Join us at Binding Hook Live on October 27 at Underbelly Boulevard Soho in London
Join us at Binding Hook Live
Request an invite
Main Logo Expert commentary on tech and security

From hacktivism to development coordination, cyber conflict blind spots bring risks

Ric Derbyshire / Isabella Neumann / Veronika Datzer 26 March 2025
Share On:
Virtual Routes fellows identify three key blind spots in our understanding of cyber conflict: the risks of new forms of hacktivism, insufficient EU defense coordination, and cybersecurity risks in the Global South.
Main Top Image
Photo: Sinitta Leunen/Unsplash

Virtual Routes is pleased to welcome the 2025-2026 cohort of European Cybersecurity fellows to our community. As part of their application, each fellow wrote an essay on one of three set questions addressing some of the biggest issues facing European cybersecurity policy and practice. Over the next three weeks, we are delighted to introduce this group of talented young cybersecurity professionals with a short series of excerpts from their essays, grouped by question.

In our first installment, Ric Derbyshire of Orange Cyberdefense, Isabella Neumann of the University of Coimbra, and Veronika Datzer from the German Development Cooperation answer the question, What’s the biggest blind spot in our understanding of cyber conflict, and why can’t we afford to ignore it?

Ric Derbyshire, principal security researcher at Orange Cyberdefense and honorary researcher at Imperial College London

Hacktivism, once rooted in symbolic protest and ideological demonstrations, has escalated into a significant threat. Increased targeting of the operational technology controlling and automating physical processes within critical national infrastructure has blurred the lines between independent activism and state-linked operations. This exacerbates the challenges of attributing responsibility to states that tolerate, influence, or support escalatory hacktivist groups. Together, these factors create the biggest blind spot in our understanding of cyber conflict.

Targeting operational technology, particularly within critical national infrastructure, doesn’t just amplify the hacktivist threat, it fundamentally changes the game. Cyberattacks on operational technology bridge the gap between cyber and physical impacts, causing direct societal and economic consequences in ways not previously seen. The explosive cyber-physical impact of Predatory Sparrow’s 2022 attack on Iranian steel manufacturers and the 160 households affected by Cyber Av3ngers’ attack on Irish water treatment facilities epitomise this phenomenon.

Moreover, proliferating offensive cyber tools and large language models (LLMs) have lowered barriers to entry, enhancing attack sophistication and expediting capability development in specialised domains like operational technology. 

Beyond its direct risks, escalatory hacktivism challenges accountability as groups increasingly align with state objectives. States can recruit, encourage, or tacitly support hacktivists while maintaining plausible deniability, benefiting from cyber operations without overt responsibility. 

The lack of clear attribution weakens accountability, preventing victim states from responding decisively and emboldening further escalation. With no consensus on state responsibility for non-state actors and increased targeting of critical infrastructure, hacktivism is a destabilising force in cyber conflict, exploiting ambiguity to undermine international norms.

Addressing escalatory hacktivism is fraught with challenges, from the complexity of attribution to the absence of clear frameworks for holding states accountable. Strengthening critical national infrastructure resilience and fostering international cooperation are essential but remain difficult amid the escalatory tactics and ambiguous state involvement of hacktivist groups. 

However, failing to address this blind spot risks further destabilisation of cyberspace, emboldening actors to escalate their attacks with real-world consequences. As geopolitical conflicts intensify, decisive action is needed to prevent hacktivism from uncontrollable escalation. Ignoring it is not an option.

Isabella Neumann, Ph.D. candidate in international politics and conflict resolution at the University of Coimbra and guest researcher at the University of Oslo’s Centre for European Studies

The European Union continues to grapple with significant challenges in defense coordination, particularly in countering AI-driven cyber threats, data breaches, and disinformation campaigns. A striking example is the AI-generated deepfake campaigns that targeted policymakers and sought to manipulate public opinion during the 2024 European elections. These threats are exacerbated by uneven cyber capabilities, poor interoperability, and limited cross-border resource sharing, all undermining the EU’s overall security.

Yet, cybersecurity presents a dual reality: it is both a significant threat to security and a unique opportunity for greater cooperation. On one hand, cyber threats – such as disinformation campaigns, data breaches, and attacks on critical infrastructure – demand urgent attention. Conversely, cybersecurity offers a promising avenue for deepening civil-military collaboration, representing a key opportunity to strengthen security cooperation. 

