Supo also combats cyber espionage

Supo is also responsible for combating the online espionage of foreign powers. Supo works to prevent cyber espionage in advance by such means as providing information for businesses involved in ensuring security of supply and maintaining critical infrastructure and for various central government actors. The aim is to increase public awareness of threats to information systems both in the public and private sectors and among citizens.

For a state engaged in espionage, cyber espionage is a potent and inexpensive way to access a significant volume of information that is intended to be confidential – from its own territory. In the worst-case scenario, the target of cyber espionage does not realise that they have been subjected to espionage, or the owner of a network device does not know that their device has been integrated into cyber espionage infrastructure.

Even though Russia often tops the agenda when we talk about cyber espionage, it is not the only state that seeks to spy on Western countries. China, among others, has exceptionally substantial resources for cyber espionage. 

• China is using social media platforms for intelligence gathering, National Security Overview 2025
• Authoritarian state cyber ecosystems endanger international stability, National Security Overview 2025

Cyber espionage utilises technical vulnerabilities and dependent companies

Cyber espionage can be implemented in many ways. State-run cyber espionage operations may involve hacking into information systems via a technical vulnerability. Alternatively, states may oblige or exert pressure on dependent hardware or software suppliers to obtain or disclose the data of their foreign customers to the intelligence authorities with an aim is to gain access to information intended to be confidential. 

State-sponsored operators may also focus their cyber espionage campaigns on private individuals and authorities. An employee working in a significant position or processing confidential information may become a target of the intelligence operations of a foreign power. Cyber espionage is often easier to target to an organisation close to the primary target, such as a subcontractor, service provider or partner for whom identifying cyber espionage is difficult.

One effect of the Russian war of aggression in Ukraine has been to highlight the importance of cyber espionage, as, due to the expulsions of diplomats and breaking of relations, Russia’s traditional human intelligence operations have become more difficult in Western countries. Russia is patching up its declining human intelligence resources with cyber espionage, which is used for acquiring data from information systems and on persons of interest to them via the internet.

Preventing the exploitation of IT vulnerabilities requires continuous data security work. The risk associated with hardware or software supplied from countries that actively engage in espionage targeting Finland must be managed from the initial procurement stage.

Everyone should ensure the information security of their network devices 

Supo has observed that the intelligence services of states engaged in cyber espionage are exploiting the network devices and servers of Finnish individuals and businesses in their cyber espionage operations. A state-sponsored cyber espionage operation can route their attack traffic, for example, through a vulnerable home WiFi router.

The target may be a central government information system which the operation seeks to access through a system vulnerability, for example. In the end, confidential information may end up in the hands of foreign intelligence services, or the operation of critical infrastructure information systems may be disrupted.

Everyone should ensure that the passwords and information security settings of routers and other devices connected to their home network are in order. Home routers and network storage systems are the most typical hacked hardware devices, but all appliances that can be connected to the internet (such as cameras and different network storage devices) may be vulnerable. You can find practical information on how to improve the information security of your network devices from the National Cyber Security Centre’s website. 

• National Cyber Security Centre’s instructions and manuals for private individuals

Cyber security is a joint effort of multiple public authorities 

Alongside Supo, several other public authorities are also working in the field of cyber security. The National Cyber Security Centre of the Finnish Transport and Communications Agency (Traficom) investigates information security incidents and oversees and maintains cyber security situation awareness. The National Bureau of Investigation (NBI) and local police departments investigate cybercrimes, such as network traffic interference, online extortion or malicious hacking. The Finnish Defence Forces also combat military cyber threats.

Collaboration is also ongoing with the business community, telecom operators, internet service providers and universities. 

• Traficom Cyber Security Centre 
• The National Bureau of Investigation (NBI) and cybercrime
• Finlands Cyber Security Strategy (The Security Committee)
• Instructions for preparing for incidents and crises (cyberattacks or cyber incidents)