The question is whether European deterrence, built on conventional models of signaling and punishment, can credibly constrain Russia's campaign of shadow warfare when the Kremlin operates under a fundamentally different logic of conflict. Evidence suggests a persistent mismatch between the structure of Russian aggression and the West's response.

Russian shadow warfare is not a collection of opportunistic acts. Research by the Center for European Policy Analysis, led by Sam Greene and colleagues, finds these operations central to the Kremlin's worldview, which dissolves the boundaries between war and peace, internal repression and external subversion. Since 2022, Russian covert activities in Europe have become more tightly linked to Moscow's war aims in Ukraine, but the logic predates the current conflict. The governing principle is not the avoidance of escalation, but the pursuit of regime survival through permanent confrontation, a doctrine with roots in Soviet, and particularly Stalinist, practices.

This systematization matters. The Russian state does not treat shadow operations as a substitute for conventional force. Covert sabotage, cyberattacks, and proxy actions are interchangeable with diplomatic, informational, and military instruments. The regime's security apparatus, spanning intelligence services, military units, and affiliated criminal or paramilitary networks, receives validation through disruption itself.

Success is measured less by concrete gains than by the demonstration of action. Exposure of an operation, often a deterrent in Western logic, can be reframed in Moscow as proof of relevance or justification for further investment. Failure, paradoxically, may prompt greater risk-taking. A system biased toward escalation, with little internal discipline to rein in adventurism.

This internal logic collides with Western deterrence models. European and NATO approaches presume an adversary who calculates risk, weighs costs, and responds to the threat of punishment. These models rely on signaling, publicly or privately communicating red lines, demonstrating the capacity and willingness to retaliate, and calibrating responses to avoid uncontrolled escalation. Against an opponent who treats disruption as validation and pressure as confirmation, these mechanisms falter.

The empirical record across Europe since 2022 documents the breadth and persistence of Russian shadow operations. Sabotage of critical infrastructure, including undersea cables and energy pipelines, has disrupted national economies and exposed vulnerabilities in Europe's physical networks. Aviation and energy systems have been targeted for disruption, sometimes through direct interference, sometimes through manipulation of digital controls. Russian-linked actors have penetrated government and defense networks, surveilled military facilities, and targeted political opponents and security officials. These operations are rarely claimed, often ambiguously attributed, and almost never met with decisive retaliation.

Take the case of undersea infrastructure. The sabotage of the Nord Stream pipelines in 2022, while never conclusively attributed, set a precedent for attacks on energy supply lines and communications cables. Since then, European governments have reported multiple incidents of unexplained outages or physical damage to undersea assets. Each incident, taken in isolation, can be managed. Together, they reveal a persistent campaign to probe and degrade European resilience.

Infiltration and the use of proxies represent another front. Russian intelligence services have relied on criminal networks, loosely affiliated intermediaries, and ideologically flexible actors to carry out sabotage, surveillance, and influence operations. The use of such proxies complicates attribution and blunts the effectiveness of traditional countermeasures. Law enforcement agencies across Europe have arrested individuals linked to Russian operations, but successful prosecutions remain rare, and the networks adapt quickly.

The same logic applies to digital operations. Cyberattacks on government, military, and critical infrastructure targets are designed to be deniable, often routed through third countries or criminal groups.

The digital front is especially active. Russian cyber operations have ranged from data theft and espionage to destructive attacks on necessary services. The 2023 cyberattack on a major European health service disrupted patient care and forced the temporary closure of hospitals. In the same period, coordinated phishing campaigns targeted defense officials and political figures in multiple EU countries. The intent is not always immediate disruption. Often, the goal is to erode trust in public institutions, sow confusion, and force governments onto the defensive.

European responses have evolved, but not always in ways that match the scale or logic of the threat. Security services in front-line states (Poland, the Baltic countries, Finland) have long treated Russian covert activity as a permanent feature of their security environment. These states have invested in counterintelligence, hardened infrastructure, and built public awareness of disinformation and subversion. Their experience has informed EU and NATO policy, but the pace of adaptation across the continent has been uneven.

One reason for this unevenness is the difficulty of attribution. Russian shadow operations are designed to operate below the threshold of formal conflict and to exploit legal and political ambiguities. European governments are often reluctant to assign blame publicly without incontrovertible evidence, fearing escalation or diplomatic fallout. This caution, while understandable, has allowed Moscow to act with increasing confidence. The gap between Russian activity and Western response has widened, a point repeatedly emphasized in CEPA's research.

Another factor is the structure of European decision-making. The EU and NATO are consensus-driven organizations, with diverse threat perceptions and strategic cultures. Front-line states may advocate strong countermeasures. Others are more cautious, wary of provoking Moscow or jeopardizing economic ties. This divergence has hampered efforts to develop unified deterrence strategies. The result is often a patchwork of national responses, rather than a coherent European posture.

The harder question is whether this structural mismatch is inevitable, or whether Europe can adapt its approach. CEPA's research points to several lessons from states that have managed to raise the cost of Russian shadow operations. These include investing in resilience, hardening critical infrastructure, improving cyber defenses, and building redundancy into necessary systems. Public attribution, even when incomplete, can have a deterrent effect by raising the reputational and diplomatic costs for Moscow. Coordinated law enforcement and intelligence sharing disrupt proxy networks and reduce the room for deniability.

