BRUSSELS — In the 10 years since the Brussels terror attacks, the EU has tightened its security strategy but the internet is opening up new threats, according to the bloc’s counterterrorism coordinator.  Daesh is “mutating jihadism,” Bartjan Wegter told POLITICO in an interview on the eve of the anniversary of the terrorist attacks in Brussels, which pushed the bloc to bolster border protection and step up collaboration and information-sharing. The group has “calculated that it’s much more effective to radicalize people who are already inside the EU through online environments rather than to organize orchestrated attacks from outside our borders,” he said.  “And they’re very good at it.” Ten years ago, two terrorists from Daesh (also known as the so-called Islamic State) blew themselves up at Brussels Airport. Another explosion tore through a metro car at Maelbeek station, in the heart of Brussels’ EU district. Thirty-two people were killed, and hundreds more injured.  The attacks came just months after terrorists killed 130 people in attacks on a concert hall, a stadium, restaurants and bars in Paris, exposing gaps in information-sharing in the bloc’s free-travel area. The terrorists had moved between countries, planning the attacks in one and carrying them out in another, said Wegter, who is Dutch. “That’s where our vulnerabilities were.” Today, violent jihadism remains a threat and new large-scale attacks can’t be excluded. But the probability is “much, much lower today than it was 10 years ago,” said Wegter. In the aftermath of the attacks, the bloc changed its security strategy with a focus on prevention and a “security reflex” across every policy field, according to Wegter. It’s also stepping up police and judicial collaboration through Europol and Eurojust, and it’s putting in place databases — including the Schengen Information System — so countries could alert each other about high-risk individuals, as well as an entry/exit system to monitor who enters and leaves the free-travel area. But the bloc is facing a new type of threat, as security officials see a gradual increase in attempted terrorist attacks by lone actors. A lot of that is being cultivated online and increasingly, younger people are involved. “We’ve seen cases of children 12 years old. And, the radicalization process [is] also happening faster,” Wegter said. “Sometimes we’re talking about weeks or months.” In 2024, a third of all arrests connected to potential terror threats were of people aged between 12 and 20 years old, and France recorded a tripling of the number of minors radicalized between 2023 and 2024, said Wegter.  “Just put yourself in the shoes of law enforcement … You’re dealing with young people who spend most of their time online … Who may not have a criminal record. Who, if they are plotting attacks, may not be using registered weapons. It’s very hard to prevent.” Violent jihadism is just one of the threats EU security officials worry are being cultivated online. Wegter said there is also an emerging trend of a violent right-wing extremist narrative online — and to a lesser extent, violent left-wing extremism. There’s also what he called “nihilistic extremist violence,” a new phenomenon that can feature elements of different ideologies or a drive to overthrow the system, but which is fundamentally minors seeking an identity through violence. “What we see online, some of these images are so horrible that even law enforcement needs psychological support to see this kind of stuff,” said Wegter. Law enforcement’s ability to get access to encrypted data and information on people under investigation is crucial, he stressed, and he drew parallels with the steps the EU took to secure the Schengen free movement 10 years ago. “If you want to preserve the good things of the internet, we also need to make sure that we have … some key mechanisms to safeguard the internet also.”

