Small Wars Journal

Adversary-Controlled Economic Assets as a Threat to National Security

Sun, 03/25/2018 - 10:33am

Adversary-Controlled Economic Assets as a Threat to National Security

Adam Klus


The report intends to expand and systematize understanding of how adversary-controlled economic assets can be used in an adversarial fashion against a state actor. The conceptual context is based on a situation where an attacker state (the Attacker) establishes operational control (e.g. via acquisition) of an economic asset (the Asset) and uses it to engage in adversarial activities against the target state (the Target). One of the key practical aspects to which the report seeks to contribute is the process of evaluation of Foreign Direct Investments (FDIs) and acquisitions as potential threats to national security of the host country.

The analysis builds upon the three-threat framework developed by Theodore Moran. More generally, the report can be placed at the nexus of thinking about non-military aspects to national security, economic warfare, and hybrid threats. The analytical approach is conceptual in nature. It is dictated by the need to explore, beyond what’s empirically available, the understanding of the subject.

The analytical method is based on conceptual approach. It was selected as most suitable to extend the discussion of the subject beyond what is currently empirically available. The threat landscape described in the report consists of nine threat categories (the Threats) which represent various aspects in which an Asset can be used in an adversarial fashion against the Target. Each Threat is discussed using the same analytical framework and illustrated with a mini case study. The framework consists of: (1) three phase model of threat execution, (2) enumeration of enabling and facilitating factors, (3) exemplification of industries and types of business activities which are particularly conducive to execution of a specific Threat. The latter represents an empirical insight into core aspects of Threat’s strategic logic. However most of the mini case studies do not represent examples of actual application of a Threat but rather are used to illustrate some of its key aspects. Thus, a case study of a large industrial accident (e.g. 2015 Tianjin explosion) is used as a conceptual model to think about the Threat based on intentional impairment of the Asset to cause a strategic impact on the Target.

The logic of Threat Category 1 (T1) is based on denial, delay or disruption of the good produced by the Asset. A typical example would be halting supply of a critical commodity (e.g. electricity) during a crisis situation. The supply disruption might be conducted overtly (i.e. with stated adversarial intent) or under the guise of ambiguity, e.g.; due to “an industrial accident”. The result of a successful execution of T1 could be used to pursue non-economic objectives such as; coercing the Target to accept political demands of the Attacker, disrupting/delaying Target’s military mobilization efforts, or creating a socio-political crisis.

T1 is illustrated with the case study of a 2008 bid by a US company Alliant Techsystems Ltd. (ATL) for a division of Canadian firm MacDonald, Dettwiler and Associates. The transaction, if completed, would have given the American company control of the Radarsat-2 satellite, which is uniquely positioned to provide intelligence related to Canada’s coastline and coastal waters in the Arctic. That in turn would give the US government a possibility to deny Canada, by preventing the ATL to provide data generated by the satellite, the ability to effectively enforce its sovereign rights in the region with border disputes between both countries. The focal point of the case is that the T1 is highly contextual and may concern aspects which are no readily identifiable.

The logic of Threat Category 2 (T2) is based on using the Asset to acquire a strategic resource which provides the Attacker with an instrument of coercion against the Target. A typical example would be gaining access to military technology which in turn allows the Attacker to strategically undermine Target’s strategic position in general or in a specific geopolitical theatre.    

T2 is illustrated with the “Waitergate” affair which took place in Poland during 2013 – 2015 period. It involved an organised effort to record private conversations of high-ranking politicians and state officials in three posh restaurants in Warsaw. The recording was conducted by some members of the restaurant staff, but limited clarity exists as to the ultimate mastermind of the entire endeavour. The recordings, which were later leaked to the press, included some controversial statements and personally compromising information. The impact was largely negative on the (then) ruling Civic Platform and affected its electoral performance during both presidential and parliamentary election. The focal point of the case is that even such low-profile Assets as restaurants can, in a right context, be used for strategic purposes.  

The logic of Threat Category 3 (T3) is based on Attacker’s intentional impairment of the Asset to generate strategic impact on the Target. A typical example would be release of toxic substances likely conducted under the guise of industrial accident or terrorist attack. The strategic effect could be achieved due to e.g.: socio-political crisis related to environmental crisis caused by the disaster. 

T3 is illustrated with case study related to 2015 Tianjin blast in China. Due to neglect and corruption the company operating a large port warehouse allowed for accumulation of hazardous materials well in excess of the regulatory limit. The catalyst of the disaster was an uncontrolled ignition of containers containing dry nitrocellulose which in turn led to a series of large explosions. The resulting damage caused a release of highly toxic substances which led to panic in the nearby Tianjin city and prompted criticism aimed at highest echelons of political power in China. The focal point of the case is that the Asset may represent an almost “WMD-like” weapon in the hands of an Attacker.

The logic of Threat Category 4 (T4) is based on using the Asset as a “market predator” to dominate or disrupt selected sectors of Target’s economic system. A typical example would be a large refinery benefiting from access to (Attacker provided) attractively priced oil and financing allowing it to sell gasoline at prices affecting economic stability of its competitors. The strategic effect could be achieved by affecting valuation of competitors making them more vulnerable to potential takeover resulting in increasing Attacker’s domination over Target’s energy market.    

T4 is illustrated with a case-study of the Ukrainian oligarch Dmytro Firtash. His businesses gained dominant position within Ukraine’s key industrial sectors such as fertiliser production, gas imports and regional gas distribution. It was possible because of support from Russia. His business benefited from ample credit-lines opened by the Kremlin-friendly Gazprombank and substantial supply of discounted natural gas. As a result, Firtash became a pivotal player in Ukraine’s economic and political system. The focal point of the case is that the Attacker may use a “bottom-up” approach to dominate Target’s economy by supporting (through proxies) aggressive economic actors.

The logic of Threat Category 5 (T5) is based on using the Asset to “booby trap” Target’s economic system. A typical example would be a financial institution mass-selling risky product to general public. The strategic effect could be achieved by generating and economic crisis and/or affecting stability of sufficient number of people, which in turn can translate into a political crisis as authorities would likely be blamed for allowing the situation to occur.   

T5 is illustrated with a case study of mass issuance of foreign-denominated mortgage loans in Latvia. During the years preceding the 2008 crisis the liabilities of local banks to foreign ones increased from 6% of GDP (2000) to 54% (2007). Respectively the financial system became overheated resulting in massive property bubble, which unravelled following the financial crisis. Apart from immediate negative economic impact the crisis resulted in social protests (against crisis-imposed austerity), government resignation and significant decline in military expenditures. The focal point of the case is that saturation of Target’s economic system with malicious products (e.g. toxic financial loans, software containing malware) may build a critical-mass capable of causing nation-wide crisis of strategic proportions.   

The logic of Threat Category 6 (T6) is based on using the Asset to manipulate its workforce. A typical example would be a deliberate deterioration of working conditions resulting in labour unrest. The strategic effect could be achieved by transforming the localised protests into a politicised, nation-wide issue.    

T6 is illustrated with the case-study of 2010 labour unrest in China. The upheaval followed a series of suicide attempts which took place within a span of several months in Shenzhen (China) factory of a Taiwanese company Foxconn. The apparent cause of the suicides were poor working conditions. As the events were heavily mediatised they resulted in emergence of sympathy protests, as working conditions at Foxconn were emblematic for China’s low-skilled labour force as a whole. The unrest quickly spread to other foreign-owned factories in China and started to affect state-owned enterprises. That in turn transformed the issue into a political one and forced Beijing to react to prevent the protests to fully transform into an anti-government movement. The focal point of the case study is that certain types of Assets (e.g. heavy industry) offer in principle a catalyst for creating social unrest on a nationwide scale with significant political consequences.

The logic of Threat Category 7 (T7) is based on modification of Asset’s product to cause desired changes in consumer behaviour. A typical example of the threat would be a subtle change in an editorial line of a major newspaper. The strategic effect could be achieved if the change contributes to influence political choices of the readers resulting in political impact.

T7 is illustrated with a case-study of Facebook experiments related to modification of content provided for the users. In one research study the company affected 61m users by adding a clickable “I Voted” button in a prominent part of the website during the 2010 US Congress elections. The result was an increased political mobilization among those who were targeted by Facebook. In an even more interesting case Facebook used placement of “sad” and “happy” stories with a selected group of users successfully causing emotional contagion to occur without direct personal contact. The focal point of the case study is that consumption of certain type of goods may affect cognitive processes of the consumers possibly resulting in political consequences through e.g.: reinforcement of cognitive biases, creation of desired emotional states, or distorting factual knowledge.

The logic of Threat Category 8 (T8) is based on using the Asset to entangle the Target into a compromising activity. A typical example would be making a political important company complicit in an illegal or ethically questionable activity. The strategic effect could be achieved if the evidence of the involvement (or mere tolerance/negligence) of the wrongdoing is used for blackmailing or leaked to the public/regulatory bodies for maximum financial and reputational damage.   

T8 is illustrated with the case-study of Unaoil, a company which allegedly facilitated more than $1bn in bribes paid between corporations and politicians (mostly in energy rich developing states). According to sources the corruption process was systematic, persistent and professionally organised. The scope of the Unaoil scandal is substantial, as it implicates some of the blue-chip names of the corporate world such as; Rolls-Royce, Halliburton, Eni, Saipem, Samsung, or Hyundai. The focal point of the case is that and Asset may be used for conducting professionally organised corruption with potential to entangle a host of high-profile actors giving the perpetrator a significant leverage over important public and corporate officials.

The logic of Threat Category 9 (T9) is based on using the Asset to expand Attacker’s politico-military sphere of influence. A typical example would be creation of a security threat (which may well be engineered by the Attacker) against an offshore oil platform which then serves to justify establishing of a heavy military presence in its vicinity. The strategic effect could be achieved if the Attacker’s military presence encroaches on Target’s exercise of its sovereign rights in the area and/or poses an increased military threat.

T9 is illustrated with a case-study of the Gazprom’s Nord Stream pipeline which connects Russia and Germany across Baltic Sea – an area of high geopolitical importance for Russia. Its sheer presence provides Moscow with justification to mention it in the context of military exercises and present it as an asset which has to be defended by military means. A potential escalation of inter-state tensions, a terrorist attack or even an accident can be used by Russia as a pretext to expand military presence in the pipeline’s vicinity. This in turn may result in changing the geostrategic balance in the area and/or imposing restrictions limiting sovereignty of other states (e.g. by denying access). The focal point of the case is that an Asset may serve as a power projection platform for the Attacker, resulting in changing the geopolitical situation in the area.

The report makes following recommendations:

- Identify and systematize new threat categories based on different adversarial logic than ones described in the report

- Evaluate identified threat categories through the prism of logistic burden

- Develop a framework for decision-makers which allows for a holistic evaluation of specific economic assets from an adversarial point of view


The report explores the spectrum of threats which can be generated by adversarial use of an economic asset (the Asset) against a state actor. Though it does not constitute a necessary condition it’s assumed that threats should be generated in a relatively ambiguous fashion to provide the perpetrator with a degree of deniability primarily for limiting political cost of the operation. The main goal of the report is to expand, using a conceptual approach, the cognitive framework for thinking about adversarial use of economic assets.

