Proceedings of the 18th International Conference on Cyber Conflict: Securing Tomorrow, taking place on 26-29 May 2026 in Tallinn.
Foreword
Looking back at previous forewords of CyCon Proceedings, it seems that each year we note the unprecedented nature of geopolitical, technological, and societal change and unpredictability. This year is no different. Since the start of 2026, we have witnessed the key role that the integration of cyber effects, aided and abetted by artificial intelligence (AI), can play in multidomain operations.
Recent events have demonstrated the critical importance of integrating cyber effects with other domains in modern conflict. Cyber capabilities support intelligence collection, allowing persistent insight into adversary systems and decision-making processes. They can also influence morale, cohesion, situational awareness, and confidence in command systems by introducing uncertainty or exposing vulnerabilities within adversary networks. The ability to design cyber effects to be reversible is a key advantage in reducing collateral and long-term damage. Collectively, effects enabled through cyberspace are crucial in operational preparation of the environment. Cyber power alone cannot yet seize terrain or physically cross a river. Its value lies in shaping the environment so that other forces can. As integration with other domains deepens, and doctrine and capabilities are further developed, the range and potential of cyber-enabled effects will continue to grow.
Cyberspace is the connective tissue enabling and affecting military and non-military instruments of power, and recent events have showcased practical examples that should be heeded as a wake-up call for all actors to recalibrate their cyber risk and exposure in the current era of (sudden) geopolitical escalation. This makes the theme of the 18th iteration of the International Conference on Cyber Conflict, Securing Tomorrow, ever more pertinent. How can governments, industry leaders, legal experts, and technologists work together to adapt to new threats and secure tomorrow?
The editors are proud to present 21 papers that address this question from the legal, strategy and policy, and technical perspectives.
In the legal track, naturally the application of international law in cyberspace continues to be a theme, with Samuli Haataja and Dan Jerker B. Svantesson examining the legal risks and policy considerations of civilian volunteers in cyber defence, and Anna J. Beck researching the extent to which humanitarian organizations are protected by the provisions of international humanitarian law and where gaps remain due to complexities of cyberspace. Anna Blechová, Michael Bátrla, Jakub Vostoupal, and Jakub Harašta map related obligations arising from regimes applicable to dual-use outer space infrastructure and data protection. Anke Allenhöfer examines how IHL compliance can be operationalized through the military procurement of military AI systems, whilst Joseph M. Hatfield and Jeff Kosseff discuss how the use of emerging military AI systems may violate the principle of neutrality in armed conflict. Karen De Vos examines whether cyber-related obligations could fall under erga omnes obligations owed to the international community as a whole and potential response measures.
Whilst attribution is a crucial step in effective cyber deterrence, it is difficult to do in practice. Jakub Vostoupal and Michaela Frana Pruckova suggest leveraging the provisions of the new UN Convention against Cybercrime, and Fatih Burak Uzun explores how to clarify liability, accountability, and state responsibility doctrines when applied to the use of autonomous ships.
In the strategy track, jurisdiction is also an issue, with Maxim Kovalsky exploring how to bridge gaps in NATO governance for supply chain security. Small and medium-sized enterprises (SMEs) play a key role in the security and resilience of the supply chain, and the utility of exercising cyber preparedness for SMEs is examined by Erlend Andreas Gjære, Solveig Walsøe Pettersen, and Mariann Svehaugen Hurum.
Cyber Threat Intelligence (CTI) features in two papers: Martin Cvetko and Andrii Davydiuk propose human-centric approaches to preserve human analytical judgement, and Mihai Olteanu and Ion Roceanu examine how the implementation of the second iteration of the Network and Information Security Directive improves the CTI capabilities of EU member states.
Mina Shahmiri presents research demonstrating how cyber operations are used to strategically signal and communicate in the context of the Iran–Israel rivalry. Antonia-Laura Pup undertakes a comparative analysis of how countries counter Russian interference in electoral processes and proposes a tailored approach to international capacity-building assistance.
Ukraine continues to be a rich source of cyber conflict research, with Volodymyr Styran and Denys Yashchuk assessing the role of software exploits in supporting wartime cyber operations, and Sergii Kulyk, Natalia Mishyna, Vitalii Zubok, and Andrii Davydiuk examining new approaches to data management for critical infrastructure in wartime.
Ukraine as a live test case continues in the technical track with Jihye Kim, Lukas Kaltenbach, Daisuke Makita, Katsunari Yoshioka, and Gabi Dreo Rodosek presenting a longitudinal study of wartime distributed denial-of-service attacks.
AI continues to be leveraged in cyber defence, with Mitchell Petingola, Philippe Charland, Steven H. H. Ding, and Benjamin C. M. Fung combining large language models to expand MITRE ATT&CK coverage. Christoph R. Landolt, Julian Jang-Jaccard, Valentin Mulder, Roland Meier, Christoph Würsch, and Mario Fritz leverage deep multi-agent reinforcement learning to implement autonomous intelligent cyber agents to overcome the limitations of static red-teaming playbooks. Gioia Mosciatti, Roland Meier, Lin Himmelmann, and Vincent Lenders explore how agentic AI can serve as a practical complement to human-led cybersecurity operations. Finally, Dominik Meyer, Rishab Somu, and Ankur Jayaraj propose a sovereign hardware-centric approach to enhancing the cybersecurity of military systems.
As stated in the Call for Papers and in accordance with the Proceedings’ accreditation from the Institute of Electrical and Electronics Engineers (IEEE), all the papers featured in these Proceedings have been subject to double-blind peer review by members of the CyCon 2026 Academic Review Committee. We are indebted to our reviewers, who have made time in their busy schedules to carefully consider papers and help us with the final selections.
Last but not least, this volume would not have been possible without the contributions of many other people. In particular, we would like to express our heartfelt gratitude to our colleagues Marcus Kvarnström, Jaanika Rannu, and Lt Col Nuno Rodrigues.
Tõnis Saar, Director NATO CCDCOE
Commander Jack Shis, Chair, CyCon 2026 Programme Committee