The Nature of Modern Conflicts

"We create a pretend world. We are a global production company: We write the screenplay, we're the directors, we're the producers, we're the main actors. And the world is our stage."
— Anonymous, R. Mossad

Modern warfare has transcended traditional uniforms, flags, front lines, borders, and boundaries. Modern hybrid conflicts span across land, air, sea, space, cyber, biological, and cognitive domains. Non-kinetic actions achieve military objectives through lawfare and economic warfare, often conducted by non-state actors operating below the threshold for conventional war. Key Characteristics of Modern Conflicts include:

• Perpetual Conflict: Hybrid conflicts lack clear endpoints, exemplified by Afghanistan's "forever war."

• Unrestricted Warfare: Chinese military doctrine advocating for the use of all means—military and non-military, lethal and non-lethal—to compel an adversary:

  • Public Opinion Warfare (舆论战): Strategic narrative management across domestic and international audiences

  • Psychological Warfare (心理战): Undermining morale and decision-making of adversaries

  • Legal Warfare (法律战): Exploiting legal systems and norms to constrain adversaries

• Strategic Ambiguity: Gray Zone Operations deliberately operating between peace and war, below escalation thresholds while maintaining plausible deniability and achieving strategic objectives.

  • Salami-slicing: Incremental gains too minor for military retaliation (South China Sea artificial island construction)

  • Cabbage Tactics: Swarming contested infrastructure with layered assets (fishing boats, coast guard, naval vessels)

• Attribution Failures: Multi-layered proxies and complex mediums make the distinction between state and non-state actors indiscernible.

• Asymmetric Conflict: Conflict between parties of unequal strength, where weaker actors exploit vulnerabilities of stronger opponents through:

  • Guerrilla Tactics: Protracted irregular warfare through small unit operations, cultural integration, mobility, and psychological operations

  • Insurgency Operations: Exploiting the paradox that "killing insurgents recruits more insurgents" through online radicalization, leaderless resistance, and coordinated disinformation

  • Terror Tactics: Systematic weaponization of fear, historically demonstrated from Mongol Empire massacres to modern ISIS social media propaganda

Notably, the ratio of non-kinetic to kinetic means is often at least 3:1, demonstrating that modern warfare constitutes a Weltanschauungskrieg—a war of worldviews. Shaping beliefs, identities, and perceptions of hearts and minds becomes the strategic objective of violence. Violence remains merely another tool to achieve political ends and human terrain remains the primary domain of conflict. As such the following security protocol is domain agnostic and can be applied to protect civilian, corporate, state and hybrid infrastructure.

Historical Foundations

“It can therefore be said that politics is war without bloodshed while war is politics with bloodshed.” — Mao Tse Tung

The Clausewitzean Trinity

Clausewitz's revolutionary "trinity" (die wunderliche Dreifaltigkeit) emerges from his critique of purely rational approaches to warfare. He acknowledges the inherent unpredictability of conflict through his concept of "friction" (Friktion)—the gap between theoretical planning and battlefield reality. The trinity demonstrates the interplay between three elements: the government provides "policy" (the rational element that gives war its political purpose), the commander and army navigate "the play of chance and probability," and the mass of people embody "primordial violence, hatred, and enmity." This clearly demonstrates that "war is merely the continuation of policy by other means" (Der Krieg ist eine bloße Fortsetzung der Politik mit anderen Mitteln). However, it assumes a cohesive state actor.

Sun Tzu's Deception

Sun Tzu's declaration that "all warfare is based on deception" (兵者詭道也) establishes deception not merely as a tactical tool but as the fundamental nature of conflict itself. "When able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near." This philosophy culminates in his intelligence doctrine: "Know the enemy and know yourself; in a hundred battles you will never be in peril," and the concept of "supreme excellence" (上兵) being not kinetic victory but rather victory achieved without violence.