The report covers first the conceptual context which introduces key terms and assumptions underpinning the analysis. The following section describes the research design and methodology. Next, nine threat categories (T1 – T9) are discussed through the prism of a unified analytical framework. This section forms the central element of the analysis focusing on expanding the boundaries of the threat landscape. The report concludes with a set of recommendations concerning measures to be undertaken as defensive and preventive measures.

Conceptual Context

The conceptual model on which the analysis is based consists of following elements: the Attacker, the Target, the Adversarial Activity, the Asset, and the Operational Control of the Asset. 

The Attacker

It’s assumed that the Attacker is a state actor or a non-state actor with access to state-level resources. In practice the Attacker will exercise the operational control over the Asset through an official (e.g. sovereign wealth fund, state-owned enterprise) or unofficial (e.g. shell-company, captive private actor[1]) proxy. For stylistic simplicity the report uses a direct reference to the Attacker (i.e. the existence of the proxy is not mentioned).

The Target

It’s assumed that the Target is a state actor.

The Adversarial Activity

The adversarial activity is defined as economic or non-economic actions which are undertaken by the Attacker with intent to produce a negative strategic impact on the Target. It may include both coercive and compensatory measures.

The Asset

For all practical purposes the Asset can be considered as synonymous with a company. The name is chosen to give it a bit broader meaning which could also encompass elements of economic infrastructure which do not constitute a standalone legal entity.

The report focuses, as a default approach, on a situation where the Asset’s economic system is located mainly under Target’s jurisdiction. However, the logic of the analysis can be extended to other types situations, e.g. where the Asset is located under Attacker’s or third-party jurisdiction, as long as it does not prevent a specific Threat Category from being executed.

Operational Control of the Asset

It’s assumed that the Attacker exercises operational control over the Asset sufficient to allow for using the Asset in the desired way. The required level of control may be accomplished through variety of ways e.g.:

- Equity ownership

- Control (e.g. political/ideological allegiance, blackmail, bribery) over key decision-makers (e.g. executives, directors, key specialists) or specific personnel (e.g. security administrator, leaders of the labour union)

- External influence (e.g. PR campaigns, activist groups, contracts with third-parties) affecting desired operational factors e.g.:

- Determination of key production parameters (e.g. quantity, price, quality, mix)

- Selection of buyers, suppliers and service providers

- Degree and character of internal security and safety control

- Implementation of compliance framework

- Hiring and internal worker placements

In practice the degree to which the Attacker would need to control the Asset to ensure successful execution of a specific threat will vary depending on Attacker’s capabilities and strategic context of the situation. 

Research Design and Analytical Methodology of the Report

The research problem the report is addressing concerns various ways in which an Attacker may use operational control of an economic asset in an adversarial fashion to produce a strategic effect on the Target.

The research objective of the report is to develop a threat catalogue which outlines the research subject with sufficient scope, diversity and granularity.

The research method applied in the report is primarily based on conceptual analysis and inductive reasoning. The empirical material is provided in the form of mini case studies. The analytical logic of the report is based on a mix of top-down high-level conceptual analysis and bottom-up insights generated from individual case studies.  

The Report is subject to following limitations:

- It is based on a conceptual approach which is partly based on speculative thinking

- The threat catalogue is not complete in absolute terms and the extent to which it represents the underlying phenomenon has not been scientifically verified

- Definitions of threat categories are based on a consistent methodology but are not mutually exclusive

Methodology of Individual Threat Category Analysis

The core element of the report is the overview of nine Threat Categories (Threats). Each represents a different way in which the Attacker may seek to create a strategic impact on the Target by exploiting operational control of the Asset. Given constraints of the report the Threats do not constitute an exhaustive catalogue but are sufficiently diverse to illustrate the breadth of the phenomena. Each threat is analysed through the prism of a unified analytical framework consisting of: conceptualization and a mini case-study.


The section provides a high-level framework for standardising and systematizing thinking about individual Threats. It consists of following elements: phases, enabling & facilitating factors, exemplification. 


Phases describe the causal chain connecting Attacker’s actions with the ultimate impact on the Target. The model consists of three stages:

1. Set-up: describing methods and instruments applied by the Attacker to cause a required change to the Asset to enable application of the Threat (e.g. economic sanction, disinformation campaign, military strike)

2. Execution: describing the changes made to the Asset to enable achieving the strategic impact (e.g. currency devaluation, increase of public debt, default, increased dependence on external supplier of critical commodity)

3. Strategic impact: describing how the change made to the Asset affects non-economic domains of the Target (e.g. social unrest, reduction of defence spending, political concession) 

Enabling & Facilitating Factors

Enabling & facilitating factors describe elements which increase chances of successful execution of the Threat. They do not represent the condition sine qua non of the Threat but a list of factors which make its successful execution more likely. The conceptualization is concluded with exemplification which provides examples of industries/sectors which are particularly well-suited to execution of the specific Threat.

Case Study Analysis

The conceptualization section is followed by description of a mini case study which broadly illustrates specific aspects of the analysed Threat. Case studies selected represent various degrees of fidelity of the Threat. A deliberate decision was made to use empirical examples which are not fully representative. However, they do illustrate key aspects of Threat’s strategic logic. The decision was driven by the need to overcome constraints imposed by available empirical material. Thus, the methodology uses for instance an industrial accident (i.e. 2015 Tianjin explosion) to illustrate the mechanism of a Threat based on deliberate impairment of the Asset.

Such approach helps to think about large-scale attacks which may not have yet been executed but whose strategic logic would be to a large extent similar to observed empirical events. In many cases what separates the actual attack (i.e. execution of the specific Threat) from an unintentional industrial accident is the lack of adversarial intent. Such approach to case-study selection makes it easier to illustrate the Threats with more creative examples and thus helps to expand the boundaries through which we conceptualise the phenomenon.

Overview of Nine Threat Categories

The catalogue of nine threats categories (T1 – T9) represents the core element of the report. It is meant to illustrate the phenomenon with sufficient scope, granularity and diversity. Metaphorically speaking it should provide enough pieces of the puzzle to imagine the size and character of the entire picture. It should also provide reference points and vectors guiding further in-depth analytical inquiry.

The conceptual underpinnings of the threat catalogue are based on a framework developed by Theodore Moran[2] to evaluate impact of foreign direct investments and acquisitions on national security of the host country was based on grouping threats into three broad categories:

1. Denial and manipulation of access

2. Leakage of sensitive technology and know-how

3. Infiltration, espionage and disruption

The paper uses Moran’s work as a point of reference but takes a different conceptual approach and proposes a more granular framework for thinking about intentional threats based on adversarial use of economic assets.

Threat 1 - Denial, Delay or Disruption of Asset’s Product Supply


Threat 1 (T1) is based on adversarial use of Asset’s economic output. The Attacker uses operational control to deny, delay or disrupt supply of Asset’s product to the Target. Attacker’s objective is to inflict sufficient economic cost on the Target to generate desired strategic impact. Conceptually T1 shares many similarities with the logic of an official state-imposed embargo.

Phase 1

T1 is initiated by introduction of measures to reduce Asset’s supply of the product. In its simplest form it may be implemented as an overt decision which does not hide the adversarial intent. However, this would be certain to generate significant level of political costs for the Attacker and likely stand in violation of business contracts and international trade rules.

Therefore, T1 would most likely be initiated in a way which is more ambiguous and provides some degree of political deniability for the Attacker. This could be achieved by e.g.:

- Deliberately using legitimate business operations to divert or reduce supplies to the Target (e.g. by concluding a long-term supply contract with a third-party)

- Using events such as strikes or intentional “industrial accidents” (de facto sabotage) to disrupt the production process resulting in temporary shortage of the product

Phase 2

Once initiated the T1 results in creation of product shortage within Target’s economic system. This may take form of:

- Supply shock – a massive but short-term economic disruption to Target’s economic system 

- Persistent deficit – a more limited but lasting in nature decrease of product availability causing Target’s economic system to operate at a sub-optimal level (e.g. due to rationing, higher prices) for an extended period of time    

Phase 3

The deficit/shortage of the product is then used by the Attacker to achieve strategic impact on the Target. The exact nature will be highly contextual but may include e.g.: 

- Coercing the Target to accept Attacker’s political demands in exchange for restoring the supply of the product

- Creating (through product supply cut) massive economic disruption affecting the level of Target’s military readiness in the short-term (e.g. slowdown Target’s mobilization effort due to regional power blackout)

- Structurally weakening Target’s economy by forcing it to operate on sub-optimal level (e.g. higher prices, rationing, less reliable suppliers[3]) for an extended period of time or seek supplies from third-parties which are more prone to Attacker’s political influence

Enabling and Facilitating Factors

The Product must be critical in nature

The condition sine qua non of T1 execution stipulates that the product has to be of significant importance in the context of Target’s vital interests. The shortage of the product should translate into an immediate and material negative impact on Target’s economic system.

Limited number of alternative sources of supply exist

T1 can be more successfully implemented if the Target cannot easily source the product from other suppliers. The less alternative suppliers exist the stronger the Attacker’s position.

There is lack of close substitutes or prohibitively high switching cost

The Target may seek to switch its economic system to a substitute product. If sufficiently close substitutes are available and switching cost is economically acceptable the impact of T1 is likely to be limited and transitory.


Economic domains conducive to T1 execution:

- Natural resources (e.g. rare earth minerals, natural gas, electricity)

- Advanced specialised equipment (e.g. spare parts and servicing for strategically important military equipment)

- Critical services (e.g.  port operators, railways, pipelines)

- Data (e.g. satellite data feed)

- Finance (e.g. financial aid, preferential loans)

Case Study: ATK-MDA (2008)

During 2008, a now defunct[4], Alliant Techsystems Ltd. (ATK) a US company operating in aerospace, defence and sporting goods segment tried to acquire the Information Systems and Geospatial Services division of MacDonald, Dettwiler and Associates (MDA), a Canadian multinational communications and information company. The acquisition would give ATK state-of-the-art capabilities in space-based radar systems and space robotics.[5]

One of the consequences of the transaction would have been transfer of control over Radarsat-2 satellite to the ATK. The satellite was used for high-resolution Earth observation purposes. It had a peculiar orbital location which made it uniquely positioned for space surveillance of Canada’s coastline and coastal waters in the Arctic.[6]    

The terms of the acquisition stipulated that ATK is committing itself to honour all contracts concluded by the MDA.[7] One of such contracts was an agreement with the Canadian government to provide access to data generated by the Radarsat-2. Whereas ATK saw no problem in allowing the access to the requested data it could not guaranteed that it won’t be prevented from doing so by the US government.[8] 

What made the Radarsat-2 issue so critical was the broader geopolitical context related to US-Canada border disputes in the Arctic.[9] The two countries lay overlapping claims to several territories including the so called “Northwest Passage” and part of the Beaufort Sea. The former represents an increasingly important sea route connecting Northern Atlantic with the Pacific Ocean. Canada considers the Northwest Passage to be part of Canadian internal waters and thus not subject to provide free and unencumbered passage to foreign vessels. The Beaufort Sea dispute has at stake economic rights to rich oil and gas deposits which depend on exact delimitation of the Exclusive Economic Zones between Canada and the US.     

