Words have power. Terms such as national defence, resilience, and crisis preparedness carry a strong historical context in Finland. Yet, it is essential to critically examine these concepts and adapt them when circumstances so demand.
Digital security of supply refers to expanding the concept of resilience to digital environments and processes that are vital for operational capability. As a digitalisation company, we see across our customerbase how different actors prepare for the low-probability but high-impact risks, such as serious disruptions or other exceptional circumstances.
In today’s world, almost everything is built on digital foundations and the connections they enable. The key question is: how can we deliver services and keep society running if parts of the digital chain were unavailable for any reason?
Tucked under the covers
Ensuring access to essential goods in all situations requires the seamless functioning of long, digital value chains. Therefore, organisations must adopt a prepared mindset in their digital environments.
This requirement applies to all levels of society and all actors, from decision-makers to citizens, authorities to businesses. No one is immune, but together we can achieve big development leaps forward.
Finnish people are good at preparing for the unknown. Another thing we are skilled at is self-critique. However, upon a need to develop or improve, self-critical thinking is a great asset—the ability and courage to look in the mirror, recognise what has gone well and where improvement is most needed.
The next step is to take action and systematically address shortcomings or outdated practices, especially as the geopolitical situation evolves rapidly.
New drivers for sustainable digital preparedness
Our current resilience thinking, especially in business, is largely based on the assumption that disruptions or exceptional situations have a short lifespan: a blip in the radar more than a long-lasting disruption. This also applies to digital systems and services.
Rapid digital development has not, understandable so, been previously seen as part of the national preparedness – at least not before the war in Ukraine.
It is clear that the current geopolitical situation has developed quickly. The ways we are accustomed to protecting our digital environments and infrastructure will be challenged in the future. Straightforward perimeter protection is no longer sufficient in a digital, interconnected world.
A good example of bold and swift action is the upcoming regulatory change announced by the Finnish Ministry of Finance, which will enable better use of cloud services for handling classified information and pave the way for adopting other emerging technologies. This change is an excellent demonstration of the government’s commitment to removing barriers to digitalisation and data mobility.
The future of security of supply is layered on digital foundations
Finnish businesses face a new challenge: How can companies support the state in extreme crisis situations? What must we build in advance to adapt quickly to changing circumstances?
Here are some highlights I presented at the FinnSec 2025 security fair in early October:
Where does your data exists?
Data is the fuel of digitalisation. For society, moving critical data to international cloud services has been a success factor for Ukraine during wartime; it has enabled the functioning of society outside the front lines, as critical data is accessible from the cloud. This is a lesson worth learning.
Sufficient cybersecurity is merely a hygiene factor in today’s world
It is crucial to note that a cyber-secure service is not necessarily digitally resilient. These concepts are easily confused. In the digital world, maintaining adequate cybersecurity is essential—a hygiene factor. However, the resilience of digital solutions must also be assessed in terms of continuity and the long-term nature of disruptions or exceptional situations. Here, the availability of the CIA model (short for Confidentiality, Integrity, Availability) becomes especially important.
Infrastructure and other foundations of digital dual-use must be built in advance
This refers to digital solutions used in everyday normal conditions, which can be effectively leveraged in crisis situations. For such systems to transition quickly from normal to exceptional use, a digitalinfrastructure must be built in advance to ensure their secure and reliable operation.
Requirements for achieving digital resilience in the current geopolitical landscape
- People must be quickly educated on what digital resilience means for them as service users and its significance for their own operational capability in exceptional circumstances.
- Companies should be provided with concrete capabilities and support to protect and prepare their digital service environments, especially regarding data placement. Development must be funded fromsources beyond just company coffers.
- The development of digital security of supply and resilience must be led and measured. The ownership of digital resilience development should be clearly assigned to a single actor. Now that discussion has begun, it is time to act swiftly and deliver strong results. With the legislation on the National Emergency Supply Agency under review, we have an excellent opportunity to strengthen and clarify its role in digital resilience.
- The development of digital resilience must be implemented through managed networks that connect actors and sectors. This requires a clear management system that brings together people, processes, and technologies.
How would your organisation deliver its services if customary digital platforms were not available?
