Gray Zone Conflict

Competition below the threshold of conventional war

19 min read 3,746 words 0% read

Between peace and war lies a contested space where great power competition increasingly unfolds. Here, states pursue aggressive objectives through means that stop short of armed attack—cyber intrusions, disinformation campaigns, economic coercion, proxy operations, and incremental territorial assertions. This is the gray zone: a realm of competition where traditional distinctions between war and peace blur, where the rules of response remain undefined, and where revisionist powers find opportunities to challenge the status quo without triggering the decisive military responses they would lose.

The concept gained prominence after Russia’s 2014 annexation of Crimea—executed with deniable “little green men,” cyber operations, and media manipulation rather than overt invasion—demonstrated how much could be achieved through sub-conventional means. China’s island-building in the South China Sea, transforming contested reefs into military bases through gradual construction rather than armed seizure, provided another paradigm case. Iran’s use of proxy militias across the Middle East, North Korea’s cyber operations, and Russia’s interference in Western elections have made gray zone competition a defining feature of 21st-century international relations.

Defining the Gray Zone

The gray zone defies precise boundaries—that ambiguity is precisely its strategic utility. The U.S. Department of Defense characterizes gray zone activities as “competitive interactions among and within state and non-state actors that fall between the traditional war and peace duality.” The RAND Corporation describes it as “activity that is coercive and aggressive in nature, but that is deliberately designed to remain below the threshold of conventional military conflict.”

Key characteristics distinguish gray zone operations from both routine statecraft and open warfare:

Threshold management keeps actions below levels that would trigger decisive retaliation, exploiting the gap between what targets will tolerate and what aggressors want. A cyber attack that shuts down Ukraine’s power grid in December 2015, affecting 225,000 customers, causes real damage—but is it an act of war warranting military response? An artificial island built in disputed waters changes facts on the ground, but does a pile of sand justify armed conflict that could escalate to nuclear war? The 2018 Kerch Strait incident, in which Russian forces seized three Ukrainian naval vessels, killed no one but asserted Russian control over Ukrainian waters. Gray zone actors exploit these ambiguities: they impose costs while staying below whatever red line might trigger escalation they cannot manage.

Gradualism advances objectives incrementally rather than through sudden fait accompli that would concentrate attention and provoke response. Each individual action may seem minor; the cumulative effect transforms strategic landscapes over months or years. China’s island-building in the South China Sea exemplifies this approach: between 2013 and 2016, China constructed over 3,200 acres of new land on disputed features, deploying dredgers and construction equipment rather than warships. The Fiery Cross Reef transformed from a barely-visible rock into a 677-acre island with a 3,000-meter runway, radar installations, and anti-aircraft weapons. No single day’s activity warranted military response; the sum created military facts that would now require major combat operations to reverse.

Ambiguity and deniability complicate response by obscuring attribution, intent, and even the nature of what is occurring. When “little green men” without insignia appeared in Crimea in February 2014, Russia denied involvement for weeks even as these forces seized Ukrainian government buildings and military installations. When the SolarWinds cyber intrusion compromised over 18,000 organizations including U.S. government agencies (discovered December 2020), attribution took months and remains contested by Russia. When Chinese fishing vessels swarm disputed features in the South China Sea, they may be private fishing operations, may be maritime militia coordinating with naval forces, or may be something in between. When economic pressure operates through unofficial channels—Chinese consumers “spontaneously” boycotting Korean goods, Russian customs officials “discovering” sanitary violations in Georgian wine—plausible deniability is built into the action. Target states struggle to formulate proportionate responses to activities that can always be characterized as normal commerce, private initiative, or miscommunication.

Multi-domain coordination integrates diplomatic, informational, military, economic, and cyber tools into campaigns more effective than any single instrument could achieve. Russia’s operations in Ukraine combined special forces (military), social media manipulation (informational), energy supply pressure (economic), diplomatic initiatives through international organizations, and cyber attacks on critical infrastructure. Gray zone campaigns rarely rely on a single instrument; their effectiveness derives from synchronized pressure across domains that overwhelms target decision-making while each individual element remains below thresholds.

Exploitation of legal and normative gaps takes advantage of international law’s imprecision regarding novel challenges. Existing frameworks were designed for clear distinctions between peace and war: the UN Charter prohibits the “use of force” against territorial integrity, but what constitutes force? Does a cyber attack that causes no physical damage but disrupts critical services violate the prohibition? Do economic sanctions constitute force? Is a weaponized information campaign attacking a population an armed attack on the state? Gray zone operations fall through these conceptual gaps, operating in legal ambiguity that complicates response and divides international opinion.

