Listen on * Spotify * Apple Music * Amazon Music Kriege werden längst auch unsichtbar geführt: im Netz, über Desinformation, Sabotage und Angriffe auf kritische Infrastruktur. Cyberattacken auf Flughäfen, Stromnetze und Behörden zeigen, wie real die Bedrohung bereits ist. In diesem Berlin Playbook Spezial spricht Rixa Fürsen mit Thomas Daum, Vizeadmiral der Bundeswehr und Inspekteur für Cyber- und Informationsraum, über die neue Eskalationsstufe hybrider Angriffe. Daum erklärt, warum Cyberangriffe heute gezielt Unruhe stiften sollen, wie eng sie mit Desinformation verzahnt sind und weshalb Deutschland sich nicht erst auf das oft genannte Jahr 2029, sondern auf frühere Szenarien einstellen muss. Das Berlin Playbook als Podcast gibt es jeden Morgen ab 5 Uhr. Gordon Repinski und das POLITICO-Team liefern Politik zum Hören – kompakt, international, hintergründig. Für alle Hauptstadt-Profis: Der Berlin Playbook-Newsletter bietet jeden Morgen die wichtigsten Themen und Einordnungen. Jetzt kostenlos abonnieren. Mehr von Host und POLITICO Executive Editor Gordon Repinski: Instagram: @gordon.repinski | X: @GordonRepinski. POLITICO Deutschland – ein Angebot der Axel Springer Deutschland GmbH Axel-Springer-Straße 65, 10888 Berlin Tel: +49 (30) 2591 0 information@axelspringer.de Sitz: Amtsgericht Berlin-Charlottenburg, HRB 196159 B USt-IdNr: DE 214 852 390 Geschäftsführer: Carolin Hulshoff Pol, Mathias Sanchez Luna

U.S. President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan capital that led to the capture of Venezuelan President Nicolás Maduro. If true, it would mark one of the most public uses of U.S. cyber power against another nation in recent memory. These operations are typically highly classified, and the U.S. is considered one of the most advanced nations in cyberspace operations globally. “It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly,” Trump said during a press conference at Mar-a-Lago detailing the operation. Gen. Dan Caine, chair of the Joint Chiefs of Staff, said during the same press conference that U.S. Cyber Command, U.S. Space Command and combatant commands “began layering different effects” to “create a pathway” for U.S. forces flying into the country early Saturday. Caine did not elaborate on what those “effects” entailed. Spokespeople for the White House, Cyber Command and Space Command did not respond to requests for comment on the cyber operations in Venezuela. Internet tracking group NetBlocks reported a loss of internet connectivity in Caracas during power cuts early Saturday morning. Alp Toker, founder of NetBlocks, said in an email Saturday that if cyberattacks contributed to these outages, “it will have been targeted, not impacting the broader network space.” Saturday’s offensive marked the latest cyberattack targeting Venezuelan infrastructure in recent weeks. Venezuelan national oil and gas company PDVSA, or Petróleos de Venezuela, S.A., last month accused the U.S. government of carrying out a cyberattack that led to delays in operations across the country. The Trump administration has not publicly commented on whether the U.S. was involved in the December attack. PDVSA said its facilities were not damaged in the strikes on Saturday.

In the desolate Arctic desert of Kangerlussuaq, Greenland, Europeans are building defenses against a new, up-and-coming security threat: space hacks. A Lithuanian company called Astrolight is constructing a ground station, with support from the European Space Agency, that will use laser beams to download voluminous data from satellites in a fast and secure manner, it announced last month.  It’s just one example of how Europe is moving to harden the security of its satellites, as rising geopolitical tensions and an expanding spectrum of hybrid threats are pushing space communications to the heart of the bloc’s security plans. For years, satellite infrastructure was treated by policymakers as a technical utility rather than a strategic asset. That changed in 2022, when a cyberattack on the Viasat satellite network coincided with Russia’s invasion of Ukraine.   Satellites have since become popular targets for interference, espionage and disruption. The European Commission in June warned that space was becoming “more contested,” flagging increasing cyberattacks and attempts at electronic interference targeting satellites and ground stations. Germany and the United Kingdom warned earlier this year of the growing threat posed by Russian and Chinese space satellites, which are regularly spotted spying on their satellites.  EU governments are now racing to boost their resilience and reduce reliance on foreign technology, both through regulations like the new Space Act and investments in critical infrastructure. The threat is crystal clear in Greenland, Laurynas Mačiulis, the chief executive officer of Astrolight, said. “The problem today is that around 80 percent of all the [space data] traffic is downlinked to a single location in Svalbard, which is an island shared between different countries, including Russia,” he said in an interview. Europe’s main Arctic ground station sits in Svalbard and supports both the navigation systems of Galileo and Copernicus. While the location is strategic, it is also extremely sensitive due to nearby Russian and Chinese activities. Crucially, the station relies on a single undersea cable to connect to the internet, which has been damaged several times. “In case of intentional or unintentional damage of this cable, you lose access to most of the geo-intelligence satellites, which is, of course, very critical. So our aim is to deploy a complementary satellite ground station up in Greenland,” Mačiulis said. THE MUSK OF IT ALL A centerpiece of Europe’s ambitions to have secure, European satellite communication is IRIS², a multibillion-euro secure connectivity constellation pitched in 2022 and designed to rival Elon Musk’s Starlink system. “Today, communications — for instance in Ukraine — are far too dependent on Starlink,” said Anders Fogh Rasmussen, the founding chairman of political consultancy Rasmussen Global, speaking at an event in Brussels in November. “That dependence rests on the shifting ideas of an American billionaire. That’s too risky. We have to build a secure communications system that is independent of