Cyber-threats are without doubt a new security challenge. Like most countries, Finland is increasingly dependent on a secure and functioning cyber-space and therefore increasingly vulnerable to unexpected and rapidly-emerging cyber-attacks. That is why we aim to become a global forerunner in cyber-security. While this will be the first such national strategy of its kind, the overall approach builds on decades of co-operation and co-ordination in crisis preparation and management.
The guidelines for the new cyber-strategy were laid down in 2010 in the government’s broader Security Strategy for Society and the European Union’s Convention to counter cyber threats. At the moment, however, responsibility for cyber-security remains scattered between many different organisations and stakeholders, reflecting their specialist areas of expertise. This has slowed the creation of common objectives, with key decision-makers acting in relative isolation. Procedures and responsibilities during a nation-wide cyber-crisis have also yet to be defined with sufficient clarity.
One of the main tasks of the current process, therefore, is to assess the need for a new authority to co-ordinate the strategy at a political level, as well as organising responsibilities at the operational level. Many of the risks of cyber-attacks are shared between the governments and the private sectors. And since most of the critical infrastructure is owned by the private sectors, the job of identifying and managing cyber-risks must be done in partnership. The forthcoming strategy will respond to all of these challenges by comprehensively analysing cyber-threats and deciding on the best way forward.