Strategic Logic

Why do states operate in the gray zone rather than pursuing objectives through conventional military means or overt diplomacy? Several strategic calculations drive this choice:

Risk management motivates much gray zone activity, particularly for states that would lose a conventional war. Direct military confrontation with a nuclear-armed adversary or a superpower’s ally carries catastrophic risks: a Russia-NATO war could escalate to nuclear exchange; a U.S.-China conflict over Taiwan could kill millions. Gray zone operations allow revisionist powers to chip away at the status quo—advancing territorial claims, undermining adversary alliances, shifting balances of influence—without triggering responses they cannot survive. Russia can contest NATO expansion through information warfare and support for friendly political parties without firing a shot that would invoke Article 5; China can assert South China Sea claims through maritime militia and coast guard activities that fall below the threshold of armed attack.

Cost imposition seeks to exhaust adversaries’ resources and attention through threats that are diffuse, persistent, and difficult to counter. Responding to gray zone threats requires sustained investment across multiple domains: cyber defense budgets, counter-disinformation capabilities, economic resilience measures, intelligence collection against proxy networks, and more. A defender facing cyber attacks (the U.S. government responds to thousands of intrusions annually), disinformation (billions of social media interactions requiring monitoring), proxy conflicts (Iranian-backed militias operate in at least four countries), and economic pressure simultaneously may lack capacity to address all threats effectively. The gray zone attacker can choose where to press; the defender must be strong everywhere. Over time, this asymmetry favors the attacker—at least until defenders adapt.

Exploiting democratic constraints recognizes that open societies face particular vulnerabilities that authoritarian systems do not. Free media can be manipulated: the Russian Internet Research Agency created tens of millions of social media posts targeting the 2016 U.S. election. Legal due process slows response: indicting hackers operating from Moscow does not stop the hacking, and courts require evidence that intelligence agencies may be reluctant to reveal. Public opinion may oppose escalation: democratic electorates are risk-averse about confrontations that might lead to casualties, giving gray zone actors confidence that their provocations will not trigger military responses. Alliance consensus takes time to build: NATO operates by consensus, meaning the slowest member sets response speed. Authoritarian actors face fewer such constraints—they control their media, their courts answer to the state, and their publics have limited influence on policy.

Testing resolve probes adversary commitment before more dramatic action, using gray zone operations as a laboratory for learning red lines. Gray zone probes that meet weak response suggest further aggression may succeed; robust response indicates limits beyond which escalation is unacceptable. Russia’s 2008 Georgia war met limited Western response; its 2014 Crimea operation met sanctions but not military intervention; its 2022 full-scale invasion finally triggered the military assistance and comprehensive economic measures that might have deterred earlier had they been signaled credibly. China’s incremental South China Sea expansion has similarly probed American and regional responses, finding consistent rhetorical opposition but limited physical resistance. The gray zone provides information about adversary capabilities and will that shapes calculations about larger gambles.

Gray Zone Actors and Campaigns

Several ongoing gray zone competitions illustrate the concept with distinctive approaches reflecting each actor’s capabilities, objectives, and vulnerabilities:

Russia’s approach combines military and non-military tools to challenge the post-Cold War European order that Moscow views as a strategic humiliation. Beyond Ukraine, Russian gray zone activities include: cyber attacks on Baltic infrastructure (Estonia 2007, Georgia 2008, Ukraine continuously); disinformation campaigns during Western elections (documented interference in the 2016 U.S. presidential election, 2017 French election, 2016 Brexit referendum, and others); funding for extremist parties across Europe (France’s National Front received millions from Russian banks; similar connections link to parties in Germany, Italy, and Austria); intimidation of neighbors through military exercises (Zapad exercises regularly simulate invasion scenarios); airspace and maritime provocations against NATO members (over 500 incidents in 2023 alone); and energy supply manipulation (cutting gas flows to Ukraine, then Europe, at strategic moments). The goal: weaken NATO cohesion by dividing members over threat perception and response, demonstrate Western impotence to defend the order it proclaims, and expand Russian influence in the “near abroad” without triggering Article 5 collective defense provisions. The 2022 full-scale invasion of Ukraine represented a shift from gray zone operations to open war—perhaps because Putin believed gray zone approaches had achieved what they could.

