ConferenceYoung European Security Conference
Convened bySchwarzkopf Foundation · Young Europe
DocumentField-notes synthesis
SessionsSix

Field Notes — Synthesis

Resilience, Coordination & the Politics of Cybersecurity

Six sessions, one through-line: the technical questions kept resolving into political ones — who decides, who coordinates, and how fast.

§01Crisis Simulation

Recovering a grid under attack

A tabletop exercise: a cyberattack against an energy grid, and the job of bringing combined heat and power (CHP), renewables, and public services back online under pressure.

The response order is deliberate — containment and evidence come first, restoration second. You snapshot the system before you touch it, both to stop the spread and to preserve what later forensics will need.

Incident Response Sequence Containment and evidence before restoration 1 · CONTAIN & PRESERVE 2 · RESTORE & RECOVER 1 Isolate networks stop the spread 2 Quick forensic capture preserve evidence 3 Restore CHP slowly but steady 4 Restore renewables 5 Post-disaster recovery return to normal ★ Group priorities throughout: keep heating on first · keep the public informed
Fig. 1 — The incident-response sequence. The CHP model (heat ⇄ power ⇄ renewables) is tightly coupled, so restoration is paced rather than rushed.

Two points dominated the group discussion: heating is the first priority in a grid-down scenario, and keeping the local population informed is part of the response, not an afterthought.

§02Conflict & Coordination

Attribution without verification, escalation without scale

The central difficulty in responding to state-level cyber incidents is maintaining coherence across the actors and layers involved.

The 2014 Sony Pictures hack served as the reference case for data exfiltration and contested attribution — the temptation to name an attacker before the evidence holds. The deeper trap is that escalation doesn't scale cleanly: the political response rarely maps onto the technical reality, with Ukraine cited as a live example.

Coordination Across Layers The hard problem is coherence, not capability NATO EU Regional coordination National Where capability is concrete more abstract more concrete Collective defence Coordination is the key challenge — responses must stay aligned across every tier.
Fig. 2 — Responses run across NATO, EU and national tiers of increasing abstraction. The systems most exposed: the defence industrial base and financial systems.

Political coordination, in other words, is the work. The layers above carry authority but abstraction; capability is concrete at the national level — and the three have to move together.

§03AI & Quantum

Faster decisions, more ambiguity

AI compresses detection and decision time — and the time available to escalate. That cuts both ways: less deliberation, but also more ambiguity. Faster is not always better.

The quantum transition adds a second front, split along geopolitical lines:

A political problem emerges after day three — and then a solution must be found.On how crises force decisions

Escalation itself becomes the mechanism that produces a resolution. The EU holds high-level capabilities here — but the framing that stuck was simpler: cybersecurity is a political competition as much as a technical one.

§04Critical Infrastructure

When the grid fails, everything else follows

The European electricity system runs in tiers — and a failure propagates through all of them.

TSOsTransmission system operators — very-high-voltage lines.
DSOsDistribution system operators — the distribution network.
Gen.Generators & suppliers feeding the system.

The proposed fixes are organisational as much as technical: pre-authorised coordination (agree the response before the crisis), AI decision thresholds, the European Network for Cyber Security (ENCS), and standardisation such as ISO 27001.

What makes the stakes vivid is the cascade — how quickly a blackout compounds into a societal one:

Grid Failure — The Cascade How fast a blackout compounds · ordered by sequence, not to scale T + 0 Lights out T + 15–30 min Backup generators engage T + 1 h Card payments fail Water stops · cold sets in T + 2 h Production halts T + 3–4 h Phones die T + 10 h Gas supply affected Ongoing Transport & supply chains break Heating + public information are the first response priorities once the chain begins.
Fig. 3 — The blackout cascade. Card payments, water, comms and transport fail within hours; food spoils and batteries drain as it runs on.
§05OT Systems

Where availability beats everything

Operational technology runs physical processes and stays in service for the long term. Its security goal is simply to keep the system running — and that changes the threat model.

As OT connects to IT, the risk surface grows: malware can cascade across multiple countries, and phishing remains a primary way in.

§06Regulating IoT

Auditable, EU-resident, secured by design

The regulatory direction was concrete: ISP monitoring with data held on EU servers, EU-auditable data for IoT, and security built into devices by default. The honest footnote — those costs ultimately land on the customer.

The through-line

Five things worth keeping

Coordination beats capability
The hardest problem isn't technical — it's keeping NATO, EU and national responses coherent and agreed in advance.
Resilience is about cascades
A grid failure isn't one event but a timed chain. Heating and public communication come first.
Speed cuts both ways
AI and quantum compress decision time while amplifying ambiguity and escalation risk.
Sovereignty is structural
EU-resident servers, auditable data and standardised security (NIS2, ISO 27001) recur as requirements, not extras.
Cybersecurity is political
Throughout, the technical questions kept resolving into questions of governance, competition and who decides.