Unlike conventional defense operations, cyber operations often do not require physical deployments or overt military interventions, making their integration more politically feasible. This unique characteristic enables more potent synergy between civilian agencies – such as law enforcement, intelligence, and critical infrastructure protection – and military cyber defense units. Civilian agencies excel in regulation and analysis, while militaries bring strategic planning and advanced cyber capabilities. Together, they can form a more cohesive and adaptive defense mechanism. In other words, by fostering mutual support and integration between civilian and military sectors, the EU could significantly enhance its ability to respond to complex threats.

However, this potential is hindered by persistent challenges, including a lack of standardized frameworks, conflicting resource distribution, and unclear legal boundaries, leaving 

coordination between the civil and military sectors fragmented. While initiatives under the EU’s Permanent Structured Cooperation (PESCO) – such as cyber rapid response teams and the European Military Space Surveillance Awareness Network – have enhanced coordination, more efforts are needed to address remaining gaps and strengthen the EU’s collective defense capabilities.

To fully realize cybersecurity’s potential as a unifying domain, the EU must establish a unified legal framework to clarify the roles of civilian and military actors in cyber defense and address inefficiencies and overlaps. Enhancing civil-military interaction through structured communication, joint training, and shared exercises will build trust, improve cooperation, and ensure more efficient crisis response.

Veronika Datzer, policy advisor on international digital policy at the German Development Cooperation (GIZ)

Cybersecurity in the Global South is national security in Europe, though it is often overlooked in EU policy discussions. Traditionally, EU cyber policy has focused on threats from major geopolitical adversaries such as China, Russia, and Iran. As the EU seeks closer partnerships in Africa, Asia, and Latin America, cyber threats in these regions increasingly pose risks to European stability, particularly through disruptions to supply chains and digital infrastructure. 

As internet connectivity expands, cyber risks in emerging economies rise significantly. Research indicates cyber threats in emerging economies are growing faster than in developed nations, impacting vulnerable populations and global trade. 

One key issue is weak cyber ecosystems. The African Union’s Malabo Convention provides a cybersecurity framework, but it lacks binding enforcement. African countries may lack technical and organisational measures, with only a few, such as Kenya and Rwanda, serving as regional cybersecurity leaders. Limited information sharing, reliance on pirated software, and AI-driven cybercrime exacerbate these vulnerabilities, making these regions attractive targets for cybercriminals and state-sponsored actors.

Despite significant investments through the EU’s €300 billion Global Gateway initiative, cybersecurity remains largely disconnected from the EU’s broader national security agenda. Better coordination between cyber policy, diplomacy, and development cooperation could strengthen Europe’s security. Strengthening partnerships, improving cyber resilience in the Global South, and fostering knowledge exchange between EU institutions and partner countries are crucial steps to closing cybersecurity blind spots. 

Following the policy of integrated security, the efforts of the EU’s development cooperation should be better integrated into its overall policies to prevent potential blind spots. By adequately recognising and responding to cyber threats in partner countries, the EU does not only support its partners in safely closing the digital divides. Europe also closes potential loopholes for cyber threats to permeate and ultimately benefits from stable trade relations.

As the geopolitical landscape shifts, the EU must take a leadership role in global cyber capacity building, particularly in light of reduced US development funding. A unified cybersecurity strategy, integrating diplomacy, security, and development, is essential for Europe’s digital stability in an interconnected world.

avatar
Ric Derbyshire
avatar
Isabella Neumann
avatar
Veronika Datzer

Related

Featured image
Binding Edge
Deception can enable private-sector initiative persistence
Neil Ashdown / Jeremy Henty 18 March 2025
Read more arrow
Featured image
Binding Edge
Subsea sabotage should spark review of critical infrastructure security
Nima Khorrami 9 January 2025
Read more arrow
Featured image
Binding Edge
Can Europe and the US under Trump find unity in cybersecurity?
Celien De Stercke / Artem Galushko 29 January 2025
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by Virtual Routes (“Virtual Routes”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by Virtual Routes.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants Virtual Routes exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

Virtual Routes, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify Virtual Routes, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

Virtual Routes reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond Virtual Routes’ reasonable control impairs the integrity or proper functioning of the Competition, as determined by Virtual Routes in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, Virtual Routes reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.