PROTECTING EUROPE - CHAILLOT PAPER / 151 - MepoForum.sk
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
PROTECTING
EUROPE
The EU’s response
to hybrid threats
By
Daniel Fiott and Roderick Parkes
CHAILLOT PAPER /
April 2019
151European Union Institute for Security Studies (EUISS)
100, avenue de Suffren
75015 Paris
http://www.iss.europa.eu
Director: Gustav Lindstrom
© EU Institute for Security Studies, 2019.
Reproduction is authorised, provided the source is acknowledged, save where otherwise stated.
The views expressed in this publication are solely those of the authors and do not
necessarily reflect the views of the EUISS or of the European Union.
print ISBN 978-92-9198-833-4 online ISBN 978-92-9198-832-7
CATALOGUE NUMBER QN-AA-19-002-EN-C CATALOGUE NUMBER QN-AA-19-002-EN-N
ISSN 1017-7566 ISSN 1683-4917
DOI 10.2815/679971 DOI 10.2815/712409
Published by the EU Institute for Security Studies and printed in Belgium by Bietlot.
Luxembourg: Publications Office of the European Union, 2019.
Cover image credit: Todd Diemer/unsplashPROTECTING
EUROPE
The EU’s response
to hybrid threats
By
Daniel Fiott and Roderick Parkes
CHAILLOT PAPER /
April 2019
151The authors Daniel Fiott is Security and Defence Editor at the EUISS where he works on European defence, CSDP, the EDTIB, defence industries, defence innovation and hybrid threats. He holds a PhD in Political Science from the Free University of Brussels. Roderick Parkes is a Senior Analyst at the EUISS where he works on issues relating to interna- tional home affairs cooperation – migration, crime and terrorism. He holds a PhD from the University of Bonn.
1
CONTENTS
Executive Summary 2 Conclusion 42
Introduction 4 Glossary 44
Beyond semantics 6
The purpose of this study 8
Abbreviations 47
CHAPTER 1
Flows and borders 11
The threat to the EU’s borders 11
Policy response: addressing
four border weaknesses 16
Lessons: the EU as its own worst enemy 21
CHAPTER 2
Nuts and bolts 23
Disentangling critical infrastructure networks 23
The EU and critical infrastructure protection:
the story so far 27
Ensuring that resilience becomes the norm 32
CHAPTER 3
Hearts and minds 34
Demystifying disinformation 35
Deflecting and refuting disinformation the EU way 38
Towards a more media-literate and
resilient society? 402 Protecting Europe | The EU’s response to hybrid threats
EXECUTIVE SUMMARY
The EU takes hybrid threats seriously and has of a new mindset among policymakers and cit-
designed an array of policies to counter them. izens. A solid response is one that can draw on
Its main focus is the ongoing crises beyond its intelligence, financial and human resources but
borders, throughout its eastern and southern above all good political judgment.
neighbourhoods. In Ukraine and elsewhere, the
EU is trying to counter hostile Russian actions. Measured against this yardstick, the EU’s re-
But its countermeasures are focused inwards sponse has clearly come some way, not least
too as its own member states come under at- when it comes to mobilising financial and hu-
tack. These measures are helping more gen- man resources. However, some familiar stick-
erally to ‘future-proof’ the EU itself, to shore ing points remain. Information-sharing and
up its own internal structures and networks intelligence exchange between member states
in the face of a rapidly shifting international and across EU institutions are still a work in
landscape. They are helping Europe respond to progress. Risk assessments are often based on
powers such as China and the use of new tech- the lowest common denominator (that is, a
nologies such as 5G. minimal level of information exchange). Proper
response networks are still hampered by a lack
These countermeasures now cover everything of trust. And the EU has yet to properly tap the
from the European digital economy to its cy- private sector – let alone to enhance public me-
ber, maritime, space and energy domains. dia literacy. But perhaps the biggest problem is
But they play a particularly important role in also the oldest: the EU institutions find it diffi-
three sectors, namely the security of EU bor- cult to overcome compartmentalised silo men-
ders, its critical infrastructure and the infor- talities when they devise their strategies and
mation environment. These three fields con- responses to hybrid threats.
stitute quite literally the nuts and bolts of the
European Union. Protecting them means de- This disjointedness is a serious weakness.
fending the very cornerstones of the EU – the Adversaries deploy conventional and uncon-
three fields are vital to the continued integra- ventional tactics as part of an overall strategy to
tion of the European economy and to the health destabilise the EU. No single aspect of the threat
of the democratic institutions underpinning facing Europe exists in isolation from others. A
it. Predictably, they are the subject of our in- disturbance to the EU’s critical infrastructure,
depth case studies. say, may well appear to be an isolated event.
The real challenge for the EU is to join the dots
The case-studies show that the EU must build between seemingly staccato events and identi-
up its defences, in particular vis-à-vis un- fy a combined hybrid campaign. And it is here,
conventional threats. The response to hybrid in this murky field of sleuthing and attribution
threats will never yield to a specific timeframe, that the EU will require the key mix - timely and
meaning that efforts to build resilience will be credible intelligence coupled with good politi-
an ongoing feature of EU external and internal cal judgment. It goes without saying, therefore,
action. The EU has to identify and remedy cur- that it would be a mistake to read any of the
rent vulnerabilities. But it must be constantly chapters in this Chaillot Paper in isolation from
on the watch for new vulnerabilities created the others - or indeed in isolation from further
by actors eyeing a more extensive hybrid cam- areas such as cyber defence.
paign. Moreover, apart from the usual slew of
policy mechanisms and strategy papers, a truly The EU’s own sprawling and hybrid nature
effective EU response demands nothing short makes it an indispensable actor for counteringExecutive Summary 3 hybrid threats. NATO has grudgingly come to respect the EU as an essential partner in this field and, if the EU can only bring together its capabilities, it could give heft to those current buzz terms – transatlantic security and stra- tegic autonomy. Yet, the Union’s hybrid char- acter also leaves it uniquely vulnerable. Hybrid threats demand a cautious balancing act be- tween fundamental rights and security, an open market and a secure economy. And they demand speed and decisiveness. Timing and early response are key, and it is incumbent on the EU institutions and member states to move rapidly. For the EU that means learning to put its money where its mouth is, and calling out a hybrid attack as a hybrid attack.
