by Rajnish Singh
In the UK, before the age of video doorbells, children played a game called ‘knock down ginger’, in which they would knock on the front door of a random house and run off before the owner could catch them. Russia, it seems, was playing its own version last weekend, sending two MiG-31 jets into Estonian airspace. Before NATO fighters could intercept them, they had already slipped away.
Before the jet intrusions, Russian drones strayed into Polish airspace, forcing NATO members into an emergency meeting this week. Yet while European leaders scrambled over airspace violations, a far more disruptive assault was unfolding: a cyberattack that paralysed airports and left millions of European passengers stranded.
The attack hit five major airports — including London Heathrow, Berlin Brandenburg, and Brussels, the EU’s de facto capital — delivering not just travel chaos but a symbolic blow at the Union’s heart. Some estimates suggest more than 100,000 travellers were left stranded.
The EU’s cybersecurity agency, ENISA, has confirmed the incident was a third-party ransomware attack. The perpetrators remain unknown, recovery is sluggish, and the vulnerabilities are all too familiar. This was no one-off disruption, but a stark reminder of Europe’s systemic cyber gaps.
As air travel rebounds after the pandemic, the continent’s digital defences look worryingly outdated. Is the EU rising to the challenge? Hardly. For all the talk in Brussels about “resilience”, the reality remains underinvestment, fragmentation, and a dangerous gap between rhetoric and readiness.
According to French aerospace giant Thales, aviation-related cyberattacks have surged by 600 per cent between 2024 and 2025. Yet many airports and airlines still underinvest in IT security, leaving Europe wide open to both criminal and state-sponsored threats.
Air travel isn’t the only target. A survey by the German industry group Bitkom, of around 1,000 companies, found that malicious software was the weapon of choice, with one in seven firms forced to pay ransoms to regain access to locked data, with payouts totallying a record €202 billion.
Global companies are increasingly in the crosshairs. In early September, Jaguar Land Rover (JLR) shut its three UK factories for over four weeks, bleeding millions of euros in losses each week. Tens of thousands of staff were sent home, and more than 100,000 supply chain jobs hung in the balance.
The scale of the threat is staggering. Cyber budgets must rise to match traditional defence spending, and AI-driven monitoring cannot be an afterthought. Empty promises and slogans won’t cut it.
Europe’s biggest weakness? Fragmentation. National silos cripple coordination, even as cyberattacks pay no heed to borders. ENISA’s EU-wide response to the airport attacks delivered only fragmented updates, prolonging disruption and exposing the continent’s digital vulnerability.
The EU’s Cyber Resilience Act promises unity, but implementation remains slow. What Europe needs is a centralised cyber command to synchronise intelligence and coordinate drills, turning fragmented national bodies into a single, formidable shield. Yet even the strongest fortress is under constant attack. State actors hide behind criminal gangs, and experts quietly point to the usual suspects: Russia, Iran, and North Korea, all using proxies to strike at Europe’s digital heart.
Experts warn that, with no one claiming responsibility for the attacks, these could be dry runs for hybrid warfare, timed amid NATO tensions and fallout from Ukraine.
The EU’s failure? Treating cyber purely as a crime rather than a hybrid threat, unlike NATO’s robust protocols. Just as national armed forces are integrated into defence strategies, offensive cyber capabilities need to be ramped up, with sanctions applied as a form of deterrence. Ignoring these measures will only invite more destructive attacks.
The airport delays and the JLR standstill aren’t just embarrassing; they are a wake-up call. The EU prides itself on innovation, yet its cyber protection lags behind adversaries. The Union must enforce NIS2, fund resilience, and unite member states against the looming digital storm. The skies and assembly lines will not secure themselves.
By: N. Peter Kramer
