Ciberseguridad y guerra híbrida: La ampliación del espectro

Cybersecurity and hybrid warfare: Expanding the spectrum.


26 | 09 | 2023


Digital transformation has brought people, businesses and governments around the world closer together, but it has also created a larger and more diverse attack surface

In the picture

"You've been hacked" [Saksham Choudhary].

Security and defense have always been two of the main concerns for societies and nations throughout history. Their fundamental objectives have remained constant: to safeguard individuals, property and territorial integrity from threats. However, the concept of security and defense has undergone a profound change in recent decades due to the rapid development of new technologies development , ushering in a new era marked by unprecedented complexities and transformations.

This evolution has not only influenced the way in which security challenges are addressed, but has also broadened the scope of what constitutes a risk, leading to the emergence of new domains where international conflicts and tensions can emerge, such as cyberspace. States must now embrace strategies that protect these new domains and secure vital information systems.

The sensitivity of the information that governments manage and its good receipt has always been a critical factor, not only internally but also in the face of the International Office. Looking back, we can highlight more common examples such as the decisive thefts of spies, or some more specific ones such as the Enigma encryption machine, through which Nazi Germany shared strategic information of the war, which, after being deciphered by the Allies, shortened the conflict by two years and saved millions of lives. 

If during the 20th century it was already possible to access to some extent to data classified, globalization and the technological revolution have only provided new means to facilitate the manipulation of these. The digital world has become the biggest threat. According to the Data Breaches and Identity Theft Research Center database, of the nearly 6 billion documents that have been stolen in recent years, 4 billion have come from hacks, or 73%. Not only that, but according to the European Union Parliament, which quotation sources from the ENISA agency, cyber-attacks, technical errors or human failures on network cause up to 340 million euros in annual losses. 

And the truth is that it is not only the classified information of governments -which safeguards their integrity- that is at risk, but also the data of all users who connect to network and share the smallest detail about their lives. Cybercrime is growing and growing exponentially every year: the Spanish government estimates that in 2022 a total of 375,506 cybercrimes were committed, an increase of 352% compared to 2015.

What is cybersecurity?

In order to understand the concerns that have arisen from this new era marked by technology and interconnectivity, it is essential to begin by specifying what is meant by cybersecurity. Cybersecurity refers to a set of elements, measures and equipment designed to protect networks, software applications, critical systems and data from possible digital threats to an entity or virtual space. This relatively new concept emerged in the 1950s, after the first automated computer systems began to connect with each other to form networks.

Towards the end of the 1960s, the Advanced Research Projects Agency research (ARPA) of the U.S. Defense department developed a system that enabled communication between computers over long distances, giving rise to what we know today as cyberspace and laying the foundations instructions for the Internet. Over the following decades, the structure of cyberspace and the cybersecurity market would evolve to a great extent, introducing innovations such as the standardization of the encryption of data, or the appearance of the first cyber risks. However, at that time, its use was mostly restricted to government and corporate environments.

However, it was not until the late 1990s and early years of the new century, with the advent of the Internet era, that cyberspace would cease to be the exclusive domain of technology companies and the military. A digitally connected society would become the new normal, a completely new and undiscovered reality that is still evolving today.

Cyberattack, cybercrime and cyberterrorism

But again, why should we consider cyber defense as an aspect core topic within a country's national security strategy? Little by little, information has become a strategic and tactical weapon, threatening the governance of an organization or that of a nation. It is estimated that since 2007, 99.9% of the information generated in the world is in digital format, or, conversely, that only 0.007% of the planet's information is on paper. It is therefore vital to protect this information stored on network.

Currently, most IT threats come from external attacks, but there are also internal threats that come from information theft or improper use of systems.

There are three main threats to cybersecurity in general: cyberattacks, cybercrime and cyberterrorism.

Cyber-attacks are a form of cyber-attack that has as goal to harm individuals, organizations or companies by attacking the equipment and systems of the network in order to stop their services or steal the information they contain. Some examples are the WannaCry ransomware (a malicious program created by cybercriminals to block access to computers and attack valuable files with the Microsoft Windows operating system), which spread affecting more than 200,000 computers in more than 150 countries and was used by its operators to demand a ransom of 8 billion dollars; or the case that affected JPMorgan Chase, which compromised the information of 7 million small businesses and 76 million bank accounts.

Cybercrime is a computer-related threat that is generally aimed at goal for financial gain, such as online scams, but is also carried out to damage or disrupt the operation of systems.

