I.Introduction - Political analysis of asymmetric conflicts

One major task for political science and analysis is to give order to empirical observations by providing conceptual definitions, theories and models for the purpose of understanding and explanation. Difficulties arise, however, when an attempt is made to develop new concepts in the light of new emerging phenomena. Several academic attempts have been made to describe and explain the existence of irregular and asymmetric warfare (Freudenberg, 2007; Manwaring, 2008; Manwaring 2012). But with events in the Crimea during 2014 and the occurrence of sophisticated attacks in the cyber space (e.g. Estonia 2007), analysts struggle with the challenge to explain the innovation in asymmetric conflicts. The concept of hybrid warfare should solve the problem to explain why a nation state is using asymmetric methods and tactics and why this kind of conflict does not escalate into an interstate war.

Existing research often concentrates on the categorization of conflicts and has not treated the underlying systemic drivers for asymmetric conflicts systematically. This is especially true in the case of hybrid warfare, in which western societies are attacked not with conventional means but with asymmetric methods both by irregular actors like insurgents, guerrillas or terrorist and by nation states. Overall the new kind of asymmetric methods try to exploit the inherent vulnerability of western societies. Inherent vulnerability refers to the systemic interdependency between security provided by nation states and safety demanded by the society. One core assumption of this paper is that in western European nations with a high degree of interdependent social, economic and political processes the necessary connection between security and safety is undermined. This is rooted in the observation that the safety demand of the society is not met by the available security instruments of the nation state. The nation state as security provider does not fit into the requirements of a highly networked, data driven, globalized and specialized society and economy.

In the following it will be argued that in highly developed and networked societies like Western European nations the aspect of safety and security can help to understand and analyse modern forms of non-international armed as well as non-armed conflicts. The aim of this paper is to support the argument above by outlining the challenges of existing definitions of hybrid warfare and in a second step by focusing on the missing part of a systemic perspective to this kind of conflict. It will be argued that hybrid warfare does not implement a new instance of asymmetric conflict or warfare. In contrast, it will be examined whether the perspective of systemic vulnerability can be helpful to understand the existence of hybrid warfare as a part of an innovative development of asymmetric warfare and conflict.

II.Hybrid warfare - definition of a phenomenon without epistemological surplus value

There is a degree of uncertainty around the terminology of hybrid warfare. The concept as it is discussed recently by scholars is by far not as precisely and concisely defined as necessary for a sound analysis of the phenomenon. According to a definition of Hoffman (2007, 8) hybrid threats "[...] incorporate a range of different modes of warfare, including conventional capabilities, irregular tactics and formations, terrorist acts including indiscriminate violence and coercion, and criminal disorder." These operations can be conducted by state and non-state actors alike, creating what Hoffman calls "...multimodal activities [...] operationally and tactically directed and coordinated within the main battlespace to achieve synergistic effects in the physical and psychological dimension of the conflict." (Hoffman, 2007, 8). This definition highlights the variety of actors involved in such kind of conflict and stresses the importance of a comprehensive strategy and leadership. By that Hoffman assumes a coherent planning and decision making process during warfare campaigns and operations. This assumed strategic coherence can be challenged by questioning the coherent intentions and objectives of actors involved in the conflict. The complexity of operations and heterogeneity of participating actors is too big to be organized successfully under one single command. Experiences from the comprehensive approach18 in Western European nations confirm the difficulties to implement a synchronized and complementary strategy both in international missions (Furness, 2016) and in national or European missions. However, Hoffman's definition is too broad to be very specific for analytical purposes and it is therefore necessary to think beyond the categorization of the phenomenon.

Traditionally, there is a clear distinction between peace and war in international law, dating back to the period of the formation of the European states system between the Peace of Westphalia 1648 and the Treaty of Utrecht 1713 (Kleinschmidt 2013, ch.vi), limiting the legitimate exercise of armed force (ius ad bellum) to sovereign international actors. Successively, the actual mode of fighting such wars, and the behavior of the warring parties was subjected to an ever tightening regulatory framework (ius in bello) (Berber, 1969) - until the United Nations Charter in its famous Article 2 No.4 decreed that all "[...] Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state [...]".