Slovenian Prime Minister Robert Golob’s liberals lead by a narrow margin in Sunday’s national election over former right-wing populist leader Janez Janša, according to exit polls.  The preliminary results show Golob’s governing Freedom Movement party securing 29.9 percent of the vote, good for 30 seats in the country’s 90-seat chamber, ahead of Janša’s conservative Slovenian Democratic Party (SDS) on 27.5 percent, equaling 27 seats. If those results hold, it would represent a substantial step back for Golob’s party, which won 41 seats in the last election in 2022. The Slovenian vote has been seen as a mood-check of the bloc’s electorate, with the EU tilting right since the 2024 European Parliament elections gave a boost to right-wing populist parties. A nationalist-populist government took power in the Czech Republic last year, adding to a pro-Moscow bloc that includes Slovakia and Hungary, while the far-right RN leads polling in France ahead of key 2027 presidential elections. If Janša, who has expressed admiration for U.S. President Donald Trump, were to lead the country again, it would give Hungarian Prime Minister Viktor Orbán another ally in the European Council. In remarks Sunday night at his party headquarters, Janša said the results show Slovenia has two choices: Either the incumbent liberal-left coalition could continue to govern, or a new right-wing coalition under SDS could take the reins. LIBERALISM VS. ILLIBERALISM Slovenes went to the polls after a dramatic campaign that in its final stretch was less about bread-and-butter issues than allegations of election interference.  Janša, a veteran politician who has served multiple terms as prime minister, campaigned on lower taxes and stronger governance, while Golob sought to frame the election in an interview with POLITICO as a choice between liberal democratic values and Janša’s Hungary-style illiberalism.  Leaked audio and video recordings published earlier this month and apparently designed to tie Golob’s government to corruption showed prominent Slovenian figures, including a former minister, apparently discussing illegal lobbying and the misuse of state funds.   Slovenian authorities said Israeli private intelligence firm Black Cube had carried out illegal surveillance and wiretapping and has visited SDS headquarters in December. Janša acknowledged he had been in contact with a figure linked to the firm, but denied hiring them to dig up dirt on the government.  In a letter sent earlier this week and obtained exclusively by POLITICO, Golob urged European Commission President Ursula von der Leyen to investigate the alleged election interference, calling it “a clear hybrid threat against the European Union.”  Both parties sought to turn the scandal to their advantage ahead of the vote, with the SDS arguing the recordings were proof of high-level corruption while Golob’s supporters said it was evidence Janša was willing to collaborate with foreign entities to retake power.    The political row spilled over into Brussels, with the European People’s Party group, to which Janša’s party belongs, pushing last week for a European Parliament hearing on fresh allegations that Slovenia’s EU commissioner, Marta Kos — who hails from Golob’s party — had collaborated with Yugoslavia’s secret police decades ago.  Kos has denied the claims, and an official close to her cabinet described the accusations to POLITICO as politically motivated.  The first official results of Sunday’s election will be declared later in the evening.  Ali Walker contributed to this report.

Listen on * Spotify * Apple Music * Amazon Music In dieser Sonderfolge spricht Gordon Repinski mit zwei Experten, die sich regelmäßig mit unsichtbaren, hybriden Angriffen beschäftigen: Sinan Selen, Präsident des Bundesverfassungsschutzes, und Marika Linntam, Botschafterin Estlands in Deutschland. Zusammen haben sie auf der Sicherheitstagung des Bundesverfassungsschutzes und des „Verbandes für Sicherheit in der Wirtschaft“ besprochen, wie Russland mit Nadelstichen versucht, die deutsche Wirtschaft und Gesellschaft zu destabilisieren. Während Estland durch jahrelange Erfahrung eine breite gesellschaftliche und wirtschaftliche Resilienz gegen Desinformation und Sabotage entwickelt hat, warnt Sinan Selen vor einem erheblichen Nachholbedarf in deutschen Unternehmen und der breiten Öffentlichkeit. Im Gespräch geht es deswegen auch darum, wie die Sensibilität gesteigert werden kann, ohne dabei paranoid zu werden. Das Berlin Playbook als Podcast gibt es jeden Morgen ab 5 Uhr. Gordon Repinski und das POLITICO-Team liefern Politik zum Hören – kompakt, international, hintergründig. Für alle Hauptstadt-Profis: Der Berlin Playbook-Newsletter bietet jeden Morgen die wichtigsten Themen und Einordnungen. ⁠Jetzt kostenlos abonnieren.⁠ Mehr von Host und POLITICO Executive Editor Gordon Repinski: Instagram: ⁠@gordon.repinski⁠ | X: ⁠@GordonRepinski⁠. POLITICO Deutschland – ein Angebot der Axel Springer Deutschland GmbH Axel-Springer-Straße 65, 10888 Berlin Tel: +49 (30) 2591 0 ⁠information@axelspringer.de⁠ Sitz: Amtsgericht Berlin-Charlottenburg, HRB 196159 B USt-IdNr: DE 214 852 390 Geschäftsführer: Carolin Hulshoff Pol, Mathias Sanchez Luna

Dutch authorities are tightening security for critics of the Iranian regime after a man was shot earlier this week.  The 36-year-old man of Iranian descent was hospitalized with serious injuries on Thursday after being targeted in public in his home city of Schoonhoven. The shooter remains at large.  “Because of his Iranian background and because of the tensions in the world right now, I’ve ordered an assessment of whether this means something for the safety of other Iranian dissidents in the Netherlands,” Justice and Security Minister David van Weel told journalists on Friday.  “And where needed, we’ve taken additional measures.”  Van Weel added it is still unknown whether the man was specifically targeted because of his Iranian roots. “But the fact that he is Iranian and spoke out against the regime is something to be taken seriously.”  Dutch media reported that the victim had shared criticism of the regime in Tehran with tens of thousands of followers on Instagram and Telegram and had recently expressed his support for the U.S.