Due to its peculiar orbital position the Radarsat-2 provides a unique source of spatial data related to the disputed areas. Access to such data allows for effective enforcement of sovereign rights due to oversight capability and creation of detailed evidence to back ones claims in potential international arbitration proceedings. The Canadian authorities were concerned that if the control over Radarsat-2 is no longer under the jurisdiction of Canadian law the US government may restrict access to specific satellite data by ordering the ATK not to release it. This could be used for e.g.: limiting Canada’s ability to effectively track the traffic of US ships in the Northwest Passage and thus exercise its sovereign rights in practice in the disputed territory.[10]

As a result of critical evaluation, the acquisition was blocked by Canada’s government on the grounds that the sale “was not in Canada’s national interest”.[11] The rejection was formally based on the Investment Canada Act, a legislation which allows the federal government to block certain types of purchases of Canadian assets by foreign investors.[12]

The ATK-NDA case illustrates an idiosyncratic aspect of T1. It underlines the intellectual flexibility necessary to conceptualise denial, delay and disruption tactics beyond the basic commodity supply context (e.g. oil embargo). The technological progress creates an increasing amount of dependencies which can be used in an adversarial fashion. One of such dependencies, illustrated by the ATK-NDA case, is related to accessing geospatial data necessary to effectively exercise one’s sovereign rights in an important area.

Additional Case Studies Facilitating Conceptualization of T1

- Russian gas embargo against Ukraine (2009)[13]

- China’s rare earth metals embargo against Japan (2010)[14]

- Russia’s refusal to repair Druzhba pipeline to Mazheiku refinery (2007)[15]

Threat 2 – Extraction of a Strategic Resource


The Attacker uses the Asset to gain access to a strategically important resource (Strategic Resource) which allows for achieving strategic impact on the Target. Operational control is used to enable and facilitate acquisition of the resource which otherwise would be unavailable to the Attacker. 

The Strategic Resource represents any element which if acquired by the Attacker provides it with the possibility to affect vital interests of the Target. Its exact form will be highly context specific, but an arguably most representative category would be confidential information.

Phase 1

T2 is initiated by using the Asset to create access. This step requires establishing some form of operational and/or spatial proximity to the Strategic Resource. It might be achieved via various means e.g.:

- Developing a property/infrastructure which is co-located with the Strategic Resource

- Acquiring a company which provides access to the Strategic Resource

- Entering into a business relationship which enables extraction of the Strategic Resource

Phase 2

The second phase of T2 is represented by actual acquisition/creation of the Strategic Resource. The character of the operation will be highly context specific but may be well exemplified through three broad categories:

- Intelligence collection

- Transfer/extraction of the economic good (e.g. natural resource, technology)

- Access to critical infrastructure

Phase 3

The final phase of T2 execution is based on using the acquired Strategic Resource against Target’s vital interests. This may be accomplished through e.g.:

- Using acquired confidential information for extortion/blackmailing purposes

- Establishing control over elements of critical infrastructure, exploiting detected/created vulnerabilities

- Acquiring military capabilities which alter the geostrategic balance between the Attacker and the Target, or impair Target’s military position in another important theatre

- Developing ability to replace the Target’s politico-economic influence with a third party (e.g. by using the Strategic Resource to replace Target’s supply with one’s own)

Enabling & Facilitating Factors

Misperception of the Strategic Resource by the Target

Ultimately the value of the Strategic Resource is defined by its intrinsic utility for the Attacker. The Target may underestimate or even not be entirely aware of the value of a specific resource for the Attacker. In some cases (e.g. sensitive military technology) the situation is very straightforward as it’s obvious that acquisition of an asset by the Attacker would have potentially detrimental consequences for the Target. However, in other situations the Target may not see the “hidden value” embedded in a particular form of economic or non-economic activity related to the Attacker-controlled Asset.

Integration of the Strategic Resource in the operational activity of the Asset

The more integrated the Strategic Resource is with the regular operations of the Asset the easier it’s for the Attacker to acquire it. In an ideal situation the very economic activity of the Asset would provide direct access to the Strategic Resource. In other cases, the operational and spatial proximity (e.g. co-location) may facilitate but not necessarily guarantee the access.


Economic domains conducive to execution of T2:

- Companies operating and/or providing key components for communication services

- Services offering insight into forms of sensitive personal activity (e.g. offshore tax services)

- Property/Infrastructure co-located/located in close proximity to objects emitting strategically important information (e.g. military bases)

- Developers of advanced military or dual-use technologies which can be used against Target’s vital interests

Case Study: “Waitergate” Wiretapping Scandal in Poland (2013-2015)

From July 2013 to June 2014 multiple conversations between VIPs from the world of politics and business were secretly recorded at several posh restaurants in Warsaw. Many recordings were then revealed by various media outlets producing a significant impact on Polish politics.

The tapes which were revealed involved many high-ranking politicians and public officials, including:[16]

- Head of the National Bank of Poland

- Minister of Finance

- Minister of Foreign Affairs

- Minister of the Treasury

- Minister of Internal Affairs

- Minister of Regional Development

- Head of Central Anticorruption Bureau

- Ex-President

- Head of Supreme Audit Office

The recordings were made in the VIP rooms of three posh restaurants in Warsaw and were conducted by a small group of waiters using relatively rudimentary methods.[17] One of the richest Polish businessman Marek F. was implicated as the person behind the wiretapping. Reportedly he wanted to use the recordings to “facilitate” his business operations.[18] His role as the ultimate mastermind of the operation was questioned with hypotheses pointing to possible role of foreign intelligence services (mainly Russian). The recorded material was revealed in several instalments by various media outlets from June 2014 to November 2015 which largely overlapped with a busy political calendar[19] in Poland. No clarity exists whether all existing recordings have been identified and speculations still abound as to what may remain undisclosed.

The revealed content of the wiretapped conversations didn’t contain any state secrets as such. Instead it revealed controversial practices and personally sensitive information. Those included among others:[20]

- Statement by the Minister of Foreign Affairs characterising the Polish-American alliance as “worthless”

- Head of Central Bank discussing with the Minister of Internal Affairs possibilities to remove the Minister of Finance

- Paying for expensive meals with public money 

The scandal had a significant impact on the Polish political scene and the ruling Civic Platform (PO) – Polish Peasants’ Party (PSL):

- Resignation of: three ministers, three deputy ministers, the coordinator of special services at the PM office, the Speaker of the Parliament[21]

- Negative PR effect affecting performance of the then ruling coalition (Civic Platform – Polish Peasants Party) in local (2014), presidential (2015) and parliamentary (2015) elections

- Damaging Poland’s chances to win much coveted posts of foreign policy or energy commissars at the European Commission[22]

The “Waitergate”, if seen through an adversarial lens, illustrates a low-cost high-impact aspect of T2. The acquisition of Strategic Resource (in this case a sensitive information) was done with a relatively low logistic burden using standard (off the shelf) eavesdropping equipment in a private open-access Asset (i.e. restaurant).

The actual execution of the “Waitergate” didn’t even involve actual operational control of the Asset itself (only some of the Asset’s employees were cooperating with a third-party). However, one can conceptualise a situation where the Attacker develops (or acquires) an Asset which offers direct physical access to desired target group (e.g. politicians, military personnel) to deliberately collect sensitive information using much more advanced and sophisticated methods. 

Additional Case Studies Facilitating Conceptualization of T2

- Installation of Huawei equipment in the US communication infrastructure[23]

- Property acquisitions in vicinity of strategically important locations in Finland by Russian buyers[24]

Threat 3 - Intentional Impairment of the Asset


The logic of T3 is based on intentional impairment of the Asset by the Attacker to produce a strategic impact in/through the Target’s economic system.

Phase 1

The first phase of the T3 execution requires implementation of measures which will result in creation of the required level of damage to the Asset. This may be accomplished by e.g.:

- Sabotage of the Asset “from the inside” which could be achieved both through action (e.g. deliberate act by Attacker’s agents) and inaction (e.g. deliberate neglect of safety procedures leading to an industrial accident)

- Sabotage of the Asset “from the outside” which could be achieved by both action (e.g. operations of Attacker-controlled actor) and inaction (e.g. by creating conditions which induce/enable third-party attack)

Phase 2

The resulting impact of the first phase should lead to required level of disruption of economic processes which are operationally and/or spatially connected to the Asset. The impact of the sabotage should be contextualised beyond the mere physical damage and include also: losses due to business interruption, liabilities (e.g. due to environmental damages), societal disruption (e.g. due to evacuation), political crisis.

Phase 3

The ultimate strategic will be highly context specific but may be conceptualised through following examples:

- Destroying or disrupting an important element of critical infrastructure in a time-sensitive fashion (e.g. military mobilization)

- Creating an industrial accident resulting in significant environmental impact leading to social unrest and political crisis

Enabling & Facilitating Factors

Existence of impact multipliers and transmission channels facilitating propagation of ripple effects

Ideally the T3 should be based on the initial action that has relatively small logistic footprint but can result in large-scale impact because of multiplier effects and transmission channels. Such elements may include; geographic co-location/proximity, chain reactions / cascading failures, cross-domain transmissions (e.g. social unrest following an environmental disaster). 

High level of operational control over safety and security functions of the Asset

Successful execution of T3 requires control over safety and security functions related to the Asset. Depending on the situation the control may not only require having or enabling access to certain locations and processes but also denying access to external actors (e.g. employees, inspectors).

The Asset not being explicitly considered an element of Target’s critical infrastructure

Certain types of objects are a priori classified as being of critical importance for national security (e.g. nuclear power plants). This makes them by default subject to much more strict security oversight which imposes limitations on Attacker’s level of operational control.     


Economic domains conducive to execution of T3:

- Chemical plants

- Logistic hubs (e.g. ports, airports)

- Energy (especially oil and nuclear due to environmental aspect)

- Large scale industrial storage/warehousing facilities

- Waste dumps, landfills

Case Study: Tianjin Blast (2015)

On August 12th 2015 a series of large explosions followed by fires occurred in a container storage station in the Port of Tianjin. The port is the largest ones in Northern China and represents the main maritime gateway to Beijing. It serves also as the key logistic hub for country’s metals and steel trading. 

The disaster was enabled and facilitated by lax on-site safety which was a result of neglect, mismanagement and corruption.[25] A poorly defined environmental legal framework created loopholes encouraging unsafe practices.[26] This led to accumulation of various hazardous materials far in excess of legally acceptable limits.[27]

The root cause of the disaster was a container with dry nitrocellulose which ignited due to overheating.[28] The flames spread then to the nearby containers which contained among others ammonium nitrate - a highly explosive chemical.[29]  This led to a series of explosions with the largest one reaching energy equivalent of 430 tonnes of TNT.[30]

The direct impact of the disaster resulted in 173 deaths, almost 800 people injured, and destruction of c. 300 buildings.[31] Apart from significant direct impact the event caused variety of cross-domain effects:

- Environmental - the explosion released toxic materials which resulted in contamination of soil and waterways[32] 

- Societal – as a result of the environmental concerns authorities ordered evacuation in the radius of 3km from the blast site which had a broader disruptive effect on the city of Tianjin (fourth largest in China)[33]

- Political – in the aftermath of the disaster questions were raised about authorities’ responsibility for failing to detect the danger, which resulted in (1) local protests and social media outrage leading to censorship[34], (2) tensions among the China’s ruling elite as to who should be held responsible for the tragedy[35]

- Supply-chain disruption – the event caused extensive damage to companies using the port for logistical purposes, it’s estimated that the insurance claims reached $6bn while the value of revenue lost due to disruption was estimated to reach $9bn[36]

The ripple effects were enabled by several transmission channels and impact multipliers: dense accumulation of hazardous materials, presence of chemicals reacting with water (such as carbide and sodium cyanide) which transformed fire extinguishing efforts into new explosions and pollution, political connections of the warehouse operators which gave the disaster a political dimension, proximity to a large urban center, important logistical role of the port, lack of transparency as to the actual content of the site.  

