Aapo Cederberg, CEO of Cyberwatch Finland. He is also an Associate Fellow at Geneva Centre for Security Policy and Chairman of Cyber Security Committee of World UAV Federation (WUAVF)

The cyber world is rapidly changing and partially along surprising developments. Despite this, certain trends can be seen in future development. The development of the cyber world reflects global political changes and situation. Therefore, strategic analysis must always reflect events of the cyber world on political objectives and relationships, and how they aim to be influenced with cyber operations. Cyber operations have become more and more a political tool, which is applicable in governmental operators as well as financial investments in developing cyber capabilities. For example, influencing elections is nowadays more a rule than an exception.

The major change in the Finnish safety environment has been the increase of Russia’s active hybrid influencing operations during recent years. Efficient hybrid influence is, in many ways, based on cyber operations focusing on digital systems. Thus, it can be stated that cyberattacks are the spearhead in hybrid influencing, without undermining other capabilities. Cyber spying is used to create prerequisites for various hybrid operations, and it involves extremely long-term operations, which is aimed to be concealed as well as possible. Cyber spying is also a new and efficient tool, which is used to supplement other data collection and spying methods. It can be stated that the capacity of spying has increased over the past few years.

President Donald Trump’s policy – America first – is also visible in the development of the cyber world. Wide-scale cyber spying, which also targets allies, has raised suspicion and caused lack of trust. Building trust takes a long time and the trust between states is based on genuine trust-based actions. Therefore, trust must be earnt through action. If trust is broken or it is lost, regaining it is very difficult, if not impossible.

It is difficult to draw a line in cyber spying between the legal collection of marketing information and the illegal spying. There should be a way to predict when legal information can be used for criminal and other illegal purposes. Cyber spying and the preparation of attacks is often difficult to be detected and tracking down operators is difficult and time-consuming. In Finland, it is also worth carefully monitoring what is happening in the cyber world globally, and not merely limit yourself to the domestic situation.

Major form of crime in the world

At the moment, the global market of the data security industry is estimated to have a value of almost 140 billion dollars. Respectively, the value of cybercrime is well over 1,000 billion dollars, exceeding the value of drug trafficking already in 2013, and thus becoming the most major form of crime in the world. One ratio that can be used is a formula, where the world protects itself with a financial investment of 1/8 compared to the value of damages caused by cybercrime.  The largest investments in cyber security are underway in Asia, exceeding the North American market. Asia’s share is approximately 30% of the global data security products’ market, North America 27%, EU 20% and the rest of the world 23%.

The national resources the United States have invested in cyber security total almost 30 billion dollars per year. In China and Russia, the amounts in dollars are significantly less but the human resources are at least as high, perhaps even higher than in the United States. In Europe, UK is the only country to have kept up with cyber equipment and investments. In the UK, 2.3 billion pounds are invested in the development of cyber skills and the cyber industry. Similar investments in Germany and France are at annual level of 100-200 million euros.

Financial opportunities attract both criminals and governmental operators. North Korea used its cyber undercover operations, as well as other traditional criminal activities such as drug trafficking, to acquire foreign currency. Similar activities are carried out by terrorist organisations, which operate via legal companies doing cyber operations. Statistically speaking, cyberattacks more commonly target the business world than governmental subjects. The most desired subjects are such that, upon attack, provide the most social influencing power and media visibility as well as financial benefit. Easy targets are attractive. During recent years, health care, production plants and the financial industry have been the most wanted targets, presumably for the reasons mentioned above. However, it is worth keeping in mind that the entire society can be the target, no-one can say they are entirely safe.

What is a strategic cyber situational awareness

The main focus area of cyber security should be on prevention of cyberattacks, without forgetting defence and actions to restore operations. This requires a strategic situational awareness of the cyber world’s trends and the ever-changing phenomena. A national study was carried out by the Finnish Prime Minister’s Office bring up the need for a strategic cyber situational awareness covering the entire society. If Finland wants to be one of the forerunners in cyber security, this challenge must be responded.

This brings about the question; what is a strategic cyber situational awareness? In simple terms, it can be considered an entity, in which people’s operating methods, our society’s key processes, digital technology and the management of this entity must be taken in to account. The analysis must also always review cyber phenomena and their reasons as well as consequences. The difficulty of defining operators is an increasing challenge, whether it is a government, cyber criminals or terrorists, or hackers. It can be a combination of these operators. Cyber criminals sell their services, and “cybercrime as a service” is a rapidly growing “business area”. Cyber-attacks are increasingly more clearly considered to be a new military capability. The black is swan is how terrorist organisations develop and will use their cyber skills and capacity.

Good and efficient cyber management requires smart and timely decisions, which are based on good situational awareness. Leadership skills are emphasised in the cyber world, because changes are even more quick, and cyber-attacks and their consequential effects are surprising. Target of cyber-attacks are round the entire society and particularly the critical infrastructures and services of the society. Political decision-makers, authorities and business leadership must therefore have management skills. Decision-makers must have a better situational awareness of the cyber world, in order to be able to make correct decisions, leadership will rise to the ridge of the temple.

Preparations must be in focus of every organisation

There is not only one way to carry out cyber operations or prevent them, but instead preparations must be in focus of every organisation. Organisations must be able to differentiate critical and non-critical entities from each other and focus primarily on protecting critical infrastructures and services. The importance of risk assessment and the definition of priorities will further increase.

At the moment, the skills to observe deviations are focused on the prevention of cyber threats. They are monitored with various software, sensors installed on networks and with various levels of Security Operation Centres (SOC), which may be company-specific, or they may produce services in a concentrated manner. While technologies develop and become more complex, an increasing understanding at a device level is needed on their operations, in order to be able to respond the threats.

In the future, people are an even greater cyber threat, either intentionally or accidentally. People are continuously aimed to be influenced. Hybrid activities, which are used to change people’s opinions, influence in everything both politically and commercially. Opinions may often be quickly-formed, fictional, machine-produced virtual influencers, i.e. fake news, which are repeated as necessary. A lot of distorted researches and scientific reports are published to mislead various operators or for financial purposes. Cyber education the best and most affordable form of cyber security.

Commercial influence operations take place on a wide scale

The effects of information operations have publicly been assessed mainly through the revealed attempts of election influence. Less has been spoken about commercial influence operations, which take place on a wide scale. The same methods, which are used to influence elections, can also be used to influence purchase behaviour, political opinions and people’s attitudes towards various national and international issues, by creating new markets for companies or taking them away. The manipulation of markets may become more common in the future, both in the consumer and business markets. Preparing for these phenomena requires completely new methods, which are only now beginning to be developed.

If you have knowledge and skills, cyber security is not expensive. The right subjects must be invested in and you must know what you are doing. The most expensive is not always the best option, in cyber security skills and good innovations are the most decisive. The protection of information assets, i.e. data, can be used as an example. Information assets are the gold bars of this era. However, too few operators invest in the protection and monitoring of their information assets. However, many experts consider the manipulation and sabotage of data as the new mega trend of the cyber world. In other words, worries do not focus on the theft of data but instead on the alteration of data, which the owner does not even notice.

A key duty of the government is to take care of the safety and well-being of our society, this is not possible without effective cyber security. More resources are also needed in the critical areas of our society. Well-being can be established via education and innovation – cyber security is a great possibility for Finland, if the decisions can be made.