Photo: NATO Cybersecurity experts during Crossed Swords 2025. Credit NATO CCDCOE via flickr.

A Joint Cyber Defense for Europe?

The cyber abilities of the EU’s 27 member states are variable, but the best-prepared can benefit from helping the laggards.

By Marija Golubeva

March 3, 2026

One year has passed since Defense Secretary Pete Hegseth ordered US Cyber Command to halt all offensive cyber operations and planning against Russia.

The decision came as elements of the defense community were calling for a more offensive posture in the cyber domain, given that Russian operations against NATO allies and other countries in the European neighborhood had grown in scale since the beginning of the full-scale war in Ukraine.

It is perhaps not yet the time to draw a balance of the strategic outcomes of the US decision, but some conclusions can now be drawn on Europe’s position, given the de facto absence of US cyber deterrence.

On the one hand, hybrid attacks on Europe’s critical infrastructure have continued and at times escalated, as in a series of bold cyberattacks on Poland’s energy sector in December. Polish defenses repelled the attack, and the lights stayed on during a period of extremely low temperatures. A survey of experts by the European Security Studies Institute has named a disruptive attack on EU critical infrastructure the top risk for this year. On the plus side, key European countries have moved to strengthen or launch their own peacetime cyber defense capabilities.

Germany, traditionally wary of escalation, is now moving to give its intelligence and security agencies a legal mandate to “hack back” in the event of hybrid attacks on its infrastructure. While the exact scope of the mandate is still unclear, the public debate suggests it will extend beyond the cyber domain – i.e., that offensive cyber capabilities might also be used in case of other hybrid attacks on German infrastructure.

Countries that have been building cyber defense capabilities for years are now adopting a more offensive stance. In October, the Dutch Ministry of Defense presented a new Defense Cyber Strategy 2025, stating that the Netherlands is moving from reactive to proactive operations, “preemptively eliminating hacker groups before they can launch attacks against the Netherlands or its allies.” The Dutch statement added that it is already “infiltrating the systems of hacker groups” to counter hostile cyber behavior from Russia and China.

Finland’s cybersecurity strategy, adopted in 2024, has already included responses and countermeasures, but efforts to implement it picked up in 2025. And in Poland, the 2026 amendment to the Polish Act on the National Cybersecurity System (KSC) builds a legal bridge between civilian and military cybersecurity bodies. The amendment formally recognized a national hub for real‑time exchange of information on cyber threats, incidents, and vulnerabilities, and legislated a clear escalation pathway from civilian sectoral cybersecurity bodies to the defense ministry. This creates centralized technical capacity in a way that, in practice, supports more continuous, state-level cyber operations.

These and similar developments among European NATO members seem to point towards an accelerated drive to build cyber deterrence capabilities without waiting for a change in the currently quiescent US stance on deterring Russia.

Get the Latest

Might it go a step further and culminate in the development of joint offensive cyber capabilities at the EU level?

At present, EU member state capacity is variable, both in terms of deterrence and detection. Countries have agreed on a certain level of data sharing and joint analysis, where every EU member state has a national computer emergency response team (CERT) responsible, among other things, for aiding critical companies in preventing cyberattacks and reducing damage when they occur.

Even then, as a senior European energy industry executive told this author in a recent interview, big companies are more reliant on in-house capabilities than national cyber protection agencies. There is a greater issue for medium-sized and small companies. In a similar way, some EU countries are better prepared to respond in kind to attacks on their critical infrastructure, and some are barely prepared at all.

Meanwhile, the threat keeps growing through increasing digitalization of systems, including in the energy and transport sectors, but also through distributed energy production networks like renewables. It was these elements of windfarms and photovoltaic facilities that were targeted in December’s suspected Russian attack on Poland’s energy sector.

While countries like France (likely the biggest cyber offensive power in continental Europe) and Poland may give preference to strengthening their national cyber muscle, a more integrated European cyber defense should also be considered.

There is at least one pragmatic reason for better-prepared European countries to agree on closer cybersecurity cooperation with their neighbors — fresh data. Having a clearer understanding of threats in your neighborhood in real time is a way to strengthen the protection of your own infrastructure. The EU’s cybersecurity agency, ENISA, collects information and offers updates on current threats, but currently, there is no US NSA-style linkage with EU-level offensive cyber capabilities (like US Cyber Command) that would deter hostile groups. As recent NATO research on the next generation information environment points out, security is no longer state-centric — it is likely to target platforms and infrastructure that ensure everyday societal functioning, such as energy systems, social media platforms, and large language models (LLMs), rather than physical targets. This is true not only for the cognitive domain (the information environment that influences what people believe and how they make decisions), where infrastructure owned by tech giants offers vast opportunities to those targeting Western societies. This is also the case for national economies, which are increasingly dependent on logistical and energy networks that can be attacked to disrupt more than one country at once.

While many EU countries may hesitate to put their cyber capabilities at the disposal of strategically ambiguous allies, such as Victor Orbán’s Hungary, closer cooperation between those enjoying mutual trust may yet emerge. Whether it will be under an EU or NATO umbrella, it will likely entail voluntary participation, creating a de facto European layer of allied cyber defense.

Establishing a European switchboard and command room to register incoming cyber threats and to agree responses or launch attacks against an adversary state would not make Europe 100% immune to cyberattacks and other hybrid threats. However, it would send a clear signal that, with or without US support, if there is a Russia-linked blackout in Warsaw, it will be shortly followed by a blackout in Kaliningrad or St Petersburg.

Marija Golubeva is a Distinguished Fellow with the Democratic Resilience Program at the Center for European Policy Analysis (CEPA). She was a Member of the Latvian Parliament (2018-2022) and Minister of the Interior from 2021-2022. She is the founder of crisis exercise startup Meleys and a Henrik Enderlein Fellow at the Centre for International Security, Hertie School (Berlin).  

Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions expressed on Europe’s Edge are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.