the United States.” The European system, which will consist of 18 satellites operating in low and medium Earth orbit, aims to provide Europe with fast and encrypted communication. “Even if someone intercepts the signal [of IRIS² ], they will not be able to decrypt it,” Piero Angeletti, head of the Secure Connectivity Space Segment Office at the European Space Agency, told POLITICO. “This will allow us to have a secure system that is also certified and accredited by the national security entities.” The challenge is that IRIS² is still at least four years away from becoming operational. WHO’S IN CHARGE? While Europe beefs up its secure satellite systems, governments are still streamlining how they can coordinate cyber defenses and space security. In many cases, that falls to both space or cyber commands, which, unlike traditional military units, are relatively new and often still being built out. Clémence Poirier, a cyberdefense researcher at the Center for Security Studies at ETH Zurich, said that EU countries must now focus on maturing them. “European states need to keep developing those commands,” she told POLITICO. “Making sure that they coordinate their action, that there are clear mandates and responsibilities when it comes to cyber security, cyber defensive operations, cyber offensive operations, and also when it comes to monitoring the threat.” Industry, too, is struggling to fill the gaps. Most cybersecurity firms do not treat space as a sector in its own right, leaving satellite operators in a blind spot. Instead, space systems are folded into other categories: Earth-observation satellites often fall under environmental services, satellite TV under media, and broadband constellations like Starlink under internet services. That fragmentation makes it harder for space companies to assess risk, update threat models or understand who they need to defend against. It also complicates incident response: while advanced tools exist for defending against cyberattacks on terrestrial networks, those tools often do not translate well to space systems. “Cybersecurity in space is a bit different,” Poirier added. “You cannot just implement whatever solution you have for your computers on Earth and just deploy that to your satellite.”

The Dutch government has quietly removed Google tracking tools from job listings for its intelligence services over concerns that the data would expose aspirant spies to U.S. surveillance. The intervention would put an end to Google’s processing of the data of job seekers interested in applying to spy service jobs, after members of parliament in The Hague raised security concerns. The move comes at a moment when trust between the Netherlands and the United States is fraying. It reflects wider European unease — heightened by Donald Trump’s return to the White House — about American tech giants having access to some of their most sensitive government data. The heads of the AIVD and MIVD, the Netherlands’ civilian and military intelligence services, said in October that they were reviewing how to share information with American counterparts over political interference and human rights concerns. In the Netherlands, government vacancies are listed on a central online portal, which subsequently redirects applicants to specific institutions’ or agencies’ websites, including those of the security services. The government has now quietly pulled the plug on Google Analytics for intelligence-service postings, according to security expert Bert Hubert, who first raised the alarm about the trackers earlier this year. Hubert told POLITICO the job postings for intelligence services jobs no longer contained the same Google tracking technologies at least since November. The move was first reported by Follow the Money. The military intelligence service MIVD declined to comment. The interior ministry, which oversees the general intelligence service AIVD, did not respond to a request for comment at the time of publication. In a statement, Communications Manager for Google Mathilde Méchin said: “Businesses, not Google Analytics, own and control the data they collect and Google Analytics only processes it at their direction. This data can be deleted at any time.” “Any data sent to Google Analytics for measurement does not identify individuals, and we have strict policies against advertising based on sensitive information,” Méchin said. ‘FUTURE EMPLOYEES AT RISK’ Derk Boswijk, a center-right Dutch lawmaker, raised the alarm about the tracking of job applicants in parliamentary questions to the government in January. He said that while China and Russia have traditionally been viewed as the biggest security risks, it is unacceptable for any foreign government — allied or not — to have a view into Dutch intelligence recruitment. “I still see the U.S. as our most important ally,” Boswijk told POLITICO. “But to be honest, we’re seeing that the policies of the Trump administration and the European countries no longer necessarily align, and I think we should adapt accordingly.” The government told Boswijk in February it had enabled privacy settings on data gathered by Google. The government has yet to comment on Boswijk’s latest questions submitted in November. Hubert, the cybersecurity expert, said the concerns over tracking were justified. Even highly technical data like IP addresses, device fingerprints and browsing patterns can help foreign governments, including adversaries such as China, narrow down who might be seeking a job inside an intelligence agency, he said. “By leaking job applications so broadly, the Dutch intelligence agencies put their future employees at risk, while also harming their own interests,” said Hubert, adding it could discourage sought-after cybersecurity talent that agencies are desperate to attract. Hubert previously served on a watchdog committee overseeing intelligence agencies’ requests to use hacking tools, surveillance and wiretapping.  