Kautilya's Statecraft

Unlike Sun Tzu's abstract philosophical discussions of deception, Kautilya provides concrete methodologies for psychological manipulation, including detailed instructions for staging false flag operations and manufacturing pretexts for conflict. He categorizes types of agents as "fiery" (तीक्ष्ण) or "mild" (मृदु), each serving specific intelligence functions. His advocacy for "double agents" (द्विगुण) and "agents provocateurs" demonstrates sophisticated understanding of intelligence operations that extends far beyond battlefield applications. Kautilya's endorsement of "poison damsels" (विषकन्या) and sexual compromise operations, along with the Arthashastra's comprehensive system of state management, especially the "circle of states" (राज्यमण्डल), demonstrates warfare and tradecraft as essential tools of statecraft.

Threat Taxonomy

“The Supreme Art of War is to defeat the enemy without violence.” — Sun Tzu

The contemporary threat landscape requires sophisticated understanding of how threat actors operate across multiple domains simultaneously. This taxonomy provides a framework for analyzing and responding to complex, multi-domain threats that characterize modern security challenges. Contemporary threat actors operate within four interdependent quadrants of modern conflicts:

1. Physical Security (Macro-Scale)

Physical security encompasses conventional military capabilities, critical infrastructure vulnerabilities, and space-based assets utilized to achieve military objectives. This domain includes kinetic operations ranging from traditional military engagements to attacks on critical infrastructure and space-based systems.

• Personnel: Guards and security personnel

• Perimeter: Gates, fences, barriers, and access control points

• Strategic Assets: Armored vehicles, tanks, ordnance, satellites, space-based assets, ISR equipment

• Access Control: Locks, safes, vaults, and physical security measures

• Surveillance Systems: CCTV, motion detectors, alarms, and intrusion detection

• Advanced Systems: ICBMs and anti-access/area-denial (A2/AD) systems

• Critical Infrastructure: Communications infrastructure, energy facilities, transportation networks, power grids, critical supply chain points

• Critical Resources: rare-earth metals, energy resources, etc.

2. Biosecurity (Micro-Scale Physical)

The biosecurity domain encompasses chemical, biological, nuclear, and radiological threats ranging from naturally occurring pandemics to engineered pathogens and dual-use research concerns. Threat actors exploit vulnerabilities in public health systems, research facilities, and international biosafety protocols.

• Engineered Pathogen Threats: Biological weapons research facilities, gain-of-function research

• Dual-Use Research of Concern: Gene editing technology proliferation, academic research with weaponization potential, commercial biotechnology firms with inadequate security protocols

• Delivery Mechanisms: Aerosol dissemination systems, water supply contamination methods, food chain infiltration techniques

• Nuclear & Radiological Threats: Emergency shelter protocols, radiation detection applications, decontamination procedures, personal dosimeters, potassium iodide tablets, gamma spectrometers

• Chemical Protection: NBC masks, atropine auto-injectors

• Biometric and Medical Data Protection: Genetic data, facial recognition, iris scans, gait analysis

3. Cybersecurity (Micro-Scale Digital)

The cybersecurity domain represents the most rapidly evolving threat environment, characterized by sophisticated state-sponsored operations, organized cybercrime, and the emergence of AI-powered attack vectors. Threat actors exploit vulnerabilities in digital infrastructure, conduct espionage operations, and deploy ransomware for financial and strategic gain.

Key vulnerabilities include: Supply chain attacks, critical infrastructure and financial sector targeting, using zero-day exploits, social engineering, and automated threat systems.

• Hardware Security: Custom-built systems, hardware security modules (HSMs), trusted platform modules (TPMs), electronic warfare protections

• Firmware Integrity: UEFI security protocols, secure boot processes, firmware verification systems

• Operating System Hardening: Linux distribution hardening, virtual machine isolation, disposable system deployment

• Network Security: Anonymity protocols, encryption implementation, traffic analysis protection, communications security, metadata protection

• Technical Security Counter Measures (TSCM): Bug sweeps, keyloggers, cameras, RF implants, and GPS trackers.

4. Information Security (Macro-Scale Cognitive)

Information warfare represents the cognitive battlefield where threat actors manipulate information ecosystems to influence public opinion, undermine democratic institutions, and achieve strategic objectives through non-kinetic means. Operations in this domain leverage social media platforms, traditional media, and emerging technologies to shape narratives and decision-making processes.

• Counterintelligence & Insider Threats: human terrain remains the most critical security vulnerabilities in any system.