The site on which the disaster took place was operated by Ruihai Logistics[37] - a logistic operator licensed to handle and store hazardous materials.[38] It was reported that Ruihai had close links to both local and national level Communist Party officials, a factor which greatly enabled the scope of its illicit operations.

The event shows that in a specific environment an industrial accident may have repercussions reaching highest echelons of political power in a country. In fact, there was a significant amount of speculation in China that the Tianjin event was a result of political conspiracy against the President Xi Jinping.[39]

Additional Case Studies Facilitating Conceptualization of T3

- Baia Mare cyanide spill (Romania, 2000)[40]

Threat 4 – Creation of a “Market Predator”


The Attacker provides strategic support for the Asset to establish it as a dominant actor within specific segment(s) of Target’s economic system. T4 is executed mainly by using a legitimate business activity (i.e. outcompeting the rivals). However, the economic strength of the Asset is artificially enhanced by resources provided by the Attacker due to political logic (i.e. economic factors play a secondary role).

Attacker’s strategic support may include measures which can be considered legitimate (e.g. long-term supply contract concluded on general market terms), quasi-legitimate (e.g. loan issued on below market terms) or illegitimate (e.g. confidential market information gained by Attacker’s intelligence services). The support is provided to strengthen economic capabilities of the Asset beyond what would be warranted and possible in the regular business context.

Phase 1

T4 is initiated by establishing special relations between the Asset and the Attacker. In general terms this should enhance Asset’s economic potential to outcompete its rivals in the Target’s economic system. Some notable examples could include e.g.:

- Provision of significant, long-term and cheap financing making the Asset immune to financial conditions in the Target’s market

- Supply of key production inputs at a cost below those of competitors’

- Providing access to sensitive information on the market and Asset’s competitors gathered by Attacker’s professional intelligence apparatus

Phase 2

Once initiated T4 should result in expansion of Asset’s market position at the expense of its competitors. This could be accomplished via e.g.:

- Operating with lower prices due to superior cost base

- Having artificially low cost of capital due to provision of financing by the Attacker

- Having financial resources to expand market footprint by acquisitions

Phase 3

The T4 might be pursued to achieve two main non-mutually exclusive strategic objectives:

- Making the Asset a dominant player in the selected segment of Target’s economy resulting in increasing overall politico-economic dependence of the Target on the Attacker

- Weakening or eliminating, through predatory competitive practices, specific important economic actors within a selected segment of Target’s economy

Enabling & Facilitating Factors

The Asset has to be an economically viable entity

At the most basic level it has to be capable of taking advantage of potential special economic relations with the Adversary. A company which is in deep organizational crisis, beset by poor mid-level management and labour unrest may not be capable of achieving desired objectives even with significant external support.

The Adversary has to be capable of providing required resources

The Adversary has to be capable of providing required economic and non-economic support to the Asset within a required time-frame (e.g. several years).

The competitive advantage should be a function of easily transferable resources

T4 is unlikely to be successful in an industry where competitive advantage cannot be reliably engineered by direct transfer of resources such as commodities, financing, information, or technology.

Special relations with the Attacker must translate into an actual and durable competitive advantage of the Asset

The special economic relation has to translate into a superior economic profile of the Asset. Even if the Adversary can provide financing and access to raw materials for the Asset this by itself does not guarantee a successful execution of the T4 if such move can be matched by the competitors. Therefore, apart from absolute increase in economic footprint of the Asset it also has to manifest itself in relative terms with regards to the competitors.


Examples of economic domains well-suited for execution of T4:

- Refining

- Chemicals

- Steel making 

Case Study: Dmytro Firtash

Dmytro Firtash is one of the richest people in Ukraine and until 2014 was also one of the most powerful political actors in the country. He emerged in 2004 as a co-owner of RosUkrEnergo a strategic company which from 2006 until January 2009 acted as the sole intermediary in gas trading between Gazprom and Ukraine’s state-owned energy company Naftogaz.[41] This monopolistic and highly lucrative role allowed him to gain a strategic position in Ukraine’s economic system.

After temporary setback in 2009 when his company lost monopolistic position he regained politico-economic influence following presidential elections in 2010. Firtash acted as one of the main financial backers of Victor Yanukovych and significantly contributed to his electoral success.[42] During 2010-2014 period Firtash succeeded in significantly expanding his politico-economic footprint in Ukraine. By the end of 2011 Firtash was in control of four key fertilizer plants in Ukraine which made him one of the leading producers globally and key suppliers to Ukraine’s agricultural sector.[43] In 2012 he acquired control of majority of regional gas distribution companies gaining an almost monopolistic position, especially vis-à-vis industrial clients.[44] 

Such expansion would not have been possible without external support, which was generously provided by Russian companies, in particular Gazprom and Gazprombank. It’s estimated that Firtash’s businesses received over 20 billion cubic meters (bcm) of natural gas from Gazprom between 2010 and 2014.[45] During 2013 his businesses received approximately half of Russian gas exports to Ukraine, the level roughly equal to Naftogaz’s purchases. The supply was not only significant in terms of volumes but reportedly sold at c. 33% discount to the price paid by the Naftogaz.[46]

His expansion was also actively supported financially. Between 2010 and 2014 Firtash-controlled businesses reportedly had access to c. $11bn of credit lines offered by the Gazprombank.[47] Apart from chemical business and gas distribution, Firtash acquired also other important politico-economic assets in Ukraine, including; Nadra Bank (large but troubled financial institution), InterMedia Group (one of the largest broadcasting companies), and titanium mining businesses. 

As a result, Firtash markedly improved his position within Ukraine’s economic and political system. His companies:

- dominated fertilizer production

- achieved quasi-monopolistic position in the regional gas distribution

- were significant local employers which translated into political influence

- became key importers of Russian gas

Though the relationship was never formally proven, Western experts hold a consensus view of Firtash as a Russian proxy actor acting to expand, “from the inside”, the level of Kremlin’s influence in Ukraine’s political and economic system. In particular, the economic advantages provided to Firtash helped to impair the market position of state-owned Naftogaz, a company playing a main role in Ukraine’s energy sector.

The case of Firtash shows that it’s possible, in favourable politico-economic conditions, to engineer within a relatively short period of time (four years) an economic proxy which can dominate a strategically important market segment. Firtash’s expansion was stopped by the ouster of President Yanukovych in February 2014.

Additional Case Studies Facilitating Conceptualization of T4

- China National Chemical Corporation[48]

- Moldovan state capture by oligarchic group[49]

Threat 5 – “Booby Trapping” Target’s Economic System


T5 is based on adversarial use of Asset’s product properties to affect Target’s economic system. The Attacker through operational control of the Asset creates a product which, if sold with sufficient scale and/or to selected buyers, affects Target’s economy in way which generates a desired strategic effect.

The key aspect of T5 is a dual nature of Asset’s product which, under the guise of legitimate offering, serves an adversarial purpose. Metaphorically one can conceptualise T5 as selling a product which at the first glance appears to be harmless but is in fact highly toxic. Once spread with sufficient scale it poses a systemic risk for the Target’s economy.

Phase 1

Asset through its regular course of economic activities sells with sufficient scale and/or to specifically designated clients the “toxic product”. The harmful nature of the good being sold has to be hidden well enough to delay in time the negative impact on the buyers in order to allow the Attacker to achieve desired scale of the operation. The Phase 1 resembles a regular commercial activity, likely supported by aggressive marketing campaign and possibly borderline legal sales methods. 

Phase 2

Once successfully initiated T5 results in creating significant changes to Target’s economic system. A buyer who purchased the product starts to experience or at least realise its potential negative impact. To be effective T5 has to breach two key thresholds; (1) the product has to generate sufficiently negative impact to threaten economic destabilization of the individual buyer (i.e. the micro effect), (2) the product has to be sold with sufficient scale to affect enough number of buyers within Target’s economy to generate desired strategic impact (i.e. the macro effect).

Phase 3

In Phase 3 the connection has to arise between the negative impact of product sales and non-economic objectives pursued by the Attacker. The exact nature of the strategic effect will be context specific but may be illustrated with examples:

- Using the crisis to undermine society’s trust in the political class fuelling support for more radical movements

- Creating an economic loss large enough to force government to change the budget priorities resulting e.g. reduction of defence spending

Enabling & Facilitating Factors

Successful execution of T5 is enabled/facilitated by following factors:

Market environment conducive to creating systemic damage

The industry in which the Asset operates has to be conducive for achieving required scale. The product has to carry enough “damage potential” to generate sufficiently severe negative impact on the individual user. The selling operation needs to be scalable to achieve required scope within Target’s economic system.

Lax regulatory environment

T5 is executed overtly under the guise of legitimate economic activity. The Asset, as every other legally operating economic actor, will be subject to a certain level of scrutiny from various regulatory agencies. Its execution would be naturally be facilitated by a system in which the oversight element is lacking or deficient. The deficiency needs to last only long enough for T5 to reach critical mass, after which the discovery by regulatory agencies and accompanying uproar in the media may actually serve as a catalyst for the crisis and an impact multiplier.

“Greed factor”, economic benefit

Given its characteristics T5 is largely[50] subject to rules of market economy. It means that the product has to be sold to buyers which requires certain sales effort. Given that the Attacker is not concerned by the long-term profitability, or even survival of the Asset, the sales campaign can be based on aggressive pricing discounts and other activities such as unethical (but not illegal) selling practices.


Examples of economic domains well-suited for execution of T5:

- Financial industry (e.g. mortgage lenders, sellers of structured products)

- Software (e.g. products resulting in harmful modification of user’s data)

- Manufacturers / Providers of products which may cause lasting negative health or environmental effects

Case Study: Foreign-Currency Denominated Mortgage Loans in Latvia

Following beginning of the 2008 financial crisis the economy of Latvia experienced a sharp deterioration leading to an economic, political and social crisis. One of the core negative drivers of the economic crisis was a significant exposure of the Latvian banking sector to the housing bubble through foreign-denominated mortgage loans.

