Abstract: In an increasingly interconnected world marked by digitalisation and information abundance, the nature of security threats has evolved beyond traditional paradigms. Hybrid threats, characterised by their multifaceted and often subtle nature, challenge the conventional understanding of warfare. The concept of hybrid threats and cognitive warfare play a vital role within the context of the information age. Therefore, digital situational awareness leveraged by AI/ML is key in addressing these emergent challenges.
Problem statement: How can AI/ML technology and publicly available information be used to identify hybrid threats and cognitive warfare campaigns in the digital realm?
So what?: To effectively identify and counter hybrid threats and cognitive warfare campaigns against liberal democracies all over the world, it is crucial to have inter-ministerial and inter-governmental information-sharing capabilities, as well as technically advanced AI/ML-powered technology to analyse multilingual, publicly available information in near real-time. Such a system enables monitoring and sending timely alerts to specific decision-makers, helping them formulate appropriate responses to Hybrid Threats and Cognitive Warfare campaigns as they emerge and evolve.
Hybrid Threats and Cognitive Warfare in the Age of Transparency
The world is witnessing the use of a wide range of hybrid and cognitive operations by various actors worldwide, in addition to hybrid activities and conventional wars in Europe. In recent times, we have witnessed instances of hybrid activities such as sabotage of maritime infrastructure, disinformation campaigns against German media outlets, and possible sabotage of German railroad infrastructure. Additionally, there have been diplomatic and social media influence in Africa, and spying on Norwegian airports by use of drones. These events have different timelines and effectiveness. The vulnerability of many European countries to Hybrid Threats mainly arises from their inability to recognise and understand the nature and timing of the attack. Malign actors are increasingly using the grey area between war and peace, legal and illegal, and acceptable and unacceptable for strategic and power-political reasons.
The vulnerability of many European countries to Hybrid Threats mainly arises from their inability to recognise and understand the nature and timing of the attack.
The term "hybrid threat" refers to activities of state and non-state actors whose intention is to weaken a perceived geopolitical adversary to enforce strategic objectives by combining overt and covert military and non-military means and measures in such a way that the adversary's leadership capability or even social substance is threatened, influenced, or disintegrated. Hybrid threats are designed to blur the distinction between peace and war, complicating and undercutting the detection and response thresholds of the target under attack. Hybrid operations occur between war and peace in a grey (legal) area without politically triggering a conventional military response or even being recognised as formal aggression. The scope of hybrid operations extends far beyond the so-called physical military domains of cyberspace, space, sea, land, and air.
Cognitive warfare is a critical component of hybrid threats. It focuses on manipulating perceptions, beliefs, and emotions to achieve strategic goals. Cognitive warfare operates in the information domain, seeking to influence decision-makers, societies, and individuals through various means, including propaganda, disinformation, and psychological operations. The massive use of cognitive means creates a new reality, especially by influencing mass consciousness. Cognitive warfare poses a direct threat to democratic processes and the stability of civil society, as it seeks to undermine trust in institutions and erode public confidence. On the other side, Sean P. Larkin heralded a different new reality. He strongly believed that the proliferation of commercially available satellite imagery, drone surveillance, automated crisis reporting, citizen journalists such as Bellingcat, and open-source bloggers would lead to an explosion of surveillance capabilities that would make it difficult for states to conceal their actions. This reality applies to hybrid threats and cognitive warfare as well.
The rapid digitisation has ushered in an age of transparency, where vast amounts of information are readily accessible to anyone with an internet connection. While this transparency brings many benefits, it also creates new opportunities for hybrid threats and cognitive warfare. The proliferation of internet-enabled smartphones and social media has played a significant role in shaping modern society. The digitalisation of worldwide communication and the widespread dissemination of information through social media has enabled us to observe and evaluate global events in multiple languages, often in real-time and with location data. This revolution in information gathering and dissemination has disrupted the traditional monopolies of information and opinion formation, resulting in democratising access to information. The importance of information has increased dramatically for military and strategic purposes due to its global reach and dissemination capabilities.
The digitalisation of worldwide communication and the widespread dissemination of information through social media has enabled us to observe and evaluate global events in multiple languages, often in real-time and with location data.