One open question raised by Dutch parliamentarians is how to gain control over the data that Google gathered on aspiring spies in past years. “I don’t know what happens with the data Google Analytics already has, that’s still a black box to me,” said Sarah El Boujdaini, a lawmaker for the centrist-liberal Democrats 66 party who oversees digital affairs. The episode is likely to add fuel to efforts to wean off U.S. technologies — which are taking place across Europe, as part of the bloc’s “technological sovereignty” drive. European Parliament members last month urged the institution to move away from U.S. tech services, in a letter to the president obtained by POLITICO. In the Netherlands, parliament members have urged public institutions to move away from digital infrastructure run by U.S. firms like Microsoft, over security concerns. “If we can’t even safeguard applications to our secret services, how do you think the rest is going?” Hubert asked. The country also hosts the International Criminal Court, where Chief Prosecutor Karim Khan previously lost access to his Microsoft-hosted email account after he was targeted with American sanctions over issuing an arrest warrant for Israeli Prime Minister Benjamin Netanyahu. The ICC in October confirmed to POLITICO it was moving away from using Microsoft Office applications to German-based openDesk.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Over the past two years, state-linked Russian hackers have repeatedly attacked Liverpool City Council — and it’s not because the Kremlin harbors a particular dislike toward the port city in northern England. Rather, these attacks are part of a strategy to hit cities, governments and businesses with large financial losses, and they strike far beyond cyberspace. In the Gulf of Finland, for example, the damage caused to undersea cables by the Eagle S shadow vessel in December incurred costs adding up to tens of millions of euros — and that’s just one incident. Russia has attacked shopping malls, airports, logistics companies and airlines, and these disruptions have all had one thing in common: They have a great cost to the targeted companies and their insurers. One can’t help but feel sorry for Liverpool City Council. In addition to looking after the city’s half-million or so residents, it also has to keep fighting Russia’s cyber gangs who, according to a recent report, have been attacking ceaselessly: “We have experienced many attacks from this group and their allies using their Distributed Botnet over the last two years,” the report noted, referring to the hacktivist group NoName057(16), which has been linked to the Russian state. “[Denial of Service attacks] for monetary or political reasons is a widespread risk for any company with a web presence or that relies on internet-based systems.” Indeed. Over the past decades, state-linked Russian hackers have targeted all manner of European municipalities, government agencies and businesses. This includes the 2017 NotPetya attack, which brought down “four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency,” as well as a string of multinationals, causing staggering losses of around $10 billion. More recently, Russia has taken to targeting organizations and businesses in other ways as well. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” There have been parcel bombs delivered to DHL; fast-growing drone activity reported around European defense manufacturing facilities; and a string of suspicious incidents damaging or severing undersea cables and even a pipeline. The costly list goes on: Due to drone incursions into restricted airspace, Danish and German airports have been forced to temporarily close, diverting or cancelling dozens of flights. Russia’s GPS jamming and spoofing are affecting a large percentage of commercial flights all around the Baltic Sea. In the Red Sea, Houthi attacks are causing most ships owned by or flagged in Western countries to redirect along the much longer Cape of Good Hope route, which adds costs. The Houthis are not Russia, but Russia (and China) could easily aid Western efforts to stop these attacks — yet they don’t. They simply enjoy the enormous privilege of having their vessels sail through unassailed. The organizations and companies hit by Russia have so far managed to avert calamitous harm. But these attacks are so dangerous and reckless that people will, sooner or later, lose their lives. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” | Aleksander Kalka/Getty Images What’s more, their targets will continue losing a lot of money. The repairs of a subsea data cable alone typically costs up to a couple million euros. The owners of EstLink 2 — the undersea power cable hit by the Eagle S— incurred losses of nearly €60 million. Closing an airport for several hours is also incredibly expensive, as is cancelling or diverting flights. To be sure, most companies have insurance to cover them against cyber attacks or similar harm, but insurance is only viable if the harm is occasional. If it becomes systematic, underwriters can no longer afford to take on the risk — or they have to significantly increase their premiums. And there’s the kicker: An interested actor can make disruption systematic. That is, in fact, what Russia is doing. It is draining our resources, making it increasingly costly to be a business based in a Western country, or even a city council or government authority, for that matter. This is terrifying — and not just for the companies that may be hit. But while Russia appears far beyond the reach of any possible efforts to convince it to listen to its better angels, we can still put up a steely front. The armed forces put up the literal steel, of course, but businesses and civilian organizations can practice and prepare for any attacks that Russia, or other hostile countries, could decide to launch against them. Such preparation would limit the possible harm such attacks can lead to. It begs the question, if an attack causes minimal disruption, then what’s the point of instigating it in the first place? That’s why government-led gray-zone exercises that involve the private sector are so important. I’ve been proposing them for several years now, and for every month that passes, they become even more essential. Like the military, we shouldn’t just conduct these exercises — we should tell the whole world we’re doing so too. Demonstrating we’re ready could help dissuade sinister actors who believe they can empty our coffers. And it has a side benefit too: It helps companies show their customers and investors that they can, indeed, weather whatever Russia may dream up.

