Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. It was hardly the kind of peace and cheer one hopes to see leading up to Christmas. But on Dec. 7, the second Sunday of Advent, a collection of telecoms masts in Sweden were the site of a strange scene, as a foreign citizen turned up and began taking photographs. The case became widely known two days later, when the CEO of Teracom, a state-owned Swedish telecom and data services provider, posted an unusual update on LinkedIn: Company employees and contracted security had helped detain a foreign citizen, CEO Johan Petersson reported. They had spotted the foreigner taking pictures of a group of Teracom masts, which are sensitive installations clearly marked with “no trespassing” signs. After being alerted by the employees, police had arrested the intruder. “Fast, resolute and completely in line with the operative capabilities required to protect Sweden’s critical infrastructure,” Petersson wrote. But his post didn’t end there: “Teracom continually experiences similar events,” he noted. “We don’t just deliver robust nets — we take full responsibility for keeping them secure and accessible around the clock. This is total defense in practice.” That’s a lot of troubling news in one message: a foreign citizen intruding into an area closed to the public to take photos of crucial communications masts, and the fact that this isn’t a unique occurrence. Indeed, earlier this year, Swedish authorities announced they had discovered a string of some 30 cases of sabotage against telecoms and data masts in the country. How many more potential saboteurs haven’t been caught? It’s a frightening question and, naturally, one we don’t have an answer to. It’s not just communications masts that are being targeted. In the past couple years, there have been fires set in shopping malls and warehouses in big cities. There have been suspicious drone sightings near defense manufacturing sites and, infamously, airports. Between January and Nov. 19 of this year, there were more than 1,072 incidents involving 1,955 drones in Europe, and as a group of German journalism students have established, some of those drones were launched from Russian-linked ships. And of course, there has been suspicious damage to undersea cables and pipelines in the Baltic Sea and off the coast of Taiwan. I’ve written before in this publication that Russia’s goal with such subversive operations may be to bleed our companies dry, and that China seems to be pursuing the same objective vis-à-vis certain countries. But when it comes to critical national infrastructure — in which I could include institutions like supermarkets — we need them to work no matter what. Imagine going a day or two or three without being able to buy food, and you’ll see what I mean. The upside to Teracom’s most recent scare was that the company was prepared and ultimately lost no money. Because its staff and security guards were alert, the company prevented any damage to their masts and operations. In fact, with the perpetrator arrested — whether prosecutors will decide to charge him remains to be seen — Teracom’s staff may well have averted possible damage to other businesses too. Moving forward, companies would do well to train their staff to be similarly alert when it comes to saboteurs and reconnaissance operators in different guises. We can’t know exactly what kind of subversive activities will be directed against our societies, but companies can teach their employees what to look for. If someone suddenly starts taking pictures of something only a saboteur would be interested in, that’s a red flag. Indeed, boards could also start requiring company staff to become more vigilant. If alertness can make the difference between relatively smooth sailing and considerable losses — or intense tangling with insurers — in these geopolitically turbulent times, few boards would ignore it. And being able to demonstrate such preparedness is something companies could highlight in speeches, media interviews and, naturally, their annual reports. Insurers, in turn, could start requiring such training for these very reasons. After serious cyberattacks first took off, insurers paid out on their policies for a long time, until they realized they should start obliging the organizations they insure to demonstrate serious protections in order to qualify for insurance. Insurers may soon decide to introduce such conditions for coverage of physical attacks too. Even without pressure from boards or insurers, considering the risk of sabotage directed at companies, it would be positively negligent not to train one’s staff accordingly. Meanwhile, some governments have understandably introduced resilience requirements for companies that operate crucial national infrastructure. Under Finland’s CER Act, for instance, “critical entities must carry out a risk assessment, draw up a resilience plan and take any necessary measures.” The social contract in liberal democracies is that we willingly give up some of our power to those we elect to govern us. These representatives are ultimately in charge of the state apparatus, and in exchange, we pay taxes and obey the law. But that social contract doesn’t completely absolve us from our responsibility toward the greater good. That’s why an increasing number of European countries are obliging 19-year-olds to do military service. When crises approach, we all still have a part to play. Helping spot incidents and alerting the authorities is everyone’s responsibility. Because the current geopolitical turbulence has followed such a long period of harmony, it’s hard to crank up the gears of societal responsibility again. And truthfully, in some countries, those gears never worked particularly well to begin with. But for companies, however, stepping up to the plate isn’t just a matter of doing the right thing — it’s a matter of helping themselves. Back in the day, the saying went that what was good for Volvo was good for Sweden, and what was good for General Motors was good for the U.S. Today, when companies do the right thing for their home countries, they similarly benefit too. Now, let’s get those alertness courses going.