In the age of transparency, hybrid threats exploit the interconnectedness and openness of digital platforms to achieve their objectives. Hybrid threat activities and cognitive warfare are frequently executed through open social media channels, and controversial discussions within social media and blogs are commonplace. In an era where perception and information are powerful tools, the ability to manipulate beliefs and emotions can have far-reaching consequences. Russia is a major player in cognitive warfare, employing massive information operations through social media to flood Western societies with disinformation and achieve cognitive advantages. For instance, Russia has used social media bots to influence public opinion in the U.S., UK, the Netherlands, and Spain. Although hybrid activities are not always visible, they generate and leave a trail of publicly available information.
To effectively counter hybrid threats, paying more attention to identifying, prioritising, tracking, detecting, and attributing relevant indicators is crucial. Analysts and decision-makers require an up-to-date situation picture that allows them to monitor hybrid threats in a timely, multilingual, and geographically localised manner. The situational picture results from an assessment process that involves recognising and reporting on time-critical developments that warn of hostile actions or intentions and visualise them. A warning system is essential for defending against hybrid threats.
Analysts and decision-makers require an up-to-date situation picture that allows them to monitor hybrid threats in a timely, multilingual, and geographically localised manner.
The ambiguity and fluidity of hybrid threats often make it difficult to accurately identify and address them. There are currently no fixed standards to adequately address such threats, which makes developing a warning system inherently challenging. Recognising the connections between military and non-military instruments over time has become crucial to understanding how hybrid activities threaten national interests. Building and launching new platforms can help maximise opportunities to leverage increasingly diverse data and expertise, particularly in the rapidly evolving area of open-source intelligence (OSINT).
International Search to Create A Situation Report on “Hybrid Threats”
Despite national and international initiatives to counter hybrid threats, there is currently no universally accepted set of symbols to define them. The European Center of Excellence for Countering Hybrid Threats (Hybrid CoE) in Helsinki has developed a preliminary approach to address this issue. As a Center of Excellence, it assists participating countries in enhancing civil-military capabilities, resilience, and preparedness against hybrid threats. Other NATO centers of excellence, such as the Strategic Communications Center of Excellence in Riga, the Cooperative Cyber Defense Center of Excellence in Tallinn, and the Energy Security Center of Excellence in Vilnius, also contribute to these efforts. The value of integrating classified and publicly available information is gaining recognition, and the UK Ministry of Defense's Hybrid Activity Monitoring Tool is a creative, experimental method that utilises publicly available information to identify potential hybrid activities and help decision-makers better understand events as they unfold.
The European Union (EU) has established initial institutional capabilities to counter hybrid threats. The EU Intelligence Analysis Centre (INTCEN) of the European External Action Service (EEAS) has hosted a hybrid threat fusion cell since 2002, which serves as the EU's central point of contact for examining external aspects of hybrid threats. The fusion cell collects, analyses, and shares classified and open information from various actors within the EEAS, the Commission, and the Member States to identify indicators and alerts on hybrid threats. The fusion cell collaborates with relevant EU and national authorities to analyse external aspects of hybrid threats affecting the EU and its neighbouring countries. The EU-HYBNET project, launched in 2020, aims to enhance current European networks to counter hybrid threats and ensure long-term sustainability.
NATO established the Joint Intelligence and Security Division in 2017, including a unit dedicated to monitoring and analysing Hybrid Threats. However, hybrid threats create a "dilemma" as they operate below the threshold of decisive responses, making it more challenging to detect hybrid activities and respond to them effectively.
The Utility of Publicly Available Information and Open Source Intelligence in Detecting Hybrid Threats
The discipline of Open Source Intelligence (OSINT) and the analysis of publicly available information have been considered less significant sources of information for national security issues in the past. Nevertheless, 70 to 90 per cent of all intelligence material today derives from OSINT findings. In the past, OSINT was mainly generated from news and information agencies, cultural and diplomatic exchanges, and socialisation. However, the Fourth Industrial Revolution has led to unprecedented access to knowledge and an explosion of data, making OSINT increasingly relevant. Publicly available information refers to structured, semi-structured, and unstructured data that can be found in various public sources. In recent years, unstructured data has significantly increased due to its social, mobile, and geographically marked nature. Technological capabilities in OSINT are crucial for the intelligence community in Western countries to address hybrid threat activities. The newest generation of OSINT involves the development of AI-supported technologies, systems, processes, and applications for large amounts of data from publicly available sources.
