Travellers stranded at Brussels, Berlin and Heathrow this weekend were told the cause was a “cyber incident” at a service provider. That bland euphemism disguises a far graver truth: Europe’s leaders have left our critical infrastructure dangerously exposed.
For years, Brussels has lectured its citizens about grand visions — climate targets, digital rights, lofty rhetoric about “strategic autonomy”. Yet when it comes to defending the very arteries of modern life — airports, rail networks, energy grids — it has been asleep at the controls. The result? A handful of keystrokes, possibly from hostile hands in Moscow, are enough to ground flights, strand thousands, and humiliate Europe before the world.
This is no coincidence. Russia has spent months probing NATO’s air defences with incursions into Baltic and North Sea airspace. Now, as if to underline that it can harass Europe from every direction, our airports fall prey to a cyber strike. The Kremlin doesn’t need to fire a missile. By paralysing boarding systems, it achieves the same effect: planes don’t fly, and confidence in Western resilience is shaken.
The symbolism of Brussels as ground zero could hardly be clearer. This is the so-called capital of Europe, seat of the European Union and NATO headquarters alike. Yet a relatively unsophisticated attack on a third-party provider has thrown the system into disarray. Berlin’s disruption shows Germany, the Continent’s supposed powerhouse, is no better. And Heathrow, Britain’s global gateway, was caught up as well — a reminder that the UK’s robust rhetoric on security is no substitute for hardened systems.
The complacency runs deep. European governments have poured billions into subsidies, green funds, and bureaucratic pet projects while treating cyber resilience as a side issue. Instead of drilling staff in manual backups, diversifying suppliers, and investing in layered defences, officials have ticked boxes and issued reports. Brussels commissions endless strategies; meanwhile, hackers sit in Moscow or St Petersburg, chuckling at the ease of it all.
NATO, too, has been slow to grasp the seriousness. Article 5 was drafted in an age of tanks and bombers. Yet when civilian infrastructure is crippled by a hostile state actor, does this not amount to an attack on the alliance itself? The silence from officials is deafening. Europe dithers, Russia tests — and every delay emboldens the next strike.
Make no mistake: this was not a random outage. It was a demonstration. Russia wants Europeans to feel vulnerable, to question whether their leaders can keep the lights on or the planes flying. Judging by the weekend’s chaos, that message is landing.
The response from Brussels will likely be the usual: solemn declarations, perhaps a “task force”, and promises of “learning lessons”. But unless Europe tears up its culture of complacency and invests seriously in resilience, the next cyber strike will come sooner, hit harder, and cause greater disruption.
What is needed is plain. First, accountability: governments and the EU must admit failure and treat cyber defence as a core security priority, not a bureaucratic sideline. Second, investment: that means hard cash for redundant systems, independent audits, and military-grade protection for civilian infrastructure. Third, deterrence: Moscow must be made to understand that hybrid warfare carries costs, whether economic sanctions or cyber counter-strikes.
Air travel is not a luxury. It is the lifeblood of Europe’s economy, the conduit for business, trade and family ties. To allow it to be paralysed by hackers, while leaders in Brussels fiddle with grandiose schemes, is a dereliction of duty.
The weekend’s cyber chaos should be a wake-up call. If Europe does not harden its defences now, the next strike may not simply delay departures. It could halt commerce, cripple hospitals, or darken cities. The Kremlin is testing us. So far, it is finding us asleep.
