For years, when I sat down with CISOs and security managers, the conversation about cybersecurity threats inevitably gravitated towards ransomware. It was, and remains, a clear and present danger. But over the past year, my conversations with European public safety leaders have shifted. We’re now fighting a war on two fronts. While the devastating threat of ransomware still looms, a new battlefront has opened up—one defined by high-frequency, politically motivated attacks that aim to disrupt, distract and erode public trust.
This isn’t theoretical. This is the new reality for public safety in Europe.
Front #1: The Noisy Barrage of Hacktivism
The primary driver of this new front is the alarming rise in Distributed Denial-of-Service (DDoS) attacks, overwhelmingly targeting European organisations. In fact, our intelligence shows that Europe deals with over 75% of all DDoS attacks aimed at public safety globally.
This isn’t random. This activity is highly concentrated and politically motivated, primarily waged by pro-Russian hacktivist groups like NoName057(16). Their targets are often municipalities in nations that support Ukraine, such as Germany and France, which together accounted for nearly a quarter of all European incidents this year.
For the technical manager, this is a constant, draining battle. What began as a DDoS attack every few weeks in 2023 has escalated dramatically. In 2025, these attacks on European municipalities are now happening about once a week. While these groups are generally considered unsophisticated and the attacks are often low-impact, they are incredibly noisy. They are designed to overwhelm your web servers, disrupt public-facing sites and tie up your valuable security resources in a never-ending game of whack-a-mole.
For the CISO, this represents a significant strategic risk. It’s not just a website going down. It’s a direct hit on your organisation’s reputation and the public’s ability to access services. More insidiously, this constant barrage can act as a smokescreen, distracting your security teams while a more sophisticated adversary attempts a deeper, more damaging intrusion. You are forced to expend resources on a low-level threat while the risk of a catastrophic one remains.
Front #2: The Silent, Lurking Threat of Extortion
While hacktivists are making noise at the front door, sophisticated extortion groups are still quietly picking the locks on the back windows. Ransomware hasn’t gone away; it has simply been overshadowed by the sheer volume of DDoS activity. And when it strikes, the consequences are far more severe.
We saw a chilling example of this in March 2025, when the Qilin ransomware syndicate attacked the Fire and Rescue Service in two regions of the Czech Republic. According to reports, the attack was so significant that firefighters were forced to rely on an “alternative method of communication” to maintain their response capability.
This is the scenario that keeps me, and should keep you, up at night. This wasn’t just an Information Technology (IT) problem; it was an Operational Technology (OT) crisis that had the potential to impact mission-critical radio services. While this was the only observed mission-critical compromise in Europe this year, we know the Qilin group has a history of disrupting public safety radio and CAD systems in North America. The capability and intent are clearly there.
For the radio systems manager, this is the convergence nightmare. An intrusion that starts on the IT network—the world of emails and databases—can quickly pivot and cripple the OT network—the world of radios and dispatch consoles.
For the CISO, this is the ultimate test of resilience. The potential impact goes far beyond data loss and financial cost. It strikes at the heart of the public safety mission: the ability to respond to emergencies. It highlights the critical need to view security not through separate IT and OT lenses, but as a single, unified challenge.
Winning the War: Pragmatic Recommendations for the Two Fronts
Defending against two distinct types of threats requires a layered, intelligent strategy. You cannot simply build a bigger wall; you must have the visibility and agility to fight in two directions at once.
- Neutralise the DDoS Noise. Don’t let your internal teams be consumed by the constant barrage. Employ provider-led DoS mitigation services that can filter malicious traffic before it ever reaches your network boundary. Think of it as hiring security for the front gate so your highly skilled officers can patrol inside the perimeter. This preserves your internal resources to hunt for more advanced threats.
- Reinforce the Core Against Ransomware. The best defence against ransomware remains mastering the fundamentals. This means immutable backups, rigorously tested incident response and recovery plans and most importantly, network segmentation. Creating strong, enforced boundaries between your IT and mission-critical OT environments is like having bulkheads in a ship; a breach in one compartment doesn’t sink the entire vessel.
- Establish Unified Visibility. The days of having a separate IT security team and a radio engineering team who only talk during a crisis are over. The modern threat landscape demands a consolidated view. This is where a 24/7 Security Operations Center (SOC) with specific expertise in both IT and OT environments becomes indispensable. You need analysts who not only understand firewall logs but also recognise anomalous behaviour on a TETRA radio network. Without that combined expertise, you’re flying half-blind.
- Leverage Proactive Threat Intelligence. You need to know what’s coming over the horizon. Subscribing to threat intelligence services (such as the Public Safety Threat Alliancehttps://namrinfo.motorolasolutions.com/join-the-psta)that specifically monitor threats to public safety and critical infrastructure is no longer a luxury. Understanding the tactics of groups like NoName057(16) and Qilin allows you to tailor your defences before they launch an attack.
The cyber threat to European public safety has evolved. We are fighting a high-volume war of attrition against hacktivists and a high-stakes war of intrusion against ransomware gangs. Winning requires us to bridge the gap between our IT and OT worlds, invest in specialised expertise and adopt a cybersecurity posture that is as resilient and adaptable as the first responders we protect.
