As the Nordic-Baltic region has digitized its critical infrastructures and decision-making processes, awareness of the resulting geopolitical vulnerabilities has lagged behind.

There is a need to understand that cyber operations have strategic aims that go beyond mere snooping and spying. They are effective at spreading mistrust, blackmail, and destabilization, and at showcasing the perpetrator’s capabilities and serving its deterrence purposes.

The harm scales used to evaluate the severity of a cyber attack usually focus on physical or economic damage, overlooking the real significance of politically-motivated cyber attacks. For example, the damage caused by rigging an election process goes far beyond some of the physical harm scenarios.

Cyber operations are particularly effective in combination with other political pressuring tools. The spectrum of these combinatorial tools is still relatively restricted. Yet the worrying aspect is that this synergic spectrum can widen and lead to cyber escalation, in which case the level of harm caused by the cyber operations will become higher and more prolonged, especially in the (geo)political sense.

It remains to be seen whether a higher state of cyber resilience can be achieved without active means for cyber deterrence such as stronger political shaming, economic sanctions, or active cyber deterrence-building.



Mika Aaltola