In the past, OSINT was mainly generated from news and information agencies, cultural and diplomatic exchanges, and socialisation. The Fourth Industrial Revolution has led to unprecedented access to knowledge and an explosion of data, making OSINT increasingly relevant.
The effective application of OSINT is crucial in detecting hybrid threats. First, commercial OSINT capabilities can complement traditional government collections and provide new insights through access to public information. Access to real-time information opens up unprecedented analysis possibilities and is, therefore, key to detecting hybrid threats. Second, OSINT intelligence does not come from sensitive sources, which increases the usefulness of the information in detecting malicious behaviour in real-time. However, using open social media is both a blessing and a curse, as attackers also use these sources to achieve their desired effects quickly. Disinformation campaigns on social and open media can be quickly identified so that security organisations and their member states can respond. On the other hand, there is information overload due to the speed, volume, variety, and integrity of publicly available information. This is a well-known phenomenon and is important for detecting hybrid threats.
Hybrid threat intelligence gathering cannot rely solely on human analysts anymore. With the increasing amount of data available (big data), extracting relevant information has become a challenging analytical task. OSINT presents a huge potential for solving this challenge. However, this requires new systems, processes, and applications to convert the data into valuable intelligence. The main question is: How can publicly available information be utilised to detect current hybrid threat events and report them in digital situations?
Digital Situational Awareness with Support from Artificial Intelligence
Maintaining digital situational awareness requires continuous monitoring and analysis of digital and information environments. This is done to effectively detect, attribute, and respond to hybrid threats and cognitive warfare. Early detection and attribution are essential to prevent potential threats. With digital situational awareness, stakeholders can detect emerging threats. They can also assess vulnerabilities and make informed decisions to minimise risks.
With the rapid growth of the internet and technological advancements like machine learning (ML) and artificial intelligence (AI), OSINT is increasingly relying on these tools. With data mining, visual forensics, and improved computing power, OSINT professionals can now collect and analyse information faster and with greater accuracy, leading to more reliable results. Digital situational awareness can be established by monitoring, merging, and analysing connected data sources using AI-powered OSINT. The goal is to accurately record hybrid threats' type, frequency, intensity, location, and actor. However, it is important to note that attributing hybrid activities is difficult, uncertain, and time-consuming due to the opaque nature of the actors involved. Ambiguity and deniability are key characteristics of hybrid threats, particularly in the context of modern warfare and conflict. They refer to the deliberate tactics used by hybrid actors to create uncertainty, confusion, and plausible deniability regarding their involvement in hostile actions.
With the rapid growth of the internet and technological advancements like machine learning (ML) and artificial intelligence (AI), OSINT is increasingly relying on these tools.
Despite this, it is, nevertheless, not impossible to attribute such activity. For instance, the Council on Foreign Relations' Cyber Operations Tracker website reported that 77% of all cyberattacks between 2005 and March 2022 can be attributed to Russia, the People’s Republic of China (PRC), North Korea, and Iran. To create a situation picture, the processing phases are based on a simplified intelligence cycle that is widely used by the intelligence community across different forms ranging from asymmetrical to conventional war. Although attributing actors in hybrid threat environments is more complex than in asymmetrical or conventional constellations, the intelligence cycle can still be applied. Collecting and analysing information is crucial in this context. In simple terms, the phases can be described as the need for information, acquisition, validation, evaluation, and provision of information enriched with knowledge from additional sources in the form of user products.
