Cyber security as part of national security

Cyber security is one of the targets of national security. The aim is to protect the increasingly digital society and society’s ability to function against hostile cyber attacks and intelligence gathering on information networks. 

Cyber threats to national security are typically state-sponsored cyber threats in which information networks are used, and the threats are targeted at critical infrastructure, decision-making by the state and state management, or national defence, for example.

However, cyber crime groups are also increasingly launching ransomware attacks against actors in the healthcare and energy sectors, for example. In addition, state actors use cyber crime groups as subcontractors to conceal their own participation.

Information networks as a channel of state influence

Typical features of state-sponsored cyber threats include using unlawful means to try to obtain information about central government decision-making or to expose critical vulnerabilities that could affect the capacity of the state and society to function. 

Cyber interference is part of the range of hybrid methods that are used to exert influence through information in order to undermine social stability or that seek to influence the decision-making of state leaders along with other means of pressure. 

State-sponsored cyber espionage may also target the knowledge capital of companies and research institutes, in which case the aim of illegal information gathering is to obtain information on product development to strengthen the competitiveness of one’s own industry or to acquire technologies subject to export control for military purposes. 

Both cyber interference and cyber espionage are part of our reality even in peacetime. In emergency conditions, cyber attacks can be used as means of warfare, as Russia’s invasion of Ukraine has shown in a very concrete manner.

Identifying perpetrators of cyber attacks is challenging

Identifying the party behind cyber attacks is always a challenge. The attacker or intruder may attempt to cover their tracks by routing their attack through several commercial servers, anonymising the intrusion tools they use, deliberately misleading the target or using intermediaries such as cyber crime groups to conceal the actors behind them.
 
However, an attempt can be made to identify the attacker on the basis of previous operating methods, the infrastructure and malware used in the attack as well as the intrusion targets. 

A key method in responding to cyber attacks is not only to correct identified vulnerabilities but also, increasingly, to name the attacker in public and to employ various diplomatic and economic means, including sanctions.

The attacker or intruder may attempt to cover their tracks by routing their attack through several commercial servers, anonymising the intrusion tools they use, deliberately misleading the target or using intermediaries such as cyber crime groups to conceal the actors behind them.

Inquiries: Hannu Kotipelto, tel. +358 295 488 354