The 2009 crisis in Latvia was preceded by several years of economic growth which, especially during the 2005-2008 was driven by unsustainable factors[51]. One of the key drivers was a massive large credit action related to the booming property sector. The process was enabled and facilitated by several factors:

- Latvian currency (Lat) was pegged to Euro which (temporarily) reduced the actual and perceived currency risk for the mortgage takers

- Lower level of interest rates for foreign-denominated mortgages as compared to those denominated in Lats

- Aggressive sales of mortgage loans by banks operating in Latvia

- Massively growing house prices which enticed speculators and created a “paper wealth” effect for the owners

- Lack of effective government countermeasures aimed at balancing the economic situation until 2007

The crisis was driven to a large extent by aggressive credit action of foreign banks. The liabilities of local banks to foreign ones increased from 6% of GDP in 2000 to 54% in 2007.[52]

During 2008 approximately 60% of total bank assets in Latvia was provided by the Nordic banks[53]. A further 14% was represented by the Parex Bank – the largest domestic lender.[54] Both Nordic banks and Parex had significant amount of their capital provided from abroad, respectively 66% and c.50%[55]. This meant that the level of their credit action was effectively in the hands of economic actors residing outside Latvia.

The collapse came in two phases; first by the slowdown in credit action which was followed by the collapse phase due to stop of capital inflows and a credit crunch. The extent of immediate economic damage was extensive:

- Bank-run on the Parex Bank which forced nationalization and recapitalization of the bank using public funds

- Decline in government revenues due to significant decrease in economic activity

- Immediate need for external financial assistance from the IMF

Apart from immediate financial impact the crisis had far-reaching consequences beyond economic domain. The social stability was hit by several factors: significant increase in unemployment, tax hike, and cuts in public spending. This resulted in largest, since regaining of independence, civic unrest in the country.

That in turn affected the political domain which caused a growing pressure on the government culminating in its resignation in February 2009. The impact led to changes in the domestic political scene as during next parliamentary elections in October 2010 the key parties forming the government during the crisis period won only 8 seats (down from previous 33) out of total 100. The political instability continued to persist leading to dissolution of parliament in July 2011.

In the aftermath of the crisis Latvian military expenditure measured as a percentage of government spending declined from 4.5% in 2008 to an annual average of 2.7% during the 2010 – 2015 period. The reduction was done during the period of growing perception of Russia as a threat to Latvian national security.

The difficult economic situation forced Latvian government to risk damaging relations with dome of key international partners. To limit the damages the Latvian government considered introduction a law limiting liabilities of mortgage-holders to the lenders.[56] As the proposed law would have significant negative impact on Nordic banks it led to diplomatic backlash especially from the Swedish government.[57]

Naturally the external factor of global financial crash played a role in Latvian crisis. However an Attacker with a long-term mind-set may well incorporate in its strategic planning the cyclical occurrence of economic downturns. In this respect the T5 may act as a potential damage multiplier, an “economic landmine”, waiting to be activated by yet unspecified circumstances (i.e. the exact character of the catalyst does not have to be known for T5 to be effective).

Additional Case Studies Facilitating Conceptualization of T5

- Financial pyramid schemes in Albania (1997)[58]

- Kaspersky Lab alleged cooperation with Russian intelligence[59]

Threat 6 – Workforce Manipulation


T6 is based on the adversarial use of Asset’s workforce. The Attacker through operational control of the Asset manipulates the workforce to generate desired type of behaviour which can be used to create strategic effect on the Target.

Phase 1

The Attacker initiates T6 by using both positive and negative incentives to generate desired type of behaviour of Asset’s workforce. This can be achieved through application of various measures e.g.:

- Employee management practices generating discontent (e.g. pay cuts, unfair treatment, workload increase)

- Agitation of the workforce using messages favourable to Attackers objectives (e.g. “company economic problems and potential lay-offs are a result of political decision”)

Phase 2

Once successfully initiated T6 results in causing Asset’s workforce to behave in a way desired by the Attacker. The behaviour of the workforce will typically take some form of organised action likely of a militant nature such as; strikes, riots or demonstrations.

Phase 3

Once the desired type of workforce behaviour is generated it’s than transformed into strategic impact on the Target. This could be accomplished by e.g.:

- Labour unrest causing disruption to operations of a critical infrastructure (e.g. railways, power-plants)

- Workforce protests spreading to other companies resulting in nationwide labour unrest with political ramifications (e.g. government resignation)

- Strike resulting in violent clashes with law enforcement causing casualties leading to political crisis

- Workers manifesting support for a specific political actor/factor (e.g. might include pro and anti-government)

Enabling & Facilitating Factors

Successful execution of T6 is enabled/facilitated by following factors

Sufficiently numerous, organised and militant workforce

The workforce needs to be sufficiently large, organised and militant. T6 will require the workforce carry sufficient “mass” to achieve desired effect. First, it implies high numbers. Protests which include thousands are much harder to ignore than those based on tens or hundreds. Second, workers need to demonstrate some rudimentary organizational skills to act coherently. Third, the activities will likely require confrontational attitude with possible use of violence. Therefore, the workforce has to be militant enough to at least defend itself from physical assaults.

The militancy factor can be also implemented from a reverse point of view exploiting an asymmetric effect. The workforce may in fact consists of persons which by default do not represent a physical threat e.g. women, disabled. However, their protests may be used to provoke an overreaction (e.g. brutal action of riot police) resulting in casualties, popular condemnation and possibly political backlash. 

Systemic transmission mechanism

Achievement of a strategic impact by using T6 can be greatly facilitated if a systemic factor exists within Target’s politico-economic system. Such factor would act as a multiplier enabling workers’ behaviour to spread and affect others. The transmission mechanism can be based on e.g.: endemic labour issues (i.e. situation where many workers are affected by the same factor), ethnic/national factor transforming a labour issue into a political one, common membership in labour union resulting in solidarity protests in other companies. Skilful use of mass- and social media acts as a natural amplifier of local protests.


T6 is particularly well-suited for labour intensive industries with unstable economic conditions due to structural and/or cyclical factors such as e.g.:

- mining,

- steelmaking,

- shipbuilding

- basic consumer electronics  

Case-Study: Foxconn and China Labour Unrest (2010)

During 2010 a wave of labour unrest affected multiple companies operating in China. It was catalysed by a cluster of suicide attempts which occurred at Foxconn[60] factory located in the Shenzhen industrial park during first half of 2010.[61] During 2010 the company experienced a series of 18 suicide attempts in its Chinese factory of which 14 were fatal. The culmination took place in May, when seven suicides occurred in a short succession.[62] The tragedies were linked by the press and activists to labour rights violations at Foxconn.[63]

The events sparked a wave of unrest which spread to other companies in China. The most notable and largest ones took place in Honda and Toyota manufacturing plants.[64] Protests occurred mainly in the private companies with foreign-ownership. However, there were signs that the unrest is spreading to Chinese business including state-owned enterprises.[65]

The escalation created a political risk factor for the ruling Communist Party. The occurrence of copycat strikes and widespread media attention created a threat of transforming series of labour disputes into a nationwide social issue potentially leading to political instability. In response Chinese government announced a series of measures aiming at improving working conditions in the country such as reforming the labour unions model, changing the collective bargaining process and calling for higher wages.[66]

Labour unrest as such is nothing new in China. What made the Foxconn case stood out was the high-level of worker organization and a relatively rapid chain reaction of copycat protests within a time window of several months. The spread of protests was driven by endemic and nationwide nature of labour problems in China. Issues such as abusive managerial relations, excessive workload, low salaries or poor working conditions were broadly considered a shared experience for low-skilled workers across the country.[67] The escalation process was further helped by the presence of social media and degree of attention strikes received in international press.[68] 

When considered from an adversarial point of view the Foxconn case highlights several important aspects:

- The catalyst event (i.e. series of suicides) took place in a foreign-controlled company (i.e. operational control was in the hands of an external actor)

- It was possible to generate (though most likely without adversarial intent) a series of tragedies to occur within a short-period of time which in turn translated into significant media coverage

- Experts pointed out that working conditions at Foxconn were not significantly worse than average which shows that catalyst did not require extreme environment to occur

- The transmission mechanism was based on endemic labour issues enabled protests to spread to other locations

- Social media played an important role in facilitating the transmission of unrest

- The unrest was considered a potential national security issue by Chinese authorities

Additional Case Studies Facilitating Conceptualization of T6

- Marikana massacre in South Africa[69]

- Industrial monotowns in Russia[70]

Threat 7 – Modifying Asset’s Output to Manipulate the Target


The Attacker modifies substance of the product and/or its delivery method (i.e. context in which it reaches the consumer) to generate desired changes in the socio-political domain of the Target.

Phase 1

T7 is initiated by modification of Asset’s product in a way which affects cognitive, behavioural or emotional patterns of consumers. Alternatively, the Attacker may leave the product intact but modify the delivery method in a way which alters the perception of the product by changing the context in which it occurs.

Phase 2

Once successfully initiated the process starts affecting consumers’ behaviour. This may manifest through e.g.:

- Introducing/Reinforcing cognitive biases

- Creating desired emotional state

- Distorting factual knowledge

Phase 3

The resulting change in product user’s behaviour creates a strategic impact on the Target. This may be achieved through e.g.:

- Influencing the outcome of political elections by manipulating the level of political mobilization of selected groups of voters

- Radicalization and eventual destabilization of the target society, or its selected groups, by systematic application of emotional contagion

- Suppression of specific time-critical information to influence decision-making process on a micro or macro scale

- Modifying the cognitive process and rational decision-making ability of target individuals e.g. political VIPs (e.g. by inducing negative emotions and increasing content of violent news)

Enabling & Facilitating Factors

Product has to be prone to required modification in terms of substance and/or context

The character of the product has to allow for the modification to occur. It means that the Attacker has to be able to modify the substance (i.e. the underlying properties of the product) and/or the context (i.e. the way in which product is being offered)

Product delivery method has to allow for achieving a critical-mass and/or reaching specific consumer group

Products which are scalable enough to reach a critical mass of consumers or flexible enough to be targeted to specific groups facilitate execution of T7. In other words, T7 relies either of scale (i.e. affecting a massive number of users/buyers) or saturating a specific target group.


Economic domains well-suited for execution of T7

- Social media messages (e.g. filtering, modification)

- Editorial line of a mass media outlet (e.g. introduction of political bias)

Case-Study: Facebook

In May 2016 a story broke out reporting on alleged selection bias by Facebook news managers (so called “curators”). Several former employees claimed that the company routinely suppressed conservative and right-wing news from appearing in a highly visible[71] “trending” section which shows most popular stories shared by the users.[72] Such news items are selected using a combination of algorithms and staff decisions.

