Admiral Giuseppe Cavo Dragone, chairman of NATO’s Military Committee, said the alliance is assessing whether it should adopt a more assertive posture to confront what officials describe as a persistent Russian hybrid campaign that targets infrastructure, communications and territory.
Dragone said consideration of proactive measures could include preemptive cyber or sabotage operations, though he acknowledged legal and ethical constraints that limit NATO members compared with their adversaries. The remarks were published Monday, according to a Fox News report. These developments are central to our Conflict Coverage of how alliances adapt to nontraditional threats.
Why this matters
NATO officials say hybrid actions that strain communications, energy systems and borders pose a sustained risk to alliance security and cohesion. A shift toward preemptive measures would test legal boundaries, carry escalation risks with Moscow and raise questions about how collective defense rules and national laws would apply.
Background
Alliance and national officials point to multiple incidents in recent years that they say illustrate the hybrid threat landscape. Those incidents include damage to undersea cables and power links, episodes of suspected maritime interference, and intrusions of unmanned aerial systems into allied airspace. Investigations and public reporting by governments and media have linked some of these episodes to suspected sabotage or probing activity but have not produced a single, public attribution in every case.
- Damage to undersea communications and power infrastructure has drawn heightened scrutiny because such networks are critical to commerce and military communications.
- Several maritime incidents prompted national investigations, including inquiries in the Baltic region and the North Sea. Some cases have resulted in prosecutions or court rulings tied to jurisdictional limits and evidentiary hurdles.
- Allied capitals have reported increased probing activity across cyber, information and migration domains that officials say is intended to pressure or distract democracies without triggering open war.
Details from officials
Speaking to reporters and diplomats, Dragone argued NATO must consider whether to be “proactive instead of reactive” when countering covert and overt actions short of war. He said options under review include cyber operations or targeted measures designed to prevent harm before it occurs, but he stressed such measures would need to align with international law and national legal frameworks.
Since 2016, NATO has recognized cyberspace as an operational domain, and the alliance has steadily expanded its cyber defenses and information resilience programs. Officials say the new discussion is not about abandoning defense or deterrence. Rather, it centers on whether preemption in certain narrow circumstances could reduce damage to critical systems and reinforce deterrence by increasing the cost of persistent harassment.
Alliance officials describe a pattern of probing and disruptive activity attributed to Russia that includes cyber intrusions, information operations, migration pressure and interference with critical infrastructure. They say the cumulative effect undermines security and imposes economic and governance costs on member states, from repair bills to lost investor confidence and distracted government resources.
Legal and operational constraints
Experts and officials highlight several legal and political constraints that would shape any move toward preemption. Under international law, the use of force across borders raises questions about sovereignty and self-defense. Article 5 of the North Atlantic Treaty commits members to collective defense when an armed attack occurs, but it does not by itself authorize preemptive operations in peacetime or in response to hybrid activity.
At the national level, NATO members have different laws governing covert operations, cyber activity and the threshold for deploying military force. Many nations require executive or legislative authorization for offensive measures, and intelligence or legal reviews are often lengthy. Those differences complicate coordinated action and could limit the scope or legality of allied operations.
Operationally, countering hybrid threats with proactive steps can be technically complex. Cyber operations and delicate maritime interdictions carry risks of collateral damage, misattribution and unintended escalation. Officials also note that some adversary actions are deliberately deniable, making a clear legal and political case for preemption harder to establish in public and in courts.
Reactions and debate
Responses among former officials, security experts and allied diplomats were mixed. Some argue a stronger posture is necessary to deter continued sabotage and coercion, especially where vital infrastructure is at stake. Others warn that offensive measures could cross thresholds that provoke wider confrontation or complicate cooperation among allies that have varying legal frameworks and political appetites for risk.
Russian officials dismissed the discussion. A spokesperson for the Russian Foreign Ministry called the remarks irresponsible and said they signaled a willingness to escalate, according to state outlets. Moscow has denied responsibility for many incidents blamed on Russian actors, and it has criticized NATO for expanding its capabilities near Russian borders.
Within NATO, diplomats said discussions will weigh the deterrent value of more assertive options against the potential harm to alliance unity and the rule of law. Some member states favor clearer rules of engagement, stronger attribution capabilities and enhanced defensive measures as first priorities. Others see targeted, lawful preemption as a needed addition to a layered deterrence strategy.
Practical options under consideration
Officials and analysts describe a spectrum of responses NATO and its members could pursue, short of open military conflict. These include intensified intelligence sharing, sanctions, improved maritime patrols, hardened and redundant infrastructure, stepped-up law enforcement cooperation, and calibrated offensive cyber operations under strict legal oversight.
Any decision to undertake offensive actions would likely be national in nature, with allies coordinating where possible. That approach reflects how NATO has handled cyber incidents to date: the alliance emphasizes collective defense and support roles while national governments retain primary responsibility for offensive cyber tools and covert operations.
Analysis
The debate over more assertive measures reflects a core tension for democratic security institutions: balancing deterrence with restraint. On one side, proactive measures promise to blunt future strikes on critical infrastructure and demonstrate resolve to protect borders and supply chains. On the other, offensive steps risk escalation, create legal exposures for participating states, and could erode the international norms the alliance seeks to uphold.
Key governance questions include how NATO would set transparent thresholds for action, what legal and political authorities would be required, and how to maintain alliance unity when members have divergent laws and risk tolerances. Enhanced attribution capabilities, stronger rules of engagement, and clearer legislative oversight in member capitals would all shape the viability of any shift toward preemption.
For policymakers, the stakes are practical as well as strategic. Repeated attacks on communications and energy systems impose direct repair costs and indirect burdens on commerce and public confidence. How NATO and national governments respond will influence deterrence credibility, the legal frameworks that guide state behavior, and public trust in institutions tasked with protecting security while respecting the rule of law.
As the alliance continues its discussions, expect increased scrutiny from parliaments, courts and the public. Decisions will have to balance immediate security needs with longer term commitments to the rule of law, alliance cohesion and the avoidance of uncontrolled escalation.
