Innovative sabotage campaigns pose elevated security risks for organisations

Written By fra juniper

Key points

  • Russia’s campaign of hybrid sabotage targeting Europe has been enabled by the innovative combination of digital technologies with physical sabotage operations. 

  • This approach leverages the material disruption and greater psychological impact of physical sabotage, with the scale and pace achievable through digital technologies, but at the cost of increased risk of collateral damage.

  • This approach is likely to be adopted by other threat actors, suggesting an elevated risk from sabotage and an increased urgency around developing a sustainable holistic approach to protective security.


Background

A campaign of sabotage operations conducted or directed by the Russian intelligence services has caused disruption and material damage across Europe in 2024, as well as generating less tangible impacts on public opinion. 

The UK’s National Protective Security Authority (NPSA) issued guidance on sabotage risks in July 2024; this was updated twice in August and again in September. We have previously assessed that the pace of these updates indicated the seriousness of the threat picture. 

Since we made that assessment, there has been further evidence of concern among Western governments over the scale of Russian sabotage operations and the manner in which they are being conducted. 

An increasingly risky approach to sabotage

In a rare public statement in September 2024, the heads of CIA and SIS, Bill Burns and Richard Moore, explicitly called out the “reckless campaign of sabotage across Europe being waged by Russian intelligence”. In emphasising the ‘reckless’ nature of the campaign, the two intelligence chiefs point to the risk that poorly conceived or conducted operations may produce unintended consequences.

Similarly, a joint advisory issued by the US, UK, and international allies on 5 September attributed malicious cyber activity to a unit within Russian military intelligence previously associated with physical operations. The advisory focused on GRU Unit 29155, noting that the US and others had previously identified this unit’s involvement in “attempted coups, sabotage and influence operations, and assassination attempts”.

This shift in operational approach is interesting for two reasons. First, this shift underlines the Russian services’ willingness to innovate with existing capabilities to achieve the intended effect; viewing cyber operations as another means of conducting sabotage, rather than as a separate capability, with distinct doctrine, organisation, and practices. 

Second, the willingness to permit relatively unskilled operatives to conduct offensive cyber operations – given the potential risks in terms of unintended effects – is indicative of a very different legal and ethical risk calculus to Western intelligence services. 

Crowd-sourcing sabotage through digital platforms

A September 2024 article in the RUSI Journal examined a key enabler behind Russia’s ability to prosecute this campaign of sabotage. The article explored how Russia has innovatively re-purposed the platforms and systems of the gig economy to organise sabotage operations in Europe. 

Historically, physical sabotage operations were organised and funded through small clandestine networks, in a way that was expensive, risky for the organiser, and hard to scale. Today, through the innovative adaptation of existing crowd-working platforms and apps, Russia – and other states – can now organise sabotage operations at scale and with much reduced operational costs and risks. 

The blurring of cyber-physical boundaries and the ease of reach into other countries for recruitment of assets enabled by technological innovation has enabled sabotage campaigns to be conducted at scale and pace. As one analyst has observed: “digital technology has enabled covert action on a grand scale; what previously required front companies, physical infrastructure and agents carrying tools of sabotage can now be done virtually”. As Russia’s innovation with gig economy sabotage makes clear, it can also be enabled virtually and conducted in the real world.

A parallel can be drawn to the Israeli sabotage operations that used compromised pagers and VHF radios to target the communications, organisation, and morale of the Lebanese group Hizbullah on 17-18 September. International media reporting has illuminated two supply chain operations, involving the implanting of explosives within the devices at the point of manufacture, with delivery arranged through front companies. These operations represented an innovative exploitation of the complexity of the globalised, digitally enabled economy to achieve sabotage at an unprecedented scale. However, achieving that scale required accepting a reduced degree of control over the targeting of the detonations.  

Elevated sabotage risk requires greater focus on protective security

The innovative approach to hybrid sabotage campaigns pioneered by Russia benefits from combining the material and psychological impact of physical sabotage with the reduced risks and scale afforded by digitally-enabled operations. The inherent risk in such campaigns is that their scale and pace, and the lower level of control exercised by the directing state, increases the risk of unanticipated consequences and collateral damage. 

As the authors of the RUSI Journal article observe, other states and non-state actors are likely already experimenting with similarly innovative approaches to conducting digitally enabled sabotage operations at scale and pace. The primary constraints on these experiments will be those actors’ risk tolerance, legal and ethical calculus, and access to enabling socio-technical systems.

With a range of actors seeking to demonstrate capabilities, organisations will face an elevated threat of sabotage and of being co-opted as part of supply chain attacks. The risk of being directly targeted is greatest for organisations working in the defence and aerospace sectors, critical infrastructure, and emerging technology. 

However, a more reckless approach to sabotage at scale points to an elevated risk of collateral impact for organisations regardless of their focus. Similarly, the potential co-option of a company’s products or services to facilitate sabotage operations brings a host of operational, financial, and reputational risks for organisations that historically did not think about a holistic approach to protective security. 

How should entities respond?

  • Organisations will face an elevated threat of hybrid sabotage (physical, cyber, personnel, informational and propaganda).

  • This is particularly true for organisations working in sectors with heightened threat (defence, aerospace, critical infrastructure, and emerging technology), although the potential for collateral and dispersed threats across all sectors should not be underestimated.

  • Concerns around supply-chain security will accelerate, requiring additional scrutiny of suppliers and their security.

  • In a period of increasing economic activity (particularly for investments into advanced technologies), an inevitable acceleration of scrutiny is anticipated.

  • Organisations, researchers, innovators and investors must adopt and enable a sustainable holistic approach to protective security.

SECURED is approved by the NPSA to provide protective security assessments for companies, research institutions, and investors. Our security practitioners help entities secure their intellectual property, build operational and financial resilience, and cultivate a positive organisational security culture. We provide research on the national security implications of emerging technologies as part of our scientific and technical intelligence assessment capability.  

If you have any questions, or to subscribe for further updates on this subject, please contact hello@secured-research.com.

fra juniper
Previous

Higher Education Cyber News Digest
Next

Higher Education Cyber News Digest