Threats to national security are continually evolving

Cyber espionage exploits unprotected consumer devices

While most people in Finland are not targets of Russian or Chinese cyber espionage, anyone who owns an unprotected device that is connected to the network, such as a home router, can become an unwitting enabler of such operations. Consumer devices increasingly rely on an internet connection that allows them to be controlled remotely. This also provides an opportunity for unauthorised remote access by state actors seeking to penetrate the information systems of Finland or its partner countries. While things will improve with the European Union Cyber Resilience Act governing the information security requirements of new consumer devices, the impact of this regulation will not be immediate.

Unprotected home routers with outdated firmware currently pose a particularly significant risk to national security. Home router owners who fall victim to hacking are also at risk, as an intruder may use the device to impersonate the owner of the connection.

The operators manage the security settings and maintenance of devices that they supply. However, if the device is purchased privately, the responsibility for all the security aspects remains with the individual consumer

Critical infrastructure increasingly relies on space

The critical services of society and certain official services require time and location information transmitted via satellites. For example, delays may arise in the work of the logistics sector when satellite location data are unavailable, and outages in satellite time data that last for weeks can affect the telecommunications infrastructure and the financial sector, for example. Society will increasingly rely on satellite services in the long term. The growing contribution of the private sector in providing services increases the associated risks when the interests of a private business or foreign power may become a factor that influences service provision during possible emergency situations.

Critical infrastructure control systems are online. These systems are usually carefully protected, and Finnish NATO membership has raised the threshold for hostile influence operations that target Finland. Most of the events that are reported in the news as cyberattacks are distributed denial-of-service (DDoS) attacks that momentarily congest a single public website without real affect to national security.

Russia is using third countries to evade export controls

Export controls imposed by Western countries are significantly hampering the work of the Russian technology sector and industry. Russia accordingly seeks to circumvent these controls, for example by concealing details of the true end-purchaser in supply chains, and by procuring products through third countries. Russia nevertheless remains unable to replace the full range of required technology imports.

Exploitation of dual-use applications in emerging technologies and export control system loopholes is likely to increase. For example, quantum technology is generally not subject to export controls, even though it has dual-use applications, and controls are applied to exporting of certain devices or their components.

---

Probability terms used in the report 

Time assessments used in the report