The ongoing conflict between Europe and Russia extends beyond traditional battlefields in Ukraine. It is also fiercely contested in the digital realm and information space. Hybrid threats—combining military, cyber, and influence operations—have emerged as a new dimension of warfare, blurring the lines between physical and virtual fronts. Cyberattacks targeting critical infrastructure and large-scale disinformation campaigns have become key tactics to destabilize societies and undermine democratic resilience. However, it’s important to note that information itself is not homogeneous. The cyberspace, often referred to as the “information domain,” encompasses bits and bytes that constitute information. However, it doesn’t necessarily refer to information that directly impacts human emotions and causes psychological effects. This raises the question: is a cyber-led fake campaign now considered cyberwarfare or a psychological operation (PsyOp)? This distinction is crucial to understand the nature of these operations.
Cyberattacks Fueling the Hybrid War
Since the conflict began, Ukraine has faced persistent cyber offensives targeting power grids, communication networks, and financial systems. Sophisticated malware campaigns and distributed denial-of-service (DDoS) attacks aim to disrupt essential services and sow chaos. Notable incidents include repeated attacks on Ukrainian government portals to impair administrative functions and damage critical infrastructure elements such as electricity supply and water facilities.
These operations serve a strategic purpose: to degrade the opponent’s ability to maintain state functions and erode public confidence in the performance of the state. This impact extends beyond Ukraine’s borders, as Western countries have also been grappling with phishing attacks, cyber threats, and DDoS attacks for years.
Information Warfare: The Battle for Narrative and Perception
Information warfare is a critical aspect of this conflict, involving the battle for narrative and perception. The goal is to shape public opinion and influence the way people perceive events and issues. This battle is fought in various domains, including the digital realm, where cyberattacks and disinformation campaigns play a significant role.
Beyond technical sabotage, the conflict involves intense informational manipulation aimed at influencing domestic and global audiences. Coordinated disinformation campaigns, the proliferation of fake news, and troll network activities seek to confuse, radicalize, or demoralize populations. These efforts exploit social media algorithms and digital communication channels to amplify narratives favorable to one side while undermining trust in institutions, media, and democratic processes.
Recognizing the magnitude of these threats, Germany and the European Union have bolstered their strategic communication capabilities. Fact-checking initiatives, media literacy programs, and the identification and shutdown of disinformation networks are integral components in maintaining societal resilience. This “battle of narratives” is seen as decisive as the fight on physical fronts, given the power of perception to shape political and military outcomes.
Addressing hybrid threats requires a holistic approach. Germany and its European partners have developed capabilities that merge traditional defense with cyber and information security. The Bundeswehr (German Armed Forces), intelligence services like the BND (Federal Intelligence Service), and civilian bodies such as the Federal Office for Information Security (BSI) collaborate closely to create layered protection.
Concrete measures and structures on European and national level
Germany and its European partners implement their holistic approach to hybrid threats through concrete frameworks, structures, and coordinated operations that integrate military, intelligence, and civilian capabilities. Here’s how they achieve this in practice:
- Integrated Command Structures and Joint Task Forces
Germany’s Bundeswehr has established specialized cyber and information operations commands, such as the Cyber and Information Domain Service (Cyber- und Informationsraum). This service conducts both defensive and offensive cyber operations and collaborates with other agencies. On a European level, NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) and the EU Hybrid Fusion Cell facilitate joint planning and threat analysis. These structures enable real-time collaboration between military cyber units, intelligence agencies, and civil authorities. - Real-time intelligence sharing and early warning systems are crucial for effective cyber defense. The Federal Intelligence Service (BND), the Federal Office for the Protection of the Constitution (BfV), and other security services continuously gather, analyze, and disseminate cyber threat intelligence. Information sharing platforms, such as the German Cyber Security Council (DCS) and EU information sharing initiatives, facilitate rapid alerts to critical infrastructure operators and government bodies about ongoing or imminent attacks.
- Joint cyber defense exercises and training are essential for enhancing interoperability and response capabilities. Regular national and multinational exercises simulate hybrid threat scenarios, combining cyberattacks, disinformation campaigns, and kinetic threats. For instance, the German Armed Forces participate in NATO’s Cyber Coalition and Locked Shields exercises. These exercises test and improve the ability of military and civilian actors, including law enforcement and private sector partners, to work together effectively.
- Public-Private Partnerships for Critical Infrastructure Protection Germany’s critical infrastructure, including energy grids, telecommunications, and transportation, is heavily reliant on private companies. To address this, formal collaboration mechanisms exist between government agencies like BSI and industry partners. These mechanisms facilitate the sharing of threat intelligence and best practices, ensuring that cybersecurity standards and incident reporting obligations are aligned across sectors. Regulations and frameworks, such as the IT Security Act (IT-Sicherheitsgesetz), mandate these standards.
- Coordinated Crisis Management and Incident Response When hybrid incidents occur, established crisis teams, comprising representatives from the Bundeswehr, BND, BSI, interior ministries, and civil protection agencies, coordinate containment and mitigation measures. These measures may include technical defense (firewalls, patching), counter-disinformation campaigns, legal actions, and public communication strategies to maintain societal trust.
- Policy and Strategic Frameworks These approaches are integrated into national and EU-wide strategies, such as Germany’s National Cyber Strategy, the EU Cybersecurity Strategy, and NATO’s Hybrid Threat Action Plans. These policies establish mandates, funding priorities, and coordination guidelines for cross-sector hybrid threat defense.
Public-private partnerships are essential since a significant portion of critical infrastructure is operated by private firms. The primary focus is on building digital resilience, ensuring that networks can withstand attacks, recover swiftly, and maintain operational continuity.
On the policy front, initiatives such as the EU Cybersecurity Strategy and enhanced NATO hybrid threat response mechanisms are instrumental in this multi-domain cooperation. The objective is clear: to establish a resilient security ecosystem that can withstand disruptions, deception, and direct assaults, safeguarding democratic societies from evolving hybrid threats.
The Ukraine conflict vividly illustrates how modern warfare has transcended traditional boundaries. Cyberattacks and information warfare are not mere side effects but central tools in hybrid conflicts. Germany and Europe’s response underscores the significance of interconnected security—integrating military power, intelligence capabilities, and civilian resilience—to effectively counter these pervasive threats and preserve digital and societal stability.
For further updates on hybrid threat defense and cybersecurity developments, stay tuned to Vernetzte Sicherheit.