4 Protecting Europe | The EU’s response to hybrid threats
INTRODUCTION
The notion of unconventional threats that fall It is true that NATO differs from other organi-
under the threshold of military force – a con- sations in its definition of ‘hybrid threats’. For
cept which last appeared during the Cold War example, the European Union understands hy-
– has lately made a comeback, albeit under the brid campaigns to be ‘multidimensional, com-
title ‘hybrid threats’. The use of the term ‘hy- bining coercive and subversive measures, using
brid threats’ has been accompanied by some both conventional and unconventional tools
doubts about whether it actually means any- and tactics (diplomatic, military, economic,
thing. There are two main reservations about and technological) to destabilise the adversary.
using the label, and it is worth getting these out They are designed to be difficult to detect or at-
of the way quickly. tribute, and can be used by both state and non-
state actors’.4 NATO defines hybrid threats as
First, in trying to characterise the non-conven- ‘those posed by adversaries, with the ability
tional aspects of modern warfare it is argued to simultaneously employ conventional and
that the concept fails to provide a theory that is non-conventional means adaptively in pursuit
both comprehensive and operational, and those of their objectives’.5 And yet, the different se-
are precisely the qualities which strategists and mantic choices of both organisations cannot
policymakers demand from their theories.1 A disguise their basic commonalities. Both speak
whole host of other labels purport to describe of state and non-state actors, for instance,
hybrid-like challenges more accurately: ‘irreg- even if NATO classifies them robustly as ‘ad-
ular warfare’, ‘non-linear combat’, ‘compound versaries’. These differences of nuance come
warfare’, the ‘grey zone’. By contrast the con- down to understandable differences of method
cept of hybrid threats is politically subjective, and mandate.
and no single definition can ever be agreed
that describes the tactics of such different ac- In fact problems arise only when organisa-
tors as Russia and Daesh.2 The proliferation of tions try to make their definition definitive.
corrective labels has only added to confusion Inevitably each differs over issues of attribu-
and contestation over the very idea of hybrid tion, vulnerabilities, capabilities and inten-
threats. Some argue that organisations like tions.6 One definition may emphasise the com-
NATO should thus drop the term ‘hybrid’ al- bination of conventional and non-conventional
together and instead focus on how a range of means, whereas the other looks at the societal
threats connect together to produce a politi- dimension. Thus the Multinational Capability
cal effect.3 Development Campaign (the ‘synchronised use
of multiple instruments of power tailored to
1 Élie Tenenbaum, “Hybrid Warfare in the Strategic Spectrum: An Historical Assessment” in NATO’s Response to Hybrid Threats, ed.
Guillaume Lasconjarias and Jeffrey A. Larsen (Rome: NATO Defence College, 2015), pp. 111-12.
2 Ofer Fridman, Russian “Hybrid Warfare”: Resurgence and Politicisation (London: Hurst Publishers, 2018).
3 Damien Van Puyvelde, “Hybrid War: Does it Even Exist?”, NATO Review, 2015, https://www.nato.int/DOCU/review/2015/Also-
in-2015/hybrid-modern-future-warfare-russia-ukraine/EN/index.htm.
4 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Communication on
Increasing Resilience and Bolstering Capabilities to Address Hybrid Threats”, JOIN(2018) 16 final, Brussels, June 13, 2018, p. 1.
5 Michael Miklaucic, “NATO Countering the Hybrid Threat”, NATO Allied Command Transformation, September 23, 2011, https://
www.act.nato.int/nato-countering-the-hybrid-threat.
6 Frank G. Hoffman, “Hybrid Threats: Reconceptualising the Evolving Character of Modern Conflict”, Strategic Forum, no. 240
(April 2009), p. 5.Introduction 5
specific vulnerabilities across the full spectrum the ‘Gerasimov Doctrine’, which has taken on
of societal functions to achieve synergistic ef- an almost mythological (if overblown)12 quality
fects’)7 rivals the European Centre of Excellence in recent years. It has been some time since a
for Countering Hybrid Threats (a ‘coordinated military doctrine and tactician have made news
and synchronised action that deliberately tar- in outlets such as the Financial Times.13
gets democratic states’ and institutions’ sys-
temic vulnerabilities through a wide range of Yet, today’s hybrid threats really are different
means […], activities [that] exploit the thresh- from those of the past, rendered far more dead-
olds of detection and attribution as well as the ly not least due to an array of evolving technol-
border between war and peace […] and the aim ogies. Whole new vistas have been unleashed by
is to influence different forms of decision mak- autonomous systems and artificial intelligence.
ing’).8 Despite their best efforts to be rigorous, Take unmanned aerial vehicles (UAVs) these
such definitions are most useful precisely be- are increasingly seen as cheap yet sophisticated
cause they allow us to pick and mix. systems for reconnaissance, critical infrastruc-
ture disruption; and, in the worse cases, they
Second, a fixation on hybrid threats and can be weaponised too.14 Or take the cyber do-
non-conventional forms of warfare can be main.15 The internet and online networks allow
an expedient way of ignoring convention- state and non-state actors to unleash their ag-
al military threats. As one astute analyst ob- gression in new ways. They can be used to hack
serves, while the label ‘hybrid’ has been use- critical infrastructure and democratic pro-
ful in stoking policy interest in security issues cesses, launch persuasive disinformation and
it only illuminates ‘a specific part of what is a propaganda campaigns, steal information and
much larger evolving puzzle’.9 The fact that unload sensitive data into the public domain. In
Russia bristles with conventional land and nu- the worse cases, cyber allows an adversary to
clear forces should not be overlooked. Worse: take control of assets such as military systems
the term ‘hybrid ’is considered a conceptual (e.g. unmanned aerial vehicles) and command
honey trap which attracts attention by dress- structures.
ing up a very old phenomenon as something
fresh and new. Commentators are quick to In sum, any historically-informed understand-
point out that there is nothing new about hy- ing of this particular field of warfare will begin
brid threats.10 Historians have shown that hy- with the observation that a ‘hybrid threat’ is
brid tactics were used by the likes of Saddam not just a lumpen mess of non-convention-
Hussein, Ho Chi Minh, Hizbullah and even the al threats. It is not enough to group together
Duke of Wellington.11 Nevertheless, Russia’s terrorism, civil disobedience, cyberattacks,
hybrid strategy has experienced new life under criminal activities, disinformation campaigns,
7 Patrick J. Cullen and Erik Reichborn-Kjennerud, “MCDC Countering Hybrid Warfare Project: Understanding Hybrid Warfare”,
Multinational Capability Development Campaign/NATO Allied Command Transformation, January 2017, p. 3.
