On 16 September, Prof. Kenneth Lasoen of the Knowledge Centre Security Intelligence (KSI) gave a keynote during Europol's Criminal Analysis Conference (CrimACon25) on the role of law enforcement in countering hybrid threats. He emphasized that detection alone is not sufficient: an assertive, counterintelligence-inspired approach is necessary to disrupt and deter networks. He then joined a panel on the influence and implementation of new technologies.
Hybrid Threats: Historic Tactics, Modern Reach
Prof. Lasoen stressed that hybrid warfare is not new, but has always been part of international politics. From disinformation campaigns to sabotage and secret diplomacy: intelligence services have practiced these “dark arts” for centuries. What is different today are the speed, reach, and impact in a highly networked world. In essence, hybrid campaigns are psychological operations that cloud the situational awareness of a target, with the aim of provoking decisions that benefit the aggressor.
One important reason why Western societies are vulnerable is the complexity with which a wide range of tactics are deployed simultaneously and across domains. Effects are generated in places other than where the attack is visible, making detection difficult. Hybrid warfare thrives in the “grey zone” between peace and open conflict. Examples of such campaigns are:
- Information warfare: spreading disinformation and manipulating narratives.
- Influence operations: targeting elites or decision-makers.
- Cyber sabotage: attacks on critical infrastructure.
- Economic pressure: embargoes, hostile takeovers, or cyber-driven financial disruption.
- Proxies: the deployment of third countries, private military companies, or migration flows.
- Organized crime: corruption, smuggling, and even targeted assassinations.
Today and tomorrow: data, AI and cognitive warfare
Although detection and mitigation traditionally lie with intelligence and security services, Lasoen made a powerful point: the law enforcement chain also has a crucial, first-response role in counter-hybrid operations. Police and investigators are on the front line when suspicious financial flows appear, cyber intrusions are detected, or unusual patterns in organized crime emerge. With the right training, they can recognize early warning signals by integrating (open source) intelligence with classical police data and quickly sharing information with national and international partners.
But detection alone is not enough. Lasoen emphasized that “attack is the best defense.” Where national and EU responses are often reactive and focused on resilience, a more assertive approach can be more effective and strengthen deterrence. By applying techniques and skills from counterintelligence, defenders can actively disrupt hostile networks, expose their tactics, and even turn campaigns back against the aggressor.
An Ethical Imperative and a Call to Action
Perhaps the most striking conclusion was Lasoen’s ethical angle: not striking back against a destructive opponent is, he argued, a moral failure in itself. In other words, resilience without counteraction risks normalizing manipulation and deception.
Lasoen’s talk was a clear call to action: law enforcement agencies must not only adapt to this reality, but also take a leading role, and use counterintelligence methods to do so. The grey zone will not defend itself.
As Europe faces increasingly complex threats, KSI’s message at CrimACon25 was clear: the fight against hybrid warfare starts on the ground, with the people who see its effects first.
Want to know more about the work of intelligence?
Interested in the world of intelligence services, counter-espionage, deception operations, and protection against technical spying methods? The Knowledge Centre for Security Intelligence (KSI) offers training and courses in threat assessment and intelligence methodology. Discover our programmes on our website or contact us at info@ksi.institute