As hybrid scenarios are complex, it is recommended to automate as many steps as possible within the intelligence cycle with the help of advanced AI to reduce the burden on human analysts. However, automated OSINT has its disadvantages that are closely linked to the democratisation of information. Firstly, the desired information may not be available in any accessible source (availability). Secondly, the search formulation may not provide the desired information (formulation). Thirdly, the relevance and meaning of the returned data may not be recognised (confusion). A technically-based solution approach is suggested below. An OSINT platform autonomously scans millions of multilingual publicly available information sources such as search engines and social media. It can identify early signs of emerging hybrid activities and examine any correlations between them using state-of-the-art analytical models to support analysts. This platform offers the ability to create and permanently maintain a dynamic Digital situational awareness of Hybrid Threats in near real-time through advanced AI/ML (i.e., the study of computer algorithms that automate the creation of analytical models). This AI-supported monitoring enables an improved decision-making process through a comprehensive and visualised situation picture. To master this complex task, development must be divided into the following four subtasks.
Creating a Taxonomy for Hybrid Threats
Before monitoring hybrid threats, it is essential to thoroughly understand what hybrid threats are, including their objectives, tactics, and potential consequences. Indicators are crucial for gathering information and providing a systematic approach to assessing situations. They should be predictive, diagnostic, clear, and detectable. Although the term "Hybrid Threats" can now be defined more precisely, there are still varying opinions on which specific indicators or events can be classified as a hybrid threat and which cannot. Hybrid threats are not only diverse, but they are also tailored to exploit the specific vulnerabilities of specific targets.
Creating a hybrid threat taxonomy involves categorising these multifaceted and evolving security challenges into distinct types or classifications based on their characteristics, objectives, and tactics. Such a taxonomy helps policymakers, security experts, and researchers better understand and respond to hybrid threats. To create the most accurate situation picture possible, the conceptual considerations of the Hybrid CoE should be translated into an event codebook. The Hybrid CoE, in collaboration with the Joint Research Center of the European Commission, has identified two actors (state/non-state), 33 events, at least 13 social, economic, or political sectors, and four levels of activity in its basic paper "The Landscape of Hybrid Threats: A Conceptual Model".
Creating a hybrid threat taxonomy involves categorising these multifaceted and evolving security challenges into distinct types or classifications based on their characteristics, objectives, and tactics.
The instruments of hybrid threats include cyber operations, exploitation of socio-cultural differences, financing of cultural groups and political think tanks, physical operations against infrastructure, disinformation campaigns, propaganda, instrumentalised migration, airspace violations, or the use of military force. The 13 social, economic, or political domains identified by the Hybrid CoE have been defined and coded as categories, and the 33 tools have been categorised as events. The range of values of these variables can be further adjusted depending on the needs of the end-user, and subsidies can be created for each event. This taxonomy provides the basic definitional framework to ensure organisational and cross-country comparability. It enables the categorisation, visualisation, and geographic mapping of hybrid threats, thereby facilitating the identification and prevention of hybrid activities and authorising a better understanding of the diverse tactics and motivations involved, enabling more effective countermeasures and policy development. However, it is important to recognise that hybrid threats are dynamic and can evolve rapidly, so the taxonomy should be regularly updated and adapted to reflect emerging trends and tactics.
Monitoring hybrid threats is a process that requires a combination of technical capabilities, intelligence analysis, collaboration, and a commitment to staying ahead of evolving tactics and technologies used by threat actors. To create a complete situational picture, it is important to automate the process of continuously collecting information for creating situational awareness after developing a comprehensive event codebook. While collecting information, it is crucial to consider people's rights to privacy, freedom of expression, and informational self-determination, especially regarding social media, as stipulated by the General Data Protection Regulation (GDPR). Automated monitoring involves scanning publicly available information using identifying indicators. To effectively collect information, data from social media platforms should be considered, as well as social networks that are only active in certain countries or regions which are most frequently used by people in those areas. For example, VKontakte and QZone are the most popular social media channels in Russia and the PRC, respectively.
To make sense of big data, it is necessary to filter the most relevant information. This is achieved through AI-supported processing. Modern Natural Language Processing (NLP) is a text analysis technique that enables machines to interpret human language in text form, optimising the search in data and information sources. NLP also makes it easier to extract relevant data based on its content while reducing false positives and noise. In global investigations, NLP can also translate and interpret multilingual content quickly and accurately. However, the intricacies of human analysis cannot be replaced, and these features save analysts a significant amount of time and resources. AI/ML tools automate information collection and feed it into knowledge bases, which cluster and classify it into specific areas of interest. In the case of the Hybrid CoE, the 33 encoded events serve as the basis for the information base created during the survey phase for creating a situation report.