8 “Hybrid Threats”, The European Centre of Excellence for Countering Hybrid Threats, January 14, 2018, https://www.hybridcoe.fi/
hybrid-threats/.
9 Andrew Monaghan, “The ‘War’ in Russia’s ‘Hybrid Warfare’”, Parameters, vol. 45, no. 4 (Winter 2015-2016), pp. 65-74.
10 Guillaume Lasconjarias and Jeffrey A. Larsen, “Introduction: A New Way of Warfare” in NATO’s Response to Hybrid Threats, ed.
Guillaume Lasconjarias and Jeffrey A. Larsen (Rome: NATO Defence College, 2015), pp. 1-14.
11 Robert Wilkie, “Hybrid Warfare: Something Old, Not Something New”, Air and Space Power Journal, vol. 23, no. 4 (2009), p. 15.
12 For a corrective of the use of the term ‘Gerasimov Doctrine’ see Mark Galeotti, “The Mythical ‘Gerasimov Doctrine’ and the
Language of Threat”, Critical Studies on Security, (early view) doi:10.1080/21624887.2018.1441623, https://www.tandfonline.com/
doi/abs/10.1080/21624887.2018.1441623?journalCode=rcss20.
13 Henry Foy, “Valery Gerasimov, the General with a Doctrine for Russia”, Financial Times, September 15, 2017, https://www.ft.com/
content/7e14a438-989b-11e7-a652-cde3f882dd7b.
14 “Drones and Countering them in a Hybrid Environment: A Case for EU-wide Regulation on Unmanned Aerial Systems”, Summary
Report, European Centre of Excellence for Countering Hybrid Threats, 2018, https://www.hybridcoe.fi/.
15 Jonathan Zittrain, “‘Netwar’: The Unwelcome Militarisation of the Internet has Arrived”, Bulletin of the Atomic Scientists, vol. 73,
no. 5 (2017), pp. 300-04.6 Protecting Europe | The EU’s response to hybrid threats
election meddling, proxy conflicts, fighters Europe’s democratic institutions and processes
without insignia, and call this a hybrid cam- (e.g. Cambridge Analytica).
paign. And yet there is no harm in taking a broad
lens to the question of how such challenges The re-emergence of hybrid tactics and the
converge and whether they are being used to growth of new technologies have at least had
escalate instability. As one expert points out, the effect of bringing the EU and NATO clos-
while there exists a temptation to ‘compart- er together – surely one of the main bene-
mentalise the various modes of war into con- fits. The EU and NATO have signed two Joint
venient categories, future adversaries will not Declarations (2016 and 2018) designed to en-
gaze through our analytical prism.’16 The task hance their cooperation on a range of securi-
is to understand what the particular use of hy- ty issues such as maritime security, cyber and
brid tactics in a given instance reveals about the hybrid threats. Until even quite recently, a ‘grey
way an adversary thinks and acts, even if it does area’ existed between the pair when it came to
not appear to have a clearly defined strategy.17 hybrid threats, and neither organisation could
credibly take the lead on the problem. NATO
has a mandate for conventional deterrence; the
EU deals with crisis management beyond its
BEYOND SEMANTICS
borders and stewardship of the Single Market.
Those Joint Declarations, therefore, are found-
ed on the premise that by combining the efforts
The reality is that the EU has developed a work- and skills of each organisation, that grey area
ing definition of hybrid threats and it sees them can be rendered a little more black and white
as a critical issue to be addressed by policy- – perhaps even closing a gap that might oth-
makers working on the Common Foreign and erwise be exploited by adversaries through the
Security Policy (CFSP), the Common Security use of hybrid tactics.
and Defence Policy (CSDP), the Area of Freedom,
Security and Justice (AFSJ) and the Security More specifically, the EU has developed a range
Union. The EU has been spurred into action by of policy initiatives that are designed to help the
the aggressive behaviour of Russia and its sei- Union and its member states respond to hybrid
zure of Crimea, in 2014. This led to fears that threats and improve its own resilience. In 2013
Russia may use the same tactics against other the EU released a cybersecurity strategy and in
former Soviet states and Warsaw Pact mem- 2016 a Directive on the security of network and
bers. Additionally, the actions of Daesh in the information systems across the EU was adopt-
southern neighbourhood have led the EU to fo- ed – this Directive (EU 2016/1148 or the ‘NIS
cus on the ways that social media and networks Directive’) was to be fully transposed by all EU
can be used to radicalise Europeans and direct member states by 9 May 2018. In addition to
terrorist operations on the European mainland. the cyber-relevant conclusions of the European
Finally, cyberattacks emanating from places Agenda on Security in 2015, the EU present-
such as China or Iran and subversive operations ed a Joint Communication entitled ‘Resilience,
by commercial entities have not only disrupted Deterrence and Defence: Building Strong Cyber
critical infrastructure in Europe (e.g. Wannacry Security for the EU’18, which included initia-
and NotPetya), but have weakened trust in tives such as a strengthening of the EU Agency
for Network and Information Security (ENISA)
16 Hoffmann, “Hybrid Threats: Reconceptualising the Evolving Character of Modern Conflict”, p. 8.
17 Lawrence Freedman, “Ukraine and the Art of Limited War”, Survival: Global Politics and Strategy, vol. 56, no. 6 (2014), pp. 7-38.
18 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Communication on
Resilience, Deterrence and Defence: Building Strong Cybersecurity for the EU”, JOIN(2017) 450 final, Brussels, September 13, 2017,
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=JOIN:2017:450:FIN&rid=3.Introduction 7
and a blueprint for a coordinated response to plan to tackle chemical, biological, radiologi-
large-scale cybersecurity incidents and crises cal and nuclear risks,24 but a range of exercises
in the EU.19 The EU’s efforts are not confined to were organised too. On 28 September 2017, the
cybersecurity, however. EU launched a parallel and coordinated exercise
(PACE17) on a fictitious scenario in order to test
In 2015 the EU established an ‘East StratCom the EU’s situational awareness, reaction time,
Task Force’ to combat disinformation directed communications channels – and to learn some
against Europe by the Russian government and lessons. From 5-23 November 2018, an ‘EU
media sources.20 Task forces on strategic com- Hybrid Exercise 2018’ was organised. It should
munication were later established for the South also be noted that in 2016 the European Defence
and the Western Balkans. On 6 April 2016, the Agency (EDA) had organised a table-top exer-
EU outlined a joint framework on countering cise on a fictitious hybrid crisis situation. All
hybrid threats, which, among other things, of the measures taken by the EU since 2015
established the ‘Hybrid Fusion Cell’ a hub for were summed up in a joint communication on
analysing potential hybrid threats in the EU’s increasing resilience and countering hybrid
intelligence and situation centre (INTCEN).21 threats and further action points were tabled.25
An ‘EU Hybrid Playbook’ laid the first steps And, finally, last December the EU published its
towards a system of coordination at the EU approach to tackling disinformation.26
and national levels in case of a hybrid attack.22
In June 2016, the High Representative of the This is not an unalloyed story of progress.
