Cyber Europe 2026 examines EU response to escalating cyber threats against transportation networks - Industrial Cyber
Industrial CyberArchived Jun 17, 2026✓ Full text saved
Cyber Europe 2026 examines EU response to escalating cyber threats against transportation networks Industrial Cyber
Full text archived locally
✦ AI Summary· Claude Sonnet
News
Cyber Europe 2026 examines EU response to escalating cyber threats against transportation networks
June 17, 2026
The EU Agency for Cybersecurity (ENISA) organized the eighth edition of the Cyber Europe 2026 exercise that took place on June 10-11, bringing together stakeholders across Europe to strengthen cyber preparedness, enhance coordinated incident response, and ensure the continuity of essential services amid cyber threats targeting the continent’s rail and maritime networks.
The two-day exercise simulated realistic large-scale cybersecurity incidents that escalated to cyber crises affecting EU’s interconnected transportation systems. Participants needed to analyse advanced technical cybersecurity incidents, while dealing with the pressure generated by complex scenarios, inspired by real-case events and threats. Central to their efforts was the effective sharing of relevant information with the right stakeholders and peers, contributing to an adequate level of situational awareness at technical, operational and political level.
To bring this year’s edition of Cyber Europe 2026 to life, ENISA collaborated with over 100 cybersecurity experts from national cybersecurity agencies, EU and EFTA’s public and private sectors, as well as from EU Entities, bringing together over 5000 participants.
“Transport is essential to our economy and daily lives, but it is also a target for cyber threats. When ports or railways are hit, effects can reach far beyond transport, disrupting trade, military mobility and crisis response,” Henna Virkkunen, executive vice-president for tech sovereignty, security, and democracy, said in a statement. “As hybrid threats blur the line between civilian and military infrastructure, preparedness is not optional. Cyber threats cross borders in seconds. Europe must be able to act just as fast, together with its closest partners.”
“Cyber dependencies across Europe’s critical infrastructure is our operational reality,” Juhan Lepassaar, ENISA executive director, said. “Our interconnected systems that drive our economies and societies also expose us to common threats, thus cybersecurity is a shared responsibility. Cyber Europe is where we work together to build our preparedness and response to be ready when crisis hits.”
The transport sector holds a vital socioeconomic role amidst the current geopolitical situation. According to ENISA Threat Landscape findings, transport has been in the top-five most target sectors for the past two years. Both the rail and maritime subsectors are inherently complex environments composed of many different stakeholders. They exhibit comparable levels of digitalisation and share a common challenge: integrating legacy OT (operational technology) with modern systems without compromising strict safety and reliability standards. Their dependence on supply chains and third-party providers contributes to their overall exposure to cyber threats, while their increasing role in military logistics raises their strategic importance and potential attractiveness as targets.
The ENISA NIS360 report revealed that both sectors are in the risk zone, with lower-than-average cybersecurity maturity and criticality that exceeds their maturity.
Critical maritime and railway infrastructures across Europe were simultaneously targeted in a coordinated cyberattack, causing severe operational disruptions. Port logistics and navigation systems were compromised, leading to cargo movements being halted and safety risks such as near-collision incidents.
At the same time, direct interference hit railway networks, causing cross-border trains to freeze and thousands of commuters and supplies to be delayed. Adding to the challenges, transport authorities and ticketing services were the target of a ransomware attack which paralysed administrative and passenger service operations. The attack exposed sensitive passenger and emergency information, fuelling hacktivist disinformation in social media.
The evolution of the cybersecurity threat landscape coupled with geopolitics, accelerated the need for stronger cyber crisis management. This year’s edition put the EU Cyber Blueprint to the test, as coordinated action was needed at the technical, operational, and political levels to respond in times of crisis. The revised Blueprint for cybersecurity crisis management was adopted in June 2025, aiming to strengthen the response to large scale incidents and crises in the EU.
For the first time, the EU Cybersecurity Reserve was also tested under the umbrella of Cyber Europe 2026. The Reserve mechanism was set in motion through a scenario, where players were expected to follow ENISA’s Standard Operating Procedure for activating cybersecurity incident response under the EU Cybersecurity Reserve. Foreseen in Article 14 of the EU Cyber Solidarity Act, the Reserve is operated by ENISA and consists of incident response services from trusted managed security service providers.
Rather than isolated events, exercises should be seen as part of a continuous cycle of building preparedness, enhancing skills and capabilities, and strengthening response in an evolving cybersecurity landscape.
Following ENISA’s Cybersecurity Exercise Methodology, an evaluation and analysis will be carried out to obtain insights and identify weaknesses. The findings arising from this process will be consolidated in the After-Action reports that aims to highlight lessons learned and provide guidance for improvements towards strengthening our preparedness and response processes.
Industrial Cyber News Desk
Industrial Cyber News Desk
Error, group does not exist! Check your syntax! (ID: 20)
Error, group does not exist! Check your syntax! (ID: 20)
Related
Resecurity details Anubis ransomware attack on Adriatic Port Authority, exposing maritime infrastructure risks
White House rolls out NSPM-12 to boost cybersecurity governance, oversight, accountability for national security systems
MITRE expands Caldera for OT with Grid Watch DNP3 simulator for hands-on power grid cybersecurity training
Forescout joins OT-ISAC to boost global threat intelligence sharing, collective defense for critical infrastructure
Iron Bow achieves CMMC Level 2 certification, strengthens readiness to secure federal mission environments
Fortinet launches FortiSOC platform to help security teams automate investigations and strengthen cyber resilience
Tenable integrates continuous security validation into Tenable One to reduce cyber risk and remediation burden
How AI is quietly rewiring Purdue Model, forcing industrial defenders to rethink trust across operational environments
US Coast Guard issues expanded cybersecurity guidance, making risk assessments central to maritime resilience
Novo Nordisk faces unauthorized IT access, highlighting persistent threats to pharmaceutical infrastructure