EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official

MUNICH, Germany — The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.

Speaking at the Munich Cyber Security Conference, European Commission Executive Vice President Henna Virkkunen said cyberattacks have become a central tool of modern conflict, often coordinated with physical sabotage, disinformation and economic pressure.

Europe’s power grids, hospitals, financial systems, satellites and military command networks are all deeply dependent on digital infrastructure — and increasingly exposed, she warned.

“In today’s world, there is no security without cybersecurity,” said Virkkunen, pointing to recent attacks and interference targeting hospitals, energy networks, public administrations, supply chains and democratic processes across Europe.

She said the Commission last month proposed revising the EU’s Cybersecurity Act to strengthen the bloc’s cybersecurity agency and reduce risks in critical information and communications technology supply chains. The draft proposal would see member states phase out the use of designated high-risk suppliers within their critical national infrastructure.

The potential threat posed by Chinese network equipment suppliers such as Huawei and ZTE had previously resulted in several national decisions to restrict those vendors from contributing to various parts of telecommunications infrastructure.

The use of U.S. technology and service providers had also prompted concern across the EU following President Trump’s unpredictable decisions to sanction various political figures — resulting in prohibitions against those officials using technology provided by companies such as Microsoft — and aggressive posture towards Greenland.

Those concerns were partially assuaged by U.S. National Cyber Director Sean Cairncross on Thursday, who stressed the U.S. wants European partners to work alongside it in cyberspace to confront the most significant threats — and stressed that the U.S. technology stack was safer than that offered by China.

Cairncross echoed a line coined by Secretary of State Marco Rubio, saying the U.S. “America first” approach does not mean “America alone.” Rubio is expected to deliver a keynote to the main Munich Security Conference on Saturday in the wake of an extremely controversial speech delivered by JD Vance last year.

Without naming specific states, Virkkunen argued that Europe’s growing reliance on digital systems has expanded the attack surface for hostile actors and made cyber defense a core part of defense readiness. “We can no longer afford to be naive about who has the capacity to switch off the ICT systems running our critical infrastructure,” she said.

She also pointed to new EU action plans on drone and undersea cable security, following recent incidents, as examples of efforts to improve prevention, detection and rapid response across borders.

Cyber, she said, is now a core military domain, and Europe must build stronger capabilities and a homegrown cyber industry, including by using advanced computing and artificial intelligence for defense. The goal, Virkkunen said, is to ensure Europe remains resilient, secure and able to withstand growing hybrid threats.