The Nordic countries have adopted a unified response to rising cyber security threats by moving to both deepen cross-border collaboration and examine a common security defence strategy to deal with more virulent threats from the cyber domain.
The task of shaping future cross-border cooperation, which followed roundtable regional security talks by government leaders at the Nordic Council’s Presidium in December 2022, will fall to Nordic Defence Cooperation (NORDEFCO), the inter-state military-led joint action coordination agency.
Chaired by Finland, Nordic leaders at the December presidium agreed to assign the Nordic Defence Cooperation an expanded role to examine and deliver technical solutions to advance more heightened cooperation and common cyber security measures, including shared intelligence and joint responses to countering “external” threats from bad actors in the cyber domain.
The Nordic Defence Cooperation is examining a number of different cooperation models that could be used as a framework to support a military-led shared Nordic cyber defence resource that could both incorporate deep intelligence sharing and provide the capabilities for joint defensive and offensive responses to attacks against targets across the Nordic states. The project will run as part of the Nordic Defence Cooperation’s Defence Vision for 2025.
Threats rising
The Nordic countries have all experienced an upward surge in the strength and quantity of cyber attacks against private and state organisations since October 2022, with strikes spiking in January.
Based on intelligence from national cyber defence centres, Sweden, Norway and Finland raised their cyber threat levels to amber in January, with Denmark deciding to elevate its threat level to high, reflecting a series of attacks that targeted government departments and banks, including an 11-hour sustained strike against the Ministry of Defence’s main IT network.
Nordic national cyber defence agencies are continuing to issue warnings about a possible uptick in attacks from Russia , North Korea and possibly China in 2023.
The Nordic Council’s support role in the proposed pan-Nordic cyber collaboration deepening plan will be overseen with Norway in the chair as rotating head of the interstate cooperative organisation.
“It is important that Nordic countries, neighbours and partners strengthen joint cooperation on cyber security,” said Áslaug Arna Sigurbjörnsdóttir, Iceland’s minister of higher education, science and innovation.
“Aside from the security aspect, we can use cyber security as a cornerstone to drive innovation and boost development of the Nordic region’s competitiveness,” Sigurbjörnsdóttir added.
The foundations to progress Nordic cyber security collaboration and develop common defensive solutions already exists, she said.
“We must take the right decisions in all member countries to ensure the Nordic region is at the forefront of cooperation on cyber security. The time is now right for a joint cyber security strategy,” Sigurbjörnsdóttir said.
Having already been commissioned under an existing inter-governmental agreement to improve Nordic resilience against cyber threats, the Nordic Defence Cooperation is the ideal vehicle to take Nordic cyber security collaboration and joint action to the next level, said Erkki Tuomioja, a former president of the Nordic Council and chairman of the Finnish delegation to the organisation.
“The number of serious cyber attacks has grown exponentially in recent years, giving a higher relevance to cyber security issues. The war in Ukraine has had a direct effect on the Nordic region and its security, in many ways. A common cyber security approach for the region would be a positive development,” said Tuomioja.
Governments act
Nordic governments, outside of the regional collaboration loop, are busy strengthening their own national security defences against cyber attacks. For its part, the Danish government is primed to expand its cooperation with the domestic IT cyber security sector, with the principal aim of developing more formidable defences against cyber attacks.
IT-Branchen, Denmark’s ICT industry association, has presented the government with a “wish list” of game-changing measures that, if implemented, have the potential to make the country’s national cyber defences more resilient to cyber attacks.
This includes a proposal to bolster funding for Danish Defence, enabling the forces to build or acquire the talent, skills and technologies needed to protect Denmark against future attacks from the cyber domain.
Denmark’s national security capabilities, going forward, must be equipped with a capable cyber defence if the country is to gain the competence and capacity to counter the increasing cyber threats against it, said Natasha Friis Saxberg, IT-Branchen’s CEO.
According to Saxberg, a significant part of Russia ’s cyber attacks, which are connected to its invasion of Ukraine , are being directed at Denmark and the other neighbouring Nordic countries.
“Cyber threats play a major role in every war and conflict that exists today. It is imperative that Denmark invests in cyber security as a core element of our defence. For Denmark to build a strong and modern national security defence, the armed forces require a digital upgrade,” said Saxberg.
IT-Branchen is lobbying the government to support the establishment of a stronger public-private collaboration in the area of cyber security, viewing enhanced cooperation as the optimum way forward to providing Denmark with the capability it needs to defend against future threats and attacks from the cyber domain.
The ICT sector, said Saxberg, can play a pivotal role as a “competence developer” in the specific arena of cyber security, not alone supporting state agencies and private businesses, but offering improved protection to citizens, their personal electronic devices and data privacy, too.
Russia’s part
Denmark ’s decision to elevate its national security threat level to “high” in January and February 2023 was triggered by intelligence reports, analysed by the Center for Cyber Security (CFCS), of heightened activity against Denmark by pro-Russian hacker groups targeting Danish and Nordic companies.
The intelligence available to the CFCS, sourced from national and international security agencies, linked the January upward surge in cyber attacks against Danish and Nordic state agencies and companies to Russian anger over fresh plans by Nordic governments to supply additional military hardware, including offensive weapons systems, to Ukraine .
Militarily unaligned Finland and Sweden, which are currently in the final stages of the accession process to join the North Atlantic Treaty Organisation (NATO), were especially singled out for attacks, causing both countries to elevate their threat levels to amber in January.
Pro-Russian activist hacker groups are increasingly formalising their planning and execution of attacks by creating platforms dedicated to “mobilising resources” for distributed denial of service (DDoS) attacks against Danish and Nordic targets, said Thomas Flarup, the head of the CFCS.
Based on accumulated intelligence and analysis, he said the CFCS believes pro-Russian cyber activist groups have gained the capacity to conduct “more powerful attacks” at an increasing rate.
“We have observed, over a period of time, a number of DDoS attacks against the websites of the Danish defence ministry and against banks. We expect to see more of this type of attack. This is because hackers have gained more power. This can make the attacks more difficult to counter, but it doesn’t make them necessarily more dangerous,” said Flarup.