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Over the past two years, state-linked Russian hackers have repeatedly attacked Liverpool City Council — and it’s not because the Kremlin harbors a particular dislike toward the port city in northern England. Rather, these attacks are part of a strategy to hit cities, governments and businesses with large financial losses, and they strike far beyond cyberspace. In the Gulf of Finland, for example, the damage caused to undersea cables by the Eagle S shadow vessel in December incurred costs adding up to tens of millions of euros — and that’s just one incident. Russia has attacked shopping malls, airports, logistics companies and airlines, and these disruptions have all had one thing in common: They have a great cost to the targeted companies and their insurers. One can’t help but feel sorry for Liverpool City Council. In addition to looking after the city’s half-million or so residents, it also has to keep fighting Russia’s cyber gangs who, according to a recent report, have been attacking ceaselessly: “We have experienced many attacks from this group and their allies using their Distributed Botnet over the last two years,” the report noted, referring to the hacktivist group NoName057(16), which has been linked to the Russian state. “[Denial of Service attacks] for monetary or political reasons is a widespread risk for any company with a web presence or that relies on internet-based systems.” Indeed. Over the past decades, state-linked Russian hackers have targeted all manner of European municipalities, government agencies and businesses. This includes the 2017 NotPetya attack, which brought down “four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency,” as well as a string of multinationals, causing staggering losses of around $10 billion. More recently, Russia has taken to targeting organizations and businesses in other ways as well. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” There have been parcel bombs delivered to DHL; fast-growing drone activity reported around European defense manufacturing facilities; and a string of suspicious incidents damaging or severing undersea cables and even a pipeline. The costly list goes on: Due to drone incursions into restricted airspace, Danish and German airports have been forced to temporarily close, diverting or cancelling dozens of flights. Russia’s GPS jamming and spoofing are affecting a large percentage of commercial flights all around the Baltic Sea. In the Red Sea, Houthi attacks are causing most ships owned by or flagged in Western countries to redirect along the much longer Cape of Good Hope route, which adds costs. The Houthis are not Russia, but Russia (and China) could easily aid Western efforts to stop these attacks — yet they don’t. They simply enjoy the enormous privilege of having their vessels sail through unassailed. The organizations and companies hit by Russia have so far managed to avert calamitous harm. But these attacks are so dangerous and reckless that people will, sooner or later, lose their lives. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” | Aleksander Kalka/Getty Images What’s more, their targets will continue losing a lot of money. The repairs of a subsea data cable alone typically costs up to a couple million euros. The owners of EstLink 2 — the undersea power cable hit by the Eagle S— incurred losses of nearly €60 million. Closing an airport for several hours is also incredibly expensive, as is cancelling or diverting flights. To be sure, most companies have insurance to cover them against cyber attacks or similar harm, but insurance is only viable if the harm is occasional. If it becomes systematic, underwriters can no longer afford to take on the risk — or they have to significantly increase their premiums. And there’s the kicker: An interested actor can make disruption systematic. That is, in fact, what Russia is doing. It is draining our resources, making it increasingly costly to be a business based in a Western country, or even a city council or government authority, for that matter. This is terrifying — and not just for the companies that may be hit. But while Russia appears far beyond the reach of any possible efforts to convince it to listen to its better angels, we can still put up a steely front. The armed forces put up the literal steel, of course, but businesses and civilian organizations can practice and prepare for any attacks that Russia, or other hostile countries, could decide to launch against them. Such preparation would limit the possible harm such attacks can lead to. It begs the question, if an attack causes minimal disruption, then what’s the point of instigating it in the first place? That’s why government-led gray-zone exercises that involve the private sector are so important. I’ve been proposing them for several years now, and for every month that passes, they become even more essential. Like the military, we shouldn’t just conduct these exercises — we should tell the whole world we’re doing so too. Demonstrating we’re ready could help dissuade sinister actors who believe they can empty our coffers. And it has a side benefit too: It helps companies show their customers and investors that they can, indeed, weather whatever Russia may dream up.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Seven years ago, Sweden made global headlines with “In Case of Crisis or War” — a crisis preparedness leaflet sent to all households in the country. Unsurprisingly, preparedness leaflets have become a trend across Europe since then. But now, Sweden is ahead of the game once more, this time with a preparedness leaflet specifically for businesses. Informing companies about threats that could harm them, and how they can prepare, makes perfect sense. And in today’s geopolitical reality, it’s becoming indispensable. I remember when “In Case of Crisis or War” was first published in 2018: The Swedish Civil Contingencies Agency, or MSB, sent the leaflet out by post to every single home. The use of snail mail wasn’t accidental — in a crisis, there could be devastating cyberattacks that would prevent people from accessing information online. The leaflet — an updated version of the Cold War-era “In Case of War” — contained information about all manner of possible harm, along with information about how to best prepare and protect oneself. Then, there was the key statement: “If Sweden is attacked, we will never surrender. Any suggestion to the contrary is false.” Over the top, suggested some outside observers derisively. Why cause panic among people? But, oh, what folly! Preparedness leaflets have been used elsewhere too. I came to appreciate preparedness education during my years as a resident of San Francisco — a city prone to earthquakes. On buses, at bus stops and online, residents like me were constantly reminded that an earthquake could strike at any moment and we were told how to prepare, what to do while the earthquake was happening, how to find loved ones afterward and how to fend for ourselves for up to three days after a tremor. The city’s then-Mayor Gavin Newsom had made disaster preparedness a key part of his program and to this day, I know exactly what items to always have at home in case of a crisis: Water, blankets, flashlights, canned food and a hand-cranked radio. And those items are the same, whether the crisis is an earthquake, a cyberattack or a military assault. Other earthquake-prone cities and regions disseminate similar preparedness advice — as do a fast-growing number of countries, now facing threats from hostile states. Poland, as it happens, published its new leaflet just a few days before Russia’s drones entered its airspace. But these preparedness instructions have generally focused on citizens and households; businesses have to come up with their own preparedness plans against whatever Russia or other hostile states and their proxies think up — and against extreme weather events too. That’s a lot of hostile activity. In the past couple years