Münkler is sceptical about a successful definition of hybrid warfare by specifying the problem with regard to the legal aspects of international law: "What we are currently observing, and what the expression 'hybridization' of war also signifies, is a growing distance between the norm structure of international law and the actual events of violence and war." (Münkler, 2015, para 4) Therefore, neither a distinctive and politically well-defined line between war and peace can be drawn nor a concise definition of actors within the armed conflict (military, civilians or irregular forces) is possible (see figure 1). With respect to the problem of the existing order of international law Münkler continues "[...] the term 'hybrid war' is just a placeholder that stands for the end of the old order, but is not itself able to provide a cornerstone for the development of a new order." (Münkler, 2015, para 8). He concludes that "[...] the concept of hybrid war is nothing more than a semantic brand for the current practice of 'muddling through' in security policy." (Münkler, 2015, para 9)

Both Hoffman and Münkler try to grasp the complexity of the phenomenon by describing its very character and nature. While Hoffman stresses the point of how hybrid warfare is conducted from a leadership and decision-making point of view, Münkler outlines the legal implications for security policy and international relations. Generally, neither Hoffman's definition nor Münkler's statements do support the idea that the concept of hybrid warfare can really provide epistemological value for research and analysis. However, it is valuable to investigate Münkler's notion about international law and to ask analytically if in international law indicators exist that can help in understanding the new conflict form.

One of the most important challenges of hybrid warfare originates from the very nature of international humanitarian law (ICRC, 2008). In contrast to the law of war in public international law the international humanitarian law addresses explicitly non-governmental actors and hence implicitly actors using asymmetric methods (ICRC 2011 and 2015).

As shown in figure 2, for a conflict to be labelled as a non-international armed conflict it is necessary to identify the involved actors and the minimum level of intensity of the conflict as well as the minimum level of organization of non-governmental actors. If nongovernmental forces are supported, organized or even informally manned by another nation state the configurations of the conflict get even more complicated, because the status of such forces are not clarified by the concept. Exactly this was the case with the unidentified forces - the so-called 'little green men' - during the Crimean conflict in February 2014. Obviously organized but due to missing badges not identifiable soldiers, presumably part of the Russian army, entered and occupied terrain on the Crimea and sized military facilities, public administrations and important businesses and companies. Accompanied by information and cyber operations this conflict has shown a new brand of elements not covered by international humanitarian law so far.

Conclusively, it can be said that hybrid warfare does not require a new category or definition in international humanitarian law. Even though hybrid warfare uses an innovative brand of elements and presumably involved actors apply a comprehensive approach in conducting operations, in total the new aspect can be seen in the participation of nation states via an interface, ally or a proxy represented by non-governmental actors.

In conclusion, new and complex definitions of hybrid warfare do not grasp the underlying systemic interdependencies and influences. They therefore disguise the real problem of analysis and research. With respect to international law it can be said that the new forms of hybrid warfare can be understood analytically as a form of asymmetric conflict and warfare enhanced by the active yet covert support of a nation state. This is the essence of hybridization, and in the following hybrid warfare will still be labelled as asymmetric conflict and warfare.

III.Vulnerability - key target for asymmetric operations

To understand the new form of hybridization it is more important to understand why actors apply such elements and which intentions of the actors can be identified. "Hybrid warfare is built on capitalizing on the weaknesses of a country, on flaws in its political system, administration, economy and society" (Rácz, 2015, 92). One of the central arguments of this paper is that in asymmetric conflicts nation states as well as non-governmental actors try to target the weak points of the adversary by asymmetric means. Mostly, such weak vulnerable points are critical assets within a social, political, economic or military system characterized by a high risk. High risk means high costs in a case of possible damage of an asset combined with a rather easy way to attack it. It is therefore crucial to understand vulnerabilities of a system to understand potential targets for actors using asymmetric methods.

One approach to understand the vulnerability of conflict actors is provided by the 'Comprehensive Operations Planning Directive' of the North Atlantic Treaty Organization (NATO). This document is quoted here for two purposes. One is that it reflects the security policy of western European nations and hence supports the empirical view of the phenomenon. On the other side, it is one of those rare sources that clearly define the concept of vulnerability and by that supports the conceptual view.

The doctrine argues for a concept called center of gravity which is defined as "[...] characteristics, capabilities or localities from which a nation, an alliance, a military force or other grouping derives its freedom of action, physical strength or will to fight." (Supreme Headquarters Allied Powers Europe Belgium, 2010, 3-27). The inherent logic of center of gravity is that not only the core strength but also the crucial vulnerability can be found in the capabilities and requirements to implement a successful policy or strategy. Therefore, the main intention of an asymmetrically acting adversary is to exploit exactly those weak points that can endanger easily the overall strategy of a targeted actor. To achieve this outcome, the doctrine outlines a three step process to identify the center of gravity and its vulnerabilities (3-28).

