February 13, 2026 12:36 pm CET
By Antoaneta Roussi
“We also have to have offensive capacity,” says Commissioner Henna Virkkunen.
Europe must be able to strike back in cyberspace, as the strategy to deter adversaries is no longer enough, the EU executive's tech and security chief told POLITICO.
“It’s not enough that we are just defending ... We also have to have offensive capacity,” the European Commission's Executive Vice President Henna Virkkunen said in an interview on the sidelines of the Munich Security Conference on Friday.
For years, European capitals have held back from stating publicly that they support offensive cyber operations — known as "hacking back" — because of fears that such operations could trigger retaliation and escalation from countries like Russia, China and others.
But the tide is turning, as EU states including Germany, Latvia and others warm to the idea of conducting offensive cyber operations. The European Commission also mentioned the need for both defensive and offensive cyber capabilities in its defense white paper in December.
Virkkunen said the Commission is also identifying critical areas and industries where Europe wants more control over its data. It is part of a broader push to reduce dependence on foreign technology and build a homegrown tech and cyber industry in Europe.
“We don’t want to have risky dependencies in any critical fields,” she said. “That doesn’t mean we plan to do everything on our own. When we don’t have certain capacities ourselves, we are very willing to work with like-minded partners to build resilient supply chains.”
| The Record from Recorded Future News
therecord.media
Alexander Martin
February 13th, 2026
The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.
EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official
MUNICH, Germany — The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.
Speaking at the Munich Cyber Security Conference, European Commission Executive Vice President Henna Virkkunen said cyberattacks have become a central tool of modern conflict, often coordinated with physical sabotage, disinformation and economic pressure.
Europe’s power grids, hospitals, financial systems, satellites and military command networks are all deeply dependent on digital infrastructure — and increasingly exposed, she warned.
“In today’s world, there is no security without cybersecurity,” said Virkkunen, pointing to recent attacks and interference targeting hospitals, energy networks, public administrations, supply chains and democratic processes across Europe.
She said the Commission last month proposed revising the EU’s Cybersecurity Act to strengthen the bloc’s cybersecurity agency and reduce risks in critical information and communications technology supply chains. The draft proposal would see member states phase out the use of designated high-risk suppliers within their critical national infrastructure.
The potential threat posed by Chinese network equipment suppliers such as Huawei and ZTE had previously resulted in several national decisions to restrict those vendors from contributing to various parts of telecommunications infrastructure.
The use of U.S. technology and service providers had also prompted concern across the EU following President Trump’s unpredictable decisions to sanction various political figures — resulting in prohibitions against those officials using technology provided by companies such as Microsoft — and aggressive posture towards Greenland.
Those concerns were partially assuaged by U.S. National Cyber Director Sean Cairncross on Thursday, who stressed the U.S. wants European partners to work alongside it in cyberspace to confront the most significant threats — and stressed that the U.S. technology stack was safer than that offered by China.
Cairncross echoed a line coined by Secretary of State Marco Rubio, saying the U.S. “America first” approach does not mean “America alone.” Rubio is expected to deliver a keynote to the main Munich Security Conference on Saturday in the wake of an extremely controversial speech delivered by JD Vance last year.
Without naming specific states, Virkkunen argued that Europe’s growing reliance on digital systems has expanded the attack surface for hostile actors and made cyber defense a core part of defense readiness. “We can no longer afford to be naive about who has the capacity to switch off the ICT systems running our critical infrastructure,” she said.
She also pointed to new EU action plans on drone and undersea cable security, following recent incidents, as examples of efforts to improve prevention, detection and rapid response across borders.
Cyber, she said, is now a core military domain, and Europe must build stronger capabilities and a homegrown cyber industry, including by using advanced computing and artificial intelligence for defense. The goal, Virkkunen said, is to ensure Europe remains resilient, secure and able to withstand growing hybrid threats.
