Bridging the Gap in Cross-Border Cyber Defense Strategies

For years, the cyber domain was perceived as a virtual one. However, every cyber attack leaves a tangible footprint—a compromised server, a disrupted infrastructure or a breached supply chain. When critical systems such as water supplies or hospital networks are targeted, the consequences extend beyond data theft to real-world crises that can cost lives.

A Growing Threat Landscape

Recent cyber incidents, including Russian attacks on European infrastructure in France and Italy and Chinese government-backed breaches of U.S. telecommunications and critical infrastructure, have underscored that the cyber domain is evolving from digital espionage to kinetic effects with physical damage. 

Former National Security Agency and U.S. Cyber Command Chief Gen. Paul Nakasone, USA (Ret.), stressed that the

Image

Chinese-backed attacks illustrate the U.S. vulnerability against the adversaries. In response, the Pentagon is fast-tracking its Cyber Command 2.0 review, expected to be completed soon, to counter the surge in state-sponsored cyber threats. The new strategy of reshaping the U.S. national cyber forces focuses on four main efforts, including an advanced training center for military cyber forces and a better engagement with industry.

Adversaries have long focused on offensive cyber operations, while NATO allies remain largely in a defensive posture. The fundamental asymmetry in cyber warfare means that defenders must be 100% effective at all times, whereas attackers need only succeed once to cause significant disruption.

In an era where cyber threats seamlessly bypass national boundaries, the traditional focus on internal cyber defense has become a deceptive mindset. The globalized technology market ensures that devices and software are constructed from components sourced worldwide, including from potential adversaries. No longer can a country be resilient against cyber crimes by protecting only its borders.

Over the past few years, all NATO member states have made significant efforts to enhance cross-border collaboration and counter emerging cyber threats. However, at the state level, the need for knowledge-sharing in cyber defense often conflicts with the necessity of protecting national security. There must be a compelling reason for collaboration to push states to disclose vulnerabilities and admit that their defenses have been compromised.

Major policy changes take time—a luxury we don’t have in a fast-evolving cyber threats landscape. While nations work to adapt, state-backed actors like Chinese groups or Russian entities such as Gamaredon and Sandworm stay one step ahead, moving faster than the systems designed to stop them. Timely knowledge often lies outside government structures, within the industry, and public-private collaboration can bridge this gap, enabling faster action while long-term policies are developed.

Ways Public-Private Partnerships Can Bridge the Gap in Cybersecurity

This collaboration can take various forms. Here are two notable examples of public-private collaboration, both beneficial for state cybersecurity bodies:

1. Governmental collaboration with internal private companies in cyber training. 

A recent example of joint activity is Finland’s national cyber exercise, which focused on municipalities and critical infrastructure operators. The exercises were aligned with Finland’s updated security strategy, which reflects the changing security situation at the Russian border and lessons learned from the war in Ukraine. This updated strategy outlines a comprehensive security concept, bringing together authorities, businesses and organizations.

National cyber drills held in February 2025 involved 150 participants from across the country. These drills were developed by the independent cybersecurity training center Jyväskylä Security Technology (JYVSECTEC), the Finnish Ministry of Communications and Finland’s Security Committee, which played a guiding role in implementing the exercises. For a few days, participants exercised to understand how cyber emergencies can impact their operations and cooperation with others.

2. Cross-border public-private partnership, leveraging the state experience in cyber warfare.

A notable example is the TRYZUB drills, designed through a partnership between Ukrainian state cyber forces and the U.S.-based company CYBER RANGES. These drills are based on real-world scenarios of attacks by Russian state-backed offensive cyber operations groups like Gamaredon and Sandworm, which have been targeting Ukrainian critical infrastructure for years and are now spreading their malign influence to NATO member states.

Particularly, the Sandworm group was responsible for attacking the core network of Kyivstar—the biggest Ukrainian telecom provider—leaving 24 million customers without connection. The banking system, the air raid alert system and other critical infrastructure were also affected by the attack. The recovery took a week.

In 2024, Sandworm was blamed for cyber attacks on U.S. and European water facilities. This February, Microsoft Threat Intelligence reported that Sandworm has been carrying out a “near-global” initial access campaign dubbed “BadPilot” since at least 2021, targeting high-value sectors in the United States, Europe, Central Asia, the Middle East, Canada and Australia. It gained access to critical sectors, including energy, oil and gas, telecommunications, shipping, arms manufacturing and international governments.

Gamaredon—another group linked to Russia’s Federal Security Service (FSB)—is the most engaged advanced persistent threat group in Ukraine, which has attempted to compromise targets in several NATO countries: namely Bulgaria, Latvia, Lithuania and Poland.

According to the ESET research, Gamaredon has notably improved its cyber espionage capabilities and developed several new tools focused on stealing valuable data.

TRYZUB drills replicate these threats in a safe, sandbox environment. Ukraine offers its war-tested experience in withstanding advanced persistent threats to train military units, critical infrastructure operators and government bodies worldwide.

Both partnership formats have proven to be efficient and demonstrate the most direct path to enhancing cross-border cooperation in the cyber defense domain. To build cyber resilience, it makes sense to leverage the strengths of each side:

• The government’s ability to deliver knowledge at a whole-society level, including to the most critical and vulnerable units, which are often the primary targets.
• The agility and speed of private companies. While governments may be constrained by the lengthy processes of standardization and alignment, private companies can move with the speed and flexibility required to stay competitive. The undeniable benefit of this is the timely updates to drills, including the latest cybersecurity threats—something governments can certainly benefit from.

Building a secure cyber future requires education, collaboration and continuous training. Cyber hygiene must be embedded in society from an early age, as the human factor remains the weakest link in the cyber crime chain, responsible for almost 70% of incidents. Cross-national cooperation must also be streamlined to adapt to the evolving threat landscape. By embracing rapid intelligence sharing, multinational cyber drills and public-private partnerships, NATO and its allies can stay ahead of adversaries and strengthen their cyber resilience.

Almerindo Graziano is CEO of CYBER RANGES. Graziano has more than 20 years of experience in information and cybersecurity, ranging from developing one of the very first UK cybersecurity university master programs in 2005 to security consultancy and strategic advisory for private and government organizations across Europe, Africa, the Middle East and APAC.