The ex-employees also stated that curators artificially “injected” certain topics even if they had not qualified for that based on the accepted metrics.[73] Such allegation was made about prioritizing the #BlackLivesMatter hashtag over topics which otherwise would be ranked higher as trending.[74] The news prompted a reaction from the representatives of the Republican Party and leading conservative thinkers.[75] Facebook denied the allegations.[76] 

Another example of possible intentional manipulation of information with a political background took place shortly before the 2016 convention of the Democratic Party. The private e-mails of the DNC[77] were revealed on WikiLeaks website. The material contained some evidence that the DNC, which should be impartial with regards to presidential candidates, unduly favoured Hillary Clinton over Bernie Sanders.[78] For a period of time the links to the “DNC leak” material in WikiLeaks site were blocked in Facebook preventing users from accessing it.[79] The company admitted the disruption but blamed it on an algorithm which wrongly classified the links as spam-related.[80]  

Experts point out that Facebook is becoming more and more a source of news and opinions for its users.[81] Though news selection process might be automated its work is ultimately based on the preferences of its developers both in the form of arbitrary editorial decisions and biases embedded in the algorithms. Unlike newspapers where the editorial line is an integral element of the process, the social media operates with much less transparency and under the premise of ideological impartiality.[82] 

Interestingly Facebook was actively researching the question of potential manipulation of its users in a series of experiments. In 2010 the company conducted a massive experiment affecting 61 million of users during the US Congress electoral campaign. It was based on showing to the selected group a “social message” which encourage voting, provided a link to the nearest polling station and showed a clickable “I Voted” button. The result was an increased political mobilization among the target group resulting in higher voter turnout.[83]

Similar mechanism was demonstrated in another experiment conducted in the run-up to the 2012 US Presidential elections. Facebook secretly increased for 1.9 million users, the amount of “hard news stories” in newsfeed which resulted in increased civic engagement and higher voter turnout.[84]

Both experiments demonstrated that social media have significant potential to change people’s behaviour especially in the political context. Furthermore, Facebook has also demonstrated that it can spread and influence emotions of its users. The experiment was based on secretly altering the newsfeed to a randomly selected group of 689 thousand users to show “happy” and “sad” posts.[85] The objective was to measure the extent to which the emotional state of a person subject to newsfeed manipulation can be altered. It ended with success having demonstrated that measurable emotional contagion may occur with no direct personal interaction, in the absence of nonverbal cues and without awareness of the subject.[86]

Additional Case Studies Facilitating Conceptualization of T7

- Possibility of influencing political events by manipulating Google search algorithms[87]

- Oligarch ownership of the media outlets[88]

Threat 8 – Entrapping the Target with Compromising Activity


The Attacker uses operational control of the Asset to attract and involve the Target in conducting compromising activity. The purpose of executing T8 is to acquire sufficient evidence of Target’s complicity to use it as an instrument of coercion (e.g. through the blackmail mechanism).

The concept of compromising activity may cover various types of illicit and/or socially unacceptable practices such as; corruption, tax evasion, violation of fiduciary duty, tolerating ethically unacceptable behaviour. To be effective the compromising activity has to result in significant cost for the Target if revealed to public and/or authorities.

Phase 1

T8 is initiated by Attacker using Asset’s operations to attract and entangle the Target in the compromising activity. This can be accomplished through a wide variety of measures including; third-party recommendation, bribe, direct contact. The relationship may not necessarily require the Target to be actively engaged in conducting the compromising activity but may require only some form of allowing the activity to take place through acquiescence or neglect. The entanglement phase needs to proceed long enough to allow that sufficiently large and detailed evidence is collected which can then be used against the Target. 

Phase 2

Once successfully initiated the T8 proceeds to the stage where the evidence of compromising activity is used against the Target. The use of the evidence against the Target can be done in two key ways which can be pursued sequentially (1) blackmail, (2) release to the public and/or authorities. Additional layer of ambiguity may be provided by using a proxy to conduct the operation (e.g. a whistle-blower, hackers). 

Phase 3

The strategic impact phase of T8 is highly context dependent. The Attacker may use the evidence of Target’s complicity in compromising activity for various objectives including e.g.:

- Putting Target-related business entities under regulatory scrutiny on an important market (e.g. the US)

- Using the evidence of the compromising activity to coerce the Target-related business entity to support/enable Attacker’s adversarial operations in another domain

Enabling & Facilitating Factors

- Existence of barriers-to-entry limiting Target’s ability to achieve its objective without resorting to compromising activity and/or using the Asset as a preferred intermediary

- Compromising activity has to be “valuable” enough to compensate the Target for additional risk of undertaking it

- High “punitive impact” of the compromising activity ensuring sufficient level of coercive utility

- Existence of systemic multipliers which help to magnify the punitive aspect of the compromising activity (e.g. ability to persecute the Target through multiple jurisdictions)


Economic domains well-suited for execution of T8:

- “Market access” consulting

- Offshore tax services

- Private wealth management

- Sensitive personal services (e.g. an online dating service for married people such as The Ashley Madison Agency)

Case-Study: Unaoil

Unaoil is a Monaco-based private company incorporated in the British Virgin Islands[89]. After a massive leak of internal e-mails the company emerged as a central element of one of the largest corporate corruption scandals on record.[90] Based on the revealed material, investigative reporters accused Unaoil of operating a vast international network of “corruption facilitators” connecting large global corporations with state officials primarily in oil-rich countries.[91]The company was collecting fees from multinational corporations which it later used for bribing officials in the local markets.

Its activities focused in particular on the energy sector across the Middle East, Africa and post-Soviet republics. It allegedly implicated multiple blue-chip global corporations such as Rolls-Royce, Halliburton, Eni, Saipem, Samsung, or Hyundai.[92] Media reports estimated that the company might have facilitated c. $1bn in bribes paid.[93] The leaked material has also showed that Unaoil’s efforts to corrupt government officials were professionally organised, persistent and systematic.[94]

The degree of guilt of implicated companies varies. In some case the complicity in facilitating corruption practices was evident in others the problem was related to negligence or failure to execute proper due diligence effort to detect the illicit activity.[95] Companies implicated in the scandal are being investigated, in various capacity, by law enforcement agencies in the EU and the US.

There are several aspects which make the Unaoil interesting in the T8 context. First, the business was family-run, private and incorporated in a low-transparency jurisdiction. It helped the company to operate for an extensive period of time with very limited external transparency.

Second, the alleged illicit operations were professionally managed which allowed the company to develop a portfolio of household corporate names and government officials implicated in an illicit activity. The scope of the portfolio creates a quasi-systemic impact factor across the energy industry and possibly the political scene of strategically important oil-producing states.

Third, the legal framework existing in many developed countries allows for persecution not only for actual involvement in illicit activity but also for insufficient diligence in detecting it.  The US Foreign Corrupt Practices Act represents one of the key pieces of legislation in this respect. The Act forbids companies from working with entities that bribe foreign government officials. It penalises not only situations where there is awareness of the corrupt practices but also where the company failed to perform proper due diligence.[96] Furthermore the Act applies to any company which has significant operations in the US regardless of the jurisdiction in which the act of corruption took place.[97] The effectiveness of the Act as an instrument of international coercion is evidenced by the fact that foreign-owned companies dominate the list of largest settlements paid under its provisions.[98] Similar types of legislation exist in many other developed countries.          

The Unaoil case demonstrates potential threat posed by an economic actor serving as a focal point for conducting compromising activity on a large-scale. Operations of a single, relatively small but strategically placed, company managed to implicate multiple blue-chip corporations in a corruption scandal which may result in significant financial and reputational consequences.

Development of Unaoil-like entities offers multiple benefits for potential adversarial application. First, its location on the nexus of business and politics offers great opportunity to collect general intelligence and exert influence. Being specialised in specific area and industry allows in turn to expand the “portfolio” of potential victims with sufficient focus to, if needed, have potentially systemic impact. In case of Unaoil the impact could include some of the top energy companies and government officials in oil rich countries.

Taking the concept further one can imagine a scenario where the Attacker is not only developing the Asset to serve as a facilitator and provider of the compromising activity but also designs it to operate within own jurisdiction. Such solution would not only facilitate conducting the operation in general but also provide a layer of protection for the political figures involved on the Attacker’s side. The Asset would serve to accumulate enough evidence against wilful and/or negligent targets to use it as potential instrument of coercion at a later stage. Naturally if the Attacker is a state-entity the execution of T8 can be professionally supported by security services. 

Such entrapment could be used for instance by Chinese or Russian intelligence agencies against Western companies. Execution would be facilitated by the competition among business entities seeking to outmanoeuvre rivals in accessing the lucrative parts of the respective national markets. Furthermore, the legal asymmetry creates a situation in Attacker’s favour. Once revealed, the consequences of the compromising activity will likely be much greater for the Target due to strict and extensive anti-corruption regulation existing in majority of Western jurisdictions (e.g. the Foreign Corrupt Practices Act described above) than for the Asset operating in a relatively opaque and legally deficient environment. 

Additional Case Studies Facilitating Conceptualization of T8

- Ashley Madison adultery network[99]

- Mossack Fonseca offshore financial services[100]

Threat 9 – Using the Asset to Expand Attacker’s Politico-Military Sphere of Influence


T9 is based on adversarial use of Asset’s location. The Attacker uses operational control of the Asset to enable / facilitate expansion of own politico-military sphere of influence. In a typical set-up the Asset would be located in an area which is politically contested by the Attacker and the Target. It would serve as a form of power projection platform for the Attacker.

Phase 1

The first element is the creation of a pretext which allows the actual operation to occur. It provides political justification for the operation. First of all, the very existence of the Asset in a specific geographic location creates a political fact. However, the Adversary may pursue additional actions to create a threat perception which will justify additional security measures. This may take multiple forms, including e.g.:

- Deliberately allowing for known threats to affect the Asset in order to create an incident “proving” the need to provide additional security. This could include such situations as e.g.: sabotage by a radical environmentalist organization, terrorist attack, piracy.

- Using own proxies in a clandestine way to create a threat to the Asset

- Pursuing confrontational politico-military stance towards the Target resulting in a crisis which in turn “necessitates” defending the Asset from Target’s actions

The Attacker would likely pursue these objectives using a variety of politico-military strategies. The Asset may be used as one of the key instruments in achieving this objective. The sheer fact that the Asset is located in the contested zone creates an objective reality which can then be exploited by superimposing convenient political interpretation.

Phase 2

Following the set-up stage the Attacker may leverage the real and/or perceived threat to introduce specific measures to change the politico-military status quo with regards to the Asset such as:

- Increasing military presence in and around the Asset through e.g.: permanent patrolling, direct deployment, regular large-scale military exercises

- Establishing quasi-formal mechanisms for restricting third-party freedom of access through e.g.: setting-up checkpoints and identification zones, establishing no-go areas (e.g. under the guise of anti-terrorist operation), deterring though aggressive behaviour

The Asset itself may serve as a quasi-military base for both personnel and equipment. The level of security measures applied can be disproportioned to the threat level. For instance, terrorist threat may be met with naval and aerial presence entailing establishment of military capabilities, especially in the A2/AD category, far in excess of what would be objectively justified.

Phase 3

The strategic end objective of T9 is to change the politico-military situation in the contested area. This might be achieved through e.g.:

- Forcing the Target and international community to formally recognise Attacker’s claim to the Asset

- Changing military balance in the area in Attacker’s favour (e.g. through deployment of A2/AD capabilities, constant presence of significant military forces)

- Deterring the Target from accessing the contested area or otherwise modifying its behaviour in a way serving Adversary’s interests (e.g. reduction of military presence in the contested area, seeking permission before access)

Enabling & Facilitating Factors

- Favourable geographic location of the Asset in the contested area (e.g. central rather than peripheral)

- Ability to establish and maintain actual security presences in and around the Asset

- Politico-military situation allowing the Attacker to: (1) avoid escalation or (2) ensure escalation dominance, against the Target.

