Beyond NIS2: Integrating Civil and Defence Cyber to Protect Europe’s Critical Functions
Europe’s essential services rely on digital systems that tie civilian operators and defence structures closely together, creating a landscape where a single cyber incident can rapidly spill across transport, healthcare, energy and security-related activities. This increasing interdependence is exactly what motivated the team of authors — Palina Shauchuk, Shafagh Kashef, Ievgeniia Lytvynova and Georges Ataya — to examine how Europe can strengthen its ability to recover from disruptions that increasingly cross civilian–defence boundaries.
Their analysis shows that today’s recovery processes remain fragmented, with civilian operators, national authorities, defence bodies and key suppliers often acting through separate procedures and communication routes. Even when each organisation performs its task effectively, the absence of a shared operational picture slows decision-making and allows disruptions to deepen before coordinated action takes shape.
To address this, the authors propose establishing a permanent dual-use cybersecurity ecosystem. Rather than creating new structures, this approach connects existing ones so that signal sharing becomes faster, interpretations of incidents become more aligned and cooperation becomes a routine expectation. The goal is to reduce delays that occur simply because different communities operate with different rhythms, responsibilities and priorities.
In the short term, the paper highlights the value of clear notification templates, joint incident rooms, and simplified channels for exchanging early impact information. Medium-term development depends on cross-sector exercises, consistent terminology and engaging critical suppliers in preparedness activities. Longer-term progress requires stable cooperation hubs where civilian and defence teams can refine tools, procedures and recovery models that function across sectors.
The authors’ central message is Europe’s resilience improves when cyber recovery is not treated as a collection of isolated activities but as a coordinated, continuous practice shared across civilian and defence domains. This shift is essential in a digital environment where disruptions rarely stay confined to one institution and where protecting critical functions demands a connected European response.