Cluj's ban on Russian symbols: the right call amid Olympic evasion

Ukraine's military intelligence confirms covert operations unit beyond borders

Yet, these measures have limits. The Russian system rewards initiative and escalation, not restraint. Internal discipline is weak, and the regime's narrative frames confrontation as proof of strength. Western efforts to signal red lines or threaten punishment may be interpreted in Moscow not as warnings, but as incentives to demonstrate resolve.

The logic of shadow warfare, in effect, converts deterrence into confirmation.

The consequences for European security are significant. The cumulative effect of shadow operations is to degrade trust in institutions, expose vulnerabilities, and sap political will. The risk is not only the direct damage caused by sabotage or cyberattacks, but the potential for inadvertent escalation. A misattributed attack, or a response perceived as disproportionate, could trigger a spiral that neither side intended. European officials are acutely aware of this danger, but the absence of effective deterrence mechanisms means that the initiative remains with Moscow.

The experience of front-line states offers partial guidance. Estonia, Latvia, Lithuania, and Finland have developed integrated approaches that combine technical resilience, public communication, and legal measures against proxies. These states treat shadow warfare as a permanent condition, not an episodic crisis. Their governments have invested in public trust, ensuring that citizens are informed about the nature of the threat and the rationale for countermeasures. Intelligence sharing with allies is routine, and law enforcement agencies are empowered to act quickly against suspected operatives.

Still, even these states face challenges. Russian operations adapt rapidly, shifting tactics and exploiting new vulnerabilities. The use of commercial and civilian infrastructure, such as shipping, telecommunications, and energy networks, complicates the task of defense. The legal framework for countering covert aggression is often inadequate, with criminal law and counterespionage statutes lagging behind the methods employed by Russian actors.

The record of Western retaliation is mixed. Some Russian diplomats and suspected intelligence officers have been expelled, and assets frozen, but these measures have not altered the Kremlin's calculus. The lack of visible, high-impact consequences for shadow operations has reinforced the perception in Moscow that Europe is unwilling or unable to escalate in response. This perception, in turn, encourages further risk-taking, a dynamic that CEPA's research identifies as central to the persistence of the problem.

The digital domain illustrates this dynamic. European cyber defenses have improved, but Russian operators continue to find points of entry, often through poorly secured third-party vendors or supply chains. Public-private cooperation is necessary, but trust between governments and technology companies is uneven, and information sharing remains patchy. Cat-and-mouse, with the advantage often lying with the attacker.

The political dimension is equally complex. Russian disinformation campaigns have sought to exploit divisions within European societies, amplifying polarizing narratives and undermining confidence in institutions. The response has varied. Some states have introduced legal measures to regulate foreign media and social platforms, while others have relied on public education and media literacy campaigns. The effectiveness of these measures depends on the broader political environment. Where trust in government is low, disinformation finds fertile ground.

A further complication arises from the integration of shadow warfare with conventional and nuclear signaling. Russian military exercises near NATO borders, coupled with covert operations, create ambiguity about intent and thresholds. This ambiguity is deliberate, designed to keep adversaries off-balance and to complicate decision-making. The risk is that a shadow operation could be misread as preparation for a larger attack, or that a Western response could be interpreted as escalation, triggering a broader crisis.

The evidence does not support the view that Russian shadow warfare is a passing phase, or that it will recede if left unchallenged. The system is rooted in the regime's survival strategy and is likely to persist as long as the underlying logic remains intact. European policymakers face a dilemma: to continue managing incidents as they arise, accepting a slow erosion of security and confidence, or to develop new models of deterrence that account for the unique features of Russian shadow operations.

Some analysts argue for a more assertive posture, including offensive cyber operations, targeted sanctions on individuals and entities involved in shadow warfare, and the development of rapid attribution and response mechanisms. Others caution that escalation could play into Moscow's narrative of encirclement and justify further repression at home and aggression abroad. The debate reflects the underlying uncertainty about how best to manage a conflict that is designed to remain ambiguous and deniable.

What this reading misses is the perspective from Moscow's own risk calculus. Russian operatives are rewarded for initiative, but there are limits. Catastrophic failure, exposure that threatens regime stability, or a unified and forceful Western response could alter the incentive structure. The challenge for Europe is to identify and exploit these limits without triggering the very escalation it seeks to avoid. The research does not provide a formula for success, but it does suggest that the current trajectory (reactive, fragmented, and risk-averse) favors the aggressor.

The analysis cannot determine how the Kremlin would respond to a fundamentally different Western approach, one that combines resilience, rapid attribution, and credible threat of retaliation. Nor can it predict the point at which cumulative shadow operations might provoke a crisis that neither side can control. The available evidence shows only that the present mismatch between Russian aggression and European deterrence creates space for continued escalation.

The sharper question, then, is not whether Europe can deter Russia's shadow war using the tools and assumptions of the past. It is whether European states, individually and collectively, can develop a new deterrence architecture, one that accounts for the logic of permanent confrontation, rewards resilience over retaliation, and closes the gap between action and response before the terms of escalation are set in Moscow, not Brussels or Berlin.