• Information Warfare Countermeasures: Multi-source intelligence, robust validation methodologies, strong OODA loop, measures for mitigating adversary deception (e.g. attack attribution, etc)

• Psychological Resilience: Key mental health indicators, cognitive bias awareness, stress inoculation, social influence vulnerabilities

• Electoral Interference Operations: Voter manipulation, election system targeting, democratic process disruption

• Social Media Manipulation: Bot networks, astroturfing campaigns, algorithmic manipulation

• Narrative Warfare: Strategic narrative construction, counter-narrative operations, cultural trigger exploitation

• Influence Operations Infrastructure: Media manipulation, propaganda networks, psychological operations

• Lawfare: Legal system weaponization, regulatory capture, administrative detention, jurisdictional arbitrage

• Economic Warfare: Financial system manipulation, supply chain disruption, currency destabilization

• Social Engineering Operations: Honey trap operations, kompromat development, authority figure exploitation, and other human factor vulnerabilities

• Personnel Targeting: Family members, associates, and professional networks

Cross-Domain Threats

Contemporary threat actors increasingly operate across multiple domains simultaneously, creating complex hybrid threats that challenge traditional security frameworks. Needless to say, the separation into categories is for the sake of comprehensive analysis quadrant siloing is antithetical to this operational security approach. Key integrated attack patterns include:

• Cyber-Informational Convergence: The majority of cyber threats originate from insider threats, combining social engineering with digital exploitation

• Information-Biological: Disinformation campaigns regarding biological weapons capabilities

• Physical-Informational: Livestreamed acts of terrorism for recruitment and psychological impact and narrative warfare

• Electronic Warfare: tools for disrupting, degrading, and/or destroying physical systems using electromagnetic means

• Algorithmic Disinformation: leveraging artificial intelligence to create botnets or deepfakes to target critical cognitive vulnerabilities

* These examples are for illustrative purposes, comprehensive discussion of cross-domain threats and resulting force-multiplication is beyond the scope of this introductory analysis.

Security Protocol

"Deception is a state of mind —and the mind of the state." — James Jesus Angleton.

1. Vulnerability Assessment

Compile comprehensive cataloging of assets requiring protection across all four quadrants, including personnel, information, operations, relationships, and critical infrastructure dependencies. This section has been deliberately left broad to allow for individual, corporate, or national security considerations.

Physical Critical Infrastructure: Infrastructure dependencies, supply chain weaknesses, environmental hazards, transportation systems, communications infrastructure, power grid, valuables

Informational Critical Infrastructure: Cyber attack vectors, data exfiltration risks, communication interception, personnel security risks, social engineering susceptibility, insider threats, lawfare exposure, economic pressure vulnerability, reputation attack risks, critical information

2. Threat Actor Analysis

Identification of adversary pattern of life operational signatures and behavioral indicators through collection of information on ends, ways and means.

Threat Actor Identification

• State Actors: Intelligence service capabilities, military unit specializations, economic warfare tools

• Non-State Actors: Criminal organization structures, terrorist group capabilities, corporate espionage networks

• Hybrid Threats: PMC operations, state-adjacent actors, proxy force capabilities

* Please note this framework deliberately assumes threat actors, however, it is important to note that environmental conditions and unknown-unknowns are major risks which must be appropriately addressed.

Capability Assessment

• Adversary TTP: Systematic study of enemy tactics, techniques, and procedures

  • Predictive Modeling: Anticipation of adversary TTP evolution based on historical analysis

• Technical Capabilities: Cyber warfare, electronic warfare, surveillance technology

• Human Resources: Personnel numbers, expertise levels, operational experience

• Financial Capacity: Funding sustainability, equipment access, operational budget

• Access Vectors

  • Physical Proximity: Geographic positioning, facility access, personnel infiltration

  • Digital Penetration: Network access, system compromise, data exfiltration capabilities

  • Insider Connections: Personnel recruitment, social engineering, institutional penetration

Intent Analysis

• Motivational Drivers:

  • Ideological Motivation: Belief-driven objectives, worldview warfare, cognitive influence operations

  • Financial Motivation: Economic gain, resource extraction, market manipulation

  • Strategic Motivation: State-directed objectives, geopolitical positioning, long-term influence

• Intensity Levels:

  • Low (0.2): Opportunistic interest, limited commitment

  • Medium (0.5): Active interest, moderate resource allocation

  • High (0.8): Priority target, significant resource commitment

  • Critical (1.0): Primary objective, maximum resource allocation

*Intent Weighting: only assign numerical values 0.2-1.0 when appropriate, useful, and validated by behavioral evidence

• Persistence Factors

  • Long-term Commitment: Multi-year operational planning, strategic patience

  • Resource Sustainability: Funding streams, equipment replacement, personnel retention

  • Escalation Willingness: Risk tolerance, political costs, operational constraints

    • Threshold Awareness: Understanding adversary escalation thresholds and red lines

3. Risk Formula

Risk = (Threat Capability × Intent × Opportunity × Vulnerability) / (Detection Capability × Response Capability × Recovery Capability)

* Assumes linear threat relationship and fails under exponential, non-linear and cascading failures

Prioritization Matrix

This framework assumes both finite resources and imperfect information flow while operating in resource-constrained environments, therefor it is essential to prioritize:

• High Impact/Low Cost: Security measures providing maximum protection per resource unit invested

• Critical Vulnerabilities: Priority focus on vulnerabilities with highest compromise risk and impact

• Resource Allocation: Dynamic resource distribution based on threat level changes and operational requirements

Grand Defence Strategy

“We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality — judiciously, as you will — we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors . . . and you, all of you, will be left to just study what we do.” ― Senior Advisor to the George W. Bush Administration

1. Adversary Cost Imposition

Objective: Make targeting politically and economically prohibitive by implementing security measures that maximize adversary resource expenditure while providing robust protection. Security architecture designed to impose maximum operational costs on potential threats through aggressive security posture.

2. Graceful Degradation Under Protracted Conflict

Objective: Maintain operational effectiveness across varying threat levels and resource constraints through adaptive security frameworks. The system is designed to gain capability when probed by learning adversary tools, techniques and procedures and adapting security posture accordingly. Under this framework, it is not necessary to claim victory, it is sufficient to not admit defeat and thereby asymmetrically drain adversary resources.

Minimum Viable Security Framework

Core security measures engineered to deliver “good-enough” protection and efficiency in real-world situation, particularly suited for resource-constrained environments and emergency scenarios:

• Tiered Security Architecture: Multi-level security systems enabling systematic reduction of non-essential measures while preserving critical protections

• Core Function Protection: Prioritization matrix ensuring essential capabilities remain operational even under severe resource limitations

• Emergency Protocol Deployment: Rapid-response security adjustment procedures for crisis escalation and de-escalation

Compromised Environment Operations

Systems and procedures specifically designed to maintain functionality within partially compromised operational environments:

• Compartmentalized Operations: Isolated system segments preventing cascade failures

• Adaptive Response Mechanisms: Real-time threat assessment and countermeasure adjustment

• Adversarial Pressure Utilization: Converting hostile pressure into operational advantages through strategic positioning

Psychological and Operational Resilience

• Mental Preparation Protocols: Systematic preparation for manipulation attempts, psychological warfare, cognitive overload, traumatic events, etc.

• Stress Inoculation Training: Building resistance to high-pressure scenarios and decision-making under duress

• Operational Continuity Planning: Maintaining mission effectiveness despite ongoing adversarial pressure

Core Principles

Cost-Benefit Manipulation: Structure defensive measures to ensure aggressive actions become more costly than beneficial for adversaries, creating natural deterrence through economic disincentives

Resource Exhaustion Tactics: Force adversaries into disproportionate investment through sophisticated but efficient defensive systems that drain their operational capabilities

Pre-Mortem: Common Failure Modes

“I am the author, or one of the authors, of the new Russian system… My portfolio at the Kremlin and in government has included ideology, media, political parties, religion, modernisation, innovation, foreign relations, and… modern art.” — Vladislav Surkov

Security Theater

Avoiding visible security measures that provide false confidence while offering little actual protection, focusing on effective rather than impressive security implementations.