Using AI to detect events like riots, political violence, cyber attacks, and disinformation helps filter out false alarms in the information space. However, even after this initial phase, many false alarms still need to be sorted out by human analysts during the analysis phase. False and misleading information, whether spread intentionally (disinformation) or unintentionally (misinformation), is particularly important to identify in the automatic collection of hybrid threat indicators and cognitive warfare. Due to the manipulative nature of publicly available information, gathering and contextualising as much event-related data and information as possible is crucial. However, assigning an event to a specific actor, let alone a state-sponsored actor, is difficult. The ability to attribute an incident has long been a subject of debate within the intelligence community.
The intricacies of human analysis cannot be replaced, and these features save analysts a significant amount of time and resources.
During this phase, the information collected and imported from public sources undergoes processing, sorting, and enrichment through additional automated steps. This includes resolving questions such as "who", "what", "where", "when", "how" and "why" based on the analytical spectrum. The process involves automated Named Entity Recognition (NER), topic identification, sentiment analysis, time stamping, and image/video analysis using NLP techniques.
Additionally, automatic machine translation can translate over 100 foreign languages into a predefined international working language, such as English, enabling non-native speakers to understand the information. However, analysts must consider the limitations of automated translation and account for cultural nuances to ensure accurate analysis. Geocoding is used to analyse location information in texts, allowing for spatial visualisation and a better understanding of certain situations. However, publicly available information often lacks precise location information. Therefore, AI/ML detects location information in processed texts and assigns them to the appropriate latitude/longitude. Innovative geocoding techniques are used to address incomplete or misspelt location data on social media, enabling continuous correlation between events to identify larger hybrid campaigns. Finally, the collected, processed, and verified information is displayed in real-time on dashboards such as maps, charts, and track decks. This allows for easy monitoring and analysis, providing significant added value for understanding and identifying potential patterns and tendencies.
Automated Information Exchange
Effective collaboration is crucial in detecting and combating hybrid warfare. The Hybrid CoE emphasises the need for a multifaceted response to hybrid threats due to their supranational nature. However, cooperation between relevant authorities needs improvement. Although national security is the responsibility of nation-states, many hybrid threats require a coordinated response and supranational digital situational awareness. This is where publicly available information becomes critical because it can be exchanged between organisations, institutions, and states without classification.
A large number of national and supranational authorities and agencies, to bring their perspective and insights together, should use an intra-organizational, inter-organisational, and multinational situation report on hybrid threats. Real-time dissemination of information is essential in detecting situational changes, which requires technical support. However, this introduces new security risks, making it necessary to ensure communication is encrypted and secured. A real-time platform would greatly promote the exchange of publicly available information and improve digital situational awareness. However, this requires a cultural change in many authorities and the organisational and legislative will to exchange information.
Real-time dissemination of information is essential in detecting situational changes, which requires technical support. This introduces new security risks, making it necessary to ensure communication is encrypted and secured.
An Information Overflow
The age of transparency has brought both unprecedented access to information and new vulnerabilities. To address these challenges, digital situational awareness is crucial. Hybrid threats, characterised by their multifaceted nature, have elevated to the forefront of modern security challenges. In an era where perception and information are powerful tools, the ability to manipulate beliefs and emotions can have far-reaching consequences. As societies and governments grapple with these evolving threats, building resilience, enhancing critical thinking, and bolstering cybersecurity are vital steps toward countering the impact of cognitive warfare. Moreover, international collaboration and the promotion of truth, transparency, and media literacy are essential in defending against the insidious influence of hybrid threats and cognitive warfare in the digital age.