alone, undersea cables have been damaged under mysterious circumstances; a Polish shopping mall and a Lithuanian Ikea store have been subject to arson attacks; drones have been circling above weapons-manufacturing facilities; and a defense-manufacturing CEO has been the target of an assassination plot; just to name a few incidents. San Francisco’s then-Mayor Gavin Newsom had made disaster preparedness a key part of his program. | Tayfun Coskun/Anadolu via Getty Images It’s no wonder geopolitical threats are causing alarm to the private sector. Global insurance broker Willis Towers Watson’s 2025 Political Risk Survey, which focuses on multinationals, found that the political risk losses in 2023 — the most recent year for which data is available — were at their highest level since the survey began. Companies are particularly concerned about economic retaliation, state-linked cyberattacks and state-linked attacks on infrastructure in the area of gray-zone aggression. Yes, businesses around Europe receive warnings and updates from their governments, and large businesses have crisis managers and run crisis management exercises for their staff. But there was no national preparedness guide for businesses — until now. MSB’s preparedness leaflet directed at Sweden’s companies is breaking new ground. It will feature the same kind of easy-to-implement advice as “In Case of Crisis or War,” and it will be just as useful for family-run shops as it is for multinationals, helping companies to keep operating matters far beyond the businesses themselves. By targeting the private sector, hostile states can quickly bring countries to a grinding and discombobulating halt. That must not happen — and preventing should involve both governments and the companies themselves. Naturally, a leaflet is only the beginning. As I’ve written before, governments would do well to conduct tabletop preparedness exercises with businesses — Sweden and the Czech Republic are ahead on this — and simulation exercises would be even better. But a leaflet is a fabulous cost-effective start. It’s also powerful deterrence-signaling to prospective attackers. And in issuing its leaflet, Sweden is signaling that targeting the country’s businesses won’t be as effective as would-be attackers would wish. (The leaflet, by the way, will be blue. The leaflet for private citizens was yellow. Get it? The colors, too, are a powerful message.)

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. If there’s one thing we know, it’s that our transition away from fossil fuels won’t be possible without electric cars (EVs). Pulling ahead in this field, China has recently been making EVs that are far cheaper than Western-manufactured ones, and much of it comes down to one humble yet indispensable component: the battery. But now, thanks to one small town in Norway, it seems there might yet be hope for Europe, and for a greener future without risky dependencies on China. Oh, how the times have changed. Four years ago, Tesla was the world’s largest all-electric car brand, followed by China’s state-owned SAIC, Volkswagen, Renault-Nissan-Mitsubishi and BYD ( another Chinese manufacturer). Today, five of the world’s 10 biggest EV brands are Chinese — and it’s not because buyers specifically want Chinese cars. It’s simply because they’re cheaper. Take, for example, BYD’s Dolphin Surf. Available in Europe as of this summer, these cars start at €22,900. That’s significantly less than Tesla models — and a couple other Chinese EVs are cheaper still. One reason for all this is that their batteries — that all-important part of an EV — cost less. For the past few years, Chinese makers have been switching to so-called LFP batteries, which are different from the NMC batteries most Western cars still use. LFP stands for lithium iron phosphate, and batteries made with these components aren’t just cheaper but last longer, thus making them more sustainable too. (NMCs still get more usage out of each charge, which makes them better for longer drives, but that gap is narrowing.) Given their focus on price, it’s not surprising Chinese brands have so massively adopted LFP batteries. “[China has] a huge cost advantage through economies of scale and battery technology. European manufacturers have fallen well behind,” David Bailey, a professor of business and economics at Birmingham Business School told the BBC. “Unless they wake up very quickly and catch up, they could be wiped out.” But there’s good news for Western EV makers: a renewable-energy company called Å Energi — a Norwegian hydropower giant — has been thinking ahead precisely along these lines. Four years ago, Å Energi teamed up with ABB, Siemens, the Danish pension fund PKA and the Norwegian investment firm Nysnø to form Morrow Batteries. Majority-owned by Å Energi, Morrow is based in the picturesque town of Arendal on Norway’s south coast, and it recently began producing LFP batteries for energy storage systems — think sun and wind energy that needs to be stored after being captured in solar panels and wind turbines — as well as for defense equipment. If all goes according to plan, Morrow will then expand to vehicles, with plans to build another three LFP facilities in Arendal before 2029. Of course, this company won’t be able to match China’s formidable LFP production on its own  — and yet, it exists. It exists because Å Energi dared to commit to this new technology, because the Norwegian government agreed to grant a loan, and because the EU decided to support the undertaking too. Four years ago, Tesla was the world’s largest all-electric car brand, followed by China’s state-owned SAIC. | Allison Dinner/EPA To date, the path to EV batteries has been strewn with grand ambition and, alas, bankruptcies. In the past couple years alone, Northvolt in Sweden and Britishvolt in the U.K. have both gone bust. But as technical as it may sound, LFP batteries are the surest way for Europe to reduce its dependence on Chinese EVs. So, if Morrow succeeds, and is perhaps joined by one or two new European battery-makers, Europe’s EV manufacturers will be better able to compete with Chinese rivals. To be viable, the green transition has to be a collective undertaking. It’s no surprise that this pioneering LFP factory is located in Norway, as the country has made EV adoption a priority. In 2023, nine in 10 cars sold in the country were already EVs, and the Norwegian government wants all newly sold cars to be zero-emission by the end of this year. Norway doesn’t have any significant car manufacturers, and unlike most battery-makers, Morrow isn’t owned by a car manufacturer. But LFP batteries look certain to be the future in all kinds of applications — and Norway is grabbing that opportunity. Morrow’s factory, or factories, may lose money at first, but in the long run, they’ll be a benefit to their owners and to Norway — not to mention Western consumers. Even more crucially, the arrival of a battery factory in Arendal points to a fundamental reality: that to do the right thing for our supply chains and, in many cases, the climate, companies need to team up with unexpected partners, and occasionally with the government too. In today’s climate, so to speak, business plans can no longer solely focus on immediate profit.