How harried Finland fends off nation-states in cyberspace Antti Pelttari is head of the Finnish Security Intelligence Service. (Photo Credit: Soppakanuuna via Wikipedia Commons) Finland’s intelligence security service, called Supo, released its annual public report this week, providing a glimpse into the country’s efforts to fend off near-continuous cyber and information operations. Finland, with a population of nearly 5.5 million and an 833-mile shared border with Russia, serves as a case study in national cyber strategy and relative deterrence, as well as resilience to hostile information operations. In the report’s introduction, Finland’s Director of the Security Intelligence Service Antti Pelttari summarized current geopolitical security trends, which continue to be driven in large part by cyber: Recent news from the world ha[s] shown that national sovereignty can no longer be taken for granted even though no physical violation of state borders takes place. In the “new normal” – today’s security environment – the threat may appear from an unexpected direction and in an unprecedented form. Various influencing and hybrid operations, influence by information and cyber espionage, have opened a new dimension with fewer predictable elements. In the last few years, the barriers between internal and external security have broken down in Europe. Of all the nation-state adversaries alluded to throughout the report, only Russia is named. The report notes the threat to Finnish “data network intelligence,” which is “constantly targeted by computer network attacks from abroad.” While cyberattacks against companies and critical infrastructure did not all together cease, fewer “such cases were observed in 2016.” Rather, in 2016, threat actors’ aims included, “stealing organizations’ vital knowledge capital.” The report summarizes 2016’s “clear trends” in cyber espionage as, “A sharp increase in visible activity against Finland’s foreign and security policy, comprehensive espionage priorities and the abuse of Finnish data networks in espionage targeting third countries.” The last trend is important for several, broader reasons, including cyber attribution and questions surrounding victim retaliation. For instance, based on legislation proposed in February in the U.S. House of Representatives, private companies who suffer cyberattacks will be legally empowered to undertake “active cyber defense measures.” If a cyberattack appeared to originate from a country that was not the attack’s true source, and a company retaliated based on that mistaken information, it could lead to international diplomatic strains and potential military conflict. The Finnish report continued: In addition to cyber espionage against Finnish information systems, several cases of Finnish data networks being exploited in espionage campaigns against third countries were observed in 2016. Information stolen from the target countries was transferred through Finnish data networks, making it seem at first that Finland was targeting espionage against the affected countries. In all the disclosed cases, Finnish authorities warned the authorities of the country in question. In a public attribution to Russia, the report said, “Most observations were related to an APT28/Sofacy attack in which no particular effort was made to conceal the activity.” APT28/Sofacy, also known as Fancy Bear, is one of the two hacking groups the U.S. intelligence community has accused of interfering with the 2016 U.S. presidential election. Cybersecurity companies have associated Fancy Bear with Russian military intelligence agency GRU (Glavnoye Razvedyvatel’noye Upravleniye). In congressional testimony on March 20, FBI Director James Comey also noted the “loudness” of Russian threat actors such as Fancy Bear during the U.S. election, saying the Russian hackers “wanted us to see what they were doing.” In addition to cyber threats, the report notes the continuous attempts of foreign adversaries to compromise Finnish citizens in order to “influence political decision-making and shape public opinion.” Human intelligence carried out by nation-states against Finland “continued to be active and at times aggressive in 2016,” the report said. Since declaring its independence from Russia a century ago, Finland has accomplished one of the most impressive diplomatic feats in Europe: Balancing an aggressive neighbor with overwhelming military force to its east, while maintaining friendly ties with its European neighbors even as it declined NATO membership. Except for twice during World War II, Finland has avoided war and maintained its national sovereignty since 1917. Critics have accused Finland of being too conciliatory to Russia, labeling the strategy with the derisive term “Finlandization,” but the pragmatic policy of strict neutrality between east and west – as well as economic cooperation – has enabled its continued independence. More recently, western countries have viewed Finland as a case study in how to develop a national cyber strategy and achieve relative cyber deterrence. Finland has not suffered the same scale or severity of cyberattacks as other countries bordering Russia, such as Estonia, Lithuania, Georgia and Ukraine. Perhaps even more remarkable is the country’s resilience to intensive, ongoing Russian information warfare. Finnish leaders, scholars and experts attribute Finland’s information warfare resilience to a strong public education system – with its widely admired model and consistently high rankings – that instills critical-thinking skills in its citizens. Observers also credit a coordinated effort from the highest levels of the Finnish government to counter disinformation and propaganda – a task that has, so far, eluded the U.S.