China’s strategy in the Indo-Pacific employs coast guard vessels rather than navy ships to assert contested territorial claims, creating facts on the ground while maintaining ambiguity about military intent. The China Coast Guard, now the world’s largest with over 150 major vessels, conducts “routine law enforcement” in waters claimed by the Philippines, Vietnam, Japan, and others—but this “law enforcement” asserts jurisdiction that these neighbors and international law reject. Maritime militia—fishing vessels that coordinate with naval forces under command of the People’s Armed Forces Maritime Militia, numbering in the thousands—swarm disputed features, harass foreign vessels, and complicate response: are they fishermen exercising innocent rights, or combatants subject to military targeting? Information operations (the “50 Cent Army” of paid commentators, state media global expansion, TikTok algorithm debates) shape narratives domestically and internationally. Economic pressure on Taiwan (restricting imports of Taiwanese agricultural products, limiting tourism) and influence activities in regional politics (funding pro-Beijing candidates, infiltrating diaspora communities) complement military posturing. The aim: establish regional primacy in the Western Pacific while avoiding direct conflict with the United States that China’s military would likely lose—at least for now.

Iran’s regional campaign operates primarily through proxy forces that extend Tehran’s reach while preserving deniability. Hezbollah in Lebanon (approximately 30,000 fighters, arsenal of 150,000+ rockets) provides a second-strike capability against Israel and political influence in Lebanese government. Various militias in Iraq (Popular Mobilization Forces, Kata’ib Hezbollah, and others totaling tens of thousands of fighters) attacked U.S. forces with drones and rockets, shaping American troop posture. Proxy forces in Syria helped preserve the Assad regime. The Houthis in Yemen, equipped with Iranian missiles and drones, threaten Saudi Arabia and, from 2024, disrupted Red Sea shipping with attacks affecting global trade. These groups extend Iranian influence across the Middle East, threaten adversaries with retaliation options short of state-on-state war, and impose costs on enemies—all while maintaining Tehran’s plausible deniability. Gray zone warfare allows Iran (GDP approximately $400 billion, defense spending $25 billion) to compete with far wealthier Gulf states (Saudi Arabia defense spending $75 billion) and challenge American interests despite conventional military inferiority.

North Korea combines cyber theft, nuclear brinkmanship, and diplomatic maneuver in a distinctive gray zone campaign suited to its unique position as an impoverished, nuclear-armed, internationally isolated state. Cyber operations generate revenue (the Lazarus Group has stolen over $3 billion in cryptocurrency according to UN estimates) and impose costs on adversaries (the 2014 Sony hack, 2017 WannaCry ransomware affecting 200,000 computers in 150 countries). Missile tests create crises that extract concessions: 2017’s “fire and fury” confrontation led to 2018-2019 summit diplomacy. Periods of engagement alternate with provocation in a pattern designed to maximize leverage while avoiding war that would destroy the regime. Pyongyang’s gray zone activities aim to ensure regime survival (the paramount objective) while maximizing leverage despite economic isolation (GDP approximately $30 billion, smaller than Ethiopia’s).

Challenges for Defenders

Gray zone threats pose particular difficulties for status quo powers and alliances, creating systematic advantages for attackers that defensive adaptations struggle to neutralize:

Detection and attribution often take time, during which adversaries consolidate gains. By the time a campaign is recognized as such—rather than as isolated incidents—significant damage may already have occurred. The SolarWinds intrusion compromised networks for at least 9 months before discovery; Russian disinformation operations targeting the 2016 U.S. election were not fully understood until well after voting concluded; China’s island-building proceeded for years before it became a front-page issue. Intelligence agencies optimized for tracking military forces—counting tanks, monitoring nuclear sites, tracking naval deployments—may miss gray zone indicators embedded in commercial data, social media trends, or bureaucratic procedures. Recognizing gray zone campaigns requires integrating information across domains (cyber, information, economic, military) in ways that siloed intelligence organizations struggle to achieve.

Threshold decisions create paralysis when each individual action falls below the level warranting decisive response. What response is proportionate to a cyber intrusion that steals data but causes no physical damage? What military action is appropriate against fishing vessels that obstruct navigation? At what point does a disinformation campaign become an attack on democracy requiring governmental response? Clear red lines may be exploited: adversaries probe to find exactly where they fall and then operate just below them. Ambiguous responses may embolden: if defenders do not react to provocation A, will they react to provocation B? The cumulative effect of actions, each of which seems minor, can transform strategic landscapes before defenders recognize what has happened—the “boiling frog” problem applied to geopolitics.