- High strategic importance of the Asset


- Offshore energy assets (e.g. pipelines or platforms)

- Presence of large number of workers, especially if concentrated in a specific location (e.g. construction project)

Case-Study: Nord-Stream

Nord Stream (NS) is an offshore natural gas pipeline connecting Russia and Germany through the Baltic Sea. It crosses Exclusive Economic Zones of Russia, Finland, Sweden, Denmark and Germany. The pipeline was fully commissioned in October 2012. Currently the extension project (i.e. Nord Stream 2) is under development. 

Russia has already used existence of Nord Stream as a pretext for conducting military exercises in the Baltic Sea. Protection of oil and gas installations have been stated as a part of official objectives of the Ladoga-2009 and Zapad-2009 drills.[101] President Putin in unambiguous terms communicated that Russia will use its military forces to protect its vital economic interests.[102] A security threat, real or imagined, can easily be used by Kremlin to justify significant military presence in the Baltic Sea region. For instance, in 2015 an unmanned underwater vehicle rigged with explosives was located in the vicinity of the pipeline.[103] One can easily imagine that a string of such events could lead to establishing a quasi-permanent air, surface and underwater presence of Russian Navy to protect the pipeline.   

Apart from large-scale drills manifesting Russia’s politico-military commitment to defend economic assets in general, Kremlin may also intensify quasi-permanent military presence via intensive patrolling. In Sweden a particular concern was raised about the manning and supervision of a riser platform which was to be located in a proximity of strategically important island of Gotland. The platform could potentially allow for overt and/or covert Russian military presence close to the Swedish shore.[104] Given the relatively small size of the installation (planned to accommodate 8-10 people)[105] the military threat would likely be related to intelligence collection and facilitation of special operations. In addition, the presence of Russian civilian personnel may be used as a factor justifying some form of military intervention (e.g. providing heavy security) during potential crisis situation.

The security concerns returned with the development of the Nord Stream 2. Gazprom’s plans to establish an equipment base in Gotland and renting the port facilities in its Slite harbour raised voices of concern particularly in the Baltics.[106] It’s especially worrisome in the context of light Swedish military footprint on the island.[107]

Militarization of Nord Stream may also be accomplished using para-military forces. In 2007 Russian Duma passed a bill which allowed Gazprom and Transneft to issue arms to their corporate security forces.[108] Further amendments have increased the leeway with regards to type and scale of the weaponry which can be used.[109] Experts pointed out that development of security units in strategic corporations goes hand-in-hand with establishing private military companies as instruments of Russian statecraft.[110] One of the particular security concerns mentioned by experts is acquisition of UAVs by Gazprom, which could even be used in offensive capacity.[111] Naturally the fact that a large corporation operating critical and spatially extensive infrastructure is using security forces is certainly not unusual in itself. What makes it potentially dangerous is the politico-military context. The corporate para-military forces share also many properties with the “Little Green Men” tactics as they offer significant level of deniability and ambiguity at least in the initial phase of the crisis.

The NS example provides a good illustration of how politico-military sphere of influence could be expanded. Arguably it would be relatively straightforward for Russia to increase the real or potential threat to the pipeline. In fact, such threat can be created by own escalatory measures. In response Moscow could decide to establish a quasi-permanent security presence in the area via non-military assets. This could be done with specifically modified civilian vessels (e.g. reinforced hull) in a fashion similar to Chinese operations in the South China Sea. The escalation dominance would be provided by assertive presence of Russian Baltic Fleet. 

Additional Case Studies Facilitating Conceptualization of T9

- China’s fishing militias in South China Sea[112]


Identify New Threat Categories

This represents the least structured and predictable element of defending against adversarial threats executed via economic domain. The process is by default based on creative thinking and as such inherently non-linear. Nevertheless, it can be facilitated using several structured approaches:

- Use of classic methodologies for eliciting creative thinking from a group of subject matters experts (e.g. Delphi)

- Adversarial evaluation of non-adversarial events (e.g. industrial disasters, corporate scandals)

- Adversarial analysis of specific elements/components of economic assets

Evaluate Identified Threat Categories Through the Prism of Logistic Burden

The identification process, though important in its own right, should be seen only as the input for the evaluation process. Identified threat categories should be put to a rigorous review based on analysis of their respective logistic burden.

The purpose is to assign a complexity score based on required combination of resources and skills which have to be used in a coordinated fashion in order for the threat execution to succeed. The practical purpose of the exercise would be to provide guidelines for decision makers helping them to understand the level of complexity of potential threats if they were to be executed by an adversary.

This should in particular help to avoid; (1) dismissing valid threats as “conspiracy theories” (without actual understanding of logistic burden involved), (2) allocating excessive resources to investigation/prevention of threats which require unrealistically high resources and/or rely too much on luck in their execution.

The analysis of logistic burden should be done with ambiguity level and time-factor serving as constraints. Given the implied strategic impact of potential threat execution it is reasonable to expect that the Attacker will prefer to retain a degree of plausible deniability if not complete anonymity. If a threat category cannot reasonably provide sufficient veil of ambiguity for the perpetrator, its utility for the Attacker is significantly reduced.

Naturally this does not make the threat category irrelevant as it can still be executed overtly (e.g. during a military conflict) or by an actor who doesn’t seek plausible deniability (e.g. non-state actor using the threat for terrorist purposes or to demonstrate own capabilities).

Analyse the Asset from the Bottom-up on a Sum-of-its-Parts Basis

It should allow to look at the economic assets in a holistic way - focusing on both economic and non-economic elements. The analysis should not be made through the prism of the “headline” activity (i.e. retail chain, steel making). The investigation needs to be made from the bottom-up, i.e. by looking at individual components of the economic assets as separate elements. The purpose of the exercise would be to look at the economic asset as collection of various resources rather than a specific pre-defined entity. The analysis should produce a list of key economic and non-economic resources comprising the Asset which should then be evaluated from an adversarial point of view.

Analyse the Asset from a Top-Down and Systems-Based Perspective

The bottom-up analysis should be complemented by a dynamic systems-based approach. It should be based on seeing the Asset holistically through the prism of its connections with the environment. The Asset operates within a hierarchy of systems, from local to global, with various types of relations (e.g. one way, two-way, feedback loops). If changes are made to the way the Asset operates it would produce an impact on the external environment. Therefore, in this approach the analyst has to conceptualise the Asset as a system and subsequently modify some of its parameters to analyse potential first- and higher-order effects of the change.

The analysis should identify key connections through which the Asset is linked to external socio-economic environment. Subsequently a what-if approach should be introduced based on modification of connection parameters e.g.:

- Radical change of output, price, quality

- Significant strengthening of Asset economic capability through external resources (e.g. financing, supplies, preferential market access)

- Change in economic relations with third-parties

- Disruption to both economic and non-economic flows and stocks located within Asset’s spatial-operational vicinity

Evaluate the Political Exposure of the Asset

The third framework should focus exclusively on the political dimension of the economic asset. The analyst should focus specifically on investigating connections between the asset and the country’s political domain. The political exposure was singled out as it does not represent a typical functional domain such as military, energy or health care which lends itself well for subject matter expert analysis. Political aspects would be much fuzzier and to a large extent driven by personal connections and soft-factors which may be more difficult to detect. The exact nature of political exposure will be highly context-specific, but some notable general examples could include e.g.:

- Employment of family members of important political figures or their close relatives

- Business relations with public entities, particularly ones related to a specific political figure/party

- Political affiliation of the workforce (e.g. could a strike be easily associated with a specific political issue?)

- “Political capital” invested by a specific party/politician into the success or survival of the asset (e.g. promise to “keep the jobs”)

The analysis should consider both domestic and international political domain.

Evaluate Asset’s Exposure to the Military Domain 

National security analysts in cooperation with experts from defence forces should analyse importance of the economic asset in the context of military domain. Examples of aspects to be investigated would include e.g.:

- Importance of the economic asset in the mobilization process

- Role of the economic asset in the context of military capabilities’ development (e.g. dual-use technologies)

- Geographic and operational location of the economic asset in the context of intelligence acquisition from military domain (e.g. proximity to military objects, integration with military systems)

Develop Rudimentary 360-degree Evaluation Process

Whereas political and military exposure should be checked by default for all economic assets for which national security review is undertaken, the importance of other domains will be defined on a case-by-case basis. In many situations the choice of which areas are most important for further investigation would be straightforward (e.g. producer of a dual-use technology will be by default important in relation to military domain). However, it is recommended that no a priori assumptions are made and a procedure for a quick evaluation by experts representing diverse set of domains is undertaken.  

Preferably the experts should broad spectrum of domains including:

- Cyber/IT security

- Environments, Ecological, Health Care

- Labour relations

- Emergency services (particularly fire & hazardous materials related)

- Media/Communications

- Finance/Banking

- Industry/sector-specific (i.e. depending on assets business profile)

The experts should generate a list of ideas related to risks and threats which may emanate from intentional and unintentional use of the economic asset. Ideally the process should be managed in a way which does not suggest connection of the exercise with the matters of national security. This should help to limit potential cognitive biases which could result in material being analysed through a similar lens as one used by national security analysts.

The author would like to thank LTC Mikko Lappalainen, CAP (ret) Gustav Öller, Heikki Lehtimäki and LTC Simo Pesu. The research project was facilitated by Comprendum Oy.

End Notes

[1] E.g. an oligarch whose business operations are largely controlled by the state through formal and informal mechanisms

[2] Moran, Theodore: Chinese Foreign Direct Investment in Canada: Threat or Opportunity?, Canadian Council of Chief Executives, 2012

[3] The Target may be forced to replace domestic oil supply with one from a more distant and geopolitically risky region, resulting in overall decrease in country’s level of energy security.

[4] In 2014 ATK spun-off its sporting goods business and merged the aerospace and defence divisions with Orbital Sciences Corporation

[5] Berger, Brian: Alliant Techsystems Buys Canadian Space Hardware Firm,,, 20.05.2016

[6] Chase, Steven: MacDonald Dettwiler deal includes key satellite, The Globe and Mail,, 25.05.2016

[7] Moran 2012

[8] Ibid.

[9] Griffith, Sian: US-Canada Arctic border dispute key to maritime riches, BBC News,, 27.05.2016

[10] Ljunggren, David: Canada blocks sale of MDA satellite unit to U.S., Reuters,, 27.05.2016

[11] Ibid.

