the scale and speed of such attacks, while societies keep adding sensors and automation built for efficiency rather than resilience.
The discussion framed Russian strategy as full-spectrum, long-duration warfare using orchestrated actions across cyber, physical infrastructure, information, and politics to create a “death by a thousand cuts.” Examples included undersea cable attacks, drone probing of borders, and election interference. The difficulty lies in attribution, measuring cumulative effects, and “connecting the dots” across time and domains. Participants argued that simply exposing hostile activities is insufficient; more offensive influence operations may be needed to put Russia on the defensive cognitively and politically.
Speakers also stressed that private industry and civil society are on the front line. Cyber is not just a technical or private-sector problem but a national security issue. Companies should move beyond superficial corporate social responsibility toward becoming “deeply responsible businesses,” building resilience into strategy, products, and infrastructure, and cooperating closely across sectors. Finally, the panel warned that without serious investment in digital literacy for adults and children alike, societies may harden systems but still fail to protect democracy from manipulation and division.