BRUSSELS — Huawei was rushed back into the EU’s most influential solar panel lobby after threatening legal action in reaction to its earlier expulsion over its alleged involvement in a bribery and corruption scandal.   That’s outraging other solar power companies, worried that creating a special membership category for Huawei could undermine the ability of SolarPower Europe to effectively represent the industry in Brussels.  “The conduct reported … specifically the handling of Huawei’s membership has seriously undermined both my personal confidence and that of our organization in the governance of SPE,” Elisabeth Engelbrechtsmüller-Strauß, CEO of Austrian company Fronius, wrote in a letter to SPE, which was obtained by POLITICO.  Lawyers for Huawei and SolarPower Europe met at the end of May for negotiations, an industry insider told POLITICO, which culminated in SPE sending a final agreement to the Chinese company at the beginning of September.   Huawei argued that the European Commission’s decision to ban its lobbyists from any meetings with the executive or the European Parliament was unlawful and did not warrant a full expulsion from SPE, said the insider, who spoke on condition of being granted anonymity over fears of retaliation for speaking out.  The ban on Huawei lobbyists was put in place in March after Belgian authorities accused the company of conducting a cash-for-influence scheme and bribing MEPs to ensure their support of Huawei’s interests.  At the time, Huawei maintained it has a “zero-tolerance stance against corruption.”  During the Sept. 29 meeting to reinstate Huawei’s membership, SPE told its board of directors that the organization wanted to avoid a lawsuit and a potentially costly trial.  Instead, SPE proposed making Huawei a passive member that would not actively participate in the group’s workstreams — an option the board accepted, POLITICO reported earlier this month.   Huawei did not respond to a request for comment about its legal threat.  SPE acknowledged the threat in a letter to Fronius, one of its board members, on Thursday. “Based on legal advice and with the assistance of external lawyers, SolarPower Europe held discussions with Huawei with a view to avoiding litigation and protracted legal uncertainty regarding Huawei’s membership status, while preserving SolarPower Europe’s uninterrupted and unrestricted access to the EU Institutions and other relevant stakeholders,” reads the letter obtained by POLITICO.  The SPE’s letter was a response to an Oct. 20 letter from the Austrian solar panel manufacturer sent to the lobby after POLITICO’s story was published on Oct. 9. Fronius called for full transparency over the reinstatement of Huawei and action against any appearance of corruption.  The Austrian company’s concern is that SPE will be “unable to effectively represent” the sector given the EU’s ban on direct contact with Huawei or groups that lobby on its behalf, Engelbrechtsmüller-Strauß told POLITICO in an email.   Fronius is also raising questions about whether SPE can designate a company as a passive member — a status that does not exist in the organization’s bylaws.  “To our knowledge, SPE’s status do not include such a membership category,” Fronius’s letter to SPE reads. “We request a clear explanation of what this form of membership is based on.”  SPE did not raise the issue of member status in its response to Fronius.   The lobbying practices of Huawei and other Chinese companies are under a microscope over concerns around the influence they wield over crucial technologies, including renewable energy and 5G mobile data networks.  While it is better known as a telecom giant, Huawei is also a leader in manufacturing inverters, which turn solar panels’ electricity into current that flows into the energy grid.  Cybersecurity experts warn inverters offer a back door for bad actors to hack into the grid and tamper with or shut it down through remote access.  Two members of the European Parliament sent a letter to the European Commission earlier this month warning of such risks and urging the executive to restrict high-risk vendors like Huawei from investing in Europe’s critical infrastructure.  “Inverters are the brain of a [solar panel] system, connected to the internet and must be remotely controllable for updates. This applies regardless of who the manufacturer is,” Engelbrechtsmüller-Strauß said. “If European legislation does not address the ‘manufacturer risk,’ then energy security in Europe will be jeopardized, which I consider critical.” 

BRUSSELS — First it was telecom snooping. Now Europe is growing worried that Huawei could turn the lights off. The Chinese tech giant is at the heart of a brewing storm over the security of Europe’s energy grids. Lawmakers are writing to the European Commission to urge it to “restrict high-risk vendors” from solar energy systems, in a letter seen by POLITICO. Such restrictions would target Huawei first and foremost, as the dominant Chinese supplier of critical parts of these systems. The fears center around solar panel inverters, a piece of technology that turns solar panels’ electricity into current that flows into the grid. China is a dominant supplier of these inverters, and Huawei is its biggest player. Because the inverters are hooked up to the internet, security experts warn the inverters could be tampered with or shut down through remote access, potentially causing dangerous surges or drops in electricity in Europe’s networks. The warnings come as European governments have woken up to the risks of being reliant on other regions for critical services — from Russian gas to Chinese critical raw materials and American digital services. The bloc is in a stand-off with Beijing over trade in raw materials, and has faced months of pressure from Washington on how Brussels regulates U.S. tech giants. Cybersecurity authorities are close to finalizing work on a new “toolbox” to de-risk tech supply chains, with solar panels among its key target sectors, alongside connected cars and smart cameras. Two members of the European Parliament, Dutch liberal Bart Groothuis and Slovak center-right lawmaker Miriam Lexmann, drafted a letter warning the European Commission of the risks. “We urge you to propose immediate and binding measures to restrict high-risk vendors from our critical infrastructure,” the two wrote. The members had gathered the support of a dozen colleagues by Wednesday and are canvassing for more to join the initiative before sending the letter mid next week.   According to research by trade body SolarPower Europe, Chinese firms control approximately 65 percent of the total installed power in the solar sector. The largest company in the European market is Huawei, a tech giant that is considered a high-risk vendor of telecom equipment. The second-largest firm is Sungrow, which is also Chinese, and controls about half the amount of solar power as Huawei. Huawei’s market power recently allowed it to make its way back into SolarPower Europe, the solar sector’s most prominent lobby association in Brussels, despite an ongoing Belgian bribery investigation focused on the firm’s lobbying activities in Brussels that saw it banned from meeting with European Commission and Parliament officials. Security hawks are now upping the ante. Cybersecurity experts and European manufacturers say the Chinese conglomerate and its peers could hack into Europe’s power grid.  “They can disable safety parameters. They can set it on fire,” Erika Langerová, a cybersecurity researcher at the Czech Technical University in Prague, said in a media briefing hosted by the U.S. Mission to the EU in September.  Even switching solar installation off and on again could disrupt energy supply, Langerová said. “When you do it on one installation, it’s not a problem, but then you do it on thousands of installations it becomes a problem because the … compound effect of these sudden changes in the operation of the device can destabilize the power grid.”  Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. | Matias Chiofalo/Europa Press via Getty Images Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. Some governments have already taken further measures. Last November, Lithuania imposed a ban on remote access by Chinese firms to renewable energy installations above 100 kilowatts, effectively stopping the use of Chinese inverters. In September, the Czech Republic issued a warning on the threat posed by Chinese remote access via components including solar inverters. And in Germany, security officials already in 2023 told lawmakers that an “energy management component” from Huawei had them on alert, leading to a government probe of the firm’s equipment. CHINESE CONTROL, EU RESPONSE  The arguments leveled against Chinese manufacturers of solar inverters echo those heard from security experts in previous years, in debates on whether or not to block companies like video-sharing app TikTok, airport scanner maker Nuctech and — yes — Huawei’s 5G network equipment. Distrust of Chinese technology has skyrocketed. Under President Xi Jinping, the Beijing government has rolled out regulations forcing Chinese companies to cooperate with security services’ requests to share data and flag vulnerabilities in their software. It has led to Western concerns that it opens the door to surveillance and snooping. One of the most direct threats involves remote management from China of products embedded in European critical infrastructure. Manufacturers have remote access to install updates and maintenance. Europe has also grown heavily reliant on Chinese tech suppliers, particularly when it comes to renewable energy, which is powering an increasing proportion of European energy. Domestic manufacturers of solar panels have enough supply to fill the gap that any EU action to restrict Chinese inverters would create, Langerová said. But Europe does not yet have enough battery or wind manufacturers — two clean energy sector China also dominates. China’s dominance also undercuts Europe’s own tech sector and comes with risks of economic coercion. Until only a few years ago, European firms were competitive, before being undercut by heavily subsidized Chinese products, said Tobias Gehrke, a senior policy fellow at the European Council on Foreign Relations. China on the other hand does not allow foreign firms in its market because of cybersecurity concerns, he said. The European Union previously developed a 5G security toolbox to reduce its dependence on Huawei over these fears. It is also working on a similar initiative, known as the ICT supply chain toolbox, to help national governments scan their wider digital infrastructure for weak points, with a view to blocking or reduce the use of “high-risk suppliers.” According to Groothuis and Lexmann, “binding legislation to restrict risky vendors in our critical infrastructure is urgently required” across the European Union. Until legislation is passed, the EU should put temporary measures in place, they said in their letter.  Huawei did not respond to requests for comment before publication. This article has been updated.

BRUSSELS — Call it a digital love triangle. When EU leaders back a “sovereign digital transition” at a summit in Brussels this Thursday, their words will mask a rift between France and Germany over how to deal with America’s overwhelming dominance in technology. The bloc’s founding members have long taken differing approaches to how far the continent should seek to go in detoxing from U.S. giants. In Paris, sovereignty is about backing local champions and breaking reliance on U.S. Big Tech. In Berlin the focus is on staying open and protecting Europe without severing ties with a major German trading partner. The EU leaders’ statement is a typical fudge — it cites the need for Europe to “reinforce its sovereignty” while maintaining “close collaboration with trusted partner countries,” according to a near-final draft obtained by POLITICO ahead of the gathering.    That plays into the hands of incumbent U.S. interests, even as the bloc’s reliance on American tech was again brought into sharp focus Monday when an outage at Amazon cloud servers in Northern Virginia disrupted the morning routines of millions of Europeans.   As France and Germany prepare to host a high-profile summit on digital sovereignty in Berlin next month, the two countries are still seeking common ground — attendees say preparations for the summit have been disorganized and that there is little alignment so far on concrete outcomes. When asked about his expectations for the Nov. 18 gathering, German Digital Minister Karsten Wildberger told POLITICO he wanted “to have an open debate around what is digital sovereignty” and “hopefully … have some great announcements.”  In her first public appearance following her appointment this month, France’s new Digital Minister Anne Le Hénanff, by comparison, promised to keep pushing for solutions that are immune to U.S. interference in cloud computing — a key area of American dominance.   CONTRASTING PLAYBOOKS   “There are indeed different strategic perspectives,” said Martin Merz, the president of SAP Sovereign Cloud. He contrasted France’s “more state-driven approach focusing on national independence and self-sufficiency in key technologies” with Germany’s emphasis on “European cooperation and market-oriented solutions.”  A recent FGS Global survey laid bare the split in public opinion as well. Most French respondents said France “should compete globally on its own to become a tech leader,” while most Germans preferred to “prioritize deeper regional alliances” to “compete together.” The fact that technological sovereignty has even made it onto the agenda of EU leaders follows a recent softening in Berlin, with Chancellor Friedrich Merz becoming increasingly outspoken about the limits of the American partnership while warning against “false nostalgia.” The coalition agreement in Berlin also endorsed the need to build “an interoperable and European-connectable sovereign German stack,” referring to a domestically controlled digital infrastructure ecosystem.  The fact that technological sovereignty has even made it onto the agenda of EU leaders follows a recent softening in Berlin, with Chancellor Friedrich Merz becoming increasingly outspoken about the limits of the American partnership while warning against “false nostalgia.” | Ralf Hirschberger/AFP via Getty Images Yet Germany — which has a huge trade deficit with the U.S — is fundamentally cautious about alienating Washington.   “France has been willing to accept some damage to the transatlantic relationship in order to support French business interests,” said Zach Meyers, director of research at the CERRE think tank in Brussels.   For Germany, by contrast, the two are “very closely tied together, largely because of the importance of the U.S. as an export market,” he said.   Berlin has dragged its feet on phasing out Huawei from mobile networks over fears of Chinese retaliation, against its car industry in particular.   The European Commission itself is walking a similar tightrope — dealing with U.S. threats against EU flagship laws that allegedly target American firms, while fielding growing calls to unapologetically back homegrown tech. STUCK ON DEFINITION  “Sovereignty is not a clearly defined term as it relates to technology,” said Dave Michels, a cloud computing law researcher at Queen Mary University of London.   He categorized it into two broad interpretations: technical sovereignty, or keeping data safe from foreign snooping and control, and political sovereignty, which focuses on strategic autonomy and economic security, i.e safeguarding domestic industries and supply chains.  “Those things can align, and I do think they are converging around this idea that we need to support European alternatives, but they don’t necessarily overlap completely. That’s where you can see some tensions,” Michels said.  Leaders will say in their joint statement that “it is crucial to advance Europe’s digital transformation, reinforce its sovereignty and strengthen its own open digital ecosystem.” “We don’t really have a shared vocabulary to define what digital sovereignty is. But we do have a shared understanding of what it means not to have digital sovereignty,” said Yann Lechelle, CEO of French AI company Probabl. Berlin isn’t the only capital trying to convince Europe to ensure its digital sovereignty remains open to U.S. interests.   Austria, too, wants to take “a leading role” in nailing down that tone, State Secretary Alexandre Pröll previously told POLITICO. The country has been on a mission to agree a “common charter” emphasizing that sovereignty should “not be misinterpreted as protectionist independence,” according to a draft reported by POLITICO. That “will create a clear political roadmap for a digital Europe that acts independently while remaining open to trustworthy partners,” Pröll said.   Next month’s Berlin gathering will be crucial in setting a direction. French President Emmanuel Macron and Merz are both expected to attend. “The summit is intended to send a strong signal that Europe is aware of the challenges and is actively advancing digital sovereignty,” a spokesperson for the German digital ministry said in a statement, adding that “this is not about autarky but about strengthening its own capabilities and potential.” “One summit will not be enough,” said Johannes Schätzl, a Social Democrat member of the German Bundestag. “But if there will be an agreement saying that we want to take the path toward greater digital sovereignty together, that alone would already be a very important signal.” Mathieu Pollet reported from Brussels, Emile Marzolf reported from Paris and Laura Hülsemann and Frida Preuß reported from Berlin.

