Europe’s strategic environment is being reshaped by a rise in hybrid threats targeting the physical, digital and political foundations of modern societies. This episode of The International Risk Podcast examines these challenges through an in-depth conversation with Dr Tim Stevens, Reader in International Security at King’s College London and co-director of its Cyber Security Research Group. Drawing on years of research into cyber risk, hybrid operations and the global politics of technology, Dr Stevens explains how contemporary adversaries exploit the interdependence of infrastructure systems, supply webs and public trust to generate strategic effect.

Dominic opens the discussion by noting that critical infrastructures once viewed as “silent enablers” of economic and social activity have now become front-page concerns. Energy grids, ports, undersea cables and digital networks are not just vulnerable but increasingly targeted and probed. Ransomware attacks on hospitals, sabotage of cables and pipelines, and information operations aimed at eroding cohesion illustrate that hybrid threats now sit at the intersection of geopolitics, technology and societal resilience.

Critical Infrastructure as Strategic Terrain

Across the episode, Dr Stevens reframes critical infrastructure as more than a collection of utilities or technical assets. He presents it as the connective architecture of contemporary life, a system of interlocking dependencies that sustain economic activity, democratic legitimacy and societal wellbeing. Infrastructure, in this view, has become an active arena of strategic competition precisely because it underwrites basic expectations of order and continuity.

As he explains, “the principal purpose for targeting critical infrastructure is to undermine societal wellbeing… including trust in governments to protect essential goods and services.” Disruption is therefore not the sole objective. The deeper aim is to corrode confidence in state capacity and create a political atmosphere in which uncertainty and vulnerability take root. Infrastructure becomes a psychological lever as much as a physical one.

Russia’s activity across Europe reflects this strategic sensibility. Dr Stevens notes a “quadrupling” of hybrid and sabotage operations over the past two years, spanning fires, kinetic attacks, cyber intrusions and electronic interference. These actions sit deliberately in the space below armed conflict yet are calibrated to test resilience, probe institutional seams and measure political response.

The recent deployment of the Russian vessel Yantar, described by Moscow as an oceanographic research ship but tracked by European navies as a spy vessel loitering among dense clusters of subsea internet and energy cables in the North Sea and waters north of Scotland, underlines how even the seabed has become contested strategic terrain. In November 2025, Reuter’s reported British officials accused Yantar of directing lasers at RAF pilots monitoring the ship, while warning that it has also been mapping and monitoring the undersea cable routes that carry Europe’s data and energy flows, raising concern that these networks could be held at risk in a future confrontation.

A recent analysis by the Atlantic Council describes this as a “shadow war” of sabotage and covert operations against pipelines, railways and other critical infrastructure across Europe, designed to wear down resilience over time.

China’s approach is subtler but similarly attuned to the political value of infrastructure. Its focus lies in mapping dependencies, shaping information environments and cultivating latent access that may be operationally useful in future geopolitical contingencies.

Hybrid threats therefore operate through multiple layers at once. They draw upon the physical, digital, informational and symbolic dimensions of infrastructure, synthesising these strands into effects that cannot be produced within a single domain.

Capability, Intent and the Russian Playbook

Dr Stevens’s account of Russian operations introduces a nuanced understanding of how adversaries communicate power. Instead of a rigid chain of command dictating daily activity, he describes a system that is permissive, decentralised and exploratory. Security organs are granted a broad “green flag” to identify openings, test boundaries and pursue initiatives that reveal both technical vulnerabilities and political resonance.

This fluid structure interacts with a keen sensitivity to Western sociopolitical dynamics. As Dr Stevens observes, “Western societies are very open… Russian operatives are clever. They know what concerns us, they know what we hold of value.” Infrastructure is therefore not exploited solely for its functional significance but for the symbolic weight it carries. Hospitals, energy grids and public services are targeted because they anchor the public’s sense of stability.

The Norwegian dam intrusion illustrates this logic with unusual clarity. After compromising the industrial control system, Russian operators opened floodgates only partially. The purpose was not maximal damage but a strategic display of access, sending the message, “We could have opened it a lot more, but we did not,” as Dr Stevens notes. Such actions reveal the coercive potential of restraint. By signalling capability without escalation, Russia shapes perceptions, induces caution and amplifies the psychological impact of subsequent operations. Reporting on the 2025 cyberattack against a Norwegian hydroelectric dam similarly describes how pro‑Russian hackers remotely manipulated a floodgate without causing catastrophic damage, with Norwegian police and security officials treating the incident as a deliberate demonstration of Moscow‑linked access to critical infrastructure rather than an attempt at outright destruction.

Hybrid behaviour thus emerges as a repertoire of gestures calibrated to inhabit the space between disruption and provocation. It is this indeterminate zone that European states must now navigate.

Hybrid Operations, Ambiguity and Strategic Signalling

Ambiguity is not merely a feature of hybrid threats. It is one of their organising principles. Dr Stevens explains that hybrid operations are designed to leave intent deliberately opaque: “We know they can, but what is it that they will do?” This uncertainty complicates attribution, delays political decision-making and unsettles assumptions about thresholds and response.