The term cyberterrorism was established in 1980 by Barry Collin, under the perception of a convergence between the two worlds, the virtual and the physical. Subsequently, Mark M. Pollitt, among other scholars, has added a more precise definition of the phenomenon: "Predetermined, politically motivated attack against information, systems and software and data via the network, as a violent act against non-combatant targets by clandestine organizations or agents".

The Center on Terrorism and Irregular Warfare (CTIW) at the Naval Postgraduate School (NPS) in California states that cyberterrorism is a threat for the future that must be prevented and anticipated. According to programs of study, there is an alliance between terrorists and hackers to cause damage to resources and information sources. However, clarifying this relationship can be a matter of great complexity.

Spain, despite suffering attacks from cyberspace, according to the National Cryptologic Center in its executivereport on Cyberthreats and Trends 2017, does not consider that cyberterrorism currently has a lethal character in the country: "Jihadist terrorism uses the dimension of cyberspace for tasks that do not involve the direct commission of an attack, but rather indoctrination, recruitment and logistics work".

Spain and cyber defense

If we talk about cybercrime in Spain, it could be said that this is only growing while proportionally leave conventional crime, since one out of every five crimes is committed on the network. According to the Ministry of the Interior, in 2022, the State Security Forces and Corps accounted for 375,506 criminal offenses, a figure that has increased by 455.5% in the last six years, and 72% more than in 2019. Of these, almost 90% were computer frauds or scams.

From 2011 to 2021, 1,438,206 Internet crimes were registered in Spain. The most common were scams (33.16%), scams with credit , debit cards and traveler's checks (32.29%) and bank scams (16.7%). In addition, there are threats (7.85%), usurpation of marital status (2.79%) and illegal computer access (1.16%).

But what measures have been taken to manage the field of cybersecurity and prevent the increase in cybercrime? First of all, we highlight the creation of Royal Decree 3/2010, of January 8, which regulates the National Security outline in the field of Electronic Administration, whose purpose is to establish the principles and requirements of a security policy in the use of electronic media that allows the adequate protection of information.

In addition, there are national, European and international laws that address the issue of cybersecurity. Among these are the Organic Law on the Protection of data, the General Telecommunications Law and the Information Society Law and e-commerce. Despite the existence of this regulatory framework , its compliance Degree , in some cases, is worryingly low, which means an increased risk within our cyberspace. For this reason, we have several organizations that help to develop good cybersecurity, which should not only be based on preventing attacks, but also on detecting and correcting them, reducing the risks of exhibition of information.

Among other agencies, the following are noteworthy:

√ Spain's National Cybersecurity high school (INCIBE), which works to strengthen digital trust, raise cybersecurity and resilience, and contribute to the digital marketplace in a way that boosts the safe use of cyberspace in Spain.

√ The National Cryptologic Center (CCN), under the National Intelligence Center (CNI), which acts as the national alert and response center, and which cooperates and financial aid to respond quickly and efficiently to cyber-attacks and to actively address cyber-threats, including coordination at the state public level.

√ The CCN-CERT (Security Incident Response Capability) is the national alert center that cooperates with all public administrations to respond quickly to security incidents in their part of cyberspace and is also the ultimate manager for the security of classified national information.

√ The group of Telematic Crimes of the Civil Guard and the Unit of research of the Information Technology Crime of the National Police, both under the Ministry of the Interior are responsible for combating crime occurring in cyberspace.

√ The Spanish Agency for the Protection of data (AGPD), under the Ministry of Justice, manager to enforce the rules and regulations in subject protection of personal data .

Finally, Spain also has a national cybersecurity strategy divided into five chapters that address issues such as: cyberspace as a global space, threats and challenges, purposes, principles and objectives, lines of action, and the integration of all this into the national security system; and it also has a National Cybersecurity Plan.

Hybrid threat, hybrid conflict and hybrid warfare

As explained by Colonel José Luis Calvo Albero, director of the Coordination Division and programs of study of SEGENPOL, the use of information and disinformation as tools in an armed conflict is as old as war itself. However, we are facing a new scenario in which virtual instruments, considered as additional to physical means, can now become the protagonists of a war strategy.

This has given rise to a concept closely linked to cybersecurity and which has recently generated excitement in the world of defense: the hybrid threat.

Hybrid threats are coordinated and synchronized actions that deliberately attack the systemic vulnerabilities of states and their institutions through a variety of means and in various sectors (political, economic, military, social, informational, infrastructural and legal) using cyberspace as tool. These threats often originate from the intelligence services of threat actors, but can also originate from other actors, and are more complex and multidimensional.