NATO and the West are facing a significant challenge in the form of hybrid threats and cognitive warfare. Developing a unified strategy and a deeper understanding of hybrid threats and their consequences is vital to tackle this issue. The age of transparency offers technical possibilities that can provide essential benefits. Governments, organisations, and individuals must invest in monitoring and understanding the digital landscape to detect and mitigate threats in real-time. Leveraging advanced technologies, particularly AI and ML, enhances the ability to monitor, understand, and respond to these multifaceted challenges. Digital situational awareness, with its technological underpinnings, offers a proactive and adaptive means of countering the complex landscape of hybrid threats. An approach based on a theoretical concept of the Finland-based Hybrid CoE and adapted technical support of OSINT through AI/ML can be used to detect hybrid activities and present them in a digital situational awareness picture. If AI-powered systems are applied to conceptually thinking about hybrid threats, it will improve early warning for increased situational awareness and significantly support the decision-making process.
Leveraging advanced technologies, particularly AI and ML, enhances the ability to monitor, understand, and respond to these multifaceted challenges.
It is high time to start putting the conceptual ideas into practice to enable a digital situation picture. Further research and data collection are needed to shed light on the grey zone between war and peace. The technology can serve as a tool as part of a broader effort to provide advanced security intelligence and analysis.
Dr. Dirk Kolb is the founder and CEO of Traversals Analytics and Intelligence GmbH. This company specialises in analysing publicly available information and social media using AI technology to monitor conflicts and provide disaster relief. He holds a Ph.D. in Computer Science from Friedrich-Alexander-University Erlangen-Nuremberg and has 15 years of experience in civilian signal intelligence (SIGINT).
Philipp Starz is an accomplished Senior Business Development Manager at Traversals with a wealth of experience in military operations gained from his time in Bundeswehr missions in Kosovo and Iraq. He holds a Bachelor's degree in Political Science from the University of Regensburg, as well as a Master's degree in International Relations from the Technical University of Dresden and Koç University Istanbul. Additionally, he has a Master's degree in Civil-Military Interaction (CMI) from Helmut Schmidt University Hamburg. The views contained in this article are the authors’ alone.
The views contained in this article are the authors' alone.
 Patrick Cullen, ”Hybrid Threats as a new ‘wicked problem’ for early warning,“ Hybrid CoE Strategic Analysis, Nr. 8, 2.
 The Term Cognitive Warfare is defined by NATO as ’activities conducted in synchronization with other instruments of power, to affect attitudes and behaviours by influencing, protecting, and/or disrupting individual and group cognitions to gain an advantage‘. Source: www.act.nato.int/article/cognitive-warfare-strengthening-and-defending-the-mind/
 ‘Cognitive operations, therefore, not only inject information into cyberspace but are often coordinated with undermining the reliability and trust in critical systems and institutions such as state management, state security, social sphere, banks, hospitals, educational and scientific institutions and official sources of information’. Yuriy Briggs and Danyk Chad, ”Modern Cognitive Operations and Hybrid Warfare,“ Journal of Strategic Security 16 (1): 35–50.
 Sean P. Larkin, “The Age of Transparency: International Relations Without Secrets,” Foreign Affairs 95 (3): 136-146.
 E. H. F. Donkersloot, ”Hybrid Threats from the East: The Gerasimov doctrine and intelligence challenges for NATO,“ Militaire Spectator 186 (9): 391–403, 2.
 Piret Pernik, ”Hacking for Influence: Cyber Attacks Are Key to Russian Information Warfare,“ Per Concordiam - Journal of European Security and Defense Issues 10 (1): 46–51. 50.
 Eitvydas Bajarūnas, ”Addressing Hybrid Threats: Priorities for the EU in 2020 and Beyond,“ European View 19 (1): 62–70. 67.
 Sebastiaan Reitjens, ”A Warning System for Hybrid Threats – Is It Possible?,“ Hybrid CoE Strategic Analysis, Nr. 22. 3.
 Jake Harrington and Riley McCabe, ”Detect and Understand: Modernizing Intelligence for the Gray Zone,“ CSIS Brief, 2.
 Sean Monaghan, Patrick Cullen and Njord Wegge, ”Countering Hybrid Warfare: A Multinational Capability Development Campaign project,“ 30.
 ”FAQ: Joint Framework on Countering Hybrid Threats,“ 2016, European Commission, 2016, https://ec.europa.eu/commission/presscorner/detail/it/MEMO_16_1250.