-Israeli strikes on Iran.  In one post, he thanked U.S. President Donald Trump for the death of Ayatollah Ali Khamenei, Dutch public broadcaster NOS reported. Thursday’s shooting has sent a “chilling shudder” through the Iranian diaspora in the Netherlands, Dutch parliamentarian Ulysse Ellian wrote in a reaction on X. “I know what the long arm of the mullahs in Tehran is capable of,” he added.  According to the Dutch intelligence agency AIVD, there are “strong indications” that Iran was behind the murders of two Dutch citizens of Iranian origin in 2015 and 2017. Speaking to parliament earlier this week, Van Weel said the “possibility that Iran was involved” in a separate incident — an explosion outside a synagogue in Rotterdam earlier this month — was still being investigated.  But he said “everything” pointed to the fact that the four teens aged between 17 and 19 who have been detained in connection with the case were acting on outside orders.  --------------------------------------------------------------------------------

THE HAGUE — Spying no longer always requires a spy. Foreign intelligence services like those of Russia or Iran are increasingly recruiting ordinary European citizens to carry out espionage and sabotage, according to Youssef Ait Daoud, director of intelligence and national threats at the Netherlands’ National Investigations and Special Operations unit. The shift means authorities are now chasing otherwise unremarkable civilians — often recruited online with promises of money or just the thrill of the mission — rather than professional intelligence officers. “It’s not as if there’s a note saying, ‘Greetings from Russia’ or ‘Greetings from Iran,’” Ait Daoud said. “Sometimes it’s simply: ‘Do you want to set fire to something for €5,000?’” Ait Daoud’s warning comes against a backdrop of vandalism, espionage, sabotage and disinformation that has been described as a campaign of attacks carried out by the Kremlin to weaken Europe. While Russia’s meddling predates the full-scale invasion of Ukraine — in 2018, the Netherlands expelled four Russian military intelligence agents for trying to hack the international chemicals watchdog, for instance — the pace and scale of activity has accelerated in the four years since the beginning of the war.  Ait Daoud leads a newly created police team tasked with enforcing the Netherlands’ expanded anti-espionage law, which makes it a crime to pass information or objects to foreign governments even when they don’t concern state secrets. He said the growing use of civilian recruits reflects a broader shift in how foreign intelligence services conduct operations — one that complicates efforts to counter their activities.  “Until recently, you mainly saw intelligence services themselves carrying out actions,” he added. “What we see now is that citizens, for payment, for adventure, or for some other reason, are lending themselves for such tasks.”   He described it as “crime as a service.” Intelligence agencies across Europe have begun warning their citizens about the risk of recruitment. In Germany, authorities in September launched a media campaign cautioning citizens against becoming “disposable agents.”  The Netherlands has gone a step further, tightening its law and creating Ait Daoud’s unit to enforce it. Foreign governments may think twice before meddling “because now there may be an entire team working to stop you,” he said.  Russia tends to draw the most attention when it comes to foreign interference in Europe, but intelligence agencies also consistently warn about threats from China and Iran. When it comes to transnational repression — governments targeting dissidents and diaspora communities abroad — the list of countries involved is even longer. For security reasons, Ait Daoud declined to say how large the new police team is, revealing only that it includes a dedicated cyber unit. Fighting foreign interference is less straightforward than combating terrorism, said Ait Daoud, who spent three years at the National Coordinator for Security and Counterterrorism before taking on his new role. “If someone wants to commit a terrorist act, they usually are ideologically motivated,” he said. “They move around in those circles, talk a certain way, are looking for explosives or firearms. All of that is visible.”  Intelligence operations, by contrast, take place in a “gray zone between war and peace,” he said, much of it online. Intelligence and media reports point to Telegram, a messaging platform popular in Russia, as a key recruitment tool.  In a high-profile case in September, Ait Daoud’s team was involved in the arrest of three 17-year-olds in connection with what prosecutors say was a Russian-directed plot. The teenagers are suspected of trying to map internet traffic around key sites in The Hague using a device known as a “Wi-Fi sniffer,” allegedly on orders from a Russian state-linked hacking group. According to Dutch media, targets included the Canadian embassy and the offices of Europol and Eurojust. Ait Daoud declined to comment on the case directly, but said it illustrates a broader concern: that many of the people carrying out such operations are “not necessarily hardened criminals or professional spies.”  He added that young people between the ages of 12 and 20 are “overrepresented” in crimes such as drug trafficking and terrorism, but referred to a study that suggests suspects in Russian hybrid warfare plots are often older, typically in their thirties. Another challenge for investigators is gathering enough evidence to secure a conviction. Under the Netherlands’ new espionage law, prosecutors must prove a suspect knowingly acted on behalf of a foreign state. That hurdle was highlighted this week when a Dutch court sentenced an employee of the country’s counterterrorism agency to 20 months in prison for taking state documents. The ruling was a blow to prosecutors, who had argued the man had secretly been spying for Morocco and had sought a 12-year sentence in what would have been the first major conviction under the new law.