[12] See also: Investment Canada Act,, 27.05.2016

[13] Gow, David: Russia-Ukraine gas crisis intensifies as all European supplies are cut off, The Guardian,, 27.08.2016

[14] Wiggin, Addison: The Truth Behind China's Rare Earths Embargo, Forbes,, 27.08.2016

[15] Russia: Punishing the Baltics with a Broken Pipeline, Stratfor,, 27.08.2016

[16] Kowalska, Dorota: Afera podsłuchowa w pigułce, czyli o tym warto wiedzieć, Gazeta Krakowska,,afera-podsluchowa-w-pigulce-czyli-o-tym-warto-wiedziec,id,t.html, 16.08.2016

[17]  Jak działali kelnerzy z restauracji "Sowa i Przyjaciele"?, Wirtualna Polska,,1342,title,Jak-dzialali-kelnerzy-z-restauracji-Sowa-i-Przyjaciele,wid,17623171,wiadomosc.html?ticaid=117979, 16.08.2018  

[18] Koniec śledztwa ws. "afery podsłuchowej": 80 zarzutów dla Falenty. Jest akt oskarżenia,,,Koniec-sledztwa-ws-afery-podsluchowej-80-zarzutow-dla-Falenty-Jest-akt-oskarzenia, 17.08.2016

[19] Local elections – November 2014, presidential elections - May 2015, parliamentary elections - October 2015

[20] Chapman, Annabelle:  Secret tapes in Polish “Waitergate” scandal could cost Warsaw’s government a key European Commission post,,, 17.08.2016

[21] Poland leak scandal: Three ministers and Speaker resign, BBC,, 16.08.2016

[22] Chapman, Annabelle:  Secret tapes in Polish “Waitergate” scandal could cost Warsaw’s government a key European Commission post,,, 17.08.2016

[23] Arthur, Charles: China's Huawei and ZTE pose national security threat, says US committee, The Guardian,, 28.08.2016

[24] Hartikainen, Stina: Concerns About Russian Hybrid Warfare Drive Efforts To Restrict Land Ownership In Finland, Forbes,, 28.08.2016

[25] Fernandez, Javier:  Tianjin Explosions Were Result of Mismanagement, China Finds, New York Times,, 10.08.2016

[26] Linlin, He et al.: How China's confused safety laws contributed to Tianjin disaster,, 11.08.2016

[27] China explosions: Potent chemical mix behind Tianjin blasts, BBC,, 10.08.2016

[28] Tremblay, Jean-Francois: Chinese Investigators Identify Cause Of Tianjin Explosion, Chemical & Engineering News,, 11.08.2016

[29] Huang, P. and Zhang, J. (2015), Facts related to August 12, 2015 explosion accident in Tianjin, China. Proc. Safety Prog., 34: 313–314

[30] Ibid.

[31]  2015 Tianjin explosions, Wikipedia,, 10.08.2016

[32] Ryan, Fergus: Tianjin explosions: sodium cyanide on site may have been 70 times allowed amount, The Guardian,, 11.08.2016

[33] Glum, Julia: Tianjin 'A Ghost Town' After Explosions, Evacuations Amid Concern Over Chemicals In Air, International Business Times,, 11.08.2016

[34] Ide, William: After Tianjin Blasts, People Demand Action, VOA,, 10.08.2016

[35] Li, Jenny: HK Magazine Reports Xi Jinping Rival in Disgrace Over Tianjin Disaster, Epoch Times,, 11.08.2016

[36]  Why You Never Heard About the Largest Disaster in Maritime History,, 11.08.2016

[37] Full official name of the company: Tianjin Dongjiang Port Ruihai International Logistics

[38] Gao, Kathy: Tianjin blasts: Ruihai International Logistics under the microscope, South China Morning Post,, 11.08.2016

[39] Lam, Willy: President Xi Suspects Political Conspiracy Behind Tianjin Blasts, The Jamestown Foundation,, 12.08.2016

[40] One year on: Romania's cyanide spill, BBC,, 26.08.2016

[41] Gazprom completes liquidation of RosUkrEnergo venture company, Unian,, 18.08.2016

[42] Marone, John: Gas man Firtash on rise again in Yanukovych era, Kyiv Post,, 18.08.2016

[43] Rafalsky, Denis: Firtash new fertilizer king of Ukraine, Kyiv Post,, 18.08.2016

[44] Sarna, Arkadiusz: Dmytro Firtash’s companies are monopolising the retail gas market in Ukraine,, 18.08.2016 

[45] Grey, Stephen et al.: Special Report: Putin's allies channelled billions to Ukraine oligarch, Reuters,, 20.08.2016

[46] Ibid.

[47] Ibid.

[48] Wu, Kane: How China Inc. Plans to Pay for Biggest Overseas Deal, Wall Street Journal,, 26.08.2016

[49] Calus, Kamil: Moldova: from oligarchic pluralism to Plahotniuc’s hegemony, OSW,, 27.08.2016

[50] One can also imagine that product’s proliferation is driven by regulatory changes, i.e. supported “from within” Target’s economic systems for instance due to corruption

[51] Those included: inflow of “hot money” from abroad, speculative investments in the property market, tightening of the labour market, persistently large current account deficit (i.e. export > import), fiscal deficit

[52] Blanchard, Olivier et al.: Boom, Bust, Recovery:

Forensics of the Latvia Crisis, Brookings Papers on Economic Activity, 47, 2, Brookings Papers on Economic Activity, The Brookings Institution,, p.332

[53] DnB, Danske Bank, Nordea, SEB, Swedbank

[54] Ibid., p.340

[55] Parex Bank had significant exposure to deposits from non-residents mostly corporations operating in the CIS countries

[56] Traynor, Ian: Latvia threatens foreign banks with huge losses, The Guardian,, 08.08.2016

[57] Swedish central bank head warns Latvia on obligations, Reuters,, 08.08.2016

[58] Violent Protests of Pyramid Schemes Spread in Albania, International New York Times,, 28.06.2016

[59] Bershidsky, Leonid: Trust Kaspersky to Root Out Russian Spyware, Bloomberg,, 27.08.2016

[60] Foxconn is a Taiwan-based leading contract electronics manufacturer with a worldwide network of production facilities. Its clients include largest global consumer electronics companies such as among others; Apple, Samsung, Microsoft, Dell, Sony.

[61] Foxconn suicides – 2010, Business & Human Rights Resource Center,, 02.08.2016

[62] Ibid.

[63] Chang, Chris: The Shocking Conditions Inside China's Brutal Foxconn Factory, Business Insider,, 02.08.2016

[64] Lin, Liza and Hagiwara, Yuki: Strike Hits Toyota’s China Production as Honda Workers Return, Bloomberg,, 02.08.2016

[65] Schiller, Bill:  Labour strife rolls across China, Toronto Star,, 02.08.2016

[66] Dongfang, Han: China’s Workers are Stirring, New York Times,, 03.08.2016

[67] Beech, Hannah: Labor Unrest Grows in China, Even in the Historic Heartlands of Revolution, Time,, 03.08.2016

[68] Barboza, David and Bradsher, Keith: In China, Labour Movement Enabled by Technology, New York Times,, 03.08.2016

[69] Davies, Nick: Marikana massacre: the untold story of the strike leader who died for workers’ rights, The Guardian,, 26.08.2015

[70] Aron, Leon: Russia’s “Monotowns” Time Bomb, AEI,, 25.08.2016

[71] It’s located in the top right corner of the website which is considered on average the part of the screen to which people pay the most attention

[72] Nunez, Michael: Former Facebook Workers: We Routinely Suppressed Conservative News, Gizmodo,, 05.08.2016

[73] Ibid.

[74] Ibid.

[75] Corsaniti, Nick and Isaac, Mick:  Senator Demands Answers From Facebook on Claims of ‘Trending’ List Bias, New York Times,, 05.08.2016

[76] Stretch, Colin: Response to Chairman John Thune’s letter on Trending Topics, Facebook,, 05.08.2016

[77] Democratic National Committee

[78] Lee, Timothy: DNC email leaks, explained, Vox,, 06.08.2016

[79] Turton, William: Facebook Admits It Blocked Links to WikiLeaks DNC Emails, Gizmodo,, 06.08.2016

[80] Ibid.

[81] Nunez, Michael: Facebook Employees Asked Mark Zuckerberg If They Should Try to Stop a Donald Trump Presidency, Gizmodo,, 06.08.2016

[82] Ibid.

[83] Bond, Michael et al., A 61-million-person experiment in social influence

and political mobilization,

[84] Sifry, Micah: Facebook Wants You to Vote on Tuesday. Here's How It Messed With Your Feed in 2012., Mother Jones,, 07.08.2016

[85] Biddle, Sam: Facebook Deliberately Experimented on Your Emotions, Gawker,, 07.08.2016

[86] Kramer et al.: Experimental evidence of massive-scale emotional

contagion through social networks,

[87] Epstein, Robert: How Google Could Rig the 2016 Election, POLITOCO,, 26.08.2016

[88] Bell, Larry: Billionaires Battle Over Media Influence: Koch Bros./Murdoch Vs. Soros/Buffett/GE, Forbes,, 25.08.2016

[89] An offshore jurisdiction offering a high level of anonymity

[90] McKenzie et al.: Unaoil: the Company that Bribed the World, The Age,, 09.08.2016

[91] Ibid.

[92] Ibid.

[93] Russon, Mary-Ann: Unaoil bribery scandal: Samsung, Hyundai, Rolls-Royce implicated in $1tn oil industry corruption, International Business Times,, 09.08.2016

[94] Ibid.

[95] Baumann et al.: Unaoil’s Huge New Corporate Bribery Scandal, Explained, The Huffington Post,, 10.08.2016

[96] Foreign Corrupt Practices Act: What you don’t know could cost you, PwC,, 09.08.2016

[97] Ibid.

[98] Gallinger, George: The Foreign Corrupt Practices Act: not just a US company concern, Financier Worldwide,, 10.08.2016

[99] Weldon, David: Ashley Madison breach shows hackers may be getting personal, CIO,, 25.08.2016

[100] Harding, Luke: What are the Panama Papers? A guide to history's biggest data leak, The Guardian,, 26.08.2016

[101] Military drills in Nord Stream waters, Barents Observer,, 12.08.2016

[102] Larsson, Robert: Security Implications of the Nords Stream Project, European Parliament,, 14.08.2016, p.11

[103] Meiton, Luise: Militären kan spränga mystiska farkosten, Svenska Dagbladet,, 12.08.2016

[104] Whist, Benedik Solum: Nord Stream: Not Just a Pipeline, Fridtjof Nansens Institute, 2008, 13.08.2016

[105] Ibid.

[106] Estonian World: Sweden’s Estonian community protests against Russian pipeline in Gotland, Estonian World,, 12.08.2016

[107] De Jong, Sijbren: Why Europe should fight Nord Stream II, EU Observer,, 13.08.2016

[108] Стало известно, чем правительство вооружит "Газпром": огнестрелом, наручниками и дубинками,,, 13.08.2016

[109] The complete text can be found in:

[110] Galeotti, Mark: Russia’s corporate armies may be on the way back, Blouin News,, 14.08.2016

[111] Hurst, C. (2010). The militarization of Gazprom. FOREIGN MILITARY STUDIES OFFICE (ARMY) FORT LEAVENWORTH KS.

[112] Erickson, Andrew and Kennedy, Connor: China’s Fishing Militia Is a Military Force in All But Name, War if Boring,, 25.08.2016

About the Author(s)

Adam Klus is a PhD student at the University of Eastern Finland. He also works as a consultant focusing on complex intentional threats to large business organizations and adversarial situations in the economic domain. Adam contributed several analytical reports to various international projects researching hybrid/unrestricted warfare. Earlier he held a variety of roles within the financial industry including; portfolio manager, alternative investment analyst and catastrophic risk investor. You can follow him on Twitter: @klusadam (private account) and @corp_threats (professional focus).