Cybersecurity: Lessons from Finland about Policy and Technology

Today, we are living in an era of hyperconnectivity, in which we strongly rely on telecommunications to perform many activities on a daily basis. An increasing trend toward digitalization of services and even e-governments has made us dependent on connectivity 24/7. Our smartphones, computers, televisions, and other devices that we use every day need to be connected all the time.

Instant communication applications, financial services, social networks, and video streaming are some of the most basic examples. However, if we consider the broader picture, we should not forget that critical infrastructure (for example smart grids), data centers, automatized factories and production centers, sensors and so forth, are also connected to networks. Every minute, tens of millions of gigabytes of information travel through telecommunication networks across the world. Through connectivity, the planet is more interconnected than ever.

In these times, when almost everything is connected to the internet, cybersecurity becomes a topic of key importance. It is a matter of national and individual security, and even indispensable to the guarantee of a basic human right: privacy, as recognized in the United Nations Declaration of Human Rights. In general terms, we can understand cybersecurity as the necessary measures to protect the integrity of any system against an outside digital attack. Any device or system is vulnerable to hacking attempts and, in fact, most cybersecurity attacks are successful due to human mistakes or lack of knowledge.

Automatization is also on the rise and critical infrastructure often depends on SCADA (Supervisory Control and Data Acquisition) systems to assure proper functioning. These systems can also be targeted and public services, such as water or electricity, could be disrupted in the wake of a successful cyberattack. Cyber warfare between nations is also a reality. Why bother taking down infrastructure using weapons, if you can simply take control or even destroy it from the inside by sabotaging systems.

Thinking about cyber dangers for common citizens, consider that our most personal data, such as photos, messages, emails, health records, income, passwords and even our location, can be stolen from our devices for illicit or even dangerous purposes. Data is now considered the “new oil,” due to the immense economic value that can be extracted from it. The risk to everyone and everything is huge.

According to the “Global Risks Report 2022” published by the World Economic Forum (WEF), malware (malicious software) and ransomware attacks (the modality of hijacking control through a malware, with the intention of requesting payment to get it back), increased by 358 percent and 435 percent, respectively, in 2020. These facts are clear examples that cyberattacks are becoming more lucrative on a daily basis. WEF reports have also forecasted that the costs from damage related to cyberattacks will reach US$6 trillion, equivalent to a third of global GDP.

Looking at international experience to study an effective and successful cybersecurity approach in terms of policy and technology, Finland is a country that can provide many valuable lessons.

The telecommunications and software sectors have always been part of Finland’s DNA. From the early beginnings of mobile communications in the ‘90s, the Nordic country took the need to develop connectivity and technology seriously. Finland, through its technological means, is now a front-runner in the deployment of 5G networks. Today, 5G is reaching many corners of the planet, reshaping the importance and quality of telecommunications and bringing new services and capabilities to the global development table. Connectivity services are enablers of prosperity.

In 2013, Finland became the first country in the world to develop a national cybersecurity strategy, updating it in 2019. Finland’s cyber strategy establishes key national objectives for the development of a safe cybersecurity environment. It also seeks to support the development of trustworthy and accessible digital services and business development. In Finland, the cyber environment is protected through surveillance and attributions to respond to attacks. The country is also strongly involved in the development of the European Union’s cybersecurity policies. In addition, it is important to mention that Finland is considered one of the least corrupt countries in the world by international rankings. Therefore, Finland is a trustworthy partner to work with in relation to the most sensitive topics.

On a technological level, Finland has a huge ecosystem of cybersecurity companies that continues to grow. The Finnish technological offering in cybersecurity has solutions to cover many different angles: identification, protection, detection, response, and recovery. Some examples of Finnish solutions and expertise are security analysis, cyber-range simulators for training, vulnerability detection, and devices and applications for secure/encrypted communication. Despite the availability of basic and sophisticated cybersecurity solutions, telecommunications networks need to be secured and the encryption keys can never fall into the wrong hands.

Since the risks dramatically increase with the absence of technological capacity to protect assets and deal with possible attacks, it is clear that cybersecurity requires investments. It is of great importance to strengthen automatization of network monitoring and alerts of potential cyberattacks.

Increasing public awareness and knowledge on the importance of cybersecurity is also a game changer. People need to understand what the most common dangers are. Simple actions like protecting our communications apps and social networks by activating two-step verification can protect us against a potential hack. Phishing, meaning cybersecurity attacks designed to trick people with the goal of stealing data, is becoming more common, such as instances through the WhatsApp application, for example.

Especially in the government sector, it is essential to obtain adequate training in cybersecurity, particularly in the case of public officials who are dealing with critical infrastructure, national security, or financial transactions, to highlight some examples.

The whole world is racing to act against cyberthreats because no country can escape the potential dangers. Mexico has taken steps such as establishing a national cybersecurity strategy in 2017. The country also has a National Cyber Incident Response Center (CERT) overseen by the Mexican National Guard. Mexico is no stranger to cyberattacks against government entities and recent examples include the state oil company (PEMEX) and the Central Bank of Mexico. Mexico is not alone; cybersecurity is a challenging menace to every country and careful actions need to be considered by every nation.

Regarding Finland-Mexico cooperation in telecommunications and cybersecurity, Päivi Pohjanheimo, ambassador of Finland to Mexico and Central America, believes that “cooperation between our countries is very strong in both sectors, and since our countries are friends and strategic partners, without any doubt there is potential to strengthen the collaboration. Finland stands ready to continue working with Mexico to continue developing our capacities in benefit of the development and security of our nations.”

Since technology is evolving every day, cybersecurity is a living threat and trying to stay protected against attacks is a constantly moving target. Increasingly sophisticated cyberattacks, including the use of artificial intelligence, will become more frequent. The importance of cybersecurity is unquestionable and requires a coordinated effort from societies, governments and other stakeholders.

Actions to counter the dangers need to be analyzed and upgraded all the time, since nothing and no one can escape the potential risks. To be able to act, and act swiftly, it is crucial to constantly observe and learn. Finland’s experience can provide great examples.