Incorporating Cyberspace into European Military Doctrines

Translated by Valeria D’Alessandro

Cyberspace has no boundaries, and its role in defense strategies is becoming increasingly important. Armed forces are playing a key role in cyberspace within conflict scenarios, significantly impacting communication, control, and electronic warfare (EW). In an era dominated by connectivity, the military plays a critical role in cyber operations, both influencing and being influenced by actors with highly sophisticated skills. Cybersecurity is no longer just a matter of data protection; it is a strategic component of national defense.

Cyber defense, defined as the set of measures aimed at protecting and responding to attacks on command and communication infrastructures, has become a priority for many countries. According to the 2024 Global Cybersecurity Index (ITU), 132 of the 193 UN member states have formalized national cybersecurity programs—70 of which involve the military, while the remaining focus solely on civilian approaches (ITU GCI Expert Group, 2024). Over the past decades, militaries around the world have begun developing institutions and doctrines to integrate cyber power into their military operations. The United States, United Kingdom, China, Russia, France, Canada and Australia are among the countries that allocate the largest budgets to develop unties specialized in cyber warfare. These nations also possess the most advanced technologies, capabilities, and expertise in the field. As such, military doctrines now describe how armed forces operate across both cyberspace and the physical domain. They define the fundamental principles that guide military actions in support of national objectives and incorporate the roles of civilians, governments, and intelligence agencies. These doctrines are then executed through specific strategies and procedures.

In Europe, almost all member states have already adopted a national cybersecurity strategy or have established a Cybersecurity Centre to address cyber threats. The European Union is primarily focused on combating cybercrime and protecting critical infrastructures, defining legal frameworks and strategic initiatives aimed at fostering cooperation between member states and relevant organizations such as ECSO and, in particular, ENISA, which provides tools like CSIRTs (Computer Security Incident Response Teams) and ISACs (Information Sharing and Analysis Centers). The EU’s actions in the Common Foreign and Security Policy (CFSP), the European Defense Agency (EDA), and PESCO (Permanent Structured Cooperation) are mostly defensive in nature and rather limited to the offensive side. Only a few countries permit funding for the development of offensive cyber capabilities or recognize cyberspace as a full-fledged domain of warfare.

For example:

• The Danish Ministry of Defense established a Cybersecurity Centre in 2013, with the goal of enhancing military capabilities to conduct both defensive and offensive cyber operations.
• The Finnish National Cyber Security Strategy promotes the implementation of a comprehensive framework, supported by strong international cooperation.
• France has adopted a cyber strategy that integrates both offensive capabilities (in the case of severe attacks) and defensive measures (to protect critical infrastructures). This approach involves both the military and government agencies such as ANSSI (Agence nationale de la sécurité des systèmes d'information). While international cooperation is valued, France prefers to maintain full control over its cyber operations, reaffirming its national sovereignty.
• Germany continues to strengthen its defensive and offensive cyber capabilities within its armed forces, employing specialized military cyber units such as the Strategic Reconnaissance Command and CIR, (Cyber and Information Domain Service), a unified cyber command composed of 14,000 soldiers and IT experts.
• Italy developed its National Security Strategy 2022-2026, coordinated by the National Cybersecurity Agency (ACN), aiming to enhance digital security and the resilience of critical infrastructures. From a military perspective, the Ministry of Defense and the armed forces are responsible for both offensive and defensive cyber operations, particularly in the domain of electronic war.

The FACT project and the Strategic Autonomy of the EU

Starting from December 1^st, 2023, the European Union launched the FACT (Federated Advanced Cyber Physical Test Range) project, an initiative funded with 27 million euros under the European Defence Fund. Led by Kongsberg Defence & Aerospace (Norway), FACT aims to develop a common hardware and software platform to test—through advanced simulations—the vulnerability of cyber-physics systems in military equipment. The ultimate goal is to accelerate the achievement of the EU’s strategic autonomy. Although FACT is a fully European initiative, it includes participation from two American contractors—Nokia Bell Labs and Thales Norway—highlighting the complex geopolitical dynamics at play in the cybersecurity sector.

Conclusion

Cyberspace has become an indispensable component of both national and international defense strategies. Armed forces around the world have invested significant resources into developing doctrines, specialized units, and both offensive and defensive capabilities in the cyber domain. The European Union, while maintaining a predominantly defensive stance, is working to enhance cooperation between member states and move toward greater strategic autonomy. Nevertheless, differences persist among countries in terms of funding levels, strategic priorities, and operational capabilities in cyberspace. The major challenge for the future will be to strike a balance between the need for protection and the importance of international cooperation, in order to prevent the escalation of cyber threats and ensure a secure and resilient cyberspace for all.

Mondo Internazionale APS - Riproduzione Riservata ® 2025