Crisis Lab Podcast Season 4 Episode 17 Final Audio
===
Kyle King: [00:00:00] Hi everyone and welcome to the Crisis Lab podcast. I'm Kyle and I'll be your host. And today we're gonna talk about an article that we published on LinkedIn about how we're transitioning from emergency management to security governance. On September 9th, 2025, between 19 and 23, Russian drones cross into Polish airspace.
NATO scrambles, F sixteens, Dutch F 30 fives joined the Intercept, and for the first time in the alliance's history, member nations shoot down Russian assets over their territory that same night. GPS systems fail across the Bal. Over 123,000 flights this year have experienced a version of interference.
Copenhagen Airport shuts down. Oslo follows, Estonian airspace gets violated. Yet once again, shadow fleet takers cut undersea cables while Russian naval vessels provide a security escort. Each incident viewed alone seems manageable, but they're not alone. And that's really the problem. And this is what we're calling the gray zone.
And if you are responsible for civilian [00:01:00] crisis management, or coordination, or emergency management, this is reshaping everything that you thought you knew about how response systems work. So before we go any further, let's establish what we're actually calling or actually talking about when we say the gray zone.
Because if you're hearing this term more often and you're not entirely sure what it distinguishes it from hybrid threats or just old fashioned provocations, you're not alone. The gray zone itself. Is what we're calling this operational space between peace and war. It's where adversaries apply pressure serious enough to cause real damage, but ambiguous enough to stay below the threshold that triggers military response or invokes collective defense.
Think strategic harassment designed to exhaust your coordination, capacity and resources without ever giving you a clear decision point to escalate from. Now what makes it effective isn't the individual tactics. It's the sustained application across multiple domains simultaneously, from aviation disruption to [00:02:00] maritime provocations to cyber intrusions, border pressure, all calibrated to overwhelm your ability to coordinate a response.
You can't treat each incident separately because they're designed to be compounding. They're designed to be cascading and you can't surge your way through it because there's no recovery period. The pressure just continues. Now, that's not theoretical anymore. Sweden's Transport Agency just reported that over 700 GPS jamming incidents this year.
Uh. Compared to the 55 in all of 2023, NATO aircraft engaged Russian drones over Poland in September multiple times. And here's what matters for those of you that are managing civilian crisis, or even just coordination. The playbook you've been trained on doesn't account for this. Not because the training was inadequate or, but because the operating environment has fundamentally changed from what we're used to dealing with.
Traditional emergency management assumes discrete events with recovery periods. That's been the model for decades. It assumes good faith. It assumes that when you [00:03:00] activate response protocols, you're dealing with natural disasters or accidents, not adversaries, deliberately targeting your coordination capacity.
I. What's happening across Europe right now is a masterclass and exposing those assumptions. So let's break this down a little bit more. So, emergency management has a cycle most of us were trained on from preparing to responding to recovering and also mitigating. It works exceptionally well for hurricanes, floods, industrial accidents, events with clear beginnings and ands events that let you reset, integrate lessons learned.
Prepare for the next time. This is why we have seasons. But in 2025, there are no clear endings. Instead of discrete events requiring two separate response plans. That's one crisis with multiple pressure points, each one attacking civilian coordination from a different angle. And this systemic approach isn't targeting military capabilities.
It's targeting you. Civilian coordination capacity. The goal isn't tactical victory. It's purely just exhaustion. Push civilian crisis management systems or merchant [00:04:00] management systems or whatever you would like to name them beyond their design limits until they either fail or they force military escalation.
Either outcome works for the adversary, so it's testing, monitoring response. Adjusting and repeating some civilian structures stay at alert levels or elevated alert levels for weeks. There is no recovery phase. There is no time to integrate. Lessons learned, just continuous operational pressure applied and designed to reveal every weakness in how we coordinate and here's why it gets uncomfortable.
For those of us who spent careers building these types of systems, this approach is working. The campaigns are succeeding and exposing that emergency management built for episodic response cannot sustain operations under persistent and consistent sort of adversarial pressure.
So lemme show you what this looks like in practice. Poland faces systemic drone provocations for Belarus and decides to close its border. 12 days reasonable national security decision. [00:05:00] Right exercise of sovereign authority during a provocation, except that single decision disrupts a 25 billion Euro trade route.
The China EU rail corridor carrying 90% of land-based trade between the regions, stops moving freight trains, carrying critical supplies get stuck at the border. Pharmaceutical ingredients, Europe depends on. Can't move. And Europe is already managing shortages of hundreds of critical medicines. So Polish authorities aren't just managing Poland's security anymore.
They're coordinating with Lithuanian railways, emergency air freight networks, pharmaceutical distributors, and health ministries across 27 EU nations. They're managing public health implications for an entire continent. Economic disruptions rippling through global supply chains and diplomatic pressure from every single direction.
All from one border closure and one decision. In traditional emergency management, we'd handle border security, supply chain disruption, and public health as separate issues, different agencies, different expertise, different response plans, maybe file some of it under business [00:06:00] continuity even. In the gray zone, they're the same crisis.
The border closure is simultaneously a security decision, a public health emergency and economic crisis, and a diplomatic incident all rolled into one. And that is the design. Create conditions where every decision you make generates three new problems. Where exercising sovereign authority triggers cascading failures across systems you're not even responsible for.
