Hybrid warfare is gaining traction globally as the preferred option for conducting malicious statecraft in the grey zone between peace and war. There is a growing international trend in attacking a nation's specific vulnerabilities, including the national power grid and its critical infrastructure.
The term hybrid warfare was coined by William Nemeth in 2002. He described it as
warfare … where a wide range of overt and covert military, paramilitary, and civilian measures are employed in a highly integrated design. The adversary tries to influence influential policymakers and key decision makers by combining kinetic operations with subversive effort. The aggressor often resorts to clandestine actions, to avoid attribution and retribution.
This kind of warfare is also associated with grey zones – in other words actions that fall just short of war.
A hybrid attack and by implication a hybrid threat, is
an emerging, but ill-defined notion in conflict studies. It refers to the use of unconventional methods as part of a multi-domain warfighting approach. These methods aim to disrupt and disable an opponent's actions without engaging in open hostilities.
Hybrid threats are also commonly associated with terrorism, organised crime and militants within society.
We have been involved in defence and security studies for many years and one of us has been researching the new security challenges of the 21st Century such as hybrid warfare and the use of lawfare.
Hybrid attacks on national power generation's critical infrastructure are a known strategy. This raises questions about recent incidents in South Africa during which the country's electricity infrastructure was allegedly sabotaged. The target was the national power utility Eskom.
Growing evidence of attacks
An ever-growing portfolio of academic opinion is being published about this phenomenon and its specific linkages to Russia and China.
At the end of 2015 and 2016 the Ukrainian power grid fell victim to a directed Russian hybrid attack. German power infrastructure was also attacked during 2018 and 2020 by Russian cyberterrorists.
The North Atlantic Treaty Alliance (NATO) has accused Russsia of using hybrid warfare to achieve a number of objectives. These include undermining pro-Western governments, dividing and weakening the NATO Alliance, or advancing its own economic interests.
More passive applications have also been identified. For example, the installation of equipment that could be used as a backdoor entry into a country's energy system.
Last year, the US government seized a Chinese electricity transformer that was to be installed in Colorado. The fear of the then US Administration was that it might be used to compromise the country's power grid. This led to an US Executive Order blocking the installation of foreign manufactured and supplied systems and components on the US power grid.
The case of South Africa's power utility
In mid-November this year there were incidents at two strategic power stations in South Africa that raised alarm bells.
In the first, an electricity tower that powered the coal conveyor belt at the Lethabo facility collapsed. This came shortly after an extension cord was dropped on a transformer at the Matimba power station. Three power units were taken out of action, and contributed to a renewed bout of power cuts in the country.
Both incidents were investigated as possible attempts at sabotage. Shortly afterwards the chief executive officer of Eskom André de Ruyter issued a statement saying that there was evidence of sabotage at the Lethabo plant.
In our view these two incidents can be classified as hybrid threats – or more aptly, hybrid attacks. They highlight the continued hybrid threat to the South African power grid.
Our view is informed by narratives equating the mismanagement and corruption of the past decade as domestic terrorism or commercial terrorism. These use a combination of various tools within the trade of hybrid warfare.
In addition, a recent report highlighted South African vulnerability to several types of terrorism-related risks, one of which is domestic terrorism. The report was on evaluation of anti-money laundering and counter-terrorist financing measures released by the National Treasury.
Sabotage is an instrument from the counterinsurgency toolbox. In South Africa it's been used in the past to destabilise the status quo.
The Lethabo and Matimba incidents point to acts of precision that affected the stability of the power grid.
In addition, they cast further suspicion on the August 2021 explosion at the Medupi power station, South Africa's latest and largest fossil fuel burning electricity plant.
These attacks can (and are) combined with other (hybrid) threats such as fraud and corruption within the tender processes for procurement programmes, crippling the maintenance and repair budget of Eskom.
What to expect
The cases of Eskom sabotage seem to be quite primitive, albeit effective. But there's considerable scope for growth in sophistication and effectiveness once modern (off-the-shelf) technology and software capabilities are combined with the malicious intent inherent in political, bureaucratic, commercial and altruistic rivalry.
The intended effects of hybrid threats and attacks on national power grids cover a number of potential possibilities.
Firstly, there is simply the aim to bring about a typical power outage. But this can be escalated to destabilise the entire power grid.
Secondly, the intention could be to undermine confidence in local municipalities which in turn would affect support of political parties.
Thirdly, parties that have political or commercial interests may use them to sway opinions.
So who could be behind them?
One considerable motive for a variety of actors in South Africa is its position as the eighth largest per capita emitter of greenhouse gases in the world. Eskom alone is emitting two-fifths of South Africa's greenhouse gases.
One potential originator of the attack could be eco activists who might want to destabilise the power grid. Attacks on the power utility could be used to bolster the growing national and international call for carbon free energy production.
Another potential originator of the attack could be those pursuing the considerable commercial interests at stake in the growing renewable energy market in South Africa and internationally. For example, a country like China, which is the largest solar panels manufacturer, would benefit tremendously from a flourishing renewable energy market in South Africa following the destabilisation of Eskom.
Lessons need to be learnt
South Africa needs to take note of these events, learn from them and categorise them correctly within the growing theory and practice of hybrid warfare.
Such awareness will enable the country to formulate appropriate responses based on international practice in building resilience. It would also help the country avoid responses that could result in further destabilisation of the economy and society.
Sascha-Dominik (Dov) Bachmann, Professor in Law and Co-Convener National Security Hub (University of Canberra), University of Canberra and Dries Putter, Lecturer at the Faculty of Military Science, Stellenbosch University