Munich Cyber Security Conference Highlights Shift Toward Deterrence, Supply-Chain Risk, and Critical Infrastructure Resilience
Senior officials from the EU, NATO, the United States, Sweden, Estonia, and Taiwan used the Munich Cyber Security Conference to warn that cyber and “hybrid” operations are now a persistent feature of geopolitical competition and are increasingly aimed at critical infrastructure (energy, health, government services, satellites, and military command networks). EU Executive Vice President Henna Virkkunen argued Europe cannot be “naive” about adversaries’ ability to disrupt essential services and pointed to proposed revisions to the EU Cybersecurity Act intended to strengthen the EU cybersecurity agency and reduce critical ICT supply-chain risk, including phasing out designated high-risk suppliers. NATO Deputy Secretary General Radmila Shekerinska said Russia and China are challenging the alliance in both physical and digital domains and cited attempted disruptions to Poland’s energy infrastructure as an example of the threat environment.
U.S. officials signaled a shift from primarily defensive “resilience” toward deterrence by “imposing real costs” on malicious actors, while also emphasizing deeper cyber partnerships with allies and industry to send a coordinated message to adversaries; National Cyber Director Sean Cairncross said a forthcoming U.S. cyber strategy will align with broader national security strategy and rely on whole-of-government tools. Estonia’s intelligence chief Kaupo Rosin urged Europe to invest in homegrown offensive cyber capabilities to reduce reliance on non-European tools, while Swedish defense official Lisa Gustafsson said societies must be designed to function under sustained disruption under Sweden’s “total defense” model. Taiwan’s National Security Council adviser Yuh-Jye Lee warned China may be rehearsing a “digital siege,” referencing activity like Volt Typhoon and reporting on alleged Chinese training infrastructure (“Expedition Cloud”) designed to simulate foreign power grids and communications networks; separate reporting also underscored that much of the technology stack underpinning cyber defense is controlled by U.S. firms, complicating sovereignty and supply-chain decisions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
16 events from the most recent confirmed update back to the earliest known activity.
Sweden says Europe must adapt to permanent cyber and hybrid threats
At the Munich conference, a senior Swedish defense official said cyber and hybrid threats are now a permanent feature of Europe's security environment and outlined Sweden's total-defense model for resilience and cybersecurity.
EU warns against complacency over critical infrastructure disruption
At the Munich conference, European Commission Executive Vice President Henna Virkkunen said the EU must harden critical infrastructure, strengthen cyber rules, and reduce risky supplier dependencies as cyberattacks become central to modern conflict.
NATO deputy chief says alliance must impose costs on Russia and China
At the Munich conference, NATO Deputy Secretary General Radmila Shekerinska said the alliance must be ready to strike back against cyber and hybrid attacks, while improving resilience, exercises, attribution, and coordination with industry.
Estonia urges Europe to build homegrown offensive cyber capabilities
At the Munich conference, Estonia's foreign intelligence chief Kaupo Rosin called for European governments and industry to invest in indigenous offensive cyber tools and supporting technology stacks rather than relying heavily on non-European providers.
Leaked documents describe China's 'Expedition Cloud' cyber training platform
Recorded Future News reported on leaked technical documents alleging China operates a secret platform that replicates foreign power, transport, and communications systems so teams can rehearse and measure disruptive cyberattacks.
Taiwan warns China may be rehearsing disruptive cyberattacks
Taiwan National Security Council adviser Yuh-Jye Lee said China appears to be preparing for more aggressive cyber operations against critical infrastructure, citing activity such as Volt Typhoon and Taiwan's experience with persistent targeting.
U.S. officials push deterrence-focused cyber strategy at Munich
At the Munich conference, State Department official Anny Vu said the U.S. should move beyond resilience and reactive defense toward proactively disrupting adversaries and imposing real costs on malicious actors.
U.S. calls for deeper cyber partnerships to shape adversary behavior
At the Munich Cyber Security Conference, National Cyber Director Sean Cairncross said the United States wants closer cyber cooperation with allies and industry, backed by a forthcoming national cyber strategy and a whole-of-government approach.
Munich conference spotlights U.S.-Europe dependence on private tech platforms
At the Munich Cyber Security Conference, Paul Nakasone and Germany's Dag Baehr said cyber defense and sovereignty increasingly depend on privately owned technology stacks dominated by U.S. firms, complicating European digital sovereignty ambitions.
Senate Intelligence Committee advances Joshua Rudd for Cyber Command/NSA
The U.S. Senate Intelligence Committee voted 14-3 to send Lt. Gen. Joshua M. Rudd, President Trump's nominee to lead U.S. Cyber Command and the NSA, to the full Senate.