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Germany needs to significantly expand its armed forces — and it’s concluding the only feasible way to do so is to introduce some form of national service. Latvia recently did so; Sweden and Lithuania joined Europe’s ranks of national-service nations several years ago; and even the U.K., which ended military service long before the end of the Cold War, has floated the idea. Teenagers, it seems, are in vogue. But rather than merely talking about them, we should invite them to contribute their ideas to national security. German Defense Minister Boris Pistorius — the country’s perennially  most popular politician — is trying to fix to an increasingly urgent problem: the Bundeswehr’s shortage of soldiers. In recent months, Europe’s largest country committed previously inconceivable sums to its armed forces, but even the shiniest new equipment is useless without soldiers. And Germany is already some 50,000 short of the 230,000 to 240,000 soldiers the coalition government wants it to field. (At the end of last year, the Bundeswehr had 181,174 men and women on active duty.) Pistorius, much-liked for his pragmatism and for speaking in ways the public can easily understand, has a practical solution in mind, and that is to create a “new military service” based on Norway’s selective military service. The Norwegian system — which I’ve frequently highlighted as a model other countries could adopt and adapt — sees all 18-year-olds assessed for military service, with only a small percentage eventually selected. It’s a clever system because modern militaries don’t need human masses for trench-style warfare, and the selectivity makes military service extremely attractive. Sweden adopted a similar model a few years ago, and now Pistorius wants Germany adopt it too. But it’s a gamble. What if enough young Germans don’t accept the offer of military service the way Norwegians so enthusiastically do? What if the Bundeswehr needs so many soldiers that being selected for military service doesn’t quite resemble getting a place at Oxbridge? Would the government then force them to serve? That’s the Gordian Knot the defense minister must now solve, and the coalition’s Christian Democratic Union and Christian Social Union on the one hand, and the Social Democrats on the other are divided on the issue. The U.K., which also wants to grow its military, faces recruitment challenges too. At the moment, its armed forces comprise 148,230 active-duty personnel, and they have fallen short of recruitment targets. Even though the armed forces have produced some truly impressive recruitment advertisement campaigns in recent years, the numbers refuse to leap. The issue is much the same in other European countries that don’t have military service. Even some that do haven’t managed to make the prospect of serving (including signing up for active duty after competing military service) quite as attractive as Norway does. One-quarter of Norwegian conscripts go on to active duty. Sweden and Lithuania joined Europe’s ranks of national-service nations several years ago. | Artur Reszko/EPA But there’s a solution: Ask the teenagers. Discussions around military service naturally focus on what might work, what should work, how the youngsters might respond, how they can be incentivized to participate and much else. But the teenagers themselves aren’t consulted. Imagine if they were. Just as we appoint seasoned experts to write national-security strategies, we could invite young people to participate in task forces focusing on military service and related matters. Naturally, such task forces would have to be led by senior government officials, but the rest of the membership could be comprised by young people of serving age. In fact, the defense of our countries now hinges on our young people. They have skin in the game — and just as important, they’re extremely likely to have good ideas about how military service should be set up. Of course, they wouldn’t be able to provide recommendations regarding the military training itself, but they’d be the best possible experts on what might make Gen Z and its successors want to be part of national security, and what national security should look like. This goes beyond what kind of sleeping quarters they might like. For example, would they consider getting a driver’s license as part of their military training — as Germany is considering — a significant carrot? How would they get young tech types interested in the armed forces? What about educating the general public about what the armed forces do? The latter is a particularly crucial undertaking now that virtually every European country says it wants to spend more money on defense but is struggling to get the message out. Young people might have good, constructive ideas; solutions the rest of us have failed to think of. And let’s remember they aren’t just potential national-service participants: They’re also the future stewards of our countries. Whatever we decide today will have an impact — whether positive or negative — on the future of our nations. Let’s get them involved.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Who set fire to the Marywilska 44 shopping mall in Poland last year? In May, authorities in Warsaw announced they now know the answer, and that the perpetrators were ordinary civilians recruited by Russia. The arrangement is very on trend. The Kremlin has been using freelancers to carry out dirty deeds across Europe with increasing frequency — and those freelancers can be anyone. The strategy is as sinister as it is effective. It’s also a law enforcement nightmare. The fire that ripped through the Polish mall in the early hours of May 12, 2024 had been so fierce, it spread swiftly across the vast facility. By the time firefighters managed to extinguish the blaze, it had destroyed 80 percent of the building and the majority of the shopping center’s 1,400 stores. At first, it seemed massive misfortune had struck the center’s merchants. But much of the incident was suspicious — accidental sparks rarely travel that far that quickly. Ever since the fire, police had been investigating. And on May 11 this year, Polish Prime Minister Donald Tusk finally announced that the authorities had identified the culprit: “We now know for sure that the great fire of the Marywilska shopping center in Warsaw was caused by arson ordered by Russian special services. Some of the perpetrators have already been detained; all the others are identified and [are being] sought. We will get you all!” he said. The following day, Foreign Minister Radosław Sikorski told the BBC: “We have evidence that they commissioned people living in Poland, they commissioned them on Telegram and paid them to set fire to this huge shopping mall.” But this fire is just the latest example of what I call “freelance” gray-zone aggression: hostile states carrying out harmful acts against