A noteworthy aspect is that, although they all converge in the adjective hybrid, a distinction must be made between these three concepts: hybrid threat, hybrid conflict and hybrid war, since they are not interchangeable. According to Carlos Galán, advisor of the National Cryptologic Center (National Intelligence Center-Ministry of Defense), hybrid conflict is the status in which the parties refrain from the open use of (armed) force and act by combining military intimidation (without a conventional attack) and the exploitation of economic, political, technological and diplomatic vulnerabilities. Hybrid warfare, on the other hand, is status in which one country resorts to the open use of (armed) force against another country or against a non-state actor, in addition to using other means (e.g. economic, political or diplomatic).

But what are their objectives? As mentioned above, these actions, which can manifest themselves in different ways (cyber-attacks, manipulation of information through the Internet and social networks, fake news, economic pressure vectors, among others), aim to manipulate the trust of individuals and confuse them to generate distrust, break the social cohesion of states, political communities or international organizations such as NATO, weaken the management of governments or convince of the decline of a political or business system.

As for the framework of action surrounding this phenomenon, the concept of "gray zone" is used, which for many experts has been denaturalized. Some, such as Josep Baqués, argue that this concept should not be understood so much as a fringe within the war-peace axis or as a set of more or less innovative tactics, but as a subject of peace which, although it is a tense peace presided over by conflict, is a useful mechanism for forcing the status quo. A tool that depends on strict control of escalation and prevents the opponent from acting, since, due to the conventional umbrella under which they occur, the volume of force required to make very limited and non-kinetic movements would be disproportionate to the importance of the goal.

While it is true that the legal regulation of hybrid threats is always a challenge, as one party deliberately tries to evade its legal responsibilities, preventive and reactive measures have been taken to adapt to this phenomenon.

The European Union has created a cell within the European External Action Service called the EU Hybrid Fusion Cell, already considered an important asset, to receive and analyze information in this field through intelligence analysis. In addition, the European Commission has stated its intention to expand the cell with specialized components in subject Chemistry , biological, radiological and nuclear (CBRN), counterintelligence and cyberanalysis.

The European committee also adopted measures such as the EU Integrated Resolve 2022, a joint exercise jointly led by the European Union's committee , the European Commission and the European External Action Service, in which preparedness and capability to effectively manage complex and cross-sectoral crises was put on test . It contributed to improving the ability to respond to a complex crisis with both an internal and external dimension.

NATO is not far behind, having presented its strategy to counter hybrid threats in 2015. Articulated around preparedness (to identify, assess, communicate and attribute any gray zone activity), deterrence (strengthening the resilience of allied societies, adapting the decision-making process and improving force readiness to reduce the impact of these threats and increase allied response options) and defense (increasing allied response capability). These initiatives were ratified and expanded at the Warsaw Summit (2016), where it was specified that a hybrid act could trigger the invocation of article 5 of the Washington Treaty. In addition, while the invasion of Ukraine and the Russian threat to Euro-Atlantic stability dominated the 2022 Madrid Summit, the Strategic Concept C at this meeting also mentioned these threats and how to address them.

As for Spain, theNational Security Strategy 2021 has recently been published at C , which establishes among its objectives "to develop Spain's capacity for prevention, deterrence, detection and response to hybrid strategies, in a context in which conventional threats alternate with the combined use of economic, technological, diplomatic and information vectors, among others, as elements of pressure and destabilization". It also mentions that it is important to invest efforts in strengthening a universal and regional multilateral system capable of responding in a coordinated and effective manner.

Despite all this, according to Guillem Colom Piella, PhD in international security, many consider that these terms only add confusion to strategic analysis, while others argue that hybrid conflict is the result of combining two different types of warfare: irregular warfare (which is conducted in a way that does not follow the traditional rules of warfare) and asymmetric warfare (which involves two unequal opponents in terms of resources and capabilities) and adapting them to today's world.

Others point out that the concepts are inconsistent and that there is no definition fully accepted by the defense community other than the lowest common denominator of the combination of conventional and asymmetric means, procedures and tactics.

Finally, many experts warn that this idea runs the risk of losing its explanatory value, as it has gained popularity in defining any activity carried out by a state or non-state actor without crossing a clear line between peace and war.


Looking ahead, it is undeniable that cybersecurity will continue to be an essential element in national security strategy, not only because of the growth of cybercrime and hybrid threats, but also because of the need to protect information stored in cyberspace, which is growing all the time. This is a crucial challenge for governments and organizations, as each new technological advancement brings with it new opportunities for cybercriminals and malicious actors; digital transformation has brought people, businesses and governments around the world closer together, but it has also created a larger and more diverse attack surface. Although the existing regulatory framework in Spain and at the European and international level addresses these issues, there is a need for improved compliance. This highlights the need for a strong international partnership and the implementation of globally accepted security standards, all in order to ensure the integrity of information systems in an increasingly digitized world.