Fortress Mentality

• Operational Flexibility: Maintaining mission capability while implementing security measures

• Balanced Security: Avoiding over-securing that creates operational inflexibility

• Mission Focus: Ensuring security measures support rather than hinder operational objectives

Security Fatigue

• Sustainable Protocols: Security procedures that can be maintained long-term without degradation

• Personnel Rotation: Preventing burnout through rotation and rest periods

• Simplified Procedures: Streamlined security protocols reducing complexity and compliance burden

Paralysis by Analysis

• Decision Triggers: Clear criteria for immediate action under uncertainty

• Rapid Assessment: Quick decision-making frameworks for time-critical situations

• Action Bias: Preference for decisive action over perfect analysis in crisis situations

Technological Disruption

• Failure to adopt: emerging technology determines how effectively a side can project power.

• Failure to adapt: The side that innovates faster gains decisive strategic advantages

• Examples include but are not limited to emerging biotechnology, robotics, artificial intelligence and computing paradigms

Compartmentalization Paradox

• Issue: Excessive compartmentalization often creates stove-pipes and siloes which lead to intelligence failures, broken OODA loop, and exploitable information asymmetries

• Distributed Command Structures: Resilient command and control systems preventing single points of failure, with compartmentalization at operational level and multiple parallel operations with different security profiles.

Conclusion

“This is not a war but a simulacrum of war, a virtual event which is less the representation of real war than a spectacle which serves a variety of political and strategic purposes on all sides.” — Introduction to The Gulf War Did Not Take Place by Jean Baudrillard

All systems can be compromised. As such the primary objective of defence is to maintain continuity of operations under increasing adversarial pressure, not perfect or absolute security. As long as the continuity of core functionality are maintained, mission success remains achievable, despite ongoing adversarial activities. This enables graceful degradation under extreme pressure and the progressive development of rapid adaptation and resilience from security incidents.

First, this resource based security framework hinges on cost imposition on adversary operations through strategic security measure deployment, international pressure mechanisms, and resource exhaustion tactics forcing disproportionate adversary investment. In many cases this can be quantified in terms of adversary Cost Ratio – i.e. adversary resources expended vs. defensive resources expended (e.g. >4:1). Focus on developing cost effective deterrence and aggressive security posture for non-linear cost imposition. With sufficient strategic patience, every protracted conflict becomes a matter of attrition.

Second, operating under the principle of assumed compromise and planning for partial failure scenarios through compartmentalisations, parallel operations, and focus on continuity of operations enables what we call: Graceful Degradation. This anti-fragile approach facilitates continuous intelligence, surveillance and reconnaissance of adversary capabilities. Thereby enabling continuous adaptation in response to emerging tactics, techniques and procedures and changing local conditions. Enabling quick response to threat evolution and continuous learning integration from operational experience – turning each tactical setback into a long term strategic asset.

Third, this protracted asymmetric and total defence model weaponizes perception over force. This relies primarily not on resource or kinetic dominance but psychological and informational asymmetries – denying any decisive engagement, unless it would result in absolute victory. The key here is to avoid at all cost exhaustion, demoralization, and most importantly delegitimization and in turn impose these on the adversary; applying continuous pressure through aggressive security posture. In grand strategic terms, the focus is on achieving narrative dominance over hearts and minds – weaponizing information for strategic public relations victories, peer support and coalition building. Given the nature of modern conflicts international coalitions and support networks of allied individuals, organizations and governments with effective information sharing and mutual support arrangements, remains the single decisive factor in victory.

The contemporary hybrid threat environment requires abandoning traditional domain-specific security approaches in favor of integrated frameworks addressing the interconnected nature of modern conflict. Success demands continuous adaptation, resource optimization, and strategic thinking that accounts for the full spectrum of adversary capabilities across physical and informational domains. This protocol provides the foundation for effective security operations in the modern hybrid environment while maintaining operational flexibility and mission effectiveness. The framework's strength lies not in creating impenetrable defenses, but in building resilient systems capable of operating effectively under adversarial pressure while imposing maximum costs on potential threats. If you cannot win decisively, adopt a defensive stance wherein your continued survival itself erodes the resources, will and ultimately legitimacy of your opponent. Modern conflicts is characterized primarily, not by violence or territorial control, but symbolic and perceived victories.

*Please note Implementation and Operational Sections have been deliberately removed. As such this paper focuses on purely abstract foundations for a security protocol. For specific security protocols, tools and procedures please contact Section 14.