Abstract

The ongoing armed conflict in Ukraine has become an unprecedented stress test for national cybersecurity systems, exposing both the capabilities and the limitations of existing cyber-defence architectures under sustained adversary pressure. This paper examines two interrelated dimensions of cybersecurity governance that have acquired acute relevance for European security: national-level prioritization of cyber incidents, and the adoption of zero trust architecture (ZTA) as a paradigm shift in organizational security. First, the paper presents a multi-factor methodology for prioritizing cyber incidents, intended for use by national CERTs such as CERT-UA. The methodology integrates the Common Vulnerability Scoring System (CVSS) with Ukraine's national criticality levels through a hierarchical structure that provides structured tie-breaking via multi-criteria decision analysis (MCDA). The paper proposes a simulation-based evaluation framework for assessing the methodology's effectiveness in handling high-volume incident streams while preserving a decisive and transparent allocation of resources—a critically important capability for states operating under persistent cyber threat. Second, the paper analyses the concept of zero trust as a promising security paradigm for European critical infrastructure. Based on a systematic review of international ZTA models and practical enterprise-deployment experience, it identifies the principal barriers to adoption – in particular awareness gaps, shortages of skilled personnel, and organizational complexity – and proposes practical recommendations for policymakers and security practitioners. By bridging operational-level incident response with strategic architectural transformation, this paper contributes to an interdisciplinary dialogue at the intersection of cybersecurity engineering, security governance, and defence policy. It offers empirically grounded conclusions relevant to European states seeking to strengthen their cyber resilience amid a shifting threat landscape shaped by statesponsored cyber operations, digital-infrastructure dependencies, and the imperative of collective cyber defence within NATO and EU structures.

Panel: Cyber and Digital Sovereignty

All papers

View on Indico ESSC 2026 programme

Cite this presentation