other countries through one-off contractors. For instance, before Germany’s federal election in February 2024, hundreds of Germans found their cars sabotaged, their exhaust pipes blocked by insulation foam and their windows covered in posters with the countenance of then-Greens leader and Vice Chancellor Robert Habeck. “Be greener!” the signs commanded. It looked like the work of overzealous party supporters. But police made a completely different discovery: The sabotage was committed by various small-time criminals who were recruited by a Russian agent on the messaging app Viber. The agent had promised — and delivered — payment of €100 per car, one of the suspects told the police. And that’s just one example. Last summer, a parcel burst into flames at a DHL depot in Leipzig. Then another parcel caught fire in Warsaw — and another in Birmingham. Authorities and investigative journalists later found that a man in Vilnius had dropped the parcels off at DHL in the Lithuanian capital. The packages contained cosmetics, sex toys and massage pillows, and were to be sent to addresses in Britain and Poland. Two of them exploded on arrival, another during a stopover in Leipzig. Had they exploded in the air, lives would have been lost. Then, a few months later, a man in Poland dropped off what turned out to be two suspicious packages to be delivered to the U.S. — an attempt to scout out future parcel bomb routes, investigative journalists reported. A month later, three Ukrainians carried out a similar scheme in Germany. These attempted attacks, too, were instigated by Russia (in this case, the GRU military intelligence service) and executed by freelancers recruited via apps. By the time firefighters managed to extinguish the blaze, it had destroyed 80 percent of the building and the majority of the shopping center’s 1,400 stores. | Leszek Syzmanksi/EPA I have also been told with a high degree of confidence, by an entity monitoring hostile-state activity, that entities affiliated with Russian artillery units have been identified within Finnish steel facilities. And last month, homes linked to U.K. Prime Minister Keir Starmer were damaged in arson attacks that undeniably pointed to Moscow as well. The police charged two Ukrainians and one Romanian, who conspired with “others unknown.” The latter, a Russian speaker born in Ukraine, had been studying at Canterbury Christ Church University while working in construction and as a model. If a student and part-time model can turn out to be behind a one-off gig for Russia, so could thousands of others in Britain, Germany, Poland, Lithuania — essentially any Western country. The gig model works well for Russia because it allows it to easily recruit freelancers, or “disposable agents” as they’re sometimes called. “The more eye-catching shift this year has been Russian state actors turning to proxies for their dirty work, including private intelligence operatives and criminals from both the U.K. and third countries,” MI5 Director General Ken McCallum said last October. The arrangement works well for the freelancers, too, as they can take on gigs without committing to a career in the Kremlin’s service. But as the incidents to date illustrate, this type of gig gray-zone aggression is highly disruptive and dangerous. We risk the prospect of constant attacks, while the taskmasters on the other side of the chat watch their gig workers sow destruction as their own involvement remains virtually impossible to prove, let alone prosecute or avenge. And they don’t just operate from Russia either — other hostile states are already using the gig model and are likely to expand it. For law enforcement, tackling this problem is almost impossible, especially in open societies where we don’t track people’s every move the way, say, China does. But if we all do our part, we’ll at least have a chance of curtailing this sinister campaign. Citizens can report situations that look unusual, while companies and authorities can step up the surveillance of their facilities — as all manner of gig attacks are likely to be carried out around buildings. Dismantling this new mode of operation won’t be as easy as “see it, say it, sorted.” However, if most of us decide to be more alert and report our findings, criminals will be less tempted to do the dirty deeds of hostile states. No doubt those who have since been arrested now regret their part in this scheme.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. The shadow fleet is a scourge. And ever since Western governments capped the price of Russian oil, it’s been growing incessantly, presenting the coastal states along its route with the omni-peril of accidents and oil spills. All this is enabled by certain flag nations of convenience, which allow these shady ships to fly their flags. Now, though, a new category of ships is emerging — one that’s even shadier and harder to reign in: The renegade fleet, which flies no flag at all. In the middle of the night on April 10, a mysterious ship approached the Gulf of Finland. Sailing from the Indian port of Sikka, it was en route to Russia’s Ust-Luga, a mere 32 kilometers from Narva, Estonia. This wasn’t at all unusual: Since the West imposed a $60-per-barrel price cap on Russian crude in December 2022, Estonian and Finnish authorities have grown accustomed to shady maritime visitors, with a skyrocketing number of so-called shadow vessels sailing in and out of Russia’s Baltic ports. Usually, these shadow vessels fly flags of convenience, or the newly surging flags of extreme convenience (as I call them). The latter are the flags of countries like Gabon, Mongolia, the Cook Islands, the Comoro Islands and Guinea-Bissau, which have virtually no maritime expertise but have become a destination for ships that can’t get flagged anywhere else. But the tanker the Estonians detained, the Kiwala, was different. It flew no flag at all. Previously, the Kiwala had been registered in Saint Kitts and Nevis. Then, in May 2023, as the shadow fleet exploded in size, the owner changed its flag registration first to Mongolia, then to Gabon and eventually to Djibouti in late 2024. After that, it simply sailed without a flag. This is a blatant violation of the maritime order. So, as the Kiwala approached Estonia’s exclusive economic zone (EEZ), the country’s authorities kept a close eye on it, immediately instructing the vessel to enter territorial waters once it had entered the EEZ. And while shadow vessels usually take extreme pains to remain in EEZs, where coastal states have far fewer rights, the Kiwala remarkably complied. Once in territorial waters, the ship was swiftly detained by authorities. “The ship had no flag state. A stateless vessel. Ships like this are actually not allowed to operate. Estonia exercised its right to detain the vessel for inspection,” Veiko Kommusaar, head of Estonia’s Police and Border Guard Board (PPA), told the media. The detention turned out to be rather necessary, as Estonian authorities discovered the tanker had no fewer than 40 deficiencies. (Somehow its last inspection, completed in the Russian port