European Commission proposes revising the EU Cybersecurity Act
The European Commission proposed revisions to the EU Cybersecurity Act in the month before the conference to strengthen ENISA and reduce critical ICT supply-chain risks, including phasing out designated high-risk suppliers from critical infrastructure.
Poland thwarts cyberattacks targeting critical energy infrastructure
NATO's deputy secretary general said coordinated cyberattacks in December targeted parts of Poland's critical energy infrastructure but were stopped before causing major impact.
UK- and France-led Pall Mall Process launched on commercial spyware reform
Estonia's foreign intelligence chief referenced the Pall Mall Process, led by the UK and France, as an effort to reform the commercial hacking and spyware market amid concerns about abuse.
Sweden starts moving its cyber security center under FRA
Sweden began transferring the National Cyber Security Centre under the Defence Radio Establishment in 2024 after an inquiry found the previous structure was not delivering the expected results.
Russia's full-scale invasion of Ukraine intensifies Europe's cyber threat environment
A Swedish defense official said Europe's current environment of persistent cyber and hybrid threats has been especially pronounced since Russia's full-scale invasion of Ukraine, which accelerated whole-of-society defense planning.
Estonia suffers major cyberattacks that reshape its threat outlook
Estonia's intelligence chief said the country has faced increased probing since the 2007 cyberattacks on Estonia, which remain a reference point for its current cyber defense posture and concerns about Russian activity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official | The Record from Recorded Future News
therecord.media
Open sourceEstonia spy chief calls on Europe to invest in its own offensive cyber capabilities | The Record from Recorded Future News
therecord.media
Open sourceNATO must impose costs on Russia, China over cyber and hybrid attacks, says deputy chief | The Record from Recorded Future News
therecord.media
Open sourceEurope must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns | The Record from Recorded Future News
therecord.media
Open sourceUS needs to impose ‘real costs’ on bad actors, State Department cyber official says | The Record from Recorded Future News
therecord.media
Open sourceChina may be rehearsing a digital siege, Taiwan warns | The Record from Recorded Future News
therecord.media
Open sourceA hard truth in Munich: Cyber defense runs through Silicon Valley | The Record from Recorded Future News
therecord.media
Open sourceUS wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Divergent National Cybersecurity Strategies and Threats from China and Russia
A recent think tank report warns that the United States is not adequately prepared to counter the persistent and offensive cyber campaigns conducted by China and Russia. The report highlights that both adversaries treat cyberspace as a domain for ongoing national competition, with China in particular focusing on maintaining persistent access to U.S. critical infrastructure for potential coercion or disruption. The analysis criticizes the U.S. for relying on outdated, reactive frameworks and calls for a more aggressive, offensive posture to address the evolving threat landscape. In parallel, the United Kingdom is preparing to announce a refreshed cybersecurity strategy, reflecting on past efforts and emphasizing the need for resilience, especially in critical infrastructure. The U.K. faces challenges in resource allocation and skills gaps, which have hindered the implementation of previous strategies. Both the U.S. and U.K. are reassessing their approaches to cyber deterrence and resilience in light of increasing incidents and the strategic ambitions of state actors like China and Russia.
Mar 21, 2026
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
May 7, 2026
Europe Warns of Rising Threats to Energy Grids and Undersea Infrastructure
European officials and industry reporting have highlighted a widening threat to critical infrastructure as cyber risks to electricity networks grow alongside military monitoring of subsea assets. An International Energy Agency assessment cited in Spanish reporting said cyberattacks on critical energy infrastructure rose 30% in 2023 to **420 million** globally, while attacks on energy service companies have quadrupled since 2020. Recent incidents include the 2022 satellite communications disruption that knocked **5,800 wind turbines** offline in Germany and breaches affecting more than 20 Danish energy companies. Authorities have also warned that compromised smart meters, solar inverters, and battery systems could be used to destabilize grid frequency or trigger broader outages. The concern extends beyond direct hacking to supply-chain and geopolitical exposure tied to digitally connected clean-energy equipment and other strategic infrastructure. European and U.S. authorities reviewed communications modules in imported solar and battery systems, while Lithuania moved to block remote access by Chinese suppliers to solar, wind, and storage control platforms. Separately, the UK said British and Norwegian forces carried out a month-long operation to track a Russian attack submarine and two GUGI-linked spy submarines near North Atlantic cables and pipelines, underscoring fears that hostile states could target the seabed networks that carry **99% of international telecommunications traffic** and support a major share of regional energy supplies.
Apr 9, 2026