In addition, the hybrid threat has emerged as a new challenge in the field of security and defense, where virtual tools are used in a coordinated manner to attack the systemic vulnerabilities of states. The legal regulation of these threats is an ongoing challenge, but the European Union and NATO have taken preventive and reactive measures to address this phenomenon.

By investing in cybersecurity and continuing to research and develop innovative solutions, we can be better prepared for a more secure and resilient digital future in the face of this century's novel threats.

* Communication presented at the XXX International Defense Course, "Los motores de cambio de la seguridad y la defensa", Jaca, September 25-29, 2023.



ADÁN, Cristina Muñoz. "How Much Information is Generated and Stored in the World?" Fundación MAPFRE, June 15, 2021.

ARREOLA GARCÍA, Adolfo Arreola. Cybersecurity: Why Is It Important For Everyone? Google Books. Siglo XXI Editores Mexico, 2019.

BAQUÉS, Josep. "The Chinese version of the 'gray zone'." Revista General de Marina, October 2018.

bulletin NATIONAL STATE SECURITY. "BOE-A-2010-1330 Real Decreto 3/2010, de 8 de enero, por el que seregula el outline nacional de seguridad en el ámbito de la Administración electrónica"., 1, 2010.

CALVO ALBERO, José Luis. "De la guerra silenciosa a la guerra híbrida". Spanish Ministry of Defense, April 2023.


---. "mission statement and objectives.", 2018.

CEPEDA, Alicia. "The 10 Largest Cyberattacks Ever Recorded." CENTUM Digital, February 22, 2023.

CHAMORRO, Enrique, and Ángel Sanz Villalba. "Ciberseguridad en España: Una proposal para su management", June 18, 2010.

COLLIN, Barry, "Future of Cyberterrorism: The Physical and Virtual Worlds Converge," Crime and Justice International, March 1997, pp. 15-18.

COLOM, Guillem. "Hybrid wars. When context is everything." University of Granada, June 2018.

---NATO's Strategies in Response to Hybrid Conflicts". CIDOB, 2022.

---. "Validity and limitations of hybrid warfare." Revista Científica General José María Córdova 10, no. 10 (January 1, 2012): 77-90.

committee of the European Union, committee European. "Hybrid Threats: EU Concludes EU Integrated Resolve 2022 Exercise." Consilium Europa, November 18, 2022.

DE ESPONA, Rafael José. "Hybrid warfare and NATO strategic capabilities: contributions from Lithuania, Latvia and Estonia." high school Strategic programs of study Spanish, May 10, 2018. "Spain's Prevention, Deterrence, Detection and Response to Hybrid Strategies in the Gray Zone - EMAD," January 26, 2022. "ENISA," 2016.

FECYT, Real Academia Española de la language. "Enclave of Science, Cyberdefense." Enclave of Science, RAE, FECYT, n.d.

GALÁN, Carlos. "Hybrid Threats: New Tools for Old Aspirations." Real high school Elcano, December 13, 2018.

GOVERNMENT OF SPAIN. "Estrategia Nacional de Ciberseguridad 2019." Portal e-administration, May 3, 2019.

high school NATIONAL Cybersecurity Agency of Spain . "Que es Incibe".

ISACA. "Advancing IT, Audit, Governance, Risk, Privacy & Cybersecurity," n.d.

LÓPEZ, Javier, Gutiérrez Francisco, Sánchez Jiménez, David Herrera, Sánchez Francisco, Martínez Moreno, Marcos Rubio, et al. "report sobre la cibercriminalidad en España," 2021.

NIEVES RAMOS, Gema María . "Herramientas ante estrategias híbridas.", February 2022.

NordVPN. "The Story of Cybersecurity | NordVPN," December 25, 2022.

OXFORD languages. "Oxford Languages and Google - Spanish.", 2022.

PRESIDENCY OF THE GOVERNMENT. "Disposiciones generales presidencia del Gobierno". bulletin Oficial del Estado Real Decreto 1150/2021, de 28 de diciembre, por el que se aprueba la estrategia de Seguridad Nacional 2021, December 31, 2021.

EUROPEAN UNIVERSITY. "What is cybersecurity and what is it for | EU Blog". European University, April 19, 2022.

VILLANUEVA LÓPEZ, Christian. "Is 'Gray Zone' the New Buzzword?", 2019. "The Enigma Machine," n.d.