Editor’s note: A version of this article was first published in Slovak by the author in Pravda on 10 April 2026. The text below is an English adaptation prepared for an international readership. The original piece is available here.
Critical infrastructure has become one of the principal instruments of geopolitical rivalry. Hybrid threats combine cyber attacks, physical sabotage, disinformation, and economic coercion into coordinated campaigns that test the resilience of states — Slovakia included.
A new era of security threats
The geopolitical environment of 2026 is defined by a steady rise in the intensity of hybrid operations. This is not a new phenomenon — hybrid tactics are as old as conflict itself. What makes the current iteration different is that it is more sophisticated, more coordinated, and more deliberately aimed at what keeps modern societies functioning: critical infrastructure.
Hybrid threats are coordinated malicious activities that combine multiple instruments at once — cyber operations, physical sabotage, disinformation, economic pressure, covert political interference, and the threat of military force. The objective is not direct military confrontation but the erosion of trust, stability, and the capacity of states to respond.
On 16 March 2026, the Council of the European Union adopted conclusions on strengthening the EU’s ability to counter hybrid threats, condemning persistent hybrid activities by both state and non-state actors aimed at undermining the security and stability of the Union and its partners. The move confirmed something that was already clear to practitioners in the field: hybrid threats have moved from the margins of the security agenda to its core.
The Baltic Sea and undersea cables: a laboratory of hybrid warfare
The Baltic has become the epicentre of a new form of conflict. Since 2022, approximately ten undersea cables in the region have been damaged, seven of them between November 2024 and January 2025. Each incident has followed the same pattern: it strikes critical infrastructure while remaining in the grey zone between accident and intent.
In November 2024, two undersea telecommunications cables were damaged — the BCS East-West Interlink connecting Lithuania and Sweden, and C-Lion1 running between Finland and Germany. Suspicion fell on the Chinese cargo vessel Yi Peng 3, which had been trailing its anchor along the seabed on a route that matched the damage locations.
On New Year’s Eve 2025, Finnish telecommunications operator Elisa recorded a disruption to a data cable between Helsinki and Tallinn. Finnish authorities moved quickly to detain the cargo ship Fitburg, which had set sail from St Petersburg and was found with its anchor chain deployed at the time of the intervention.
These are not isolated events. Taken together, they reveal a systemic vulnerability. More than 95 percent of global internet traffic travels through undersea cables that carry roughly 10 trillion dollars in financial transactions every day. Infrastructure that most people never see is also infrastructure without which the modern world grinds to a halt.
Who is behind the hybrid campaigns
In its March 2026 conclusions, the Council of the EU unambiguously condemned Russia and its proxies for persistent, coordinated, and long-running hybrid campaigns targeting the EU, its Member States, and its partners. Analyses by security organisations pointed to a pronounced increase in Russia-linked hybrid incidents across Europe in early 2026, with more than 150 suspected cases recorded across EU and NATO Member States.
The Kremlin’s approach is systemic. Sabotage targets logistics hubs, defence-industrial supply chains, and civilian infrastructure with the goal of disrupting European support for Ukraine and raising security and economic costs across the continent. These low-cost operations are engineered to stay below the threshold of direct military confrontation while preserving plausible deniability.
Questions about Chinese vessels in the Baltic — and, separately, in the waters around Taiwan — run in parallel. Security analysts are tracking the similarities between the two theatres, though comprehensive comparative statistics have yet to be systematically established. In the grey zone, denial itself is the most powerful weapon. An attacker does not need to cause a nationwide blackout. It is enough to generate uncertainty.
Three pillars of hybrid warfare
Analysts identify three foundational pillars of contemporary hybrid campaigns.
Subversion — weakening from within. Disinformation campaigns, manipulation of public opinion, interference with electoral processes, and the exploitation of internal polarisation. The goal is to weaken the political will and cohesion of democratic institutions. The Council of the EU has explicitly stated that these activities target the core of democratic values and seek to fracture society.