Union for Foreign and Security Policy and Vice- Alongside the proliferation of EU measures
President of the European Commission (HR/ (see Figure 1 on page 9) there is a proliferation
VP) released the EU Global Strategy. Its mantra of national approaches. There is a strong case
was the ‘protection of Europe’ - through crisis for greater coherence between national strat-
management, border protection and efforts to egies, not least in order to identify best prac-
counter extremism, cyberattacks and disinfor- tices – there is much to learn from certain EU
mation along the ‘nexus’ between internal and member states. Beyond the strategies, how far
external security. has the EU come in preventing and respond-
ing to hybrid threats, as opposed to just writ-
It spurred the EU to take stock of its joint frame- ing about the issue? Given that hybrid threats
work for countering hybrid threats23 and en- represent a combination of different threats
hancing practical responses to hybrid threats. and tactics, what are the most effective meth-
In 2017 the EU not only published an action ods and strategies for tackling multiple threats
19 European Commission, “Commission Recommendation on Coordinated Response to Large-Scale Cybersecurity Incidents and
Crises”, C(2017) 6100 final, Brussels, September 13, 2017, https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-
6100-F1-EN-MAIN-PART-1.PDF
20 High Representative of the Union for Foreign Affairs and Security Policy, “Action Plan on Strategic Communication”,
Ares(2015)2608242, June 22, 2015, http://archive.eap-csf.eu/assets/files/Action%20PLan.pdf.
21 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Communication
establishing a Joint Framework on Countering Hybrid Threats”, JOIN(2017) 18 final, Brussels, April 6, 2016.
22 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Staff Working Document:
EU Operational Protocol for Countering Hybrid Threats – ‘EU Playbook’”, SWD(2016) 227 final, Brussels, July 5, 2017.
23 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Report on the
Implementation of the Joint Framework on Countering Hybrid Threats – A European Union Response”, JOIN(2017) 30 final,
Brussels, July 19, 2017.
24 European Commission, “Action Plan to Enhance Preparedness against Chemical, Biological, Radiological and Nuclear Security
Risks”, COM(2017) 610 final, Brussels, October 18, 2017, https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-
do/policies/european-agenda-security/20171018_action_plan_to_enhance_preparedness_against_chemical_biological_
radiological_and_nuclear_security_risks_en.pdf.
25 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Communication on
Increasing Resilience and Bolstering Capabilities to Address Hybrid Threats”, JOIN(2018) 16 final, Brussels, June 13, 2018.
26 European Commission/High Representative of the Union for Foreign Affairs and Security Policy, “Joint Communication on an
Action Plan Against Disinformation”, JOIN(2018) 36 final, Brussels, December 5, 2018, https://eeas.europa.eu/sites/eeas/files/
action_plan_against_disinformation.pdf.8 Protecting Europe | The EU’s response to hybrid threats
simultaneously? How can the EU help improve and simulation on transboundary crises and
coordination between member states on hybrid hybrid threats was organised in Brussels on 4
threats, especially in a rapidly changing and April 2019.28 This is not the place to rehearse
deteriorating security landscape? Are the EU vulnerabilities revealed in confidence.
and its member states on course to developing
a common approach to early warning and risk Third, this Chaillot Paper does not simply pro-
analysis? What are the EU’s institutional and vide a list of EU initiatives that have already
societal strengths in the face of hybrid threats been developed. Indeed, the aim of this study
and conventional security challenges? Is the is to provoke ideas for further action on hy-
Union linking early warning with early action? brid threats and to identify avenues for further
coordination between EU bodies and member
states. In essence, this study wants to provide
the reader with practical and operational in-
THE PURPOSE OF
sights on how best to counter hybrid threats.
It shares best practices and uncovers possible
THIS STUDY
ways of improving coordinated EU approaches
to hybrid threats. But, just as this publication is
not a vulnerability assessment, nor does it deal
A few notes on what this Chaillot Paper is and with the possible development of aggressive
what it is not. First, it is not interested in de- hybrid capabilities by the member states, let
bating conceptual issues. It does not engage in alone by the EU.
any further debate about the merits of the term
‘hybrid threats’. Quite simply: the term ‘hybrid We look at three indicative areas: these deal
threats’ is already being used and understood with the EU’s territorial, physical and in-
by EU officials and government representa- stitutional infrastructure. Borders are ren-
tives to capture a range of non-conventional dered vulnerable because of increased migra-
security challenges. Whether in healthcare and/ tion to Europe and by the ‘weaponisation’ of
or transport, the ‘hybrid’ label is encouraging cross-border flows. Critical infrastructure is
staff in various EU bodies to give more consid- targeted as a means of upsetting the civilian
eration to the security aspects of their respec- population with energy shortages, digital and
tive portfolios than has perhaps been the case financial disruption, and delays to transport
in the past. An annex containing a glossary pro- and healthcare. Disinformation poisons dem-
vides further background information.27 ocratic processes and institutions, as well as
trust in the media and government. Each chap-
Second, this Chaillot Paper will not delve into the ter provides an overview of the subject matter
vulnerabilities of EU member states. Again, this and outlines EU policy developments. What this
could be positively unhelpful. In conducting the paper does do is try to answer the big question:
analysis for this paper, we consulted a range of in what practical ways can the EU prevent and
primary materials. We conducted semi-struc- respond to hybrid threats?
tured interviews with EU officials and govern-
ment representatives. And we co-organised a
simulation and conference on 28 February – 1
March 2019 in Bucharest. Another workshop
27 The authors would like to thank Federica Fazio for helping compile the glossary and for assistance with data collection in chapter
three.
