Elisabeth Braw is a senior fellow at the Atlantic Council, author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Her new book, “The Undersea War,” is out later this year.
From cyberattacks to arson and drone surveillance, these days European companies are being targeted by all manner of nefarious attacks. These businesses are crucial to the daily functioning of our nations; indeed, that may be the reason they’re being targeted. And yet, in most countries, business and government don’t exchange regular threat updates.
With risks proliferating globally, this is a missed opportunity. A newly established Swedish committee shows just what can be done without much hassle or expense.
There have been “drone sightings in proximity to offshore energy structures,” reported Offshore Energies UK in April. “Our platforms are 100, 150 miles out in the middle of the sea, so you don’t typically have many neighbors — you don’t have people coming and visiting unless they are there for a very good reason,” Graham Skinner, the trade body’s health and safety manager for offshore infrastructure, told the BBC.
“When the crews spot lights in the sky, or things moving around, suspicious activity in general — it’s very obvious that it’s out of place. It may well be that they want to expose weaknesses or test our responses, they may even just be filming to see what is going on.”
Drones loitering around crucial offshore infrastructure: That’s an alarming state of affairs. Even more so, as it’s not a one-off or a bizarre occurrence exclusively affecting the oil and gas sector. In recent months, we’ve seen drones loitering around a range of facilities on land, including arms factories. On one of the coldest days of January this year, someone sabotaged power cables in Berlin, leaving some 100,000 residents without power, heat and internet for days.
We have also seen arson attacks carried out against warehouses, shopping malls and even defense companies. We’ve seen attempts to bring down airliners using parcel bombs, constant cyberattacks and a string of highly suspicious incidents involving ships and undersea cables. On June 15, Finnish prosecutors charged the captain and another officer on the Fitburg — the ship that struck cables in the Gulf of Finland on New Year’s Eve — with aggravated sabotage and aggravated interference with communications networks.
The fact that companies are experiencing an onslaught of disruptive activities should come as no surprise. Businesses are indispensable to the daily functioning of our societies. They are attractive and vulnerable targets, and police and military can’t guard their installations around the clock.
In global insurance broker Willis Towers Watson’s recently released annual risk survey, 26 percent of European companies listed grey-zone attacks by Russia as a key concern. When asked what type of grey-zone acts they were concerned about, 65 percent cited attacks on infrastructure, 61 percent economic coercion or retaliation, 56 percent state-sponsored cyberattacks, 39 percent hostile export controls, 37 percent marine disruption — such as attacks on shipping or port blockages — and 32 percent threats to business executives, such as wrongful detention or assassination attempts.
In other words, businesses are severely concerned about geopolitically motivated threats and are monitoring them closely.
However, they don’t have access to the wealth of knowledge that government intelligence services do. Conversely, intelligence services can’t possibly know everything that businesses do. If the two sides were able to regularly exchange updates — within the limitations of classification, of course — they’d both be better off. They’d also be able to discuss how the government and private sector can work together to ensure companies can keep operating in case of grey-zone attacks or, heaven forbid, war.
Several years ago, the U.K. government explored launching such cooperation — an effort I was involved in. While it ultimately didn’t come to pass, the need for this kind of collaboration has only increased since then.
Enter the Swedish government, which has now launched a “business council” with similar tasks.
Comprised of the CEOs of Sweden’s most vital companies and co-chaired by the country’s defense chief and the director-general of the Swedish Civil Defence and Resilience Agency, the council functions as a national-security coordination hub between the government and the private sector.
“Sweden’s defense capability is built on the strength of society as a whole. By bringing together leading representatives from the business community, we strengthen our shared ability to face crises, heightened preparedness and ultimately war,” said Chief of Defence Gen. Michael Claesson when the body was launched this spring.
Of course, the council won’t solve every problem facing a country that happens to be the target of a hostile nation— far from it. Indeed, the group will only meet twice a year, though if the geopolitical situation worsens, it can convene more often.
But the point is to not let perfect be the enemy of good. The Swedish business council costs absolutely nothing, and it convenes the brain power of some of the country’s most influential leaders. That goes a long way.
Similarly, Germany has just launched a center for defense against hybrid threats. Although it won’t be able to keep every attack at bay, having such a hub will be vastly superior to not having one.
Faced with today’s geopolitically motivated attacks and subversion, countries in fact have the opportunity to innovate. I’m willing to bet more than a few euros that if asked, companies would be up for taking part in new initiatives. They are, after all, the ones experiencing these new threats in the most direct ways.
POLITICO occasionally publishes opinion pieces from guest authors to offer our readers a range of perspectives on the intersection of power and politics. The views expressed are those of the authors and do not reflect the views of POLITICO.
