Finland’s Cyber Security Strategy 2024–2035
October 2024
Strategies and Action Plans
Finland’s Cyber Security Strategy 2024–2035 focuses on a comprehensive approach to ensuring national cybersecurity. It identifies key areas of action, divides strategic objectives into four pillars, and provides a framework for their implementation.
The strategy addresses Finland’s evolving digital environment, emphasising the integration of cybersecurity into national security. It aligns with the EU’s cybersecurity directive (NIS2) and Finland’s obligations as a NATO member. A significant aspect of the strategy is its inclusivity, involving public and private sectors, research institutions, and civil society organisations.
Pillars and strategic objectives
- Competence, technology, and RDI (research, development, and innovation):
- Strengthen cybersecurity skills across all education and workforce levels.
- Foster accountability among individuals and organisations.
- Leverage emerging technologies such as AI and quantum computing.
- Develop self-sufficiency in critical cryptographic technologies.
- Maximise opportunities from EU and NATO funding programs.
- Preparedness:
- Enhance the resilience of critical infrastructure, public services, and essential societal functions.
- Support joint preparations for cyber incidents across sectors.
- Promote a Finnish cybersecurity preparedness model for international use.
- Expand cybersecurity exercises and emphasise cross-sector collaboration.
- Prevent cybercrime through targeted efforts.
- Cooperation:
- Build international partnerships, particularly within the EU and NATO frameworks.
- Strengthen public-private sector collaboration.
- Develop efficient information-sharing models.
- Provide centralised cybersecurity services to improve efficiency.
- Response and countermeasures:
- Define clear roles and responsibilities for cyber incident responses.
- Establish a national cyber defense doctrine to address state-sponsored threats.
- Enhance capabilities to combat serious cybercrime.
- Develop advanced attribution processes to identify and counter cyber threats.
Implementation framework
The strategy emphasises resource allocation, effective collaboration, and continual development. Resources are aligned with specific needs, enabling both proactive measures and robust incident response mechanisms. Shared situational awareness, derived from improved information sharing, plays a critical role in realising the strategy’s goals.
Cybersecurity exercises are a cornerstone of the implementation framework, simulating diverse scenarios to prepare organisations for real-world challenges. The focus extends to leveraging technological advancements, ensuring that Finland remains ahead in cybersecurity innovation.
International and national impact
Finland positions itself as an active participant in international cybersecurity efforts, leveraging its roles in the EU and NATO. Through cyber diplomacy, Finland seeks to influence global cybersecurity policies, ensuring a secure and stable cyber environment. Its national model, built on trust and collaboration, is promoted as a benchmark for other nations.
Focus areas
Critical infrastructure, such as energy, healthcare, and supply chains, receives special attention, ensuring its resilience against cyber threats. Public trust in digital services is reinforced through rigorous security measures. Education and continuous learning are prioritised to create a highly skilled cybersecurity workforce.