Europe enters a more contested decade than any since the end of the Cold War. Yet the frontline shaping its security is no longer limited to land, sea, air or even space.   It runs directly through the digital backbone that powers modern life: the networks, data infrastructures and connectivity systems on which governments, economies and armed forces depend.  But Europe will not be secure until it takes this digital backbone’s security seriously, and governs its openness through risk-based, verifiable sovereignty rather than isolationism or complacency.  >  Europe will not be secure until it takes this digital backbone’s security > seriously, and governs its openness through risk-based, verifiable sovereignty A digital frontline that remains dangerously exposed  Hybrid threats no longer sit at the margins of European security. In reality, they cut straight through its core systems. Hospitals, energy grids, transport networks, financial markets and military command-and-control all rely on constant, resilient connectivity.   Via Vodafone. Joakim Reiter, group chief external and corporate affairs officer, Vodafone. And when those systems falter, nations falter. Recent blackouts in Portugal and Spain revealed what this means in practice. A ‘digital failure’ is not an IT incident. It is a national security event.   Adversaries have already drawn the lesson. Subsea cables carrying 95 percent of the world’s internet traffic face mounting sabotage risks. Satellites have become open theatres of geopolitical competition. And cyberattacks now routinely target both critical national infrastructure and the commercial networks that underpin defense readiness.   Despite this, much of Europe’s digital backbone is still approached as a utility, not a strategic asset. Market forces, on their own, cannot deliver the resilience, redundancy and diversity that modern deterrence requires. Piecemeal upgrades and fragmented responsibilities across civil, military and regulatory silos leave avoidable gaps that adversaries will inevitably exploit.  > A ‘digital failure’ is not an IT incident. It is a national security event.   Europe must therefore elevate secure connectivity to the level of defense preparedness — politically, financially and operationally. It requires moving beyond incrementalism to a coordinated framework that fosters and defends critical digital infrastructure — one that enables governments and operators to plan, train and respond together before, not during, the next crisis.  Sovereignty is about control, not isolation  Connectivity alone is not the issue. Europe’s strategic vulnerability also stems from how it governs the technologies on which its digital backbone depends.  And while digital sovereignty is one pillar of Europe’s wider resilience agenda — spanning critical value chains such as defense, automotive, chemicals and energy — it is the pillar without which none of the others can function.  Europe cannot attain digital sovereignty by continuing excessive dependence on a small number of non-European providers. But it also cannot achieve it by walling itself off from global innovation. Both extremes weaken resilience.  That’s why sovereignty done right means governing openness on Europe’s terms. Europe must keep critical operations in trusted European hands while maintaining access to the scale, performance and innovation that global platforms can provide.   This approach starts with understanding sovereignty across three dimensions:  — Data sovereignty: who has lawful access to information.  — Operational sovereignty: who runs and can intervene in critical systems.  — Technological sovereignty: which capabilities Europe must own or control.  The false choice between ‘ban foreign tech’ and ‘do nothing’ is a trap. The real path forward is risk-based, proportionate and verifiable. We must define what truly requires European control and work with like-minded international partners to build a trusted technology ecosystem. Sovereignty needs to be demonstrated in practice, not merely asserted in policy.  This approach would also enable Europe to pool industrial capacity with trusted partners such as Japan, Canada, Australia, the United Kingdom and South Korea. This is cooperation that strengthens Europe rather than diluting control.   From principles to verifiable control  Europe should reject blanket bans based on EU borders that raise costs, slow next-generation deployment and fail to deliver true control. Instead, sovereignty must be translated into concrete, auditable mechanisms that strengthen resilience.   To deliver it, Europe should follow four core principles:   1. Harden the backbone: Europe must create a much better business case for investing in resilient fiber, advanced 5G technologies and future networks built with defense-grade security. And it must fortify subsea cables, satellite systems and cross-border infrastructure against hybrid threats. This is defense spending by another name.  2. Engineer sovereignty into operations: ensure Europe retains verifiable control over access to sensitive systems and require European oversight of critical operations. Authorities must be able to verify who operates critical systems, where data is processed and which legal jurisdiction applies.  