Senior Foreign Ministry officials, meeting in Stockholm on Nov. 27, approved the development of common cyber defense strategies and broadened the scope to include NATO-aligned Baltic states. It also extended the approach beyond military systems to include industrial infrastructure.
The groundwork was prepared in 2012 under the cross-border Nordic Defense Cooperation (NORDEFCO) vehicle, which was instructed to examine possible areas of cooperation. Following the Stockholm meeting, NORDEFCO now has a specific mission to develop the common cyber strategies proposed.
Within this framework, Sweden, Norway, Finland and Denmark have agreed to a multi-tier collaboration under which certain cyber defense capabilities developed as part of national initiatives can help create a common platform to share information, fine-tune procedures and produce cyberspace counterstrike technologies.
The NORDEFCO initiative covers participation by military Computer Emergency Response Team units in the four participating countries. The aim is to improve data and intelligence sharing, while sharpening skills by holding regular pan-Nordic cyber defense exercises.
The resulting Nordic Cyber Defense and Security Action Plan is being run by NORDEFCO's Military Coordination Committee as a so-called cooperation area capabilities project.
The primary objective is to produce initiatives that will lead to joint strategic development projects establishing a common Nordic-Baltic response to threats in cyberspace, and which may impact one or more countries.
The scope for developing future regional cyber defense cooperation was high on the agenda when defense ministers from the Nordic and Baltic states met in Oslo on Nov. 13.
"The need for collaboration in cyber defense and security is growing, and cooperation is the most effective way to tackle the problem and degree of threat. For Nordic and Baltic states, forming a common position on cyber defense is a natural step forward as our nations develop closer forms of defense and security cooperation," said Ine Eriksen Søreide, Norway's defense minister.
Within this partnership, Sweden will provide funding and expertise to Estonia's NATO-aligned Cyber Defense Center of Excellence (CDCE), headquartered in Tallinn. The CDCE is expected to play an important role in shaping Nordic-Baltic cooperation in the cyber defense sphere.
"The threat levels to our defense and industrial infrastructures are constant. As cooperation partners, we can do more to protect our common interests. Instances of cyber attacks against the Nordic and Baltic states are becoming more regular and sophisticated, and we must ensure we have the capacity to fight off attacks from wherever they originate. This requires close cooperation and a greater protection of cyberspace," said Keit Pentus-Rosimannus, Estonia's foreign minister.
In 2007, Estonia fell victim to a series of massive cyber attacks, which originated in Russia, against state agencies and corporate organizations, including banks. As a result, the country strove to become a regional leader in cyber defense, which culminated in the establishment of the CDCE in 2008.
NORDEFCO, in formulating its cyber defense cooperation strategy framework, has looked at emerging technologies being developed by the CDCE, including 3D printing security tools.
The growing exposure of 3D printing equipment as a target for cyber attacks is increasing, so the CDCE has begun to examine new technologies that will enable 3D printing to take place in a secure environment.
"Effective cooperation must deal with core aspects of cyber defense that can protect military and economic infrastructures against attack. It must lead to a situation where governments, security authorities and the military are always one step ahead and able to combat threats that have their root in international terrorism, piracy or organized crime," said Sven Mikser, Estonia's defense minister.
The need for unified regional cooperation and common response platforms came into focus in July when security intelligence agencies in Sweden, Norway and Denmark were alerted to the probability of cyberspace and "in-situ" attacks by Islamic State terrorists against state-run IT systems and public buildings in capital cities in Scandinavia.
Despite the conflict in Ukraine, the Nordic military and national security agencies have all identified the primary cyber attack threat to their countries as coming not from Russia, but militant Islamists and terrorist organizations in the Middle East, Afghanistan and North Africa.
Moreover, the perceived threat is also increasing as more jihadist fighters in Syria and Iraq return to Nordic places of residence, where many are naturalized citizens.
The push for a Nordic-Baltic approach to cyber defense is also motivated by the rise in "cyber-snooping" by foreign powers. SUPO, Finland's national intelligence agency, has identified an increase in cyber-snooping by foreign governments attempting to penetrate networks run by key government agencies and corporations.
The growth in the cybersecurity threat has already caused the Finnish Armed Forces (FAF) to boost cyber defense funding. The military is considering a proposal to teach cybersecurity skills to all professional soldiers and conscripts.
"The matter is being discussed with the Ministry of Defense, and we share an understanding on the issue. Preparation for cyber threats is being examined as part of broader operational planning. The FAF is poised to establish its own cybersecurity organization and build our knowledge," said Gen. Jarmo Lindberg, Finland's chief of defense.
Developing capabilities to ward off cyber-based industrial espionage will form a significant element in the Nordic-Baltic cooperative effort, against a backdrop where national cyber defense centers are reporting increased threats directed at industry targets by foreign state agencies.
In a report released in September, Denmark's Centre for Cyber Security (CCC) noted that at least one foreign state had engaged in "mass espionage" cyber attacks against the country's leading defense corporations since 2012. The attack in question focused specifically on Danish companies supplying parts to the F-35 Joint Strike Fighter program.
"This attack was advanced, targeted and took place over a prolonged period. We received intelligence at the end of 2012 that necessitated that we warn the whole of the Danish defense industry that a campaign was being conducted against certain companies for the purposes of industrial espionage," said Thomas Lund Sørensen, the head of the CCC, which operates as a division of the National Defense Intelligence Service.
It is believed the attack resulted in hackers gaining access to the IT systems of at least one defense company in Denmark. Although the CCC did not identify the country of origin of the hackers, the distinctive characteristics of the malware used suggested the attack may have come from China. ■