28 The Institute would like to thank the Romanian Presidency of the Council of the EU and the General Secretariat of the Council
of the EU for their support in organising high-level conferences on hybrid threats in 2019. See EU Institute for Security Studies
(EUISS) , “Facing Hybrid Threats through Consolidated Resilience and Enhanced Strategic Communication”, Bucharest,
February 28, 2019, https://www.iss.europa.eu/content/facing-hybrid-threats-through-consolidated-resilience-and-enhanced-
strategic-communication; and EUISS, “From Sense-making to Decision-making: Sharing Experiences on the Management of
Transboundary Crises in the EU”, Brussels, April 4, 2019, https://www.iss.europa.eu/content/sense-making-decision-making-
sharing-experiences-management-transboundary-crises-eu.Introduction 9
EU CRISIS Figure
RESPONSE ARCHITECTURE
1 – The EU’s
An overview crisis response architecture
An overview
TERRORISM
AND MIGRATION
HYBRID
THREATS EUROSUR
HEOF
FRONTEX EWRS
STRATCOM
Europol
STAR HEALTH
AND DISEASE MEDISYS HSC
HFC RAS-DIS
EASO
HEDIS
EU RESPONSE ECDC
EXTERNAL AVIATION
INTCEN CRISES EC3
CYBER
ARGUS IPCR
EASA
CPCC MPCC ENISA
CRS
SPACE
CIVCOM SITROOM NIS Cooperation EU CSIRT
EUMS INT CP Group Network
INFRASTRUCTURE
SATCEN GSA
EUMC CSDP-CR PSC CERT- EU
CIWIN CIP PoCs ENERGY CBRN
EUOAG RAS-CHEM RAS-BICHAT
OCG ACER
rescEU
CIVIL PROTECTION ERCC
AND DISASTER
ENTSO-E GCG ECURIE
EMSA EU CPM
ECG
ENTSOG
EERC EMSA
SSN
MARITIME
KEY shared
responsibilities
European EU Member European EU abbreviations
Commission States External Agencies overleaf
Action
Council Service
of the EU10 Protecting Europe | The EU’s response to hybrid threats
ACER ECDC EUMS INT MEDISYS
Agency for European Centre EU Military Staff EU Information
Cooperation of for EU Disease Intelligence Scanning Tool
Energy Regulators Prevention and
Control
EUOAG MPCC
ARGUS EU Offshore Oil and Military Planning
European ECG Gas Authorities and Conduct
Commission Group Capability
Electricity
Coordination
Coordination Group
System
Europol NIS Cooperation
ECURIE EU Agency for Group
CERT- EU Law Enforcement
European Network and
EU Computer Cooperation
Community Urgent Information
Emergency Radiological Systems
Response Team Information EUROSUR
Exchange European Border OCG
CIP PoCs Surveillance System
Oil Coordination
Critical EERC Group
Infrastructure
Protection Points of
European EWRS
Contact
Emergency
Response Capacity
Early Warning PSC
Response System
Political and
for Communicable
CIVCOM EMSA Diseases and
Security Committee
Committee on European Maritime Outbreak of
Civilian Aspects of Safety Agency Unknown Aetiology RAS-BICHAT
Crisis Management Rapid Alert System -
FRONTEX
ENISA CBRN Agents
CIWIN European Board and
EU Cybersecurity
Critical Agency
Coast Guard Agency
RAS-CHEM
Infrastructure
Rapid Alert System -
Warning GCG
Information ENTSO-E Chemical
Gas Coordination
Network European Network
of Transmission
Group
RAS-DIS
CP System Operators Rapid Alert System-
for Electricity GSA Disinformation
Crisis Platform
European GNSS
CPCC ENTSOG Agency
rescEU
Civilian planning European Network Reserve Operational
and Conduct of Transmission HEDIS Capacities at the
Capability System Operators Health Emergency Union level
for Gas and Disease
CRS Information System SATCEN
Crisis Response ERCC HEOF EU Satellite Centre
System
Emergency
Response Health Emergency SITROOM
CSDP-CR Coordination Centre Operations Facility
Situation Room
CSDP and Crisis
Response EU CPM HFC SSN
Civil Protection Hybrid Fusion Cell SafeSeaNet
EASA Mechanism
HSC STAR
European Aviation
Safety Agency EU CSIRT Network Health Security Strategic Analysis
Committee and Response Centre
EU Computer
EASO Security Incident
Response Teams INTCEN STRATCOM
European Asylum
EU Intelligence and Strategic
Support Agency
EUMC Situation Centre Communication
European Union Taskforces
EC3 Military Committee
IPCR
European
Cybercrime Centre Integrated Political
Crisis ResponseCHAPTER 1 | Flows and borders 11
CHAPTER 1
FLOWS AND BORDERS
Preparing for a hybrid attack at the border
‘Little green men’. When people think of hy- flows of migrants and criminals, of goods and
brid border threats, they likely envisage the waste, weapons and information, and it re-
Russian soldiers who seeped across the bor- quires border guards and law-enforcement
der into Ukraine in unmarked green uniforms officials to close down the avenues for hostile
in 2014. Border incursions and land grabs by powers to exploit the vulnerabilities of the EU’s
unmarked soldiers have a long history – the globalised economy.
method was used first against Colombia in the
1930s (by the Peruvians) and then in Kashmir in
1999 (Pakistanis).1 But this, the ‘classic’ hybrid
THE THREAT TO THE
border attack, is not uppermost in the mind of
EU officials when they think of hybrid border
EU’S BORDERS
threats. Russia or Turkey are unlikely to launch
such an attack on the territorial integrity of
an EU member state. And if they did – around
the Suwalki Gap, say, or on one of the Aegean The Schengen Area covers 4 million km² of
islands – the response lies largely outside EU Europe and is fringed by the three usual border
competencies. Territorial defence for almost all types – land, sea and air. Each of the three bor-
EU member states is a task for NATO.2 der types is clustered in a different part of the
passport-free travel area. As a result, the EU is
The EU’s competencies lie instead in manag- facing three relatively distinct clusters of hybrid
ing the borders of the Schengen Area, the EU’s threats, each associated with one of the three
passport-free travel zone. The Union’s powers border types, the specific flows encountered at
in this field are laid out in Title V of the Treaty that type of border, and a geographically-prox-
on the Functioning of the EU (TFEU). Article imate sponsor state or terrorist group.