3. Certify ‘Trusted European Operators’: establish an EU-wide certification enabling European-anchored providers to manage access to global platforms within EU-governed environments. Make interoperability and portability mandatory to prevent lock-in and ensure resilience.  4. End ‘sovereignty washing’: providers claiming sovereign capabilities must prove it. Europe must require auditable disclosures and rigorous, risk-based assessments. If claims cannot be verified, they should not determine Europe’s critical infrastructure decisions.  In parallel, Europe should adopt a single EU framework defining practical levels across the data, operational and technological dimensions. This would give CIOs, regulators and public bodies clarity and consistency.   From doctrine to delivery  As the dust settles on the annual Munich Security Conference, Europe faces a defining choice. It can carry on treating its digital backbone as regulatory plumbing and watch vulnerabilities compound. Or it can recognise this backbone for what it is — a core line of defence.  > The real test of seriousness is whether governments and operators can plan > together, train together and respond together when systems are stressed.  The real test of seriousness is whether governments and operators can plan together, train together and respond together when systems are stressed. And this depends on whether investment, procurement and certification systems finally move at the speed security demands.  The way forward lies neither in dependence nor in fantasies of self-sufficiency. It must be grounded in risk-based sovereignty, delivered through verifiable control, modernized infrastructure and deeper public–private cooperation, aligned with trustworthy allies.  Ultimately, Europe cannot defend what it cannot connect, and it cannot compete if it closes itself off. Europe will fail this critical strategic test if the regulatory agenda for connectivity — the Digital Networks Act, Cybersecurity Act and merger guidelines revisions — does little to strengthen the very networks its security depends on.  If Europe gets this right, it can build a digital backbone capable of deterring adversaries, supporting allies, protecting citizens and powering innovation for decades to come.  -------------------------------------------------------------------------------- Disclaimer POLITICAL ADVERTISEMENT * The sponsor is Vodafone Group plc * The ultimate controlling entity is Vodafone Group plc * The political advertisement is linked to EU-level security and digital policy with particular focus on the Digital Networks Act, Cybersecurity Act, merger guidelines and broader digital sovereignty strategy. More information here.

Sweden has named Russia as its greatest threat and warns that Moscow’s increasingly risky behavior could trigger a dangerous escalation.    An annual report released Tuesday by the country’s Military Intelligence and Security Service flagged airspace violations, sabotage and cyber operations as examples of Russia’s belligerent actions in Sweden’s neighborhood, including the Baltic Sea.   “Russia is the primary military threat to Sweden and NATO,” the report stated, adding this threat was “serious and concrete” and describing Moscow’s conduct as “opportunistic and aggressive.” The Swedish assessment comes after Estonia’s Foreign Intelligence Service last week described Russia as “dangerous despite its incompetence” in its own annual review.   But the Estonian review also cautioned against “panic,” saying it saw no evidence that Russia intended to attack it or NATO in the coming year and projecting that it was unlikely to do so in the near future, given Europe’s ramped-up defense measures. During a background briefing last week attended by POLITICO, a senior NATO official echoed that view.  “What protects us is the strength of the alliance and the faith that we and Russia have in Article 5 [NATO’s collective defense clause]” as well as recent pledges by NATO members to boost defense spending to 3.5 percent of GDP, the senior official said. “So long as we continue to make the investments, that’s what keeps us on the side of the equation in which Russia wouldn’t dare.” Both the Estonian report and the senior NATO official, however, noted that Russia has dramatically increased artillery production, a sign that Moscow will continue to pose a threat even if peace is reached in Ukraine. Russia is “preparing for its next war,” the Estonian report claimed, estimating that its production of shells and other artillery has increased 17-fold since Moscow launched its full-scale invasion of Ukraine, now entering its fifth year. “You don’t simply turn all that off the day the war ends,” the senior NATO official said. “Russia will end up in some areas stronger as a military force than when it began” its war against Ukraine.

