In cybersecurity, it pays to learn from other nations
The bipartisan proposal to beef up infrastructure across the United States includes considerable investments to protect key services from cyberattacks. Recent news about the Colonial Pipeline and other incidents show that such investments are sorely needed. To make sure the money is well spent, it might be worth looking into what trusted high-tech partner countries like Finland have done.
Ransomware and other cybercrimes against businesses, local governments, and critical infrastructure from power grids to hospitals have brought cybersecurity close to people’s everyday lives. It is a well-known fact that many of these attacks are conducted by foreign groups with, at least, the silent approval of foreign governments. In many ways, cybersecurity is what President Biden calls “foreign and security policy for the middle class.”
The U.S. continues to be the world’s greatest military power. In cybersecurity, however, innovations, skilled people and ideas matter more than sheer size and force. There is a growing recognition that the U.S. needs partners to keep up with global competition when it comes to emerging technologies. Both Secretary of State Anthony Blinken and Secretary of Defense Lloyd Austin made that point in the Global Emerging Technology Summit in July.
Cybersecurity is very much a team sport. Much of the critical infrastructure is owned and run by private companies, which means there has to be close cooperation between businesses and government. Qualified cybersecurity experts are in short supply globally, which means it makes sense to pool resources between like-minded nations.
To be successful, we need shared responsibility. The key word in today’s cybersecurity thinking is “together”, instead of “we alone.” The challenge, however, is finding the right partners you can trust. Trust has become a key issue in international cybersecurity relations.
Finland is ranked as the happiest country in the world and in global perspective it also one of the safest. However, being located in the northeastern corner of the European Union, we have had our share of cyberattacks and cyber hostilities.
Finland’s strength in cybersecurity – and in security overall – has been our comprehensive, whole-of-nation security model. The model emphasizes cooperation and involvement of all actors in society, including the public sector, companies, academia, associations and each one of us. Cybersecurity is a prime example of an area where we need a comprehensive security approach.
It is no wonder, then, that in recent years many Western nations have started to take a whole-of-nation approach to countering today’s cyber threats. In many ways, they are following Finland’s lead.
Besides comprehensive security, it is necessary to deepen cooperation between like-minded states. It is outdated to think that today's cyber threats could be tackled with just national resources and solutions. It is increasingly a matter of deepening international cooperation.
For the U.S., now is the right time to study what partners have learnt along the way. It would be smart to start with the country that is known as one of the most innovative, trusted and safest partners in critical communication, cybersecurity and smart technologies: Finland.
I have worked with these issues in the private sector and academia almost three decades, and I can comfortably say that Finland’s experience with, and talent for, cybersecurity is among the best in the world. We have been quite successful in building a digitally safe society and predictable environment for citizens, businesses and government. The Finnish experience is worth looking into.
Dr. Jarno Limnéll is the Professor of Cybersecurity at the Finnish Aalto University, and an Adjunct Professor at three other universities. He is also Vice President, Cybersecurity Solutions at Innofactor.