**5. A final reflection and possible responses**

Throughout the chapter we laid out the profile as well as the current and foreseeable evolution of hybrid operations and hybrid threats (Section 2). We also addressed the issue of weaponization of cyberspace, the use of AI and data science, and the threat patterns of *cyber psychological operations* in the context of hybrid operations (Section 3), and, in Section 4, we introduced the concept of *hybrid agent*, evaluating its overall pattern of activity and threat to countries' defense and security.

Some major points need to be highlighted, when dealing with *hybrid threats*, namely:


These are some major points that were addressed in detail in the previous sections. Now, as part of a final reflection, the question may be raised: *what to do about all this?*

From the work developed throughout the sections, one thing becomes clear: there is an urgent need for the strategic integration in key state and private

*Cyberspace*

With increasing sensorization of organizations, a successful *hybrid operative* can turn the organization's *sensorization* systems into his/her own listening devices. Furthermore, standard HUMINT can be combined with OSINT and SIGINT, where the *hybrid operative* can directly interact with a human target, hacking the target's devices, employing social engineering tactics, and then combining the cyber intrusion with fake social network accounts, managed by a remote team that may follow the target on such places as Facebook, Twitter, Instagram, and so on, further interacting with this human target, using the social media, private chat systems, and even video chat sessions with remote support team operatives, in order to manipulate the target and find the target's weaknesses, gaining the target's confidence and possibly compromising the target or using that target as an (unwitting) source of information.

The trained *hybrid operative* must then be:

• A hacker with strong skills in social engineering

From a CI standpoint this is a major threat on two fronts:

• On the state-sponsored front: the *hybrid operative* is a key nexus for combining synergistically HUMINT, OSINT, SIGINT, Social Network Intelligence (SOCINT), CYBERINT, and *cyops*, taking all this to a new level which can

• On the non-state-sponsored front: a very skillful hacker team or even an individual hacker, with strong social engineering skills, who have physically infiltrated a target and are supported by *bots* that automate the fake content dispersal, can, with very low cost, produce the same effect as a trained state-sponsored team.

The second front is a major problem, since it opens up the way for new *hybrid warfare mercenarism*; just as the Iga and Koka *shinobi no mono* were employed as mercenaries, it also opens up the way for non-state-sponsored hybrid attacks from individuals or groups that have a cause or even just a grudge against a target, individuals, and groups

In this sense, there can be three operational profiles for *hybrid agents* which mir-

• Type 1 hybrid agent: an agent that belongs to a given state's intelligence agency

• Type 2 hybrid agent: an agent not linked to any intelligence agency but highly skilled in hacking and social engineering that is not operating on behalf of any state but is either a lone wolf or operating on behalf of some non-state group

• Type 3 hybrid agent: an agent not linked to any intelligence agency but that

The three types of agents may coexist and constitute a major threat for countries' national security and defense; on the other hand, one may also recognize that, while constituting a threat, any state may take advantage of these three types of agents in its own operations, with particular relevance to types 1 and 3 as well as the

seriously disrupt a country's key public and private organizations.

who are skilled hackers that can perform similar operations as a *hybrid agent*.

ror the three operational profiles for hybrid threats addressed in Section 2:

• An expert in *cyops*

• An expert in *hybrid operations*

and that is operating covertly

performs hybrid operations for hire

**72**

organizations, including the defense and security community, of a concept of *hybrid resilience*, of which *cyber resilience* is just an aspect. In this sense, in what regards CYBERINT [28], its focus needs to address the profile of cyber-threats and *cyop* profiles associated with hybrid strategies, in the sense that tactical dynamics of cyberattacks may obey to the pattern needed for a given hybrid strategy, and it needs to cooperate with HUMINT/CI in order to find countermeasures against *hybrid HUMINT* operatives.

The concept of *hybrid resilience* as the ability to resist and recover from *hybrid campaigns* should be a major component of countries' national defense and security strategies.

Now, secondly, organizations should have training and a *hybrid defense and CI division* or at least subcontract specialized people in this area, covering both *cyber defense* and *cyber resilience* as well as *hybrid defense* and *resilience*.

Faced with the threat of economic, financial, and (geo) political hybrid warfare, any country's major business and financial targets should have specialized training programs and people involved in *hybrid defense strategies* and *hybrid resilience*, including CI-based defense against possible disruption from what may become the new disruptive face of HUMINT: the *hybrid HUMINT*.

It is not enough to secure the technical side of cybersecurity, and one needs to address the social and human aspect of cyber intrusion, in which people's behavior can be turned against them, including the behaviors and vulnerabilities that come from incorrect social network usage.

Campaigns in the standard media against fake contents need to be addressed, as well as large-scale educational programs that should start in schools, educating civil society on the correct usage of cyberspace, on both the positive and negative, on how people can protect themselves against cyberbullying and hybrid campaigns, and on how people should read and reflect on the contents that they read and share.

While these are some of the major changes needed to be implemented for any country's successful *national hybrid defense strategy*, there is a main point of *hybrid resilience* that was already identified in the old Chinese and Japanese classics, in particular in *Tai Kung's Six Secret Teachings* [4] and in the *Bansenshukai* [5]: without good governance there is always a fundamental vulnerability to hybrid strategies.

The three major crisis profiles that were addressed in [29] and recovered in Section 2 come out of bad governance that is unable to face crises that affect its country's people (*resilience problems*), that is totalitarian and oppressive and that enforces its rule by force or has alienated a large part of its people due to rising inequalities and widespread political, business, and financial corruption (*legitimacy problems*), or that is unable to manage its territory (*authority problems*). All these three problems open up any country to *hybrid threats* and reduce a country's *hybrid resilience*.

**75**

**Author details**

Carlos Pedro Gonçalves

*Cyberspace and Artificial Intelligence: The New Face of Cyber-Enhanced Hybrid Threats*

Institute of Social and Political Sciences, University of Lisbon, Lisbon, Portugal

© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

\*Address all correspondence to: cgoncalves@iscsp.ulisboa.pt

provided the original work is properly cited.

*DOI: http://dx.doi.org/10.5772/intechopen.88648*

*Cyberspace and Artificial Intelligence: The New Face of Cyber-Enhanced Hybrid Threats DOI: http://dx.doi.org/10.5772/intechopen.88648*
