Joshua Kroeker is the CEO and founder of Reaktion Group. He advises governments and firms on geopolitics and military risk, as well as energy and business in Eastern Europe and Eurasia.
Celine Emma La Cour is Principal Strategist at Reaktion Group, where she specializes in drone warfare, economic security, and geopolitical risk.
The views and opinions expressed in this column are solely those of the author and do not necessarily reflect the official policy or position of AeroTime.
The war in Ukraine is increasingly spilling into Europe in the form of sabotage and drone incidents. Latest, on May 7, 2026, two drones entering Latvian airspace from Russia crashed near an oil storage facility in Rēzekne, damaging several empty oil tanks and triggering NATO air policing measures and temporary local restrictions.
Initial investigations suggested the drones were likely Ukrainian long-range strike UAVs intended for targets inside Russia but diverted off course by Russian electronic warfare or GPS interference.
While the incident caused only limited damage, it raised significant concerns due to the proximity of the drones to strategic fuel-storage assets important for both civilian logistics and regional resilience planning. Latvian authorities responded with heightened monitoring measures and renewed discussions around counter-UAS protection for critical infrastructure. The incident underscores a growing concern across Europe: that even relatively small and inexpensive drones can create disproportionate operational, political, and psychological effects when operating near sensitive infrastructure.
The Sub-Threshold Warfare Tracker by the Sahaidachnyi Security Center indicates 22 sabotage attempts against critical infrastructure, and 12 sabotage attempts against other economic and industrial targets since the start of the war until April 2026.
While drones are not yet the main observed attack vector against civilian critical entities, drones are highly present in the surrounding hybrid-threat ecosystem. Besides sabotage attempts, the tracker shows 46 airspace violations by drones in the same time period. For May 2026, we can add several notable sabotage or hybrid-threat incidents, including the Latvian drone incident near oil-storage infrastructure, and repeated drone incursions in Finland and the Baltic region.
What unites these incidents is not the exact mechanism of attack. It is the target logic. They involve sectors where the attacker benefits from disruption, public alarm, delayed detection, cross-border attention or cascading effects. Those are exactly the conditions in which drones are attractive because they are cheap, flexible, deniable and easy to layer onto another attack path.
Drone use is still maturing inside a broader hybrid campaign whose preferred civilian target sectors are already visible in sabotage and cyber data. Analyzing the dataset more closely, we find that transport emerges as the most attacked sector. Airports, ports, rail junctions, border crossings and logistics hubs account for roughly one-third of incidents where critical infrastructure was targeted. The data shows frequent sabotage or cyber hits on airports, seaports and terminals, fuel tankers and shipyards, as well as rail lines and road freight. Short-term outages in transport networks can have outsized economic and societal impact, making them lucrative targets.
Energy, including electricity, gas and oil, and digital infrastructure, including telecoms, data centers and networks, attract steady sabotage and cyber attention. Targets have included undersea cables, telecom hubs, data servers, power grids, wind and solar farms, pipelines, and nuclear and hydro plants. These are critical nodes whose compromise causes systemic effects. Drones could serve multiple roles here: reconnaissance, sensor disruption, or even vectoring explosives.
For critical entities, that makes drones less a separate category of threat than a rapidly spreading multiplier of threats that are already here.
Europe’s resilience gap
Europe has acknowledged the threat, but it has yet to operationalize the response. The EU’s Critical Entities Resilience (CER) Directive requires Member States to designate critical entities across 11 sectors by July 17, 2026, after which these entities are given nine to 10 months to assess and mitigate relevant risks. For many of these entities, that will include the risk of drone incidents. But there remains a significant distance between designation and actual resilience.
The first major gap is the gap between compliance and capability. Across Europe, many operators are conducting risk assessments, and resilience planning on paper. These are necessary steps, but they are not enough. In practice, many critical entities still lack deployed detection systems, tested response protocols, trained personnel, and clear operational procedures for drone-related incidents. A rapidly evolving drone threat environment cannot be addressed through static paperwork. Lessons from Ukraine consistently show that resilience depends on operational adaptation, continuous testing, and the ability to integrate intelligence into real-time decision-making. The organizations best prepared for drone threats are those capable of identifying, assessing, and responding to incidents under realistic conditions. Compliance alone does not create operational continuity under rapidly evolving threats.
Civilian infrastructure in a low-intensity battlespace
The second major gap is the civil-military adaptation gap. Europe is still treating many drone threats as primarily military problems, even as they increasingly target civilian infrastructure and commercial operators. The war in Ukraine has demonstrated the importance of concepts such as layered air surveillance, rapid command-and-control (C2), electronic warfare awareness, distributed detection, and continuous operator training. Yet many of these concepts have not meaningfully transitioned into the civilian domain. Airports, ports, logistics hubs, telecom operators, energy infrastructure, and industrial facilities are now exposed to threat environments that increasingly resemble low-intensity battlespace conditions, but without the organizational structures, technical systems, or trained personnel designed to operate within them. Europe therefore faces a growing need to adapt military lessons, technologies, and operational thinking into scalable civilian resilience frameworks suited to legally constrained and commercially sensitive environments.
The third gap is coordination. Drone incidents rarely fall neatly within a single authority structure. They unfold in the gray zone between civilian security, law enforcement, aviation authorities, military responsibility, intelligence services, and privately owned infrastructure. Yet coordination mechanisms between those actors remain fragmented across much of Europe. A private operator may detect suspicious drone activity without clarity on escalation procedures or access to national threat intelligence. Equally, state authorities often lack operational visibility into what private infrastructure operators are observing on the ground. This creates delays in detection, reporting, attribution, and response precisely in the early stages where rapid coordination matters most. Ukraine’s experience demonstrates that resilience depends not only on sensors and interceptors, but on integrated ecosystems where operators, authorities, and security actors share information and operate through common response frameworks.
Resilience must move from paper to practice
Europe is still in the early stages of adapting to the drone threat in the civilian domain, but the direction of travel is clear. For example, Germany announced a major new public-private initiative between Rheinmetall and Deutsche Telekom to develop a nationwide “drone defense shield” aimed at protecting German cities and critical infrastructure from hostile drones and sabotage operations. The initiative came after a sharp rise in suspicious drone activity across Germany in 2025 and 2026. Still, it remains to be seen how this announcement translates into practical resilience, and how fast that happens.
The challenge for Europe is no longer recognizing the threat. It is operationalizing the response. And again, Ukraine has the answer. It involves layered detection, rapid information sharing, trained personnel, realistic exercises, and close integration between civilian operators, security services, and military structures. Compliance frameworks and strategic documents matter, but resilience is ultimately measured in response times, trained staff, tested procedures, and the ability to adapt faster than the threat evolves.
Founder & CEO, Reaktion Group