 ”EU-HYBNET – Empowering a Pan-European Network to Counter Hybrid Threats,“ 2020, Euhybnet.Eu, https://euhybnet.eu/.
 Sean Monaghan ”Countering Hybrid Warfare: So What for the Joint Force?,“ PRISM 8 (2): 83–98, 90.
 Riccardo Ghioni, Mariarosaria Taddeo and Luciano Floridi, ”Open Source Intelligence and AI: A Systematic Review of the GELSI Literature,“ AI & Society, 1–16, 1.
 Bowers Zysk, Michael Raska, Defence Innovation and the 4th Industrial Revolution Security Challenges, Emerging Technologies, and Military Implications, (London: Routledge).
 Peter C. Gruters and Katherine T. Gruters, “Publicly available information: Modernizing defense open source intelligence,“ Special Operations Journal 4 (1): 97–102, 98.
 Paul B. Symon and Arzan Tarapore, ”Defense Intelligence Analysis in the Age of Big Data,“ Joint Forces Quarterly, 2015, 5.
 Christopher Eldridge, Christopher Hobbs and Matthew Moran, ”Fusing algorithms and analysts: open-source intelligence in the age of ‘Big Data’,“ Intelligence & National Security 33 (3): 391–406, 9.
 Sebastiaan Reitjens, “A Warning System for Hybrid Threats – Is It Possible?,“ Hybrid CoE Strategic Analysis, Nr. 22, 5.
 A-F. Rutkowski and C. Saunders, Emotional and Cognitive Overload: The Dark Side of Information Technology, (Oxon: Routledge).
 Damien Van Puyvelde, Stephen Coulthart and M. Shahriar Hossain, ”Beyond the buzzword: big data and national security decision-making,“ International affairs 93 (6): 1397–1416.
 Riccardo Ghioni, Mariarosaria Taddeo and Luciano Floridi, ”Open Source Intelligence and AI: A Systematic Review of the GELSI Literature,“ AI & Society, 1–16, 1.
 John A. Gentry, ”Cyber Intelligence: Strategic Warning Is Possible,“ International Journal of Intelligence and Counterintelligence, 1–26. 15.
 E. H. F. Donkersloot, ”Hybrid Threats from the East: The Gerasimov doctrine and intelligence challenges for NATO,“ Militaire Spectator 186 (9): 391–403, 396.
 Ibid., 397.
 Sebastiaan Reitjens, “A Warning System for Hybrid Threats – Is It Possible?,“ Hybrid CoE Strategic Analysis, Nr. 22, 4.
 G. Giannopoulos, H. Smith and M. Theocharidou, ”The Landscape of Hybrid Threats: A Conceptual Model Public Version,“ https://euhybnet.eu/wp-content/uploads/2021/06/Conceptual-Framework-Hybrid-Threats-HCoE-JRC.pdf.
 Cynthia M. Grabo, Handbook of warning intelligence, Lanham: Rowman & Littlefield, 27.
 Njord Wegge and Thorsten Wetzling, ”Countering Hybrid Threats through signals intelligence and big data analysis?,“ In Intelligence Relations in the 21st Century, 69–88, Cham: Springer International Publishing, 70.
 James M. Davitch, ”Open Sources for the Information Age: Or How I Learned to Stop Worrying and Love Unclassified Data,“ Joint Force Quarterly 87 (4): 18–25, 22.
 Chaudhary Megha and Divya Bansal, ”Open Source Intelligence Extraction for Terrorism‐related Information: A Review,“ Wiley Interdisciplinary Reviews. Data Mining and Knowledge Discovery 12 (5): 2–35.
 James M. Davitch, ”Open Sources for the Information Age: Or How I Learned to Stop Worrying and Love Unclassified Data,“ Joint Force Quarterly 87 (4): 18–25, 22.
 Sean Monaghan, ”Countering Hybrid Warfare: So What for the Joint Force?,“ PRISM 8 (2): 83–98, 90.
 Dick Zandee, Sico van der Meer and Adája Stoetman, ”Countering Hybrid Threats: Steps for improving EU-NATO cooperation,“ Netherlands Institute of International Relations ‘Clingendael’, 28.