The center-right European People’s Party is eyeing “better implementation” of the Lisbon Treaty to better prepare the EU for what it sees as historic shifts in the global balance of power involving the U.S., China and Russia, EPP leader Manfred Weber said on Saturday. Speaking at a press conference on the second day of an EPP Leaders Retreat in Zagreb, Weber highlighted the possibility of broadening the use of qualified majority voting in EU decision-making and developing a practical plan for military response if a member state is attacked. Currently EU leaders can use qualified majority voting on most legislative proposals, from energy and climate issues to research and innovation. But common foreign and security policy, EU finances and membership issues, among other areas, need a unified majority. This means that on issues such as sanctions against Russia, one country can block agreement, as happened last summer when Slovakian Prime Minister Robert Fico vetoed a package of EU measures against Moscow — a veto that was eventually lifted. Such power in one country’s hands is something that the EPP would like to change.  As for military solidarity, Article 42.7 of the Lisbon Treaty obliges countries to provide “aid and assistance by all the means in their power” if an EU country is attacked. For Weber, the formulation under European law is stronger than NATO’s Article 5 collective defense commitment. However, he stressed that the EU still lacks a clear operational plan for how the clause would work in practice. Article 42.7 was previously used when France requested that other EU countries make additional contributions to the fight against terrorism, following the Paris terrorist attacks in November 2015.  Such ideas were presented as the party with a biggest grouping in the European Parliament — and therefore the power to shape EU political priorities — presented its strategic focus for 2026, with competitiveness as its main priority.  Keeping the pulse on what matters in 2026  The EPP wants to unleash the bloc’s competitiveness through further cutting red tape, “completing” the EU single market, diversifying supply chains, protecting economic independence and security and promoting innovation including in AI, chips and biotech, among other actions, according to its list 2026 priorities unveiled on Saturday. On defense, the EPP is pushing for a “360-degree” security approach to safeguard Europe against growing geopolitical threats, “addressing state and non-state threats from all directions,” according to the document. The EPP is calling for enhanced European defense capabilities, including a stronger defense market, joint procurement of military equipment, and new strategic initiatives to boost readiness. The party also stressed the need for better protection against cyberattacks and hybrid threats, and robust measures to counter disinformation campaigns targeting EU institutions and societies. On migration and border security, the EPP backs tougher asylum admissibility rules, faster returns, and strengthened external borders, including reinforced Frontex operations and improved digital systems like the Entry/Exit System.  The party also urged a Demographic Strategy for Europe amid the continent’s shrinking and aging population. The text, initiated by Croatian Democratic Union (HDZ), member of the EPP, wants to see demographic considerations integrated into EU economic governance, cohesion funds, and policymaking, while boosting family support, intergenerational solidarity, labor participation, skills development, mobility and managed immigration.  Demographic change is “the most important issue, which is not really intensively discussed in the public discourse,” Weber said. “That’s why we want to highlight this, we want to underline the importance.” 

Germany and Italy on Friday backed an organization dedicated to fighting hybrid threats and disinformation, weeks after the United States exited it and called it “wasteful.” Since the start of the war in Ukraine, Russia has hammered Europe with hybrid attacks ranging from cyberattacks, destruction of property and transport links, disinformation, drone incursions and even attempted assassinations. Analysts argue the aim of the hybrid campaign is to reduce European support for Ukraine.  Italian Prime Minister Giorgia Meloni and German Chancellor Friedrich Merz met in Rome to adopt a “plan of action for strategic bilateral and EU cooperation.” In the joint plan, the two countries committed to “strengthening” the European Centre of Excellence for Countering Hybrid Threats. The center was one of dozens of organizations from which U.S. President Donald Trump withdrew in early January on the grounds that they were “wasteful, ineffective, and harmful.” Meloni and Merz committed to “exchange on hybrid threats, information resilience and strategic communications,” as well as prioritizing a wide range of cybersecurity policies such as the protection of critical infrastructure, cyber capacity building projects and tackling cybercrime. They also said they will “prioritize disruptive and dual-use technologies” for cyber defense. The two European leaders also pushed to boost the EU’s intelligence-sharing capacities, in particular the “hybrid fusion cell” within the EU Intelligence and Situation Centre (EU INTCEN).