BRUSSELS — Montenegro wants the EU’s help in fighting Russian disinformation as the Balkan nation moves toward membership of the bloc. The small country, which has set an ambitious goal to join the EU by 2028, is increasingly a target for disinformation from those hoping to disrupt its membership bid, Montenegrin President Jakov Milatović told POLITICO in an exclusive interview in Brussels. “I’m very much hoping that in the future we would be getting bigger support from the EU to really fight disinformation and misinformation,” Milatović said, adding he had pitched the idea to EU policymakers and member countries. Moldova, another EU candidate country, has been a favorite target of the Kremlin’s meddling, including vote-buying and disinformation. That led the EU to deploy last month its new cyber reserve — a team of private-sector cybersecurity experts — to Chişinǎu and allocate millions in funding for a hub to fight disinformation. Milatović, who was in Brussels to meet with European Council President António Costa, said “malign influence from third countries” could pose a risk to Montenegro’s accession, and urged the EU to be proactive in countering such threats. “Sometimes, I feel that pro-European politicians in the region of the Western Balkans are a bit left alone by the partners in the EU,” he said, adding that he encountered disinformation “on a daily basis.” ‘END OF THE RACE’ Montenegro applied to join the EU in 2008 and was granted candidate status in 2010. It has closed seven of 33 accession chapters since then and is on track to close five more by December, a senior Montenegrin diplomat confirmed to POLITICO. With a population of 600,000, the tiny Adriatic nation has sought to position itself as the obvious next member of the 27-nation bloc. But it faces potential obstacles, including pro-Serb parties in its parliament, tensions with neighboring Croatia and skepticism in some corners of the EU about enlargement. Tellingly, the issue is not even on the agenda of next week’s European Council summit. French President Emmanuel Macron called in 2023 for the EU to reform itself before letting in new members. But Milatović said that behind closed doors, Macron had come around to the idea of Montenegro’s membership. “I believe that two years ago, before President Macron started speaking with me, he had … one opinion,” Milatović said. “After so many discussions that I had with him,” however, Macron was now “optimistic … about Montenegro’s position in the EU.” “And I believe this is the case also with all the other EU leaders,” Milatović added. “Montenegro is now perceived as a front-runner. But … I do want to see the end of the race, in a sense.” Another potential sticking point is the country’s reliance on Russian tourists and investors. Montenegro has yet to introduce visas for Russians, who can enter the country visa-free for 30 days, and Russians remain the largest foreign investors. “What we are trying to do is sort of postpone it [visas] as much as we can, so that we still keep our tourism sector alive,” Milatović said, adding he was “absolutely” concerned by the influx of Russian cash. “We are a bit in a vacuum now because … we don’t have full access to EU funds.” That said, Montenegro will align its visa regime with the EU “very soon,” he said. Ultimately, while much of the onus is on Podgorica to unite its political forces and deliver promised reforms, the EU also needs to prove “enlargement is alive” and “reforms pay off,” Milatović warned. “The last country that entered was Croatia more than 10 years ago. And in the meantime, the United Kingdom left,” Milatović said. “So this is why I believe that now is the time to revive the process, to also revive a bit the idea of the EU as a club that still has a gravity toward it.”

