Hostile cyberspace comes as no surprise to Nordic-Baltic countries, which are developing robust defenses in response to long-anticipated threats from the East.
You need to be strong to survive in a tough neighborhood: countries bordering Russia know this painfully well, and Finland, Estonia, Latvia, and Lithuania have all dealt with Moscow’s offensive cyber operations to some extent.
Heads of the four countries’ national cyber security centers shared practical tips for strengthening national cybersecurity at last week’s CYBERS’ Nordic-Baltic Security Summit in Tallinn.
All of the panelists stressed that technical preparedness for cyberattacks was not enough. They argued it was vital that the amplitude of cyber threats was fully understood by state-owned and private company boards alike, as governments would never have the resources to send a cybersecurity expert to every single organization.
"Cooperation only makes sense when it either adds analysis, pools, indicators, orchestrates responses, automates alerts, or when it takes less than it gives,"Liisa Past, cyber director at Estonia’s Ministry of Economic Affairs and Communications, said.
Sauli Pahlman, the Director of the Finnish National Cyber Security Center, says his organization has developed a tool to evaluate the cyber maturity of organizations and prioritize whose security practices need to be updated the fastest.
“This is a relatively scalable approach, where you can offer a carrot or stick to get with the sector regulators and then steer the improvements to where you think the risks are greatest,” Pahlman explained.
Meanwhile, Liisa Past, cyber director at Estonia’s Ministry of Economic Affairs and Communications, pointed out the global nature of cybercrime and the resulting necessity for international cooperation. However, Past added that while everyone preaches cooperation, few follow through.
“Cooperation only makes sense when it either adds analysis, pools, indicators, orchestrates responses, automates alerts, or when it takes less than it gives,” Past told the conference.
She stressed that only tangible cooperation is meaningful, especially for countries bordering the Baltic Sea, as they share similar challenges and politically motivated threat actors.
Russian reprisals less than feared
The need to cooperate has been dramatically exposed since Russian troops poured into Ukraine in February, sparking fears of military intervention throughout Eastern Europe, said Edgars Kiukucans, head of national cyber security policy at Latvia’s Ministry of Defense.
However, he said that the Latvian cybersecurity watchdog had noted an increase in activity before the outbreak of war, with regional cyberspace growing more agitated since late last year. What followed convinced the Latvian government to proactively engage with local organizations to guard against crippling attacks.
“We provided a long checklist with practical things everyone can do in their institutions and companies to raise their cybersecurity level and thereby protect themselves from potential cyberattacks,” Kiukucans said.
Interestingly, he noted that after Moscow invaded Ukraine, there were fears of a looming tsunami of cyberattacks against the Baltic nation. A fear that was not realized.
“The bottom line is that yes, we are busy, but we could have been busier,” said Kiukucans.
"Cyber became a tangible thing for the CEOs and the boards. They started to understand that it’s not something only IT guys talk about. It directly affects the company's production,"Jonas Skardinskas, in charge of digital protection at Lithuania’s National Cyber Security Centre, said.
Time to invest
One of the most drastic changes regarding the perception of cybersecurity has been the growing awareness among CEOs that it is not an issue that should be restricted to the IT departments of their organizations, noted Jonas Skardinskas, in charge of digital protection at Lithuania’s National Cyber Security Centre.
“Cyber became a tangible thing for the CEOs and the boards. They started to understand that it’s not something [only] IT guys talk about. It directly affects the company's production,” Skardinskas said.
He explained that this newfound awareness is a valuable asset as, with the right tools, it could become a much-needed push for companies to start taking care of digital assets as much as they do physical ones.
Skardinskas added that the cyberattacks that followed the invasion of Ukraine have provided companies with a painful but salutary lesson, with many now better placed to understand the importance of upping their defenses against digital threat actors. While cybersecurity professionals have been talking about this theoretically for years, cyber threats are now easier to understand in practice because of this learned experience.
“We started to understand how that affects us. Countries now discuss how they would operate if the international lines were down, how satellites would come into play, and how we would provide the connectivity for our citizens,” Skardinskas said.
More from Cybernews:
Subscribe to our newsletter