In the desolate Arctic desert of Kangerlussuaq, Greenland, Europeans are building defenses against a new, up-and-coming security threat: space hacks. A Lithuanian company called Astrolight is constructing a ground station, with support from the European Space Agency, that will use laser beams to download voluminous data from satellites in a fast and secure manner, it announced last month.  It’s just one example of how Europe is moving to harden the security of its satellites, as rising geopolitical tensions and an expanding spectrum of hybrid threats are pushing space communications to the heart of the bloc’s security plans. For years, satellite infrastructure was treated by policymakers as a technical utility rather than a strategic asset. That changed in 2022, when a cyberattack on the Viasat satellite network coincided with Russia’s invasion of Ukraine.   Satellites have since become popular targets for interference, espionage and disruption. The European Commission in June warned that space was becoming “more contested,” flagging increasing cyberattacks and attempts at electronic interference targeting satellites and ground stations. Germany and the United Kingdom warned earlier this year of the growing threat posed by Russian and Chinese space satellites, which are regularly spotted spying on their satellites.  EU governments are now racing to boost their resilience and reduce reliance on foreign technology, both through regulations like the new Space Act and investments in critical infrastructure. The threat is crystal clear in Greenland, Laurynas Mačiulis, the chief executive officer of Astrolight, said. “The problem today is that around 80 percent of all the [space data] traffic is downlinked to a single location in Svalbard, which is an island shared between different countries, including Russia,” he said in an interview. Europe’s main Arctic ground station sits in Svalbard and supports both the navigation systems of Galileo and Copernicus. While the location is strategic, it is also extremely sensitive due to nearby Russian and Chinese activities. Crucially, the station relies on a single undersea cable to connect to the internet, which has been damaged several times. “In case of intentional or unintentional damage of this cable, you lose access to most of the geo-intelligence satellites, which is, of course, very critical. So our aim is to deploy a complementary satellite ground station up in Greenland,” Mačiulis said. THE MUSK OF IT ALL A centerpiece of Europe’s ambitions to have secure, European satellite communication is IRIS², a multibillion-euro secure connectivity constellation pitched in 2022 and designed to rival Elon Musk’s Starlink system. “Today, communications — for instance in Ukraine — are far too dependent on Starlink,” said Anders Fogh Rasmussen, the founding chairman of political consultancy Rasmussen Global, speaking at an event in Brussels in November. “That dependence rests on the shifting ideas of an American billionaire. That’s too risky. We have to build a secure communications system that is independent of the United States.” The European system, which will consist of 18 satellites operating in low and medium Earth orbit, aims to provide Europe with fast and encrypted communication. “Even if someone intercepts the signal [of IRIS² ], they will not be able to decrypt it,” Piero Angeletti, head of the Secure Connectivity Space Segment Office at the European Space Agency, told POLITICO. “This will allow us to have a secure system that is also certified and accredited by the national security entities.” The challenge is that IRIS² is still at least four years away from becoming operational. WHO’S IN CHARGE? While Europe beefs up its secure satellite systems, governments are still streamlining how they can coordinate cyber defenses and space security. In many cases, that falls to both space or cyber commands, which, unlike traditional military units, are relatively new and often still being built out. Clémence Poirier, a cyberdefense researcher at the Center for Security Studies at ETH Zurich, said that EU countries must now focus on maturing them. “European states need to keep developing those commands,” she told POLITICO. “Making sure that they coordinate their action, that there are clear mandates and responsibilities when it comes to cyber security, cyber defensive operations, cyber offensive operations, and also when it comes to monitoring the threat.” Industry, too, is struggling to fill the gaps. Most cybersecurity firms do not treat space as a sector in its own right, leaving satellite operators in a blind spot. Instead, space systems are folded into other categories: Earth-observation satellites often fall under environmental services, satellite TV under media, and broadband constellations like Starlink under internet services. That fragmentation makes it harder for space companies to assess risk, update threat models or understand who they need to defend against. It also complicates incident response: while advanced tools exist for defending against cyberattacks on terrestrial networks, those tools often do not translate well to space systems. “Cybersecurity in space is a bit different,” Poirier added. “You cannot just implement whatever solution you have for your computers on Earth and just deploy that to your satellite.”