One example could be that the center of gravity for a nation state is the continuity of a political coalition in a system of collective defense like NATO. Another example could be the development of an internet based economy for the purpose of achieving sustainable growth of the national economy in a highly competitive and computer technology driven globalized world. For both examples the identification of weak points in the systems starts with the identification of critical capabilities for the center of gravity. As depicted in figure 4 this could be the policy to unify actors in a coalition like NATO or to support innovation in internet based businesses. The second step investigates the critical requirements necessary for the functioning of capabilities. For the unity of actors in a coalition political decision-making processes that result in a political consensus or at least in a reliable majority are necessary. With regard to the example of an internet based economy the reliability and sustainability of internet services and infrastructure is a necessary precondition for innovation development. Having identified the requirements, one can logically derive the critical vulnerabilities of the system. With respect to the consensus finding of political actors a vulnerable point can be clearly seen in the latent conflicting interests of allies as well as in latent free-riding tendencies. Just as well the technological availability of IT services and infrastructure is a weak point for the internet driven innovations of highly connected businesses.

Overall, a promising strategy in an asymmetric conflict will always target this chain of value for the center of gravity. If this is done systematically and with narrow focus on the weak points it is hard to counter such strategies successfully. With this conceptual model Russian operations on Crimea in 2014 can be understood not only as a direct attack on a nation state but also as a larger strategy to target the unity of NATO. So this can be seen as center of gravity of Russian operations in reaction to the expansion of NATO into Eastern Europe. In the same sense the cyberattack on Estonia 2007 can be understood not only as a direct attack on IT infrastructure of a nation state but also as a strategic proof of a concept to harm innovative internet based economies. In a larger scale this demonstrates the vulnerability of the Western European nations to such attacks.

Whilst the concept of center of gravity provides a better idea about the interdependencies between capabilities and requirements, it still does not explain the underlying causes for the vulnerabilities. From a system perspective it is therefore important to develop a better understanding of vulnerabilities with respect to risk and uncertainty (Gigerenzer, 2014). In the following it will be argued that the notion of safety and security can be helpful to enrich the concept and the analytical endeavour to understand new forms of asymmetric conflicts.

IV.Systemic triad of security - security, safety and certainty

Sociological perspective

Zygmunt Bauman in his book 'In search of politics' (1999b) develops a remarkable argument by making a precise distinction between the linguistic terms 'safety', 'security' and 'certainty'. A triad that is not easily understood by English-speakers, but much better grasped by speakers of German. "In the case of Sicherheit the German language is uncharacteristically frugal; it manages to squeeze into a single term complex phenomena for which English needs at least three terms -security, certainty and safety - to convey." (Bauman, 17, 1999b). The interesting finding here is that Burns, McDermid & Dobson already in 1992 mentioned this very aspect in an article about computer and system engineering. It is an interesting question whether Bauman or Burns, McDermid & Dobson should be named as the first one who in detail clarified the difference between the concepts 'safety' and 'security'. Kaufmann (1973) had already discussed different aspects of security by addressing the interdependency between external threats to a society and individual stability of persons within this society. As German speaking author he was not addressing the conceptual distinction between 'safety' and 'security'19, but he developed a notion about the development of security with respect to the development of modern societies and people's demand for security in these societies.20 Later Daase (2010) worked on the conceptual notions of 'security' and based his analysis also on Kaufmann, therefore Kaufmann has influenced the discussion at a very early stage.

However, for this paper both Bauman and Burns, McDermid & Dobson have the merit to prove the benefits of interdisciplinary research and transfer.21 Based on the perspective of system engineering the concepts can be useful to grasp the nuance of risks and threats to an object, society or actor. A first step in this effort is to create a conceptual model. Such a model can help to differentiate observable phenomena and by that support the categorization of risks and vulnerabilities of modern societies. This will result in better analytical approaches to the impact of asymmetric or hybrid warfare.

As a starting point to develop a conceptual model Bauman's definition of the three different terms are helpful. Later these definitions will be contrasted with definitions of the system engineering domain.

"Security. Whatever has been won and gained will stay in our possession; whatever has been achieved will retain its value as the source of pride or respect; the world is steady and reliable, and so are its standards of propriety, the learned habits to act effectively as well as the learned skills needed to stand up to life's challenges.

Certainty. Knowing the difference between reasonable and silly, trustworthy and treacherous, useful and useless, proper and improper, profitable and harmful, and all the rest of the distinctions which guide our daily choices and help us take decisions we - hopefully - will not regret; and knowing the symptoms, the omens and the warning signs which allow us to guess what to expect and to tell a good move from a bad one.

