Atlantic Council

From Secretariat of the Security and Defence Committee: Threats against the cyber domain have increasingly serious repercussions for individuals, businesses and society in general. The perpetrators are more professional than before and today the threats even include state actors. Cyber attacks can be used as a means of political and economic pressure; in a serious crisis pressure can be exerted as an instrument of influence alongside traditional means of military force. . . .

Vision for Cyber Security

The vision of Finland’s cyber security is that:

• Finland can secure its vital functions against cyber threats in all situations.

• Citizens, the authorities and businesses can eff ectively utilise a safe cyber domain and the competence arising from cyber security measures, both nationally and internationally.

• By 2016, Finland will be a global forerunner in cyber threat preparedness and in managing the disturbances caused by these threats. . . .

Cyber Security Management and the National Approach

As cyber security is an essential part of the comprehensive security of society the approach for its implementation follows the principles and procedures established in the Security Strategy for Society.

Cyber security relies on the information security arrangements of the whole society. Cyber security depends on appropriate and sufficient ICT and telecommunication network security solutions established by every actor operating in the cyber world. Various collaborative arrangements and exercises advance and support their implementation.

The approach for the implementation of cyber security is based on efficient and wide-ranging information-collection, an analysis and gathering system as well as common and shared situation awareness, national and international cooperation in preparedness. This requires the establishment of a Cyber Security Centre as well as the development of 24/7 information security arrangements for the entire society.

Cyber security arrangements follow the division of duties between the authorities, businesses and organisations, in accordance with statutes and agreed cooperation. Rapid adaptability as well as the ability to seize new opportunities and react to unexpected situations demand strategic agility awareness and compliance from the actors as they keep developing and managing the measures which are aimed at achieving cyber security.

Cyber security is being constructed to meet its functional and technical requirements. In addition to national action, inputs are being made into international cooperation as well as participation in international R&D and exercises. The implementation of cyber security R&D and education at different levels does not only strengthen national expertise, it also
bolsters Finland as an information society. . . .

Strategic Guidlines for Cyber Security

1. Create an efficient collaborative model between the authorities and other actors for the purpose of advancing national cyber security and cyber defence.
2. Improve comprehensive cyber security situation awareness among the key actors that participate in securing the vital functions of society. 
3. Maintain and improve the abilities of businesses and organisations critical to the vital functions of society as regards detecting and repelling cyber threats and disturbances that jeopardise any vital function and their recovery capabilities as part of the continuity management of the business community.
4. Make certain that the police have sufficient capabilities to prevent,expose and solve cybercrime.
5. The Finnish Defence Forces will create a comprehensive cyber defence capability for their statutory tasks.
6. Strengthen national cyber security through active and efficient participation in the activities of international organisations and collaborative fora that are critical to cyber security.
7. Improve the cyber expertise and awareness of all societal actors.
8. Secure the preconditions for the implementation of effective cyber security measures through national legislation.
9. Assign cyber security related tasks, service models and common cyber security management standards to the authorities and actors in the business community.
10. The implementation of the Strategy and its completion will be monitored.  (graphic: Secretariat of the Security and Defence Committee)