of Novorossiysk in June 2024, had turned up no deficiencies at all.) Fifteen days later, with its most serious problems fixed, the Kiwala was allowed to depart, and Djibouti agreed to let it sail under its flag until May 7. As of today, however, the Kiwala will likely return to its flag-less existence because it clearly didn’t hurt business: Since doing away with its flag registration last November, it’s been transporting crude back and forth between Russia and southeast Asia. When detained by the Estonians, the vessel was on its way to Ust-Luga to receive another load of Russian crude. Such is the state of maritime order today. Western governments capped the price of Russian oil. | Maxim Shipenkov/EPA In a perverse sort of way, it’s good the Kiwala was sailing flagless: It means even flags of extreme convenience found the vessel too risky. Then again, the fact that this didn’t stop it from sailing at all suggests a troubling reality: So unconcerned are shadow vessel owners about international maritime rules that they’re willing to let ships violate the most fundamental commandment of global shipping. Under normal circumstances, the Kiwala should have been detained in Ust-Luga, Sikka, or one of the other Russian or Indian ports where it regularly calls. But it wasn’t. Instead, its owner, its customers and all these ports tolerated its blatant violation of maritime rules. They were comfortable because on today’s oceans, rule-breaking is commonplace and on the rise — whether it’s the shadow fleet, the mysterious incidents involving undersea cables and pipelines, the Houthi attacks on Western-linked merchant vessels, China’s maritime harassment in the South China Sea or its seizure of reefs located in other countries’ waters. As for the renegade fleet, it poses the same substantial risks as the shadow fleet — including the fundamental question of what happens in case of an accident. Ordinarily, the flag state plays a lead role dealing with accidents (and preventing them). But what happens when there’s no flag? Law-abiding countries have few options when trying to tackle rule violators in their EEZs, and virtually none in international waters, but credit to Estonia for dealing with the Kiwala. Meanwhile, the rest of us can help by naming and shaming rule-breaking vessels, their owners and managers. We should especially keep an alert eye on other ships joining the renegade fleet. For starters, the world should know about Tirad Shipping Inc. — the one-ship outfit in Mauritius that owned and managed the Kiwala when it entered Estonia’s waters — and the vessel’s new manager, the Shanghai-based Hong Ze Hu Shipmanagement Co. Their banks may want to take a closer look at them too because if they trade in dollars — as they most likely do —they could well be violating sanctions. The international maritime order depends on countries and companies adhering to rules. Today, we’re seeing the broken windows theory play out on the high seas: lawlessness begetting more lawlessness. It was almost inevitable that the shadow fleet would be followed by the emerging renegade fleet. But it’s not too late to stop it in its maritime tracks.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Last December, just days before the shadow vessel Eagle S reportedly damaged an energy cable in the Gulf of Finland, a group of Baltic Sea countries and the U.K. collectively announced they would start inspecting the insurance documents of suspected vessels. The countries thought they’d finally found the solution that would allow them to crack down on shadow vessels without violating any rules, as shadow vessels are thought to lack proper accident insurance, and the documentation they show inspectors can be worthless or downright fraudulent. “The United Kingdom, Denmark, Sweden, Poland, Finland and Estonia are tasking respective maritime authorities to request relevant proof of insurance from suspected shadow vessels as they pass through the English Channel, the Danish Straits of the Great Belt, the Sound between Denmark and Sweden, and the Gulf of Finland. Information collected by the participating states, including relating to those vessels that choose not to respond to requests, will be assessed and acted upon together with our international partners,” they declared. But insurance inspections alone won’t solve the problem. The idea itself was sensible, as Western insurers — known as P&I clubs — massively dominate maritime accident insurance and aren’t allowed to insure sanctioned vessels. So, if a shadow vessel was asked for insurance documentation, which is mandatory for all commercial vessels, it likely wouldn’t be able to show any, providing officials with a perfectly legitimate reason to ask it to leave — or so the reasoning went. Nine days later, however, the Finnish Coast Guard observed the Eagle S performing mysterious movements on top of the EstLink 2, the undersea interconnector linking Finland and Estonia. A suspected shadow tanker flagged in the Cook Islands — a shadow vessel favorite — the Eagle S has also been greylisted and blacklisted by the international organizations that document ship safety. Thus, the Finns dramatically boarded and seized the vessel, detaining its crew. Alas, catching shadow vessels in the act of cutting cables like this is, and will, remain the exception. Far from sabotaging cables, most shadow vessels simply sail through other countries’ waters in all their unseaworthy glory, posing risks wherever they go — another reason why it makes so much sense for affected nations to inspect insurance documentation. But even though Finland and Denmark have been inspecting insurance certificates ever since, the darndest thing has happened: Virtually every time a shadow vessel has been stopped for inspection, it seems the officer in charge has been able to produce the requested documents. Of course, the documents in question may not actually be proof of functioning insurance — in fact, they might be little more than a piece of paper. Sundry commentators and social-media users have reacted to the shadow fleet’s blatant and extremely regular journeys through the Baltic Sea by suggesting the coastal states ought seize these vessels, or even sink them, and detain their crews, but it’s not as simple as that either. Stopping shadow vessels is actually far more complicated due to global maritime rules — rules that are violated by shadow vessel owners but should nonetheless be observed by Western countries. So, as the public grows increasingly frustrated that hundreds of rules-busting, dangerous ships keep sailing the Baltic Sea — and in some cases the English Channel — posing enormous risks to other vessels and the maritime environment, our governments should focus more on finding the shady operators behind the shadow fleet. And while we’re at it, everyone with investigative skills can help identify them too. The maritime world is based on professionalism. Coast guard officers merely ensure ships carry insurance certificates — they’re not in a position to investigate the veracity of the information, let alone whether the purported