The Czech Republic is carrying out war-gaming exercises with companies to strengthen its critical industries against cyber attacks, supply chain disruption and ownership bids by hostile states such as China and Russia.

The war-games, thought to be the first such contingency exercises in the world, have drawn the attention of Nato allies seeking to protect themselves from aggression in the so-called “grey zone” between peaceful relations and formal armed conflict. Concern about grey zone activities have intensified since a significant hacking campaign against US government systems — attributed to a Russian group — was discovered in December.

Tomas Kopecny, deputy minister for industrial co-operation in the Czech Ministry of Defence and Armed Forces, has started contingency exercises with the country’s five largest defence companies and hopes to expand the programme to other industries including energy, IT, healthcare and food production later this year.

“We see industrial policy as part of not only economic welfare, but geopolitics and also defence and security”, Kopecny told the Financial Times. “This exercise is basically about creating [a] nexus between the military and civilian, between the government and private side.”

He added that the rise of China as a “systemic rival” to the EU meant industry was increasingly on the front line of attempts by foreign investors to steal intellectual property or exert control over competitor companies.

“The very strategy that is being applied by Chinese state-affiliated investors is something that is targeting [Europe’s] critical and strategic technologies,” Kopecny said. “It’s definitely something that is decreasing our capability to defend ourselves, through us losing our technologies that are essential for defence.”

The UK government had to intervene last year to prevent an investor linked to the Chinese state from seizing control of the board of British chipmaker, Imagination Technologies. The FT has also revealed that China is exploring limiting the export of rare earth minerals that are crucial in the production of US weaponry.

Jens Stoltenberg, Nato’s secretary-general, raised the prospect of the military alliance bringing in new “national resilience targets” at a meeting of defence ministers earlier this week. Speaking ahead of the summit, he told reporters he would ask member states to conduct an annual review of the vulnerabilities in their critical infrastructure, “including those stemming from foreign ownership and influence”.

The Czech Republic has suffered its own share of non-military aggression, from a cyber attack that caused a hospital to shut down in the early days of the coronavirus pandemic last March to Beijing’s threat last year that Czech companies with operations in China would suffer if the president of the senate undertook a planned visit to Taiwan.

The exercises with companies involve a discussion of the threat with the national security adviser, workshops on how to spot targeting of their ownership structure, and simulations of how to respond to events such as cyber attacks, damage to power supplies, or disruptions to the supply chain. The most sensitive aspect is a private discussion with each company about where its vulnerabilities lie.

While countries such as Finland and Sweden seek to engage the whole of society in security and resilience planning, the Czech exercise is the first to target industry directly, sector by sector, on grey zone threats. Kopecny presented details of the initiative to Nato in December, and says since the meeting he has been in touch with over a dozen countries who are keen to understand more about the exercise.

Elisabeth Braw, a defence expert at the American Enterprise Institute think-tank, said the Czech approach was vital at a time when non-conventional forms of warfare were increasing. “Yes, we still have the traditional military threats but we generally know how to cope with that, whereas we don’t know how to manage grey zone defence,” Braw said.

She added that companies often suffered the effects of aggression not explicitly directed at them — such as SolarWinds, the US software company that was hacked as a route to accessing its US government clients.

“Companies are painfully aware of the security threats. They are feeling the heat themselves,” Braw said. “By teaming up [with the government] they can form a combined shield against attacks.”