67(2) TFEU gives the EU the power to frame a
common European borders policy, and Article Along the southern flank of the EU, the mari-
67(3) charges it with providing security with- time border stretches from the Aegean to the
in these borders. This traditionally means pre- Western Mediterranean. The most obvious
venting cross-border crime and irregular mi- threat here is posed by Daesh and other terror-
gration. The hybrid threat derives from their ist groups with roots in the Middle East and
potential ‘weaponisation’ by hostile powers. North Africa region. These groups have dis-
The response requires the EU to monitor the placed people across the Arab World, and then
1 Dan Altman, “By Fait Accompli, Not Coercion: How States Wrest Territory from Their Adversaries”, International Studies Quarterly,
vol. 61, no. 4 (2017), pp. 881-91.
2 And the treatment of regions inside the EU with secessionist ambitions and of ethnic minorities falls to the Council of Europe
(COE) and the Organisation for Security and Cooperation in Europe (OSCE).12 Protecting Europe | The EU’s response to hybrid threats
exploited the migration flows themselves, Lastly, in the EU’s north-west lie the heavi-
sometimes taxing migrants for financial gain, ly globalised border hubs. Western Europe is
sometimes smuggling family home to major airports Charles
T
members to safety to increase
he cyberattack de Gaulle (Paris), Frankfurt and
their hold on local territory. Schiphol (Amsterdam), as well
They have politicised the flow of which hit as cargo ports – Rotterdam,
people into Europe, hoping to Maersk in 2017 Antwerp, Hamburg. A small
trigger anti-Muslim feeling and cost the Danish disruption in any of these has
to fuel left- and right-wing ter- massive repercussions. A drone
shipping giant
rorism. As for transit countries incident like the one at Gatwick
such as Turkey, they have been a little over airport in 2018 cost a single
accused of accommodating ter- €250 million. airline €17 million in passen-
rorist groups. Turkey has also ger welfare costs and lost reve-
shown an interest in using mi- nue. The cyberattack which hit
gration flows not just for political leverage vis- Maersk in 2017 cost the Danish shipping giant a
à-vis the EU, but to increase its territorial hold- little over €250 million, not including the ram-
ings in Kurdish areas. It has seemingly exploited ifications for other firms in its global supply
the tensions in the Aegean with Greece, while chain.3 Maersk was hit by malware hidden in
also pushing Kurdish refugees into the EU and an electronic tax return in Ukraine, a sign of the
offering to secure ‘safe zones’ to its south. vulnerability of networked systems. Threats at
these borders come as much from inside the EU
To the east, the EU shares a long land border with as outside, and may be physical or virtual. Air
three members of the ‘Eastern Partnership’ - and sea ports house expensive infrastructure
Ukraine, Belarus and Moldova – as well as with such as liquefied natural gas (LNG) refineries,
Russia. The vulnerabilities along this border are for instance, leaving them vulnerable to so-
largely inherited from the Soviet domination of called insider threats by employees.
the area. Poland and its neighbours were for-
merly on the frontline to Western Europe, and
their most advanced border infrastructure was
to the West. By contrast their eastern borders
The EU’s threat assessors:
were built for transit, and communities there Frontex and co.
still tend to straddle both sides of the border.
The EU is committed to ensuring no new iron Frontex leads on border matters, and in 2016
curtain descends on the East. But this com- it gained new powers to carry out assessments
mitment to a light-touch border regime may of the EU’s border vulnerabilities. Each year,
invite exploitation by Moscow, which has not it sends out questionnaires to national border
been shy to use criminal networks for geopo- authorities helping them work through their
litical purposes. Criminal motorcycle gangs and shortfalls, before simulating crisis scenarios in
smugglers are known to be closely linked to the a select few member states. The trouble is that
government. The danger is heightened in spots national authorities are reluctant to share in-
where the EU shares a border with Russia itself formation about their vulnerabilities with the
and where the demarcation is not always ac- EU and its agencies. Member states fear both
cepted. Member state border disputes are a field leaks and censure. Governments have there-
where the EU specifically does not have compe- fore insisted that the Frontex vulnerability as-
tence (Article 77(4) TFEU). sessments should remain narrow in scope and
that the results should not be shared widely
– even with other member states. This makes
3 Richard Milne, “Moller-Maersk Puts Cost of Cyber Attack at up to $300m”, Financial Times, August 16, 2017, https://www.ft.com/
content/a44ede7c-825f-11e7-a4ce-15b2513cb3ff.CHAPTER 1 | Flows and borders 13
it extremely difficult for Frontex to produce a the border into Bulgaria. As for Finland, in
comprehensive picture of Schengen’s vulner- 2016 it experienced a sudden influx of Afghan,
abilities. The borders agency has focused its Bangladeshi and Indian migrants from Russia,
efforts instead on creating a database which al- who were presumably being helped across the
lows member states to see whether they meet border by Russian security services.
common norms when it comes to staffing levels
and capabilities. Most of these states have a strong history of
border guarding. Their models may be civil-
The Commission is now incentivising member ian, but they often bear the hallmarks of the
states to be more forthcoming about their vul- heavily-militarised East-West Cold War divi-
nerabilities. It has announced that it will base sion. In some cases, the border services would
future procurement decisions on the results of even revert from the ministry of the interior to
the Frontex vulnerability assessments.4 But if the defence ministry in the event of an attack.
member states are indeed slowly opening up, Austria has a history of neutrality of course
it is probably for a different reason. They hope - but precisely because of this history, it has
to influence Frontex and the Commission. The often deployed its troops in domestic tasks
Commission has begun a three-step process such as border support. Likewise Finland was
to create a European border strategy. In March able to maintain military patrols at its eastern
2018, it published pointers on ‘Integrated border to the Soviet Union by mirroring them
Border Management’. Frontex has just drafted at its Western border to Sweden and Norway.
a capability-development strategy to match. Some of these five states are either newcom-
And each member state is drawing up a relevant ers to Schengen or, in the case of Bulgaria and
national strategy. Governments, particularly in Romania, still waiting to enter. They all feel
the east and south, see in this a means to bring that they have a new perspective to bring to
hybrid vulnerabilities onto the EU agenda. Schengen’s original north-western core.
Schengen, it should be remembered, began life
as an initiative of five north-western member
states, and its strategic outlook is still largely
attuned to Luxembourg’s priorities circa 1995.
Why are the EU’s
borders a target?