Safety. Providing one behaves in the right manner, no terminal dangers - no dangers one cannot fight back against - threaten one's body and its extensions, that is one's property, home and neighbourhood, as well as the space in which all such elements of a 'greater self' are inscribed, like one's home ground and its environment." (Bauman, 1999b, 17)

Translated in a more compact definition it can be said that security refers to the protection of vested rights and social achievements; certainty is the skill to use proper indicators to solve the problem of prognosis and forecast in the context of decision-making; safety results in the guarantee of one's own survival and existential functions. A more indepth analysis of the definitions reveals an overlapping between security and safety. Nevertheless, the core idea of the triad is useful to distinguish between different vulnerabilities and the necessary requirements for protection.

Bauman connects these concepts to the individual human being and its decisionmaking process driven by emotions and motivations: "All three ingredients of Sicherheit are conditions of self-confidence and self-reliance on which the ability to think and act rationally depends. The absence or dearth of any of the three ingredients has much the same effect: the dissipation of self-assurance, the loss of trust in one's own ability and the other people's intentions, growing incapacitation, anxiety, cageyness, the tendency to fault-seeking and fault-finding, to scapegoating and aggression." (Bauman, 1999b, 17) By that, Bauman outlines the hypothesis: if Sicherheit is missing then decision-making and problem-solving tends to be more failure prone. At this point cognitive and social psychology steps in and provides a rich set of theories and empirical findings that validates Bauman's hypothesis (Kahneman 2012; Janis 1989; Mintz, deRouen & Karl 2010)

Good conceptual models support the analyst and researcher in their scientific endeavour to produce new insights into a problem, given that the model really helps to differentiate between specific causes and consequences. At this point Baumann issues an epistemological warning: "The effects of weakened security, certainty and safety are remarkably similar, and so the reasons of troublesome experience are seldom self-evident, but notoriously easy to displace. The symptoms being virtually indistinguishable, it is not clear whether the ambient fear derives from the inadequate security, the absence of certainty, or threats to safety; [...]" (Bauman, 1999b, 18). Therefore, a precise delimitation between explanans and explanandum in the model's arguments is needed. The following table shows how this can be accomplished.

If this model is applied to understand the complexity of societies, Bauman points to a challenging state of those societies in the mid-nineties: "All three ingredients of Sicherheit nowadays suffer continuous and intense blows; and the awareness is spreading that - unlike in the case of the uncertainties of yore - the shakiness of life road-signs and the elusiveness of existential orientation-points can no longer be seen as a temporary nuisance likely to be cured if more information is discovered and more effective tools are invented; it becomes increasingly obvious that present-day uncertainties are, in Anthony Giddens's apt expression, manufactured - and so living in uncertainty is revealed as a way of life, the only way there is of the only life available." (Bauman, 1999b, 18) If we look at societies today, we can identify a similar state: fear of uncertainty and insecurity and, with regard to the effects of transnational terrorism, also unsafety.

System engineering perspective

An interdisciplinary approach can help to solve the problem of lacking precision in Bauman's definitions. In engineering safety and security terms are often used to outline different aspects of risks of technical systems and processes.

In contrast to the fact that these terms are used frequently in the engineering domain there is no common and comprehensive definition in a single norm or standard. In different international norms (e.g. ISO 26262 with regard to the automotive industries) one can find singular definitions, but an overall definition is missing.

For the purpose of clarifying matters this paper refers to the primary definition of safety and security outlined in the paper of Burns, McDermid & Dobson (1992). Remarkably, the authors looked for a more generalized definition even though they started with specific examples from computer and software engineering. By focusing on the idea that a fruitful definition should address behaviour of systems rather than specific properties of systems they provide the following definition: "a safety critical system is one whose failure could do us immediate, direct harm; a security critical system is one whose failure could enable, or increase the ability of, others to harm us" (Burns, McDermid & Dobson, 1992, 4). Later in their analysis they specify the concept with regard to critical services and the absolute or relative harm done to resources. If one replaces the term enterprise with the term actor the relation with Bauman's definition is apparent: "a service is judged to be safety-critical in a given context if its behaviour could be sufficient to cause absolute harm to resources for which the [actor] operating the service has responsibility; a service is judged to be securitycritical in a given context if its behaviour could be sufficient to cause relative harm, but never sufficient to cause absolute harm, to resources for which the [actor] operating the service has responsibility." (Burns, McDermid & Dobson, 1992, 11) This set is enhanced with the following definition: "a service is judged to be integrity-critical in a given context if it is in the causal chain of service provision for a safety-critical or security-critical service but whose behaviour is not sufficient to cause relative or absolute harm with respect to resources for which the [actor] operating the service has responsibility." (Burns, McDermid & Dobson, 1992, 12)

As a first result it can be concluded that a differentiated look on security and safety can help to understand the risks resulting absolutely (safety) or relatively (security) from the implemented services (integrity).

