Nordic governments are holding urgent cross-border talks about IT network security collaboration with the aim of developing a common strategy to strengthen their national defences against the heightened threat of cyber attacks following Russia’s invasion of Ukraine.
The need for a joint approach and collective action in cyber security is driven by the rapid deterioration in trade and political relations with a more openly menacing Russia.
In particular, Moscow has become more hostile to Sweden’s and Finland’s deepening defence partnership with Nato, a partnership that is likely to see the two militarily unaligned Nordic states join the alliance at some point in the future.
Just as Russia continues to flex its military muscle in the High North, Moscow is also rebuilding its armed forces’ capacities in the strategic Baltic Sea region.
Participation in a future Nordic cyber defence collaboration will be open to the Nato-aligned Baltic states of Estonia, Latvia and Lithuania. The primary focus of discussions between Nordic governments has been finding shared positions to develop a common cyber security policy that incorporates joint initiatives to deliver an umbrella of enhanced critical IT network protection.
The immediate outcome from the top-level talks between Nordic defence ministers since February 2022 has been a commitment by all states to launch projects to evaluate the totality and performance of their IT network defence capacities against threats and attacks from the cyber sphere. Once the IT security projects are completed by the third quarter of 2022, Nordic governments will then discuss specific issues connected to heightening cross-border cyber security cooperation.
Finland has taken the lead on IT network security self-evaluation. Its ministries of defence and interior are conducting a joint project to appraise current cyber security capacities and how to develop these through further improvements in the hiring of talent and deployment of advanced cyber defence technologies and techniques.
The ongoing journey to digital transformation and the greater dependence on well-functioning information networks and systems exposes Nordic nations to new and more aggressive threats from the cyber sphere, said Petri Knape, director of the national security unit at Finland’s interior ministry.
“Cyber threats have increased and become more diverse,” said Knape. “They also blur the distinction between internal and external security on the one hand, and between civilian and military threats on the other. National and international threat environments are constantly evolving and government authorities must keep up.”
High level of IT security protection
Finland’s joint appraisal by the two ministries, which is being run as part of the government resolution on the Cyber Security Development Programme launched in June 2021, will test the capacity of key defence and state security agencies to deliver a high level of IT security protection against cyber threats.
The assessment will also measure the capacity of state defence and national security agencies that are tasked with defending against cyber threats to respond quickly to evolving situations that may not, on their own, threaten major disruption to public and private IT networks, but require effective action and possible countermeasures.
The pan-Nordic cyber defence collaboration will involve the emergency preparedness agencies, state defence organisations and national cyber defence centres in each of the five countries. The governments want to establish a jointly managed Nordic early warning system (EWS) that is equipped to share intelligence and information on cyber threats in real time.
Moscow issued some sharp warnings to Nordic governments in March once military and humanitarian aid started to be channelled to support Ukraine’s defensive efforts against Russia.
Apart from weapons, food and clothing, a number of Nordic countries are supporting technology-led initiatives by private companies to help Ukraine to counter IT-based threats from Russia against its core IT networks, military equipment and installations.
Stockholm-headquartered IT consulting firm Beetroot became the target of threats from Russia in March, when the company offered its expertise to the Ukraine army to combat signals strikes and cyber attacks against military IT networks.
Beetroot’s ecosystem comprises a network of research and development (R&D) offices that employ more than 600 “operatives” across cities in Sweden, Bulgaria, Poland and Ukraine. Beetroot, which increased its physical presence in Ukraine in 2018, is supporting the country’s forces in multiple ways, said Andreas Flodström, the company’s CEO.
“Our software developers are used to synchronising digitally and quickly,” he said. “We have allied with over 200,000 skilled IT individuals in Ukraine to support the country’s ability to defend itself. We are working with IT teams that continue to bombard Russia with everything from distributed denial-of-service [DDoS] attacks, which overload Russian state and military-linked sites with calls, to more advanced cyber attacks on Russian IT and artificial intelligence anchors.”
Beetroot’s ‘IT army’
The Russian Federation’s security service the FSB, formerly the KGB, has become a prime target for Beetroot and its so-called “IT army”, said Flodström.
The serious intent driving the pan-Nordic cyber security collaboration talks is evident in the Norwegian government’s decision on 1 April to increase the country’s national digital security budget for 2022 by NOK200m (€21m).
The hike in Norway’s national digital security budget was influenced by a number of significant events, including a malware attack against the Ukrainian Embassy in Oslo on 28 February. Also, the budget increase reflects a series of alarming reports from Etterretningstjenesten, Norway’s military intelligence service, which flagged possible cyber attacks by bad actors in Russia targeting the country’s offshore oil and gas installations.
Russia’s invasion of Ukraine has created a new, higher-risk security situation for Nordic states that makes digital-based attacks against Norway more likely. Of more concern is Russia’s deployment of an extensive range of military and non-military instruments over the past six months, said justice and public security minister Emilie Enger Mehl.
“Against the threat levels we face, our civil emergency preparedness against cyber attacks must be strengthened so we can act fast to reinforce our efforts to combat digital attacks,” said Mehl. “The added funding will increase digital security to detect and prevent attacks, while our cyber security capacities will be improved at local, regional and national levels.”
The increased funding from Norway’s national digital security budget will result in improved resources for the National Security Authority (NSM/Nasjonal sikkerhetsmyndighet), a national service agency that responds to serious cyber attacks and operates a national intruder alert system for the country’s digital infrastructure.
The NSM will receive almost NOK60m (€6.3m) to enhance its ability to combat cyber attacks as well as helping private and public organisations, including municipalities, to install digital intruder alert systems provided by the NSM. These will serve as early warning systems to detect cyber attacks and send related risk and real threat notifications to the NSM.
Municipalities across Norway will also receive an additional NOK50m (€5.2m) to ramp up their capacity to deal with malicious ICT events.
The very real and ever-present cyber threat against Norway and its neighbouring Nordic states is certain to intensify in 2022, said Gunnar Ugland, head of Norwegian Telecom’s Group Security Centre.
“It is unlikely we will see an improvement in 2022,” he said. “The cyber threat situation will get worse before it gets better. These events can put lives at risk, especially if the attackers target energy supplies or hospitals.”