In the latest episode of The Sentyron Standard, host Willemijn Rodenburg speaks with Nina van Lanschot, writer, analyst and strategic thinker working at the intersection of defence technology, geopolitics and digital security. With experience at Thales, EclecticIQ, Signpost Six and now TNO, Nina brings a sharp perspective on the geopolitical contest for knowledge and technology, the vulnerability of digital ecosystems and the growing urgency of digital sovereignty. Nina shares her take on security knowledge, hybrid threats and Europe’s strategic position: “Knowledge has become part of the battlefield itself.”
An ecosystem with its own rules
According to Nina, one of the biggest misconceptions about the defence sector is that it works like any other industry. It does not. “It really is a very specific industry. You work with knowledge about organisations that you can’t necessarily share. There are many things about products you can’t share either. Working with those security standards and everything that comes with them, that’s not something you just casually step into.”
The sector has also changed dramatically in the last decade. “Ten years ago, it was a very different moment to work in the defence industry. There was much less public urgency around defence. It was less popular, less visible, and in some cases people hardly dared to say they worked in the sector.” That has now shifted. “Now I’m approached weekly by people who say: can you introduce me to someone? I actually find it really interesting to work at TNO, or in defence, or with companies in this space.” Still, she is clear that entering the sector takes time and effort. “For companies entering the defence sector now, the learning curve is really steep.”
Why knowledge has become strategic
A central theme in the conversation is knowledge security. For Nina, knowledge is no longer just an economic asset. It is also a strategic one. “If you can take knowledge away from somewhere, that is a very cheap way of innovating yourself. But knowledge is not only valuable because it can be copied. It is also valuable because it reveals direction, capability and vulnerability. It is also very tactical to know what others are working on. And of course, we want to know that too. We look at who publishes what, what we think other actors are developing, what they may be focusing on.” Nina believes one of the biggest blind spots in both academia and industry is the assumption that most organisations are simply not interesting enough to be targeted.
“I think many organisations feel: why would anyone be interested in us? The same applies to individuals. People may understand that their company is important, but they don’t always understand what is valuable about their own specific knowledge.”
That makes risk harder to assess. “Your knowledge may only be one puzzle piece, but as long as you don’t know what the other side already has, you also can’t really assess the value of the piece you hold.”
Security is also a cultural issue
Another misconception, Nina says, is that hostile actors still look the way popular culture taught us to imagine them. “There is still this idea that if someone is pleasant and sociable, then surely they can’t be a spy. As if a spy is someone with a hat and a newspaper with eye holes cut into it. Or the hacker in a hoodie. But of course it doesn’t work like that.” That is exactly why awareness alone is not enough. A security team may understand the threat, but that does not mean the organisation as a whole acts on it.
“Security departments often know very well what is going on. But it is one thing to know it and have the right policies. It is another thing entirely for those policies to really be implemented and followed.” For that reason, security cannot remain confined to one department. “It is very important that this is not only coming from the security department, but is really carried by management and by other parts of the organisation as well.”
What digital sovereignty really means
When the conversation moves to digital sovereignty, Nina is careful to separate useful strategy from empty rhetoric. “The term can mean many things, and it gets used in a lot of different ways. So you really have to think carefully, at the drawing board already: what do we actually mean by this?” For her, digital sovereignty is not about trying to make everything at home. “If you define strategic autonomy as making every chip and every screw yourself, that is probably just not realistic.” The real issue is where dependencies sit, and whether you have enough leverage of your own.
“Where do you place your dependencies? And above all: what do you put on the scale yourself? How do you create your own negotiating position so that you always hold a card that others need?”
That is the strategic core of the issue. Not total independence, but informed control.
A stronger and more sovereign digital position may also come at a cost. Nina is direct about that. “We have focused for a long time on price. It had to be cheap, and it had to be easy. That may become less so. It may mean that things become a little less comfortable. Maybe usability goes down a bit, maybe performance is not always exactly what people are used to. If you make good choices, you can also explain those choices. But there has to be strategy behind it. It should not be panic.”
Based on her experience with insider risk and strategic threats, Nina also warns against reducing espionage or sabotage to a single incident or vulnerability. In practice, risk often emerges when multiple developments overlap. She points to sectors like energy, where organisations are dealing with sustainability targets, workforce renewal and structural change all at once. “These organisations are dealing with multiple developments. They have to become more sustainable. At the same time, a large part of the workforce who may have been there for twenty or thirty years is retiring. A new generation comes in, and they may stay two, four, five years and then move on.”
That affects more than operations. It changes culture. “The old situation where everyone knew exactly how you take your coffee and what your grandchildren are called, that is changing. And that also makes it easier for someone else to blend in.” In other words, security has to be understood as an organisational challenge as much as a technical one. “It is never just one change. It is a combination of factors.”
Europe should act from strength, not hesitation
Looking ahead, Nina believes one of the biggest strategic questions for Europe is how long it continues to treat hybrid threats as something below the threshold of real conflict. “We have been hearing for some time that we are in the grey zone. The question is: when do you say this is no longer really a grey zone? That uncertainty affects procurement, industrial readiness, cyber response and political decision-making. Within defence and the defence industry, people are still often waiting for the moment when they can say: now it is war, so now things can change. Then we can produce more. Then procurement can move faster. But how long do you wait for that?” The same question applies to cyber and information security. When asked what advice she would give Dutch and European policymakers, Nina’s answer is clear.
“Start from your own strength.”
She believes too much of the current debate is framed by fear and insecurity. “Right now we hear a lot of anxiety: we are under threat, we are not strong enough. But Europe is incredibly strong. We have a lot to offer. That includes strong institutions, strong companies and significant technological capability. We have many companies we can be proud of. What is needed now is confidence, backed by strategy. A bit more self-confidence would also make it more motivating to commit to this. I also think collaboration is especially important. That can mean sharing knowledge, but also sharing how to act, really giving people a perspective for action. And making sure the lines are short.”
At the same time, she points out that defence and private industry operate under very different incentives. “Defence exists to protect the Netherlands, but companies also have to keep themselves alive as companies. They have to make a profit. Different demands are placed on them.” That is why mutual understanding matters so much.
“You really have to understand each other’s world.”
And ideally, that understanding should be practical, not abstract. “It sounds very simple, but having people move between organisations from time to time, really seeing how another organisation works, helps enormously.” In the end, resilience is not only about systems, technology or policy. It is also about relationships, trust and shared understanding built before a crisis hits. “In peacetime, you build the connections you need in less pleasant times. And in any case, how peaceful is this time, really?”
Listen to Nina’s podcast (in Dutch) via Spotify or watch the podcast on YouTube.