company exists. The Finnish Coast Guard observed the Eagle S performing mysterious movements on top of the EstLink 2, the undersea interconnector linking Finland and Estonia. | Jussi Nikari/Lehtikuva/AFP via Getty Images Last month, for example, one such insurance outfit — Ro Marine — attracted the attention of Norway’s financial inspectorate. Based in Norway and led by a Russian businessman based in St. Petersburg, the company says it insures 250 ships, but according to a report from Norway’s national broadcaster NRK and the Danish investigative journalist group Danwatch, 70 of them belong to the shadow fleet and 40 of them are sanctioned. Ro Marine also claims to be certified in Norway, but the report states that the documentation allegedly proving this is fake. The company even purports to be located at the Norwegian Shipowners’ Association’s office in Oslo, which is a lie. And in early March, when a Ro Marine-insured ship left Russia, sailing through the Gulf of Finland, the Baltic and passing the Danish Straits, its crew was able to show an insurance certificate and sail on. And rogue insurance is a serious risk on the high seas. “it’s not simply that these vessels lack adequate insurance that protects their own assets,” said Simon Lockwood, head of the shipowner practice at global insurance broker WTW. “The costs fall back to the innocent parties, and they suffer the financial burden of the actions of rogue operators.” If a Ro Marine-insured ship had hit another vessel, for instance, the other vessel would have struggled to receive compensation. Shipping used to be chaotic and Darwinian. But over the past century, governments built an impressive edifice of rules, treaties and conventions to make the high seas safer for all involved. The shipping sector added its own rules too, and insurance is part of this construct. Though, again, it mostly depends on voluntary compliance. The Baltic Sea nations and Britain can call on the owners and crews of shadow vessels to obey the rules; they can call on Russia to obey the rules; they can inspect insurance certificates all they want. If someone has their mind set on subverting the maritime order, no agency can stop them. There are no global maritime police, let alone global maritime court. But we’re not at the complete mercy of these rule-breakers. Everyone with investigative skills can help restore some manner of maritime order by researching the shadow fleet’s activities. The companies and individuals who sell ships into the fleet, the companies and individuals who buy them, the operators who set up bogus insurance outfits — none of them want their activities to be known. Let’s expose them.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. What happens in Svalbard doesn’t look like it’ll be saying in Svalbard. The archipelago is located nearly 1,000 kilometers from Norway’s northernmost city, Tromsø, and is home to just 3,000-or-so people. In recent years, however, Russia has repeatedly used it to experiment with different provocations. And now, the Kremlin has accused Norway of militarizing the archipelago, creating a potential pretext for military action. Svalbard is indisputably remote as well as cold, but the archipelago is strategically positioned, and Russia could well decide to use it as a test case — which means it’s time we start keeping a closer eye on Svalbard. Svalbard, or Spitsbergen as it’s also known, has been inhabited by humans ever since whalers discovered the archipelago in the 1600s. And after coal was discovered there in the late 1800s, the islands’ attractiveness grew further. In fact, it grew so much that the world’s nations had to decide which country Svalbard should belong to, and the winner was, unsurprisingly, Norway — the country located closest to it (though 930 kilometers is some distance away). In the Svalbard Treaty — which was signed by Norway, the U.S., the U.K., Sweden, Japan and a small number of other countries in 1920 — Norway was awarded the archipelago, and in exchange, it promised to allow citizens and companies from the other signatory countries to live, work and operate there. It also promised not to militarize Svalbard. The Soviet Union signed the treaty in 1935 and proceeded to organize a Soviet presence centered around the coal mines it ran there. In fact, the Soviets built a model village that functioned like a mini-Soviet Union until 1998, when Russia’s Arktikugol closed its Svalbard mines and the company town Pyramiden was hastily abandoned. (To this day, Pyramiden is a ghost town that looks pretty much the same way it did in 1988.) But Russia didn’t completely leave Svalbard. Rather, in recent years, Russian officials and other representatives have been conducting various manifestations on the archipelago. For example, in 2015, Deputy Prime Minister Dmitry Rogozin — who had been sanctioned by the West — landed on Svalbard without Norway’s permission and proceeded to mock Norwegians on social media. Then, on May 9 2023, Russians conducted a military-style Victory Day parade led by their consul general, the Barents Observer reported. Last year, Arktikugol’s director and others planted Soviet flags in Pyramiden. And now, the Kremlin has issued a complaint against what it calls Norwegian militarization of Svalbard. In a meeting with Norway’s ambassador to Russia earlier this month, senior officials from Russia’s Ministry of Foreign Affairs noted that “contrary to the international legal regime established by the 1920 Svalbard Treaty, which provides for the exclusively peaceful development of the archipelago and prohibits the use of its territory for military purposes, the area is increasingly involved in Norway’s military and political planning with the participation of the US and NATO,” TASS reported. The state-owned Russian news agency also quoted the ministry as claiming “dual-purpose facilities are operating on the archipelago, allowing, along with civilian tasks, to perform military ones, including combat operations on the territory of third countries.” The facts, however, are these: Svalbard isn’t involved in Norway’s “military and political planning.” There’s no Norwegian military use of the archipelago — and especially no such use by NATO or the U.S. The Svalbard Treaty prohibits naval bases and military fortifications, and there are no such installations on any of the islands — though Norwegian naval vessels do patrol the waters around the archipelago, and the Norwegian armed forces assist local authorities’ crisis response, as happened in 2017, when a Russian helicopter crashed near Svalbard’s largest town, Barentsburg. Although Svalbard may be extremely remote, what happens there won’t stay there. | Jonathan Nackstrand/AFP via Getty Images Rather, the party upsetting the apple cart is Russia, which seems to resent the demise of its Soviet glory days on Svalbard. More troublingly, the Kremlin also seems to view the archipelago as a place to test new ways of asserting itself and undermining the West. A sanctioned Russian official arriving on Svalbard without permission, the head of Arktikugol planting