A whole string of EU member states is eager
for Frontex to step up its response to hybrid In opinion polls, Europeans still rank the
threats. And it just so happens that they have Schengen free movement regime as one of their
been hosting the EU presidency between them favourite aspects of EU integration. Abroad,
since 2017. Estonia, Bulgaria, Austria, Romania too, the EU’s most popular policies involve cre-
and Finland have all experienced acute border ative approaches to border liberalisation – visa
vulnerabilities. Tallinn is currently construct- freedom, ‘mobility partnerships’, enlargement.
ing a fence designed to reinforce its eastern The fact that the EU’s border regime enjoys
border after an Estonian official was abducted high international standing makes it a target
by Russians there in 2014. Bulgaria suspects for attack by rival powers. Liberal border re-
Russia of supporting anti-migrant vigilan- gimes like the EU’s can be readily portrayed as
tes with equipment and anti-Muslim rhetoric. a threat to domestic and international securi-
Sofia also had to watch as Turkey withdrew ty, and Schengen is a particularly experimen-
from a repatriation agreement in 2015 only tal version of border liberalisation. This allows
to push large numbers of Iraqi Kurds across revanchist states like Russia or Turkey to play
4 This creates a financial inducement for member states to be properly open about their border shortfalls: if member states show
Frontex that they lack a certain border capability, then the EU will finance its purchase. Under the new Multi-annual Financial
Framework, the EU would pour considerable new resources into border management. The Commission has proposed to dedicate
€21 billion to border management, including a new Integrated Border Management Fund (IBMF) worth more than €9 billion. But
there is a risk that these inducements might backfire - that member states exaggerate their shortfalls in order to get access to
European funds.14 Protecting Europe | The EU’s response to hybrid threats
Figure 2 – Hybrid threat-related initiatives
11 JANUARY 2013
EUROPOL’s European
Cybercrime Centre (EC3)
established
7 FEBRUARY 2013
Cybersecurity strategy of
the EU: an open, safe and
secure cyberspace
JUNE 2013
Integrated Political Crisis
13 MARCH 2004 Response arrangements
EU Agency for Network established
and Information Security
established
19-20 MARCH 2015
EEAS East StratCom
30 MARCH 2009 Taskforce established
Communication on
11 JULY 2007 critical information 28 APRIL 2015
Green Paper on infrastructure The European Agenda
bio-preparedness protection on Security
2006
2004
2007
2009
2008
2013
2015
2012
2014
12 DECEMBER 2006 11 SEPTEMBER 2012
Communication Computer
on the European Emergency
Programme for Response Team
Critical (CERT-EU)
Infrastructure established
Protection 5 MAY 2014
Communication on a new
EU approach to the
8 DECEMBER 2008 detection and mitigation
Council Directive on the of CBRN-E risks
identification and
designation of European 28 MAY 2014
critical infrastructures and European Energy Security
the assessment of the need Strategy
to improve their
protection
24 JUNE 2014
EU Maritime Security
Strategy
16 DECEMBER 2014
EU Maritime Security
Strategy Action PlanCHAPTER 1 | Flows and borders 15
11 APRIL 2017 30-31 JANUARY 2018
European Centre of European Commission
6 APRIL 2016 Excellence for Countering (DG SANTE) table top
Communication for a joint Hybrid Threats established exercise (Exercise
framework on countering Chimera) on hybrid
hybrid threats: an EU 7 JUNE 2017 threats
response
Communication on a
strategic approach to 6 FEBRUARY 2018
APRIL 2016 resilience in the EU’s Cyber platform for
EEAS Hybrid Fusion Cell external action education, training,
established evaluation and exercise in
19 JUNE 2017 the ESDC established
27 APRIL 2016 Council conclusions on a
Regulation on the General framework for a joint EU 22 MARCH 2018
Data Protection diplomatic response to European Council
Regulation malicious cyber activities conclusions on the
(‘Cyber Diplomacy Salisbury attack
25 JUNE 2016 Toolbox’)
A Global Strategy for the 26 APRIL 2018
EU’s Foreign and Security 7 SEPTEMBER 2017 Communication on
Policy EU CYBRID 2017 cyber tackling online 19 FEBRUARY 2019
defence exercise disinformation: a Council conclusions on
6 JULY 2016 European approach securing free and fair
13 SEPTEMBER 2017 European elections
Directive concerning
measures for a high Proposal for a Regulation 13 JUNE 2018
common level of security to establish a framework Report on the MARCH 2019
of network and for the screening of implementation of the Rapid Alert System for
information systems foreign direct investments joint framework on disinformation
across the Union into the EU countering hybrid threats established
2016
2017
2018
2019
7 JULY 2016 13 SEPTEMBER 2017 26 JUNE 2018
EU operational protocol Joint communication on Communication on
for countering hybrid resilience, deterrence and increasing resilience and
threats (‘EU Playbook’) defence: building strong bolstering capabilities to
cybersecurity for the EU address hybrid threats
8 JULY 2016
Joint declaration on 28 SEPTEMBER – 10 JULY 2018
EU-NATO cooperation 4 OCTOBER 2017 Joint declaration on
Parallel and Coordinated EU-NATO cooperation
14 SEPTEMBER 2016 Exercise (PACE17) on
Regulation on the
cyber and hybrid threats 5-23 NOVEMBER 2018
European Border and EU Hybrid Exercise 2018
Coast Guard 18 OCTOBER 2017
Action plan to enhance 5 DECEMBER 2018
26 OCTOBER 2016 preparedness against
Action plan against
CBRN security risks
Space Strategy for Europe disinformation
14 NOVEMBER 2016 NOVEMBER 2017 10 DECEMBER 2018
EEAS StratCom South
Implementation Plan on EU Agency for
established
Security and Defence Cybersecurity established
6 DECEMBER 2016 NOVEMBER 2017
EEAS StratCom Western
42 common proposals for
Balkans Taskforce
EU-NATO cooperation
established
endorsed by the Council of
the EU
11 DECEMBER 2017
Council decision
establishing Permanent
Structured Cooperation16 Protecting Europe | The EU’s response to hybrid threats
a double game. They can politicise Schengen’s the streets in protest. Frontex faces a constant
border-bending attributes to portray the EU as battle over its image, and the European External
a threat to international stability but also as a Action Service (EEAS) now deals with borders
precedent to challenge their own, post-im- and migration in its strategic communications.