China’s activities follow a different temporal logic but operate within a similar conceptual architecture. While Taiwan remains its immediate strategic horizon, Beijing’s operations are embedded in longer-term objectives that extend beyond the individual incident. Dr Stevens situates this within a doctrinal and historical frame: from Beijing’s perspective, reintegration is a long arc, and hybrid operations serve to prepare the informational and infrastructural environment for that trajectory while signalling resolve to external audiences.

Hybrid operations, whether Russian or Chinese, thus accumulate significance over time. They are not standalone events but sequences of calibrated actions that, taken together, shift the parameters of risk and strategic expectation.

Cyber Intrusions, Malware Implants and the Logic of Pre-positioning

The episode’s discussion of cyber intrusions deepens this temporal perspective. Dr Stevens draws a parallel between traditional military pre-positioning and the implantation of malicious software in foreign networks. As he explains, “malicious software… implanted in foreign countries’ networks serves a very similar function” to placing matériel abroad. It creates latent capacity that can be activated under different political or strategic conditions.

This logic reframes cyber operations not as isolated penetrations but as part of a wider posture in which infrastructure becomes a site for storing future coercive options. Energy grids, communications systems and transport networks thus become both targets and instruments in the strategic repertoire. They are spaces where adversaries quietly establish positions that sit dormant until a change in the geopolitical environment transforms access into leverage.

In this sense, hybrid competition erodes the traditional distinction between peacetime and crisis. Pre-positioning creates a standing background of potential escalation, embedded within civilian systems that are difficult to monitor or defend comprehensively. Accounts of China’s ‘Volt Typhoon’ campaign point in the same direction, noting that Beijing has quietly acknowledged to U.S. officials that it conducted long‑running intrusions into American critical infrastructure in order to establish access that could be used to threaten power, water and communications networks in a future confrontation, rather than to trigger immediate disruption.

Insider Threats and the New Geography of Risk

Dr Stevens also reframes the insider threat in contemporary terms. The conventional figure of the disgruntled employee is no longer the primary risk. Instead, in an environment shaped by remote work, globalised recruitment and digital labour markets, insiders can be positioned across borders without ever entering an organisation’s physical space.

He points to the North Korean IT Scheme, in which North Korean operatives used AI-generated CVs on professional platforms to secure remote IT roles in Western companies. These operatives, he notes, “never set foot inside the building,” yet gain full credentials, access to sensitive systems and the ability to channel intellectual property and financial flows toward sanctions evasion. Recent reporting reinforces the scale of this tactic. In late 2025, POLITICO revealed that four American citizens had pled guilty to facilitating such schemes, helping North Korean actors secure remote employment and enabling the theft of more than two million dollars through fraudulent contracts and payroll channels.

This shift illustrates that contemporary insiders are no longer individuals physically embedded within an organisation, but actors woven into its digital and administrative systems, often through legitimate hiring processes. Compounding this risk is the fragmented visibility many organisations have over their own infrastructures. As Dr Stevens observes, internal audits routinely expose “hundreds” of unmonitored or unsecured peripheral systems. These blind spots provide fertile ground for hybrid actors to exploit, amplifying exposure without breaching core systems directly.

Regulation, Resilience and the Limits of Deterrence

On the role of regulation, Dr Stevens is clear. “You cannot regulate your way out of what is essentially a political situation.” Compliance regimes may harden systems under domestic control, but they cannot alter the strategic incentives of adversaries who operate outside those frameworks.

Measures such as the EU’s NIS2 Directive have meaningfully raised baseline resilience. The NIS2 Directive, as set out by the European Commission, expands the range of covered sectors and tightens incident‑reporting and risk‑management obligations for both public and private operators. Reports by organisations, such as the European Cyber Security Organisation highlight how NIS2 is prompting companies to formalise cyber‑risk management and resilience efforts, while also exposing significant disparities in implementation across sectors and member states. The directive’s purpose is fundamentally defensive: to improve domestic preparedness, not to deter foreign operators whose goals are rooted in geopolitical competition, not regulatory compliance.

Resilience, in this context, is best understood as an ongoing process rather than a fixed achievement. Investments made today strengthen the security environment incrementally in the weeks and months that follow. However, they do not eliminate the structural drivers of hybrid competition, which remain embedded in strategic rivalry, political signalling and the pursuit of advantage through ambiguity.

Broader Implications for Contemporary Security Thinking

The episode makes clear that hybrid threats must be understood as systemic and relational rather than episodic. Dr Stevens shows how adversaries leverage the interconnectedness of modern infrastructure to create effects that resonate across political, economic and social domains. Cyber intrusions, sabotage, information manipulation and supply-chain exploitation do not function independently. Their power lies in their ability to intersect, reinforce and reshape perceptions of vulnerability.

This reasoning aligns with wider insights from Dr Stevens’s research on cyber risk, which argues that institutions navigate overlapping logics of threat and uncertainty. These logics shape how vulnerabilities are recognised, how resources are allocated and how resilience is conceptualised. The episode demonstrates these dynamics in practice: hybrid actors exploit specific technical weaknesses, but they also harness the broader uncertainties inherent in complex, interdependent systems.

Taken together, the conversation highlights the need for security strategies that integrate technological, institutional and political perspectives. Technical fixes alone cannot address the deeper ambiguities and interdependencies that hybrid actors seek to exploit. What is required is a strategic orientation that recognises the inseparability of infrastructure, knowledge, perception and power in contemporary security environments.