a Soviet flag and a Victory Day parade (even though the Nazis never occupied Svalbard) — these are all unsubtle provocations the Norwegian government can do little about. And now the Kremlin has upped the ante. In accusing Oslo of violating the Svalbard Treaty, Russia has given itself the option of responding to this alleged violation. It’s a move that follows Moscow’s playbook in Ukraine, where it has, at various points, claimed to be responding to Ukrainian misdeeds. And while Norway can insist it’s not violating the Svalbard Treaty, that’s hardly going to convince a regime that’s operationalized peddling untruths. How might Russia respond to Norway’s alleged infraction? It’s impossible to know. But one thing is certain: Although Svalbard may be extremely remote, what happens there won’t stay there. NATO members and other allies would do well to start thinking about how they’d respond if Russia took action against one of its most remote geographies. There are even things ordinary citizens can do too — such as visiting the archipelago to demonstrate they’re paying attention.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. It was devious, the campaign German authorities uncovered in early February. First, it was one car, then another, then a few more; eventually the tally came to hundreds. They were sabotaged by four men, supposedly in support of the country’s Green Party. As it turns out, though, these men weren’t green activists at all — the real instigator of the serial sabotage was Russia. This is far from the only case of geopolitically linked harm we’ve seen in recent months. And it’s time European countries, as well as companies, started keeping a much closer eye on potential saboteurs in our midst. In total, the perpetrators in Germany sabotaged 270 cars parked on city streets, spraying insulation foam into the cars’ exhaust pipes, rendering them immobile. To complete their anti-car campaign, the perpetrators stuck posters on the cars, with the command: “Be more green!” alongside the image of Vice Chancellor Robert Habeck. It looked like the work of overzealous climate activists trying to drum up support for Habeck’s Greens ahead of Germany’s national elections on Feb. 23. But alert police officers outside Berlin solved the mysterious case when they spotted a group of men driving suspiciously. And the men — a German, a Romanian, a Serb and a citizen of Bosnia-Herzegovina — turned out to be guns for hire. One of them even told the police they’d been contracted by a Russian who paid them €100 per sabotaged car, plus an advance of several thousand euros. Although German investigators haven’t been able to prove the sabotage was instigated by the Kremlin — and may never find such proof — it’s important to remember that it would be in Russia’s interest to discredit the staunchly pro-Ukraine Greens. But the car campaign is far from the only case of geopolitically motivated harm we’ve seen recently: Incendiary parcels intended for airliners have turned up at DHL’s logistics hub in Leipzig. Unknown perpetrators have tried to break into water plants in Finland and Sweden. There have been suspicious fires at shopping centers and warehouses in various European countries. Unidentified drones have been keeping watch of defense manufacturing plants. Undersea cables have been malfunctioning at galloping rate in the Baltic Sea, Taiwanese waters and elsewhere. There was even a Russia-linked plot to assassinate Armin Papperger, the CEO of the German arms manufacturer Rheinmetall. Individuals trying to harm our countries are, in fact, stalking our streets every day. They can strike anywhere, against any target, and they use tools of their choosing. Retired Russian military intelligence officer Sergei Skripal’s would-be assassins used the state-controlled nerve agent Novichok; the exhaust pipe saboteurs in Germany used insulation foam. You get the idea: Anything can be a weapon, from the sophisticated to the rudimentary. And these perpetrators are almost never agents of the state. The ships suspected of cutting cables in the Baltic Sea, for instance, are regular merchant vessels; their crews aren’t employees of a hostile government. What’s more, the forceful response from Western governments to the Skripal poisoning and the Ukraine war — which has since included the expulsion of nearly 1,000 Russian diplomats, most of them spies — has resulted in more freelancers carrying out hostile Russian activity. There was even a Russia-linked plot to assassinate Armin Papperger, the CEO of the German arms manufacturer Rheinmetall. | Ina Fassbender/Getty images “The more eye-catching shift this year has been Russian state actors turning to proxies for their dirty work, including private intelligence operatives and criminals from both the U.K. and third countries,” MI5 Director-General Ken McCallum warned last October. And these freelance arrangements will only increase. It’s a chilling reality, knowing that an army of helpers roams our streets on behalf of hostile states. It means we must try even harder to protect ourselves. We must keep a closer eye on what’s going on around us, on potentially harmful developments, on individuals who have no legitimate reason to be walking our streets. And “we” isn’t just MI5 and similar government agencies — it’s everyone. For example, while defense contractors have every right to hope the government will keep them safe, the police and secret services don’t have the capacity to monitor every location all the time, especially since any company — defense contractor or not — is a potential target. The simple fact that Russia and some other hostile countries have decided to use nonmilitary means (so-called hybrid or grey-zone aggression) to harm Western nations means that trying to detect threats as early as possible is now in the best interest of companies too. Granted, since these would-be saboteurs aren’t employees of hostile governments, it’s hard to identify their intentions. And being on constant look-out for threats could stoke paranoia. But in today’s environment, not doing so is naïve. As citizens we need to be aware of our surroundings. Last November, Taiwan’s coast guard launched a “people power” initiative, encouraging citizens to report suspicious behavior in nearby waters. It follows a similar initiative launched by Sweden four years ago. Companies, meanwhile, have a duty to their employees and shareholders to protect themselves to the largest extent possible. Indeed, shareholders may come to expect annual reports to contain information about the measures a company has taken to monitor threats. And stating that such threat detection is the authorities’ job won’t do much to convince worried shareholders. In “The Open Society and Its Enemies,” the eminent philosopher Karl Popper brilliantly describes the dangers extremist ideologies pose to our open societies. And while we may soon see more such dangers return to Western nations, today we already have enemies, with various motivations, operating within our borders, seeking to harm us. It’s in all our interest to help stop them.