Protecting Critical Infrastructure in Europe: Using Technical Attribution of Cyberattacks Effectively
摘要
Leaking pipelines in the Baltic Sea, severed data cables, and interruptions in satellite communications have raised the question in European capitals of how to respond politically, criminally, and even militarily to suspected attacks on critical infrastructure. In light of incidents affecting Germany and at least six other member states, NATO allies in May 2024 drew attention to the extent of identified Russian efforts to destabilize supporters of Ukraine (NATO 2024). The documented hybrid activities of Moscow range from disinformation campaigns and electronic interference with flight signals to coercion and assassination attempts against regime critics, as well as acts of sabotage, including with the help of cyberattacks. To strengthen member states’ capabilities in combating hybrid threats, the EU Council agreed at the end of May 2024 to establish EU rapid response teams for the analysis and defense against hybrid threats (Council of the European Union 2024a). However, the effective use of such mechanisms in the EU also depends heavily on a shared technical understanding among member states of how the threat actor operates, what capabilities they possess, and how much political or state support they can draw upon. As far as cyber-enabled acts of sabotage are concerned, the tactics, techniques, and procedures of cybercriminals have been tested and further developed over many years. The public attribution of such malicious activities demonstrates that, especially in the context of Russia’s war against Ukraine, these have had significant implications for the functioning of infrastructure in Ukraine and beyond (Egloff and Smeets 2021). Not least, electoral systems and power suppliers have become targets of Russian cyberattacks since Russia’s invasion of Crimea in 2014 (European Repository of Cyber Incidents 2025a, b).