NATO Faces Growing Hybrid Threats on Eastern Flank

NATO is confronting unprecedented threats along its eastern borders, as Russia intensifies hybrid warfare operations against Alliance members. The Baltic states and Poland are experiencing persistent cyberattacks, sabotage, and disinformation campaigns, testing NATO’s collective defense capabilities in ways not seen before.

A stark example occurred in May 2024, when a massive fire destroyed more than 1,400 shops in a Warsaw shopping mall. Polish investigators linked the arson to Russian intelligence, prompting authorities to close Russia’s consulate in Kraków in response. Similar incidents have occurred elsewhere, including an arson attack on an IKEA store in Lithuania and suspicious fires in the UK, all with reported connections to Russian operatives.

“These operations exploit loopholes in international law and institutional gaps, aiming to cause unrest without triggering a direct NATO response,” explains a senior Alliance security official who requested anonymity. “The goal is destabilization within our borders.”

NATO’s Strategic Concept, updated in 2022, acknowledges this shifting landscape. While the 2010 version didn’t mention Russia, the current document identifies Moscow as “the most significant and direct threat” to Alliance security. It also recognizes that “malicious hybrid and cyber operations, aggressive rhetoric and disinformation” are being weaponized against member states. For the first time, China was also cited as a security challenge.

This strategic shift has prompted structural changes within NATO. In 2016, the Alliance formally recognized cyberspace as its fifth operational domain alongside land, sea, air, and space. Following the 2021 Cyber Defence Pledge, NATO established plans for collective responses to large-scale cyberattacks and created an Integrated Cyber Defence Centre to enhance capabilities.

Despite these advancements, NATO’s response mechanisms remain heavily dependent on individual member states’ initiative and political will. For example, Counter Hybrid Support Teams established in 2019 are deployed only upon request and have been used just once—in Montenegro.

Among NATO’s most innovative approaches are its Centers of Excellence, particularly the Strategic Communications Centre (StratCom COE) in Riga, Latvia, and the Cooperative Cyber Defence Centre (CCDCOE) in Tallinn, Estonia. These multinational hubs provide specialized research, training, and expertise to Alliance members.

The Tallinn-based CCDCOE, established following Russian cyberattacks against Estonia in 2007, conducts large-scale exercises such as Locked Shields, where teams from 38 countries defend simulated systems during cyberattacks. The center has also produced the Tallinn Manual, which has become a central reference for clarifying legal gray areas in cyber operations.

“While NATO has made progress in recognizing threats and developing strategies, structural weaknesses remain when it comes to implementation,” says Dr. Maria Renshall, a cybersecurity expert at King’s College London. “Responsibilities within NATO are still fragmented, and coordination between different bodies is limited.”

The rise of AI-powered disinformation presents an especially worrying challenge. In 2022, Ukrainian television was hacked to broadcast a deepfake video showing President Zelensky calling for surrender. Experts warn that advances in artificial intelligence will make such fabrications increasingly difficult to detect, while quantum computing breakthroughs could undermine current encryption systems.

Russia’s hybrid warfare strategy combines cyberattacks with disinformation to maximize impact. Prior to the full-scale invasion of Ukraine in 2022, Russian hackers deployed malware that disabled government systems and banks, creating digital chaos as physical forces prepared to move. Similar patterns were observed during the 2008 Georgia war and 2014 Crimea annexation.

The Baltic states and Poland face the most intense Russian hybrid operations due to their geographic location and social-historical factors. Between 2018 and 2020, the “Ghostwriter” campaign revealed systematic attempts to infiltrate Polish and Lithuanian media outlets. Hackers replaced genuine articles with fabricated stories meant to discredit NATO, including fake reports of German soldiers desecrating a Jewish cemetery in Lithuania and fabricated quotes from American commanders mocking the Polish military.

“These sophisticated operations aim to deepen social fault lines and erode trust in NATO,” explains Janis Berzins, a security analyst at the Baltic Defence College. “The goal is to divide allies and weaken collective resolve.”

The war in Ukraine has provided NATO with valuable lessons in countering hybrid threats. Ukraine has demonstrated remarkable digital resilience, partly due to years of NATO and EU support in cyber defense. The Tallinn Mechanism, launched in late 2023, has raised over €200 million and trained hundreds of Ukrainian cyber specialists.

Despite progress, NATO still faces challenges in responding effectively to hybrid warfare. Decision-making among 30 members requires consensus, which slows response times. The Alliance also has limited authority in areas like internal security and civilian information spheres, creating vulnerabilities that adversaries can exploit.

Security experts recommend that NATO establish clearer red lines with concrete consequences for hybrid attacks. This could include coordinated sanctions, intelligence-sharing protocols, and potentially limited offensive measures against infrastructure responsible for repeated cyberattacks.

“NATO must build a full-spectrum defense strategy for the digital frontline,” says former NATO Assistant Secretary General Antonio Missiroli. “This isn’t just about protecting networks and military systems, but also safeguarding the psychology of societies and the integrity of democratic institutions.”

As digital and hybrid threats continue to evolve, NATO’s ability to adapt and respond effectively will determine its success in protecting member states. The Alliance that was built to counter conventional military threats must now defend against warfare that targets both borders and minds—a test that will define transatlantic security in the digital age.