A society of trust can combat cyber attacks – Finland provides a model for other EU countries
Civil society is becoming increasingly reliant on electronic services and digital data. Taking care of digital security is a crucial aspect of service development. People must be able to trust in the security of services, so cyber security plays a critical role in the effective use of digital services.
To a greater or lesser degree, every new technology introduces potential threats. The 5G risk assessment published by the EU in the autumn will be followed at the end of the year by guidance including tangible steps for managing risks. In Europe, one of the main areas that must be improved is cooperation between authorities on cyber security matters. Finland already has its house in order. Other EU Member States should look to Finland for examples and expertise.
The National Cyber Security Centre, which is run by the Finnish Transport and Communications Agency, develops and monitors the reliability and security of communication networks and services and provides an overview of the status of information security. Society can be made less vulnerable by reinforcing the operating capacity of critical infrastructure under normal circumstances and in crises.
In Finland, telecoms companies have an active working relationship with the National Cyber Security Centre. Sensitive issues highlight the importance of trust: it either exists or does not. The National Cyber Security Centre has been very successful in building trust – an activity that does not always come naturally to the authorities. It is not a matter of better opportunities for a small Member State; it is, above all, a matter of will. The European Commission should systematically nudge Member States towards operating methods that promote the construction of a society of trust.
The most sensible way of preparing for cyber security threats is to ensure that the National Cyber Security Centre is operating on strong foundations and that its activities are developed in collaboration between the public and private sectors.
The Finnish government proposes additional funding for the National Cyber Security Centre in the budget. It is also a sensible investment to create the post of Cyber Security Director at the Ministry of Transport and Communications in relation to the national cyber security strategy.
Ensuring cyber security is an ongoing task. It is not possible to attain a state of total security, nor should we allow ourselves to be lulled into a false sense of security. Things need to be improved constantly. Technological advancements will inevitably introduce new challenges. There is no such thing as perfectly secure technology, and a product should not be considered intrinsically secure – or insecure – by virtue of its country of origin.