A comprehensive security approach: bolstering Finnish cybersecurity capacity

Abstract

ABSTRACTFinland, at the easternmost border of the European Union (EU), has set itself apart as a global leader in cybersecurity technology. Yet, despite Finland’s relative technological strength in this space, the government has actively intervened in the market in order to bolster cybersecurity capacity and competency. Why? There is an important distinction between the presence of technological expertise and a strategy for the security of society writ large, the latter of which necessitates resilient critical infrastructure and services within a country. To this end, the government has utilised a pre-existing logic for market intervention: Finland’s geopolitical position and its corresponding defence doctrine’s emphasis on defence of society by maintaining society-wide resilience in the event of a crisis. In comprehensive security (kokonaisturvallisuus), which includes cybersecurity, the responsibility for and the safeguarding of the vital functions of society are jointly held by private and public actors, industry and government, defence forces and citizens. Notably, given this focus on industry and civil society’s role within the provision of security, Finland’s approach provides an institutional foundation that is well suited to the realities of addressing cybersecurity at the national level.