Building A Unified European Cyber Shield – OpEd
The European countries’ digital security architecture has turned into a strategic issue of the same importance to traditional military power as is the case with conventional means. However, the architecture remains fragmented and thus exposed to a large number of cyber-vulnerabilities in cross-border situations. This is also reflected in several recent attacks: In the autumn of 2021, for example, the health service of Ireland was the victim of a serious ransomware attack which paralysed a number of vital departments for several weeks and, above all, uncovered serious weaknesses in the resilience of public infrastructure. The health service of Germany, for example, has recently been the target of repeated probing by foreign actors, also targeting energy suppliers. In view of cross-border cyber threats, the current cyber defence of Europe therefore is not yet sufficient and is lacking an integrated framework of defence.
But also new, in terms of their nature and impact, are the challenges to European security and stability from Russia and China. Russia is increasingly integrating cyber operations into its hybrid warfare against European countries by using disinformation, propaganda and even more intrusive cyber measures to undermine their stability and weaken their cohesion. By further expanding its digital presence, for example by rolling out 5G networks, building out cloud capabilities and creating new data ecosystems, China is creating new risks for European countries in terms of their dependence on these new technologies.
While NATO has recognised in its own strategy that cyberspace is now an operational domain, differences in member states’ perceptions of cyber threats and their level of preparedness for dealing with them mean that it is not yet possible to speak of a united stance or of a credible deterrence by the Alliance as a whole. The same is true of the European Union: while there is agreement on a number of measures, such as the Cybersecurity Act and the work of the European Union Agency for Cybersecurity (ENISA), the implementation of these measures is far from consistent. And while European countries are working at the national level to develop their own strategies for dealing with cyber threats, there are considerable differences in terms of the objectives that these strategies are intended to achieve and the measures that are deemed necessary to meet them.
Beyond the traditional threats of cyber-attacks conducted by states or other malicious actors, a large and diverse array of risks are emerging that will affect Europe’s security in the years to come. AI-based cyber-attacks that use deepfakes or other automated methods to compromise IT systems and disrupt operations increasingly pose a threat to democratic stability by challenging information integrity and eroding public trust. Moreover, as global cybercrime continues to evolve, it is increasingly conducted by transnational networks that exploit jurisdictional weaknesses and complicate enforcement across borders. Supply-chain risks, for example, can allow hardware, software or services to be used for espionage or other malicious purposes, especially as companies increasingly rely on external providers for critical IT functions. Achieving strategic autonomy in key technologies, such as semiconductors, cloud computing and AI, is therefore only partially realised, as Europe’s companies remain heavily dependent on non-European providers for these critical functions.
In summary, Europe is not yet a safe and secure area for living and for doing business. To overcome these risks, a European Cyber Security Structure of defence has to be developed to counter cyber threats on an equal footing with other domains of military operation. The national Cyber Security Structures must be able to act in real time and based on a clear mandate from the European Union. Their operational conditions and the way in which they are deployed on the national scene must be on the same footing. Harmonised regulations for all member states of the European Union have to be introduced to ensure a uniform level of security. Furthermore, a binding agreement on joint actions to be taken in case of an attack has to be agreed upon by all member states. This in turn requires a massive investment by member states in their own information and communication technologies in order to reduce the current dependence on suppliers outside of Europe. To this end, an adequate innovation system has to be developed, and existing structures have to be optimised for this purpose. To achieve these goals, a close cooperation with the USA has to be maintained but must not be allowed to become an end in itself. In addition, NATO’s cyber doctrine has to be developed further and, in the context of joint military operations, it must be possible to respond within minutes to a cyber-attack. For this purpose, joint exercises must be conducted, and rapid incident response and the exchange of intelligence with all partners involved in the operation must be possible. In addition, a structure for preventive action has to be developed in order to be able to deal with new threats in good time, for example from the area of artificial intelligence.
In summary, it is increasingly important for Europe to ensure its security and stability in the digital age. An integrated approach to cyber security is necessary to ensure security of and in digital networks and to develop defences in order to ward off potential threats. In the context of cross-border threats, Europe’s current cyber defence is not sufficient. This is why a unified and sustainable approach to cyber security is needed. Such an approach would need to be based on integration, self-reliance in terms of technology, and international cooperation. With such an approach, it is possible to create the necessary measures to secure digital networks against new threats. This requires a long-term strategy and corresponding investments. However, without such a strategy and corresponding measures, there is a real risk that the same mistakes will be repeated over and over again and that Europe’s position in the global competition for influence in the digital age will be further eroded.
But Europe needs to step up the effort and move with needed speed. Europe needs to coordinate actions of its member states and their many institutions as threats in the cyber domain are continuously changing – in scale and in type. This requires European leaders to have the determination to pursue unity of action at a time when the global environment is becoming more unstable. And as was the case in the past, democratic values and critical infrastructure of all European countries are under permanent assault from many different actors employing a variety of tools.
The opinions expressed in this article are his own.
References
- Villani, S. (2025). The Cyber Solidarity Act: Framework and perspectives for the new EU-wide cybersecurity solidarity mechanism under the EU legal system. European Journal of Risk Regulation, Cambridge University Press.
- European Union Agency for Cybersecurity (ENISA). (2026). ENISA international strategy 2026–2028. European Union Agency for Cybersecurity
