The global media keeps us updated in real time on what is happening in the Ukrainian war scene. The horrors of the brutal war of aggression are brought to our living rooms and affect our thinking and even our ways of doing things. Our opinions and worldviews change and perhaps partially culminate. For the first time, many of us are securing our personal emergency food supplies, considering alternative methods of communication and taking a stand on Finland’s security policy solution by voting for or against joining NATO.
The war is also fought in the cyber domain and on the so-called digital front. These events are being reported as separate short news, which cover the targets of the attacks and speculate about the perpetrators and the aftermath. Our situation awareness is blurry and the whole is obscured. The situation centres and management teams of many companies and organisations consider these same issues and try to figure out how the effects of war should be reflected in risk analysis and developing preparedness. The big question is how to take the control back, that is, how to manage this whole. From Finland’s point of view, the biggest cyber threat comes from Russia due to the war in Ukraine and its aftermath. Russia divides the methods of information and cyber warfare into technical and psychological means. While Russia is waging a traditional war of aggression in Ukraine, it is waging a hybrid war with Western countries in which cyber attacks play a key role.
According to some Western estimates, Russia’s cyber attack capability is the fourth best in the world, right after the United States, China and the United Kingdom. The duties of the cyber forces of the Russian Armed Forces are defined as follows:
- monitor the significant networks of a potential opponent around the clock and look for any potential vulnerabilities in their protections,
- seek to create backdoors into the enemy’s networks for future cyber operations and to develop new methods and tools to penetrate the potential enemy’s networks,
- support military operations with cyber operations by penetrating selected targets and creating the necessary malware.
According to Russian views, all measures of cyber warfare are aimed at disrupting the information systems of the enemy’s economic and financial centres and state organisations, as well as disrupting the daily life of the state and its citizen. The primary aim is to disrupt the critical functions and services of the target society. Probable targets include a nationwide management system, banking systems, healthcare facilities, drinking and wastewater systems, electricity supply systems, and communications and transportation connections.
The foundation of a comprehensive understanding of the situation is the identification and understanding of the opponent’s goals, practices and cyber capabilities. With these considerations in mind, it is easy to refine one’s own risk assessment, continuity management plan and crisis management arrangements – that is, to “regain overall control”.
The war in Ukraine also reminds us that attitude is important – to everyone’s surprise, Ukraine has been able to defend its country and independence successfully. Of course, receiving significant Western assistance in the form of intelligence, cyber defence and armaments has also helped immensely. The situation is the same in the cyber world; the attitude needs to be right, as no one else is going to take care of cybersecurity for us. We can get help, but our own defence needs to be in order first. It all starts with creating a comprehensive situation awareness and regaining control of the whole.
Finland’s independence is also defended on the “cyber front” now and in the future. It requires all the resources of society and especially companies that operate in sectors critical to our society. Our high will to defend the country must also be reflected in additional investments in our national cyber security – all of us have a part to play.
CEO Cyberwatch Finland
Aapo is an experienced cyber security strategist and analyst with unique strategic level international expertise and understanding of hybrid threats.
Aapo’s credentials include among others:
+ Lead author for the first Finnish Cyber Security Strategy.
+ Associate Fellow of the Global Fellowship Initiative at the Geneva Centre of Security Policy (GCSP).
+ Secretary General for the Security Committee of Finland for six years.
+ Head of Strategic Planning and Forecasting at the Finnish Ministry of Defense.
+ In 2019 he was appointed as a Chairman Committee of Word UAV Federation (WUAVF).
+ In 2018 Aapo Cederberg was awarded the Cyber Security Nordic Award and in 2019 the GSIA Gold Shield Award.
+ CEO and founder of Cyberwatch Finland – a firm focused on helping decision-makers to establish a holistic cyber strategy, to build situational awareness, and to take steps to ensure cyber resilience.