Alliance coordination becomes complex when members disagree about threat perception or appropriate response. NATO’s Article 5 commits members to treat armed attack on one as an attack on all—but what constitutes armed attack in the gray zone? The 2007 cyber attacks on Estonia originated from Russia but did not clearly meet armed attack thresholds; NATO expressed solidarity but did not invoke collective defense. Different nations may assess the same activity differently: Eastern European members experienced Russian information warfare as an existential threat; Western European members dependent on Russian gas initially viewed it as an irritant manageable through diplomacy. Alliance consensus means the slowest member sets response speed; gray zone actors exploit these divisions, tailoring pressure to divide rather than unite target coalitions.

Escalation management presents risks on both sides of the response calibration. Responding forcefully to gray zone activities may trigger escalation the adversary did not intend—if deterrence fails, even limited conflict between nuclear-armed states could spiral catastrophically. Yet responding weakly may invite further aggression by signaling that the defender lacks resolve: Russian intervention in Georgia (2008) met limited response; Crimea annexation (2014) met sanctions but not military assistance; the pattern may have convinced Putin that Ukraine (2022) would similarly face only economic pressure rather than the substantial military aid that materialized. Calibrating response requires understanding adversary intent—often unknowable—and accepting risks whose magnitude depends on adversary calculations equally opaque to defenders.

Domestic political constraints limit options in ways that authoritarian adversaries exploit. Democracies struggle to sustain attention on ambiguous, slow-moving threats that never produce the dramatic incidents that mobilize public opinion. Publics may not support military responses to activities that seem abstract or foreign: American voters show limited enthusiasm for confrontations over South China Sea reefs or Baltic cyber infrastructure. Political polarization may itself be a gray zone target: if adversaries can divide domestic politics through information warfare (amplifying both left- and right-wing extremism, as Russian operations did in 2016), they paralyze response capacity by making any action politically contested. Leaders who invest in gray zone defense may face criticism for “wasting money” on threats voters do not understand; leaders who ignore gray zone defense may find their successors dealing with consolidated adversary gains.

Legal frameworks prove inadequate for challenges that existing law was not designed to address. International law addresses armed attack and armed conflict with relative clarity: invasion, bombardment, blockade are all prohibited uses of force. It offers less guidance on cyber operations (is malware a weapon? is data theft an attack?), information warfare (is propaganda a violation of sovereignty? is election interference armed aggression?), and economic coercion below the use-of-force threshold. The UN Charter’s Article 2(4) prohibits the “threat or use of force”—but gray zone operations are designed precisely to remain below what can clearly be characterized as force. Domestic legal authorities may not extend to gray zone response: surveillance authorities designed for counterterrorism may not cover state-directed information operations; military authorities to respond to armed attack may not apply to economic coercion.

Response Strategies

Countering gray zone threats requires adaptation across multiple dimensions, with strategies that address both the specific tactics adversaries employ and the structural advantages attackers enjoy:

Integrated competition matches gray zone campaigns with whole-of-government response, coordinating military, diplomatic, economic, intelligence, and information tools under unified strategy. The U.S. established the Countering Foreign Influence Task Force and Global Engagement Center; NATO created the Strategic Communications Centre of Excellence in Riga; European nations developed cyber commands and counter-disinformation units. The challenge is making these institutional innovations effective: stovepiped responses to multi-domain threats will always lag behind integrated attacks. The 2017 U.S. National Security Strategy explicitly identified great power competition as the primary national security challenge, elevating gray zone concerns to strategic priority—though institutional reform lags doctrinal recognition.

Resilience building reduces vulnerabilities that gray zone actors exploit, accepting that attacks will occur and focusing on limiting their effects. Hardening critical infrastructure (air-gapped systems for essential functions, backup power, redundant communications) limits cyber attack damage. Promoting media literacy (Finnish schools teach critical evaluation of information; the EU funds fact-checking organizations) reduces disinformation effectiveness. Diversifying economic dependencies (Europe’s post-2022 effort to reduce Russian energy dependence; supply chain diversification for critical materials) limits economic coercion leverage. Strengthening social cohesion (reducing polarization that adversaries exploit, maintaining trust in institutions) makes societies harder to divide. None of these measures is individually decisive; together they raise costs for adversary campaigns and reduce the strategic gains gray zone operations can achieve.