Sabotage — demonstration of capability. Physical and cyber attacks against infrastructure that expose vulnerabilities, create disorder, and reinforce the public perception that the state cannot protect essential services. Damage to undersea cables, strikes against the energy grid, and disruption of rail infrastructure are the textbook examples. On 3 January 2026, an arson attack on high-voltage cables near a cogeneration plant in the Berlin district of Lichterfelde caused a major outage affecting more than 40,000 households and 2,200 businesses — the longest power disruption in the city since 1945. Responsibility was claimed by the domestic left-extremist group Vulkangruppe. The incident is a reminder that the vulnerability of critical infrastructure is not exclusively a question of state-sponsored campaigns. Non-state actors with ideological motivation can produce comparable effects.
Coercion — deterring the response. The use of economic pressure, energy dependencies, and the threat of escalation to slow decision-making and discourage an adequate reaction. Taken together, the three pillars form an integrated pressure system that exploits the gap between treaty commitments and actual political will to act.
Europe’s response: from reaction to prevention
The European Union is steadily building a comprehensive framework to counter hybrid threats. In April 2025, the European Commission presented ProtectEU, a strategy that integrates critical infrastructure protection, cybersecurity, and the fight against online threats into a single security framework. It calls on Member States for full implementation of the CER and NIS2 directives.
The EU has also developed the Hybrid Toolbox, a coordinated set of preventive, cooperative, stabilising, and restrictive measures for responding to hybrid campaigns. Rapid-reaction mechanisms are part of the same architecture, available to support Member States under hybrid pressure.
On undersea cable protection, NATO launched Operation Baltic Sentry in January 2025, reinforcing maritime surveillance in the Baltic through frigates, maritime patrol aircraft, and unmanned systems. The European Commission has published an action plan for cable security built around four pillars: detection, response, repair, and deterrence.
Despite these steps, experts consistently warn that Europe’s greatest vulnerability is not the infrastructure itself but political will. Divergent threat perceptions between eastern and western Member States continue to weaken the ability to establish a credible deterrence posture.
Slovakia within Europe’s security architecture
Slovakia is an integral part of the European infrastructure space. Energy interconnections, transit routes, logistics corridors, and digital infrastructure link it tightly to neighbouring countries and establish it as an important node in the Central European region.
The rising intensity of hybrid operations across Europe affects Slovakia directly. Grey-zone disruption of infrastructure is not a problem only for the eastern flank of NATO. It is a pan-European challenge that demands coordinated responses at every level.
In 2026, Act No. 367/2024 Coll. on critical infrastructure enters into force in Slovakia, establishing the legislative framework for identifying, protecting, and strengthening the resilience of critical entities. At the same time, the implementation of the NIS2 and CER directives continues, shifting critical infrastructure protection from a purely technical matter into a strategic one.
The stability of Slovakia’s critical infrastructure has implications for the wider European environment and is, in turn, shaped by events beyond the country’s borders. In a world where threats increasingly transcend state boundaries, coordination across critical sectors — between public and private entities, between expert communities, and between countries — is the core precondition for an effective response.
What comes next
Leading European security analysts, including those at the EU Institute for Security Studies (EUISS), place a disruptive attack against critical infrastructure among the most serious risks facing the EU in 2026. Such an attack would not seek military victory. It would seek to divide and erode political resolve. Sabotage of undersea cables, a prolonged electricity outage, or the coordinated disruption of digital and transport systems could paralyse daily life and trigger a crisis of confidence in institutions.
Deterrence in 2026 will depend as much on redundancy, rapid repair of critical infrastructure, cross-border coordination, and societal preparedness as on traditional military instruments.
The role of the expert community
In an environment of intensifying hybrid threats, professional platforms that connect actors in the critical infrastructure space are indispensable. In Slovakia, that role is held by the Association of Critical Infrastructure of the Slovak Republic (AKI SR), which provides the setting for exchanging experience, conducting professional discussion, and identifying shared challenges across sectors.
Resilience is not built by technology alone. It is built, above all, on the capacity to cooperate, to share information, and to prepare for scenarios that cannot be solved in isolation. At a moment when hybrid threats are becoming a defining feature of the new geopolitical reality, working alongside experienced professionals and sector associations is among the most effective forms of preparation for what comes next.
The post The Geopolitics of Hybrid Threats: Critical Infrastructure as the Battlefield of the 21st Century appeared first on Decent Cybersecurity.