LONDON — Late last month, British intelligence, alongside allies like the United States, called out government-linked Chinese companies for a global campaign of cyber attacks. It was the latest step in a decade-long diplomatic dance. Britain only attributes cyber attacks to four countries: Iran, Russia, North Korea and China — known as the “Big Four.” Three are deemed hostile states, and Britain has an uneasy relationship with the latter. But these are are not the only countries that hack, sell hacking technology, or turn the other cheek to groups breaching devices and infrastructure in the U.K. Some are allies — but they have their blushes spared. Calling out allies in public remains a risky move when ministers and officials are in a race to sign trade deals and strengthen relations across the globe. At the same time, Britain is trying to place itself at the forefront of efforts to hold back the spyware arms race, as countries look to buy commercial cyber expertise and technology to hack neighbors, enemies and partners. This leaves Britain increasingly at odds with the U.S., which is now looking to utilize spyware it had previously blocked. POLITICO spoke to cybersecurity and intelligence figures from inside the U.K. government and the private sector to map which of Britain’s strategic allies are involved in the proliferation of cyber attacks — and how the U.K. is struggling to clamp down on a lucrative global industry. Some were granted anonymity to speak about sensitive national security matters. FLOODGATES OPEN In 2013, Edward Snowden, a former contractor for America’s National Security Agency (NSA), blew open the previously secretive world of Western digital surveillance and hacking. In leaking thousands of classified documents, he revealed that the Five Eyes intelligence partnership — which includes Britain and America — had spied on allies including France, Germany, the EU and the United Nations. In the decade since, other nations have been playing catch-up, with tech companies providing the ammunition for states wanting to rival Western nations that had been hacking for years. As the rest of the world started hacking back, Britain’s allies took the unprecedented step of calling out those it suspected of committing cyber attacks against them. In 2014, the Barack Obama administration in the U.S. put its head over the parapet to attribute a cyber attack to China. “The first time we were told about the U.S. attribution of 2014, privately the British government thought the Americans had gone mad and that it was really risky,” one former senior intelligence official told POLITICO. In 2013, Edward Snowden, a former contractor for America’s National Security Agency (NSA), blew open the previously secretive world of Western digital surveillance and hacking. | Jörg Carstensen/Picture Alliance via Getty Images “[It was thought] it wouldn’t achieve anything and it might get us into trouble and that they [China] might start arresting people. As it turns out, the Americans were right and we were wrong,” they said, adding: “I don’t think there’s a shred of evidence that any Western country has come to any harm as a result of attribution.” It took Britain until 2018 to start pointing the finger publicly — this time at Russia — while countries such as France did not take this step until earlier this year. The U.K.’s process for attribution involves a two-step judgment, whereby intelligence officials prepare an assessment for a minister when a cyber attack is thought, to a very high degree of confidence, to have come from a nation threat. It is then up to the minister to publicly call out the activity or not. The rationale for naming the origin of an attack is, in part, a comms exercise: “If you’re representing the British government in public and there’s been a major nation state cyber attack, and you’re not prepared to say who it was, then you look either incompetent or duplicitous,” the same former intelligence official said. They noted that although the Russians “don’t seem to care” whether Britain publicly calls them out, China does. “Let’s say, for example, that things were pretty tense with China, and we wanted to de-escalate — we might choose not to do an attribution purely for policy reasons.” Earlier this year in Manchester, officials from Britain’s National Cyber Security Centre (NCSC) — an arm of the GCHQ digital intelligence agency — were asked in a briefing whether there are nation state threats outside of the Big Four that Britain now sees as a developing threat. After a deep pause, one senior NCSC official replied in the affirmative. “Obviously states do procure capability and there are other state threats out there,” they said. “It would be odd if I said there weren’t.” They declined, however, to name any of these states. ‘EVERYONE’S PRETTY SURE IT EXISTS’ Though cyber activity from the Big Four is thought to make up the majority of hostile activity in Britain, it’s not the full picture. “That these four are the only ones that are repeatedly attributed is, for me, a real problem,” said James Shires, a cybersecurity academic and researcher, adding: “That means that most of the public conversation implies that those are the only actors, and that’s just not the case.” In fact, close allies make up some of these cyber powers, with leaked information often stepping in to fill the information void. In the 2010s, researchers claimed to have traced a piece of malware known as “Babar” back to French intelligence, while a hacking group called Careto was thought to have been linked to the Spanish government. “When you have allied, friendly, non-intelligence partnership states that you have good diplomatic relations with doing this kind of activity, there’s no way they’re going to be publicly outed,” Shires added. Hacking and cyber intrusion has uses for the Big Four beyond simply snooping on Britain and its allies. Backdoors into government and commercial networks can provide key information about dissidents, activists and political opponents who have fled a regime — and these four states are not the only ones with overseas critics. India, though a sometimes close ally of Britain, has been called out for its cyber activity by Canada, Britain’s intelligence partner in the Five Eyes partnership. Last year, Canada’s spy agency accused India of tracking and surveilling activists and dissidents, as well as stepping up attacks against government networks. This year it went further and accused India of foreign interference. Britain’s approach to India has been different, choosing diplomacy with joint schemes like a Technology Security Initiative. Lindy Cameron — the former head of the NCSC — has been placed as the British High Commissioner to India. In the Middle East, Israel has become one of the most prominent players in international espionage, with cyber a core component of its intelligence arsenal.  