What the guidance and good practice says

The Gray Zone Has Arrived

The 2025 Strategic Defence Review highlighted the acute risk posed by Russia to the UK. Recent reporting has reinforced a sobering reality: hybrid warfare is no longer a theoretical risk. It is becoming a daily operational challenge.

From disruption to undersea cables to sophisticated GPS spoofing and cyber enabled interference, tactics designed to undermine national resilience are becoming increasingly visible.

The Doctrine of Gibridnaya Voyna

To understand the current threat landscape, it is important to recognise the concept of gibridnaya voyna, often translated as hybrid warfare.

This is not simply a new phrase for the risk register. It describes a way of operating where the boundary between peace and war becomes blurred, and where domestic infrastructure, communications, public confidence and organisational resilience can all become targets.

The International Institute for Strategic Studies has identified the UK as one of the key European targets of suspected and confirmed Russian sabotage activity in recent years.

The Reality Check

Sub threshold activity refers to hostile actions that sit below the level of open military conflict but still create serious disruption.

These activities can place pressure on critical infrastructure, public safety, transport, communications, energy, local authorities and private sector organisations.

What We Are Seeing on the Ground

• Signal interference: GPS jamming and spoofing can affect aviation, logistics, navigation, timing systems and operational coordination.
• Infrastructure vulnerability: Energy, communications and transport networks remain exposed to sabotage, disruption and cascading failure.
• Cognitive warfare: AI driven disinformation can create confusion during emergencies, elections and civil disruption.
• Cyber disruption: Organisations may face attacks that affect access, communications, data, building systems or operational continuity.
• Compound risk: Hybrid threats rarely occur in isolation. Their impact is greatest when cyber, physical, communications and public confidence risks overlap.

Building Resilience for 2026

At Controlled Events, we believe the answer lies in a practical total defence model across both the public and private sectors.

This means looking beyond traditional emergency planning and joining together crisis management, cyber protection, physical security, business continuity, communications, facilities management and operational readiness.

True Resilience

The goal for 2026 is not simply to have a plan. It is to remain operational when the systems organisations rely on are intentionally compromised.

That requires a clear understanding of dependencies, decision making structures, escalation routes, communications options and recovery priorities.

What good looks like

• Clear crisis and business continuity frameworks focused on response and recovery
• Regular training for crisis teams, control rooms and coordination functions
• Scenario stress testing based on realistic hybrid threat disruption
• Cyber, physical security and facilities teams working together
• Alternative communications routes if normal systems fail
• Clear escalation thresholds for infrastructure, cyber and public safety disruption
• Strong links with local resilience partners and emergency services
• Decision logs and evidence trails during disruption
• Plans that consider compound risks rather than single isolated incidents
• Leadership teams that understand consequence management

Common mistakes we see

Treating hybrid risk as only a national security issue

Many organisations assume hybrid threats sit above their level of responsibility. In reality, the local and organisational consequences can be immediate and operational.

Planning for cyber, physical security and resilience separately

Hybrid disruption often crosses several disciplines at once. Separate plans can create gaps during fast moving incidents.

Over relying on single systems

Communications, access control, navigation, cloud platforms and building systems can all become points of failure if alternatives are not planned.

Ignoring misinformation and public confidence

Disinformation can quickly affect staff, stakeholders, customers and the wider public during an incident.

Not stress testing compound scenarios

Organisations often test simple events, but hybrid risks are usually messy, layered and uncertain.

Weak decision making structures

When responsibilities are unclear, organisations lose valuable time deciding who owns the problem.

Practical checklist

• Review your organisation’s exposure to cyber, physical and infrastructure disruption
• Identify critical dependencies such as power, internet, communications, access systems and suppliers
• Map what happens if GPS, mobile networks or cloud systems are disrupted
• Review crisis management and business continuity plans against hybrid threat scenarios
• Run tabletop exercises involving cyber, facilities, security and leadership teams
• Agree escalation thresholds for serious disruption
• Build alternative communication methods into your plans
• Clarify who owns internal and external messaging during disruption
• Review information security and access to sensitive plans
• Train crisis teams to work together under pressure
• Create logs and audit trails for decisions and actions
• Engage with local resilience and emergency planning partners where appropriate

FAQs

What is hybrid warfare?

Hybrid warfare combines cyber activity, sabotage, disinformation, political pressure, infrastructure disruption and other hostile actions that sit below the threshold of open military conflict.

Why does this matter to UK organisations?

Hybrid threats can disrupt the systems organisations rely on every day, including communications, transport, energy, cyber systems, public confidence and supply chains.

What is the gray zone?

The gray zone describes hostile activity that falls between normal competition and open conflict. It is designed to create disruption, uncertainty and pressure without triggering a traditional military response.

What should organisations do first?

Start by identifying your critical dependencies and testing what would happen if they were disrupted. This includes power, communications, technology, suppliers, access control and decision making structures.

Is this only relevant to critical infrastructure?

No. While critical infrastructure is a key target, many public and private organisations may experience the consequences of disruption indirectly through suppliers, transport, communications or public safety impacts.

How can Controlled Events help?

Controlled Events can support crisis planning, business continuity, scenario exercises, control and coordination functions, resilience training and operational readiness reviews.