Gray Zone Warfare

“Gray zone warfare is how great powers fight each other without fighting a deliberate strategy of staying below the threshold that triggers conventional military response.” Gray zone warfare describes state-sponsored activities that achieve strategic objectives through covert, deniable, or subthreshold means including cyberattacks on critical infrastructure, disinformation campaigns, economic coercion, proxy support, and elite capture that fall below the threshold of armed attack that would trigger mutual defense obligations or conventional military response.

Executive Summary

The gray zone is the operational space between routine peacetime competition and open armed conflict. It is not new Soviet active measures, Cold War proxy conflicts, and covert action have always existed but it has expanded dramatically as state actors have developed more sophisticated subthreshold tools and as nuclear deterrence has made conventional great power war prohibitively costly. Russia’s 2014 Crimea annexation combining covert military action, information warfare, and political manipulation to seize sovereign territory without triggering Article 5 established the operational template. China’s island-building in the South China Sea, Iranian proxy network operations across the Middle East, and North Korean cryptocurrency theft campaigns are the major active gray zone operations of the current period. Gray zone warfare is urgent for both policy and corporate audiences because it specifically targets the infrastructure, supply chains, and information environments that private sector actors depend upon.

The Strategic Mechanism

Gray zone operations deploy five primary instrument categories:

  • Cyber operations: Attacks on critical infrastructure (SolarWinds, Colonial Pipeline, Volt Typhoon pre-positioning), intellectual property theft, and operational disruption that impose costs and gather intelligence without constituting acts of war under current legal frameworks.
  • Information warfare: Disinformation campaigns amplified through social media, state-aligned media (RT, Xinhua), and domestic political proxies that erode institutional trust and social cohesion in target societies.
  • Economic coercion: Targeted trade restrictions, technology denial, and market access manipulation that impose costs on target states without triggering security alliance responses China’s 2020-2023 trade restrictions against Australia being the paradigm case.
  • Proxy operations: Supporting, arming, or directing non-state armed actors in target states to impose costs without direct attribution Russian Wagner Group operations in Africa, Iranian IRGC-Quds Force proxy network.
  • Elite capture and political influence: Corruption of foreign political, business, and media elites through bribery, compromising information, and preferential access that shapes target state policy without kinetic operations.

Market & Policy Impact

  • Chinese state-sponsored hackers (Volt Typhoon, Salt Typhoon) pre-positioned access in U.S. critical infrastructure including communications networks, water systems, and energy grids, with CISA assessing the intrusions as preparation for potential disruptive action in a conflict scenario the largest documented pre-positioning operation in U.S. infrastructure history.
  • Russia’s disinformation operations during the 2016 U.S. election cycle reached an estimated 126 million Americans on Facebook alone, per Senate Intelligence Committee findings.
  • China’s economic coercion against Australia (2020-2023) targeting $20 billion in Australian commodity exports across 14 sectors failed to change Australian foreign policy but imposed temporary economic costs and served as a demonstration for other U.S. partners.
  • North Korea’s state-sponsored cryptocurrency theft reached an estimated $3 billion in 2022 (UN Panel of Experts estimate), representing a gray zone economic warfare operation that directly funds nuclear and missile program development.
  • Taiwan experiences an average of 5 million cyberattacks per month on government systems (Taiwan’s National Security Bureau, 2023), representing the highest-intensity ongoing gray zone cyber campaign against any democratic state.

Modern Case Study: China’s Volt Typhoon Critical Infrastructure Campaign, 2023-2024

The May 2023 joint advisory from CISA, NSA, FBI, and Five Eyes partners revealed that a Chinese state-sponsored group designated “Volt Typhoon” had maintained persistent access to U.S. critical infrastructure networks including communications, energy, transportation, and water systems for at least five years. Unlike conventional cyber espionage (which targets intelligence collection), Volt Typhoon’s “living off the land” techniques were specifically designed to pre-position disruptive capability for use in a potential military conflict scenario, particularly a Taiwan Strait crisis. NSA Director Paul Nakasone and CISA Director Jen Easterly assessed the intrusions as explicitly pre-conflict positioning, not intelligence gathering. The campaign described by U.S. officials as “the real-world threat” rather than a theoretical scenario represented the most significant documented gray zone operation against U.S. infrastructure ever publicly attributed, and the clearest illustration that gray zone warfare and conventional conflict preparation are not sequential but simultaneous activities.