During the Supreme Defence Council of 18 November 2025, Italy’s Defence Minister Guido Crosetto presented a non-paper, an informal strategic document designed to redefine how Italy should respond to hybrid threats. A text outside formal diplomatic channels, conceived to circulate a political and technical vision without bureaucratic constraints. At the heart of the document is a sentence the minister has repeated for months, which becomes the key to understanding the entire phenomenon: “In the hybrid domain, perception matters more than certainty: the goal is not only to strike, but to instill doubt and insecurity.”

This is not rhetorical provocation, but the description of a battlefield that no longer resembles traditional conflict. Today, the target is the mind, not just infrastructure. In the 119 pages of the non-paper, Crosetto and his ministry outline a continuous, below-threshold aggression in which cyberattacks, disinformation, economic pressure and proxy activities intertwine in an offensive meant to erode public trust and stress democratic systems.

Mapping the adversaries: not only Russia

The minister clearly identifies the actors considered most active on the hybrid front. The Russian Federation remains the most aggressive player, with sabotage, disinformation campaigns, pressure on energy supplies and increasingly frequent cyberattacks, especially against countries supporting Ukraine.

Alongside Moscow, the People’s Republic of China is described as pursuing a multidimensional strategy combining economic penetration, influence over critical infrastructure, control of supply chains and geo-economic leverage over strategic raw materials. According to Crosetto, Beijing does not aim for chaos, but for a “weaker and more fragmented” West, while keeping the European market open to support its technological growth.

The third hostile actor is Iran, which uses regional militias such as the Houthis and Hezbollah to strike strategic targets indirectly, pairing physical operations with cyber activities and threats to key maritime chokepoints such as Bab el-Mandeb.

Finally, North Korea alternates cyberattacks, ransomware, cryptocurrency thefts and digital espionage — as demonstrated by the WannaCry case — remaining a “predatory” actor with significant cyber capabilities.

The picture is completed by non-state actors — terrorist groups, organized crime, extremist hacktivists — used by hostile states as proxies to ensure plausible deniability. An “invisible hand,” the document notes, that moves cover figures to strike without leaving attributable traces.

Italy as a daily target

The document describes the hybrid threat as “relentless” and “multidomain.” In the cyber perimeter alone, Italy faces dozens of attacks every day, targeting public administrations, healthcare, energy, transport, telecommunications and manufacturing.

Crosetto points to several global incidents to illustrate the scale of these risks: the WannaCry ransomware attack, the Colonial Pipeline operation and the infiltration of the SolarWinds software supply chain — three cases showing how a single exploit can create systemic impacts, slow economies and paralyze essential services.

And this, according to the minister, is the real paradigm shift: the ultimate effect is not the incident itself, but the uncertainty that follows. Even an apparent malfunction may be the result of a masked attack, and the mere perception of vulnerability — even without definitive proof — can produce consequences as serious as those of a declared aggression.

Cognitive warfare aimed at public consensus

The document devotes significant space to disinformation, described as a true cognitive war intended to alter public opinion, undermine trust in institutions, polarize debate and influence democratic processes. According to Crosetto, hostile actors pursue two main objectives: discouraging voter turnout and amplifying extremist or anti-system positions useful to their geopolitical interests.

In this ecosystem, perception becomes more important than the actual damage: what destabilizes a society is the idea that the State is unable to protect its citizens. A cyber attack can be contained. Distrust, once spread, is much harder to stop.

Why an “active strategy” is needed

The minister does not hide his concern: the West “often chooses not to react,” effectively giving adversaries additional room to maneuver. Hence his call to abandon a purely defensive posture. Containment is not enough: prevention, anticipation and denial of operational space to the adversary are essential.

The proposed strategy includes simultaneous strengthening of cyber capabilities, protection of critical infrastructure, inter-ministerial coordination and cooperation with the EU and NATO. The text also suggests the creation of a European Centre for Countering Hybrid Warfare, capable of monitoring and responding to threats in real time.

Crosetto warns that hybrid threats are “bombs that fall every day” — less visible than physical ones, but equally dangerous. Without more incisive measures, the risk is facing a serious, already-announced impact.