Maturing national responses to hybrid influencing and cyber threats: A primer on Finland’s approach

Strategic Insight 002/2022

Jarmo Sareva and Liisa Talonpoika

02 March 2022


The current geopolitical situation has highlighted the need for a comprehensive response to both cyber and hybrid threats. Finland’s model of comprehensive security also supports our overall resilience against these threats. The goal is to protect all of society’s vital functions through a collaborative approach involving authorities, the private sector, civil society organisations, academia, and private citizens. In this regard, a high educational level, cyber skills, media literacy, social trust and cohesion as well as low corruption are important. Our legal framework further supports this whole of government approach whereby new legislation is adopted as needed to raise preparedness. During the last several years alone, Finland has updated its legislative tools in areas such as intelligence, network security, ownership of real estate, dual nationality and international assistance.

Understanding Finland’s approach to hybrid influencing

In the EU, Finland supports the development of a hybrid toolbox as part of the Union’s future Strategic Compass. We need a clear set of options for external action to counter hybrid threats as well as a framework to use those options. In this case, the EU Cyber Diplomacy toolbox which already exists is used as a model in developing the hybrid toolbox. To complement national and EU-wide cooperation, wider international engagement is also important, and is actively used, including through Nordic, bilateral and NATO cooperation.

Several actors must be involved due to the complex nature of hybrid threats, especially since the necessary tasks can only be performed through cooperation and there is no ‘one size fits all’ solution. In Finland’s case, the following actors are involved:


  • Given the Ministry of Foreign Affairs’ focus on contributing to national activities and especially at international fora, it has, for a number of years, had Cyber and Hybrid Ambassadors in its technology and security team, alongside a senior expert on strategic communications advising the East department.
  • The EU-secretariat in the Prime Minister’s office coordinates EU positions and its press department has a team dealing with strategic communications, media awareness and media reading skills. The Government’s 24/7 situation center produces material, both on a daily basis as well as larger analyses. The Prime Minister’s office also works closely with the office of the President.
  • The Government’s Security Committee, which has its own secretariat, consists of permanent secretaries of all ministries and director generals of relevant authorities. It also produces the security strategy for society, which is updated every three to four years with a new version due to be released soon.
  • Heads of Preparedness from ministries and relevant authorities meet regularly.
  • The Department for Democracy and Public Law of the Ministry of Justice oversees elections, election security and leads the work to combat election interference. A civil servant level coordination group deals with elections and a special webpage provides information to voters.
  • The Ministry of Interior’s Unit for National Security, Ministry of Defense, Defense Command and Security and Intelligence Service are vital actors in safeguarding Finland’s security across all dimensions of hybrid threats in their field of expertise. Coordination is achieved through existing structures or on an ad hoc basis, depending on the hybrid domain in question. Almost all other ministries are also involved, due to the complex nature of hybrid influencing. Some examples of these Ministries include the Ministry of Communications (for cyber and network technologies), Ministry of Economic Affairs (for energy, regional actors and space), and the Ministry of Education and Culture (for universities and research). The Parliament and its committees deal with hybrid-related questions regularly, while the embassy network is involved in producing material that can feed into domestic endeavours.
  • Other key authorities, all closely linked to respective Ministries, which deal with hybrid questions include the National Emergency Supply Agency; Finnish Institute for Health and Welfare; Digital and Population Data Service; and National Cybersecurity Centre.
  • Finland’s National Defense College organises courses at the national and local level, based on a whole of government approach to security. The private sector, Parliament, NGOs, media outlets, Government officials and various authorities are all involved in this work, culminating in over 10,000 leaders from all walks of life having completed three-week training on how to protect society during a crisis.
  • Finland also participates actively in the European Center of Excellence for Countering Hybrid Threats (Hybrid CoE) located in Helsinki. The center brings added value through research, awareness raising, sharing best practices and exercises. Finland also participates in other relevant Centers of Excellence, namely the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn and the NATO Strategic Communications Centre of Excellence in Riga.

In short, it is essential to be one step ahead and prepared, focusing on what might happen next, instead of being reactive to events. While this is not easy, foresight planning can be successfully carried out if signs can be detected. Monitoring of evolving trends in the operating environment and reviewing possible scenarios helps to prepare for the unexpected.

The Finnish approach to ‘cyber’

The need to improve the overall state of cybersecurity results from the significant changes that society faces, such as the constantly growing and evolving cyber threat landscape; the increasing complexity of ICT environments; and the convergence of embedded and traditional ICT systems. Cybersecurity threats can increasingly affect the critical operations and data security of a society whose functioning is increasingly based on digital networks. The Finnish Government recognises that as we increasingly rely on the digital operating environment, cybersecurity must be built into all operations, processes and systems affected by cyber threats. Moreover, a strong level of cybersecurity can only be achieved if every actor linked to the digital society contributes to it by taking responsibility for the implementation of cybersecurity. Contributing towards cybersecurity must be seen as part of the everyday social responsibility of every organisation and individual.

Consequently, the Programme of Prime Minister Sanna Marin’s Government set three main goals for the development of national cybersecurity: (1) Improving situational awareness; (2) Intensifying international cooperation; and (3) Enhancing national coordination. The Government’s 2019 resolution on Finland’s Cyber Security Strategy responded to these goals, stressing the need to improve the overall state of national cybersecurity. Notably, this strategy is also part of the implementation of the broader Security Strategy for Society (2017) and the EU Cybersecurity Strategy. Subsequently, Finland’s 2021 Cyber Security Development Programme approaches national cybersecurity with a view to the opportunities that, when implemented, will strengthen national cybersecurity and economic growth, while also reducing cybersecurity risks resulting from deficiencies or bottlenecks. The primary goal of this development programme is to create a cybersecurity ecosystem in Finland, which will generate economic activity and growth, increase the number of jobs in the sector, build the required competencies and improve the resilience of the digital society.

From the point of view of growing this ecosystem, the development programme will focus on four key themes, namely (1) top-level competence; (2) close multistakeholder collaboration; (3) nurturing a strong domestic cybersecurity industry; and (4) effective national cybersecurity capabilities. In the future, new themes will likely be added as the development programme is updated.

To conclude, the whole of society must be involved to protect a nation. Not only military but all government authorities, civil society, NGOs, media and local authorities must be involved. It is easier to achieve common situational awareness, read the signs, understand what is coming and how to deal with it, when these entities work together.

Jarmo Sareva is Ambassador for Cyber Affairs and Liisa Talonpoika is Ambassador for Hybrid Affairs at the Ministry for Foreign Affairs of Finland. 

The Azure Forum is a nonpartisan, independent research organisation. In all instances, the Azure Forum retains independence over its research and editorial discretion with respect to outputs, reports, and recommendations. The Azure Forum does not take specific policy positions. Accordingly, all author views should be understood to be solely those of the author(s).