Where the act of defending yourself becomes the actual attack vector. And if you're sitting there thinking about your own jurisdiction and the decisions you might face under similar pressure, you are asking exactly the right question. And so let's talk about the coordination trap. And so Denmark experiences this firsthand.
Drones shut down Copenhagen Airport aviation authorities activate standard protocols. But this isn't a standard. Incident. It's assessed as hybrid warfare involving professional operators. It connects to shadow fleet movements in Danish waters, cyber probes, hitting government networks and intelligence [00:07:00] suggesting coordinated operations.
The organizational charts that work well during peace time they have now. Become an obstacle. Aviation authorities need maritime intelligence. They don't have access to port security, requires cyber threat awareness that lives in a different agency. And border control depends on supply chain data that's not integrated into any of their systems.
So as professionals, we have to adapt. Baltic states create informal coordination mechanisms that move faster than official channels. Danish and Swedish Maritime authorities share shadow fleet information and intelligence in near real time without waiting for formal agreements. Polish and Lithuanian transport officials coordinate alternative routes before their governments finalize arrangements.
These aren't policy decisions. They're a survival response and mechanism. Now, Sweden, try something different with the shadow fleet problem. And so instead of military confrontation, which is often exactly what adversaries want because it creates escalation risk, they weaponize bureaucracy, extensive documentation [00:08:00] requirements, safety inspections, administrative delays, they make shadow fleet operations so tedious and expensive that they become economically unviable.
So sometimes the best grave zone response is making the adversary's tactical advantage operationally impractical. So what does adaptation actually require when Poland and Estonia initiate NATO Article four consultations with Denmark considering the same, it signals that there's something significant.
Civilian crisis management decisions now carry alliance level weight. But the real evolution is happening in those gaps between formal structures, the informal networks, the improvised coordination, the cross-border intelligence sharing that happens because waiting for official channels means failing your citizen.
So what does 2025 teach us about what's actually required? First sustained operational capability. Staffing models built on surge capacity assumes that crises will end when pressure persists for months. You need depth and cross training that allows sustained response without burning out your core team.
Second, you need [00:09:00] intelligence integration as a civilian function when incidents across aviation, maritime border. And cyber domains are deliberately coordinated. You need people who can see patterns. This isn't about creating new bureaucracies, it's about enabling the information flow that adversaries are exploiting the absence of third decision frameworks that account for these actual cascading effects.
So Poland's border closure demonstrates what happens when you make necessary decisions without tools. To see second and third order effects across systems and fourth training that reflects operational reality. Single scenario exercises that have been a long history and program that we've had with clear timelines.
Don't really prepare anyone for sustained multi-domain pressure. Your exercises need to include information, fog, exhaustion of coordination capacity, and the frustration of making decisions with incomplete information under the application of continuous stress. These aren't recommendations for future consideration.
They're descriptions of what practitioners, many of them are. [00:10:00] You are already building out of necessity. The question is whether institutions will formalize what's already working or force professionals like yourself to keep improvising around structures that no longer match reality. So what is the choice?
Russia's 2025 campaign succeeds in exposing that crisis management systems designed for good faith emergencies break under this type of adversarial pressure. Every assumption we make about mutual aid, resource sharing, coordination windows and communication becomes a potential weakness when someone's actively working to exploit.
Europeans aren't breaking, not yet. New coordination mechanisms emerge because they have to. Civilian authorities maintain control even when military escalation might seem simpler. When formal structures fail, informal networks are holding. When traditional responses proven adequate innovation fills gaps.
The transformation from emergency management to security governance isn't really optional anymore. Gray zone operations are now the new normal. The tactics stressing European systems work just as well [00:11:00] against financial networks, healthcare systems, or any critical infrastructure that depends on coordination.
Success requires professionals who understand both traditional emergency response and crisis management and these adversarial dynamics. Systems capable of sustained operations under in intentional stress frameworks that integrate intelligence, operations and planning across domains that have always operated separately.
More importantly, it requires admitting that our old model is possibly broken. Those informal coordination networks B IT professionals are building by necess. The cross border intelligence sharing that happens faster than bureaucracy allows, and the peer consultation that helps you see patterns across domains before they cascade into a crisis.
This is a space that we operate in and space that we have been looking at for a while now, and it's now unfolding before our eyes. That's what the Forum at Crisis Lab provides by design. So what we have developed with the Forum at Crisis Lab , is really, it's the strategic infrastructure for senior professionals like yourself who recognize that the gray zone isn't going away, and institutional [00:12:00] adaptation is moving too slow.
Monthly strategic conversations and dialogue with peers managing these exact. Challenges from an interdisciplinary approach, executive briefings from international organizations and leadership, navigating this actual transformation in real time, and the professional network that helps you coordinate thinking across boundaries before you're forced to improvise under pressure.
So when this next campaign emerges, and it will, and most likely will, four members won't be writing new playbooks alone. They'll be drawing on trusted professionals and the infrastructure behind them built for an interconnected world that they're actually operating in. If you're interested in the work that we're doing at Crisis Lab and the forum itself, you can reach us on the [email protected] slash the forum.
And of course, you can always reach me on LinkedIn in case you have any questions. Thanks again for listening to the podcast. I'm Kyle, and we'll see you next time. [00:13:00]