Philosophy of security

Frederic Gros (2015) works on the different meanings that the term security has had in western societies and the historical development of the concepts. He argues that by the different definitions of security one can understand the change in philosophical, political and social concepts of security. Until today linkages exits between these developments and the current understanding of security, Gros argues. Starting with Greek philosophers and their concept of security as the tranquillity of spirit or serenity; followed by the Christianity concept, that saw security as the absence of danger; later contractualist philosophers define security as the protection of a state and the guarantee of individual rights. Today the security of resource, labelled as biosecurity, means the protection, monitoring and regulation of massive movements of people, goods and data which characterize modern globalization.

Gros develops an insightful historical pattern of security. He points to the influence of globalization and the importance of continuity and safety in modern societies.

Integrated model

The following table gives an overview of the definitions and shows the connections to the conceptual analysis framework of this paper.

With respect to the concept of a nation state in the sense of the Westphalian ideal and international law, the above provided distinction between security and safety leads to the assumption that with the separation between foreign and domestic affairs modern nation states guarantee the safety and certainty of their societies by mainly providing security against external threats. For the following analysis it is stated that precisely this relationship between safety and security equals to the centre of gravity of nation states.

V.Conclusion

The main hypothesis of this paper states that, the more safety aspects are in focus of asymmetric methods of warfare, the more successfully is the centre of gravity of nation states targeted. This is in the author's opinion exactly the case in the phenomenon called hybrid warfare. What can be seen there is an innovative approach of a nation state together with its asymmetrically acting allies, proxies or interfaces to attack another nation state in its safety domain.

Considering the phenomenon of asymmetric warfare one can see that nation states are faced with challenges that no longer target the classical domain of security. The main focus is not the threat to the existence of a nation state in itself. Therefore, policies that are trying to secure the existence of a nation state per se will fail to tackle most of the asymmetric challenges. Unlike war between nations, the new threats are no longer targeting the physical and political existence of a state with its basic elements of territory, people and power. Increased investment in conventional defence policy and by that in conventional armies will not solve the problem. Especially NATO member states tried to overcome this shortcoming with the implementation of a networked or comprehensive approach of different policy domains (Werner, 2016). In most cases those attempts did not keep their promises, because classical distinctions between foreign and domestic policies on the one hand and civil and military domains on the other hand could not easily be harmonized. The list of reasons for friction is long: whether it was legal restrictions due to constitutional issues or organisational cultural differences between agencies, it showed to be more difficult than expected to adapt security policies to new asymmetric challenges.

Gros (2015) is correct in stating that modern societies rely more on the reliable and sustainable flow of resources for their members (citizens, companies, institution, etc.). This is especially true for highly interconnected and globalized societies with a high degree of interdependent markets and chains of production. Therefore, it is not the security of such a nation state that experiences the biggest vulnerability, it is its safety.

The vulnerability gets even bigger if uncertainty is taken into account. Modern societies are dependent on reliable and sustainable economic growth and development. This in turn needs a business friendly environment and stable democratic majorities. With progress of internet driven economies and acceleration of information flows in societies the disturbance of trust into future developments is having a greater impact on social and political cohesion than some decades before. Such disturbance can have its origin in information manipulation, interruption or delay. Western societies are confronted with a high demand for complex problem-solving capabilities. Due to the increased demand for problem-solving processes in policy making and at the same time shrinking returns of such policies western societies are losing trust in political processes and hence certainty in their development or even existence.

Actors of hybrid warfare as well as transnational terrorism have recognized the vulnerability of modern societies to safety challenges long before. They do not target the security of nation states directly and therefore do not aim at the existence of the targeted nation states in itself. Recently, Rácz (2015) outlined a set of asymmetric methods and strategies which facilitated the success of Russia's operations in the Crimean conflict. Clever asymmetrically acting actors try to hit the safety of a society and by that undermine the legitimacy of a national security policy. It is more effective to threaten e.g. information infrastructure and the public information domain to endanger social safety in a society. Combined with hard power elements which challenge national security, the impression is created that national security policy is not able to cope with security challenges. The inherent logic of safety and certainty make operations easy for asymmetric actors. They do not need to implement spectacular operations frequently. Certainty and safety react very sensitively to abstract threats. So, it is enough to keep the threat on a high abstract level to undermine the legitimacy of national security policies.