Attribution and exposure remove the veil of deniability that makes gray zone operations politically manageable for attackers. When gray zone activities are publicly attributed with high confidence—the U.S. intelligence community’s January 2017 assessment of Russian election interference, the FBI’s indictments of GRU officers for hacking, the UK’s identification of GRU operatives who conducted the Skripal poisoning—the fiction of ambiguity collapses. Naming and shaming may not stop activities (Russia has not ceased cyber operations despite public attribution), but it does impose reputational costs, complicate diplomacy, and mobilize domestic and international support for response. Attribution capabilities require intelligence investment: the ability to trace cyber intrusions, identify proxy relationships, and document covert operations fast enough to matter.

Calibrated response imposes costs proportionate to gray zone actions without triggering uncontrolled escalation—the most difficult challenge of gray zone competition. This requires developed escalation frameworks (what response matches what provocation?), clear signaling of consequences (adversaries must understand what will happen if they cross thresholds), and capabilities that span the spectrum from diplomatic protest to economic sanctions to military response. “Defend forward” cyber operations—conducted on adversary networks rather than waiting for attacks on home systems—represent one approach, as does economic pressure on adversary interests, support for opposition movements in adversary states, and targeted military presence that raises costs of aggression. The goal is not to match every gray zone move with equivalent counter-move, but to impose sufficient cumulative costs that adversaries conclude gray zone operations are not worth the price.

Alliance and partner investment builds common threat perception, coordinates response mechanisms, and demonstrates collective resolve that deters by showing adversaries they face coalitions rather than isolated targets. Gray zone adversaries often seek to divide coalitions by imposing costs on some members while offering benefits to others—Russia’s differential energy relationships with European states, China’s economic inducements to countries that avoid Taiwan issues. Unified response defeats that objective: NATO’s coordinated response to the Skripal poisoning (expelling over 150 Russian diplomats collectively), European coordination on Russia sanctions, Quad coordination on Indo-Pacific challenges all demonstrate that gray zone pressure on one member produces collective response. This requires sustained investment in alliance consultation, burden-sharing that distributes costs, and mechanisms for rapid coordination when incidents occur.

Proactive competition recognizes that status quo powers need not only defend but can take the initiative in gray zone competition. Exposing adversary corruption (the Panama Papers, Navalny investigations of Putin’s palace, Magnitsky Act targeting human rights violators) undermines regime legitimacy. Supporting civil society in authoritarian states (independent media, human rights organizations, democratic activists) creates internal pressure. Contesting influence in third countries (matching Belt and Road with alternative infrastructure financing, supporting democratic governance, exposing debt-trap risks) limits adversary gains. This proactive approach puts gray zone actors on the defensive, forcing them to allocate resources to regime preservation rather than offensive operations. It also carries risks—adversaries may escalate in response, and intervention in domestic affairs invites retaliation.

The gray zone will remain contested terrain for the foreseeable future. As long as states seek advantage without risking major war, as long as nuclear weapons make great power conflict catastrophic, and as long as technology enables new forms of coercion (AI-generated disinformation, autonomous cyber operations, space-based systems), competition below the threshold will continue. Learning to operate in this space—defending effectively while avoiding inadvertent escalation, competing without triggering the wars that gray zone operations are designed to avoid—has become an essential skill for statecraft in the twenty-first century. The states that master gray zone competition will shape the multipolar order emerging from the post-Cold War era; those that fail to adapt will find their interests eroded through persistent pressure they never knew how to counter.

Sources & Further Reading

  • The Senkaku Paradox: Risking Great Power War Over Small Stakes by Michael E. O’Hanlon — Examines how minor disputes can escalate despite neither side wanting major war, with practical frameworks for managing gray zone crises.

  • Russian “Hybrid Warfare” and the Annexation of Crimea by Andrew S. Bowen (Congressional Research Service) — Concise analysis of the paradigmatic gray zone operation that reshaped Western thinking about below-threshold conflict.

  • Competitive Engagement: Upgrading America’s Influence Operations by Hal Brands and Toshi Yoshihara — Argues that the United States must develop more sophisticated gray zone capabilities rather than merely defending against adversary operations.

  • The Return of Great Power Rivalry by Hal Brands — Places gray zone competition within the broader context of renewed great power competition and its implications for American strategy.