Though it has long avoided admitting it has conducted offensive cyber operations, researchers have suggested Israel played a role in hacking the venue for Iran’s nuclear negotiations. More recently, the conflict with Iran has given the world a glimpse into the capabilities of the Israeli state and state-aligned hacktivist groups. “For Israeli cyber espionage in the U.K., it’s one of those things where everyone’s pretty sure it exists, but there’s no clear indication of it,” Shires said. A 2022 report by the Citizen Lab research centre in Canada claimed that between 2020 and 2021 there were multiple infections of “Pegasus” spyware — created and sold by the Israeli company NSO Group — on U.K. government devices. | Omar Marques/Getty Images The same former intelligence official quoted previously said that “even in the current circumstances” of tricky relations with Israel, it would be “improbable to foresee a British government attributing a cyber operation” to them. They added that though Canada accused India of interference, Britain would have to “judge that case and its merits” for any similar activity in U.K. cyberspace. Despite the emergence of new top-level cyber nations, experts told POLITICO that the main driver for future threats to the security of U.K. citizens and infrastructure comes from the private sector, through the selling of sophisticated spyware technology. Shires said: “The big concern from the U.K. is not just cyber operations run directly by states. It’s not just which state has developed their own internal capability, but where they are relying on third parties to deliver that for them.” He noted that spyware companies have given rise to a “far wider set of states having access to capabilities because they don’t need to make the investment to develop their own internal capabilities, they can buy in a point, click and compromise service that they can then use to target whoever they want.” Melissa DeOrio, who leads cyber threat intelligence at cybersecurity and corporate intelligence consultancy S-RM, added: “It is very challenging to know exactly what capabilities lie in what countries, which are independent actors hacking of their own volition for financial opportunity, versus what activity is done either in favor of the state or ignored by the state and enabled by them in some way.” POINT, CLICK, COMPROMISE An explosion in hacking technology from private companies with explicit or implied state backing means the threat to countries — including Britain — can be harder to pinpoint. Sophisticated attacks are no longer just the domain of countries with established cyber capability. Britain’s NCSC has previously revealed that at least 80 countries have purchased commercial spyware — although it did not name them. Last year, researchers at the Atlantic Council think tank mapped spyware vendors around the world, covering 42 different countries and 435 entities in its data set. They identified three major clusters in Israel, India and Italy. Jen Roberts, associate director of the Cyber Statecraft Initiative at the Atlantic Council, told POLITICO: “All three of these jurisdictions have pretty permissive environments with more or less state involvement in some fashion. The Indian cluster is the most common for a ‘hack-for-hire’ market. The Italian cluster has the oldest history of spyware. The Israeli cluster is the biggest chunk and probably the most well known, and most capable. “The U.S. and the U.K. are two of the largest investors into this market, but a lot of these firms often target diplomats and citizens of the U.S. and the U.K.” Nayana Prakash, a research fellow at the Chatham House think tank, said a “large pool of very talented tech professionals, very low labor costs and big underground market for hacking services” has meant that “there’s loads of things in India that you can get done if you know the right people.” “For groups to thrive in a country like India, or Russia, there has to be some level of the state being somewhat lax in enforcing certain laws,” she added. Shires added: “These companies would say their technology is always for national security, law enforcement and serious crime purposes. Their opponents will say this generally turns out to be journalists, dissidents and political opposition.” A 2022 report by the Citizen Lab research centre in Canada claimed that between 2020 and 2021 there were multiple infections of “Pegasus” spyware — created and sold by the Israeli company NSO Group — on U.K. government devices. These included people in both Downing Street and the Foreign Office, with operators of the spyware linked to the UAE, India, Cyprus and Jordan. The Council of Europe said Pegasus is known to have been sold to at least 14 EU countries. It took Britain until 2023 to call this out. “There’s a lot of hesitance against attribution, because it’s such a big step, and because it throws your cards on the table,” Chatham House’s Prakash said. NSO has long asserted that its technology is sold “for the sole purpose of fighting crime and terror.” STOPPING THE ARMS RACE In February, France and Britain convened a high-level meeting in Paris. It was the second such meeting to discuss the Pall Mall Process — an international effort led by the two nations which aimed at clamping down on the “proliferation and irresponsible use” of spyware and other commercial cyber intrusion capabilities. It established a code of practice and a joint declaration for countries that signed up to it — but it remains a voluntary scheme with limited engagement from the same threats it is seeking to curtail. The 24 countries that have signed up to its code of practice do not include Israel, India or nations such as the UAE that have been accused of using spyware irresponsibly. Similarly, none of the major spyware vendors are represented. A summary report by the organisers ahead of the meeting — emblazoned with “NOT UK/FRANCE GOVERNMENT POLICY” — spoke of the risks of the sector without highlighting any country or company involved in the use of spyware. The same former U.K. intelligence figure quoted earlier said that managing to get two permanent members of the United Nations Security Council to host a major event on the issue is “better than nothing,” but it has proven “very hard to get any country anywhere to act against malicious cyber actors on their own territory.” James Shires said the optics of having major players in cyber espionage dictating what other countries can do has likely limited participation in the initiative. “You have these major states that not only have their own domestic capabilities, but also have a commercial industry, and they want to control access to that industry around the world.” One major signatory, the United States, has also used its economic and diplomatic muscle to go much further than a non-binding declaration of allies. In 2021 the U.S. blacklisted NSO’s Pegasus alongside other Israeli, Russian and Singaporean spyware companies. In 2023, then-President Joe Biden signed an executive order to ban federal agencies from using spyware which could pose a risk to American security. The U.S. government followed this up a year later by threatening to impose visa restrictions on individuals involved in commercial spyware misuse and sanctions against the Intellexa Consortium. “These are all pretty blunt, effective actions,” Shires said. “The U.K. could have done all of that, but hasn’t. The U.S. is such a big market, so it can move on its own and have a big impact where the U.K. perhaps can’t.” However, the new administration under Donald Trump has rowed back some of these moves, amid a renewed appetite for domestic surveillance tools. Agents with the U.S. Immigration and Customs Enforcement will have access to technology from Israeli company Paragon Solutions, after its contract was halted to comply with U.S. spyware rules. Paragon has previously come under scrutiny by the Italian government.  The Atlantic Council’s Jen Roberts said: “Right now, the U.K. and the French are being looked at as the leaders in the future, as the new U.S. administration figures out its stance on this policy issue, though we’ve seen some positive signaling, like the U.S. being a signatory on the Pall Mall Process Code of Conduct.” GHCQ and NCSC were contacted to contribute to this piece. The U.K. government has a long-standing policy of not commenting on intelligence matters.