perial borders. Likewise Daesh may politicise
the EU’s experiments with territoriality in a It must be remembered also that Schengen it-
bid to gain legitimacy for its own state-like self is part of a critical infrastructure system
attributes.5 which criss-crosses the whole territory of the
EU. Schengen operates a ‘networked border’
All this makes the EU’s border system a tar- system. Schengen members are able to loosen
get in its own right. Still, the present chapter their border controls because someone else –
should not be read in isolation from the other another member state, a third country, an air-
two case-studies in this Chaillot Paper. A hybrid line, a bank – has carried out a document check
attack at the Schengen border would almost in advance of the traveller’s arrival. Documents
certainly link to the other two phenomena dealt are checked against a whole panoply of identi-
with in this paper – to vulnerabilities in the ty databases. The EU is currently centralising
EU’s critical infrastructure (‘nuts and bolts’) and interlinking these databases, leaving the
and its political infrastructure (‘hearts and system prey to a hack attack or disinformation
minds’). Borders are by nature peripheral. But operation. Physical attack is not inconceivable,
one typical characteristic of hybrid warfare is either. Very few sites in Europe have the right
that its ‘centre of gravity’ is the enemy’s civil- physical attributes to house large databases – a
ian population. And so a hybrid action confined secluded environment, often near to a lake for
to the border – say an attack on infrastructure cooling purposes. The EU’s sites are clustered
there - is unlikely to have the desired impact in Strasbourg, backed up in Austria, and hun-
on the popular imagination. To be effective, a dreds of miles from the EU agencies which ac-
border attack would likely need to link up to a tually manage them.
political disinformation campaign or an attack
on critical infrastructure. It must play on soci-
eties’ fears.
This has already come to pass. The terrorist POLICY RESPONSE:
ADDRESSING
attacks in Paris in November 2015 seemed de-
signed to undermine popular confidence in EU
FOUR BORDER
border control. The perpetrators went out of
their way to register at refugee centres on their
WEAKNESSES
way across Europe: they wanted EU citizens to
believe the migration flows had been infiltrat-
ed by foreign terrorists. In fact the perpetrators
were EU citizens returning from the fighting Policymakers have identified four different sets
in Syria. Two months later it was Russia play- of problems with the EU’s border resilience:
ing the game. Russian television reported that in the way it manages its borders, the EU has
a Russian-German girl, ‘Lisa’, had been beaten shown itself to be too narrow, too fragmented,
and raped in Berlin by recently-arrived immi- too blurred and too top-down. These vulnera-
grants of Middle-Eastern origin. The story was bilities are being plugged.
false, but it did not prevent the Russian foreign
minister from accusing German authorities of
a cover-up or Russian-Germans from taking to
5 Deon Geldenhuys, “The Islamic State (IS): An Exceptional Contested State”, Austral: Brazilian Journal of Strategy and International
Relations, vol. 6, no. 12 (2017), pp. 9-35.CHAPTER 1 | Flows and borders 17
Narrow: expanding and Situation Centre (INTCEN) which analyses
threats beyond the EU’s border which may im-
oversight of EU borders pinge on the EU. The Commission’s Directorate
General for Human Resources and Security (DG
The EU’s first vulnerability derives from the HR) is often overlooked in favour of DG HOME,
fact that the Schengen border is extremely long the Directorate General for Home Affairs. But
and spans the external sea and land borders of DG HR specifically assesses the risk posed
26 European nations. It winds its way round to EU staff and buildings, and this is impor-
the Portuguese Azores and Spanish Canaries, tant because it takes into account the fact that
taking in the jagged Greek islands and skirting the EU itself can be a target of smugglers and
the Russian exclave of Kaliningrad. It inherits criminals. For crisis situations, there is also
many of its member states’ territorial anoma- the Integrated Political Crisis Response (IPCR)
lies. And, thanks to the way Schengen was initi- the EU’s response coordination mechanism.
ated by a sub-set of EU member states, it some- The member states chose to trigger the IPCR in
times winds its way through the territory of the 2015, and the IPCR began producing weekly sit-
EU itself. The logical step for the EU has been to uational reports on migration flows jointly with
increase surveillance across the entirety of the the Strategic Analysis and Response (STAR) ca-
Schengen border and strengthen common op- pability in DG HOME.
erational procedures for all EU members.
All of these various systems have had teething
Some years ago, the EU put in place a com- problems. These reveal some fairly basic defi-
prehensive border surveillance system run cits in the capacity of EU institutions and mem-
by Frontex’s Situational Awareness and ber states even to agree on what they are look-
Monitoring Division. The Eurosur Fusion ing at. Take those weekly situational reports.
Service (EFS) today uses this surveillance infor- They were plagued by different national inter-
mation as the basis for more than a dozen ana- pretations of statistical definitions. There were
lytical products (including vessel-tracking and no clear categories to differentiate between
maritime simulations). EFS is capable of iden- irregular migrants who had been picked up on
tifying a suspicious vessel in the Mediterranean islands and those on the mainland of a mem-
by the fact, say, that it has switched off its ber state – something important in Greece. Nor
ship-to-shore communications. To chart the could authorities agree what day events had
vessel’s likely course towards Europe, EFS will occurred. Most national border authorities log-
use weather simulations and data from previ- ically defined a calendar ‘day’ from 12am, but
ous suspicious crossings. Frontex’s European some started the clock when their first shift
Patrol Network and maritime Joint Operations began – 5am, say. It also turned out that some
will supplement this picture by flagging up small Schengen territories – small islands –
yachts sitting unusually heavily in the water had no capacity to input data into Schengen
and other suspicious sightings. EFS also makes systems or indeed to properly apply its rules.
use of the EU’s military capabilities, including And there was even a certain degree of confu-
the Madrid-based Satellite Centre to which the sion about which states are even included in the
borders agency has seconded staff. Schengen Area for statistical purposes.6
The EU complements Frontex’s surveillance With those problems fixed, the EU is under
capabilities with other European agencies and pressure to expand its borders code so as to en-
institutions. There is the Migrant Smuggling sure that member states not only watch their
Centre, an intelligence-led hub housed in borders, but also know how to respond to the
Europol. And there is the EEAS’s Intelligence problems they flag up. The Schengen Borders
6 Romania and Bulgaria are not members of Schengen, but will likely be included in the area for the purposes of the Visa
Information System, leading to statistical complications.You can also read
