The Changing Face of Cybersecurity in the Baltics and Finland

The Baltic and Gulf of Finland region has become a fundamental and geostrategic hub between the new NATO configuration and the Russian Federation. The whole region has long been an area with a very high rate of cyber-attacks. As a result of cybersecurity breaches, the Baltic States, led by Estonia, have built one of the most effective defence systems and become a digital superpower in cyberspace. With Finland’s accession to NATO in April, however, the region’s cybersecurity can be expected to be volatile again and likely to become even more intense. The Kremlin, which has strongly opposed Finland’s inclusion in NATO, would surely assert its interests in the region specifically through cyberattacks and the dissemination of pro-Russian information aimed at destabilizing the region. Yet NATO’s conventional security guarantees would counter Russia’s spoiler strategies in any other way than through cyberspace.
The Baltics as a cyber security capital     

            The 2007 cyber-attacks on Estonia were the most significant event that led the Baltic states to focus their investment and technology in cyberspace. These attacks, launched from Russia, targeted the websites of the Estonian government, parliament, banks, ministries and the military, resulting in a complete disruption of the functioning and communication of these institutions (Soldatov, Borogan, 2018: 19).

In theory, a sudden military intervention in a given state with no functional means of information and communication between the government and the military would likely have a destructive effect. Cyber-attacks have had a strong impact on the entire Baltic region. Because of this, Estonia has begun investing massively in cybersecurity assets, while NATO has followed suit by expanding its 2010 Strategic Concept to include the area and cooperation in cybersecurity. Within this, NATO capabilities are to be developed in order to prevent, deter and recover from cyber threats while expanding international capabilities in cyber defence (NATO, 2010).

Under current NATO policy, a cyber-attack on the scale of Estonia against any member state is now unacceptable and would be considered equivalent to a conventional attack, with the consequence of joint action against the aggressor. According to the National Cyber Security Index, Lithuania and Estonia now rank third and fourth in cyber defence, making them among the leading countries in this field (NCSI, undated). In 2019, the total number of cyberattacks in Lithuania exceeded 55,000 for the whole year (Engelova, 2019). Globally, the number of hybrid threats is increasing year by year.

How do cyber-attacks work?

Russia’s efforts to destabilize individual states are evident in the types of attacks. Most of the latter target critical infrastructure, information resources, and channels of communication between people and institutions, thereby limiting the ordinary life of a citizen. At the same time, cyber-attacks do not have to aim only to destabilize or make unavailable a specific server or device. Often, the reason for the attack is the desire to obtain non-public information, personal information of individuals or companies and, last but not least, to spread disinformation. The most used types of attacks include Ransomware, where hackers gain control of someone’s data and demand a ransom to regain access, Malware, which is software that damages systems and extracts information from them, and DDoS attacks, which overwhelms the system itself with an unbearable amount of information that it cannot handle and interrupts its functioning, and lastly Phishing, which is a form of tricking the recipient into opening a message and then harvesting information from their system (European Parliament, 2023). There are a large number of cyber-attacks aimed at obtaining data, with another heavily used method being Smishing, which operates in a similar way to Phishing, only via SMS messages. For example, if a government official is a victim of Smishing, important data may be leaked.

An important event with a major impact on cybersecurity issues in Eastern Europe is the conflict in Ukraine, which has been the target of large-scale cyberattacks since 2014. Since then, Russia has been attempting to influence the presidential election by targeting the cyberspace. In doing so, the energy grid in 2015 was hacked, and the largest malware attacks in history, known as NotPetya, was launched in 2017 (Mironova, 2023). Over the years, Ukraine has adapted, and learned how, to repel these Russian cyber threats, aided greatly by extensive cooperation with Estonia. These learned capabilities have led to the fact that cyberattacks directed at Ukraine prior to the start of the large-scale conventional invasion were not successful and did not disrupt the country’s information resources and helped public services to remain available, with Estonia continuing to be a cooperative actor providing cybersecurity in Ukraine during the war (Miller, 2022). Estonian Prime Minister Kaja Kallas said that the current situation in Ukraine provides the world with a free masterclass in cyber defence, while also praising Ukraine’s ability to keep services, tax payments, information and data protected during wartime, with citizens in Ukraine able to do all of these things safely through the Diia app. Estonia is now working with Ukraine to adapt the Diia app for Estonian citizens as well (Kallas, 2023). It can be assumed that Finland, together with the Baltic states, can learn a lot from the current Ukraine crisis. It is likely that the whole situation is being monitored also by larger regional actors such as NATO and the European Union.

Finland’s accession to NATO and regional security changes

            Finland’s accession to NATO certainly makes room for updates in the hybrid security program of the Northern and Eastern European scenario. As a new NATO member, Finland has the longest border with Russia, it can be assumed that Russia will respond to this expansion soon. Probably, cyber-attacks in the new NATO/Russia borderland will increase.

Finland has long focused on the readiness of their military to counter potential Russian conventional threats. At the same time, it has acquired knowledge of combat in the Arctic regions, which can be of great benefit to NATO as Russia has been significantly increasing its capabilities in the northernmost regions since 2013 (Peck, 2023). Hence, another important geopolitical area will be the Gulf of Finland, where Helsinki as well as Talinn and St. Petersburg are geographically located. Immediately upon Finland’s official entry into the alliance, the country was the target of a cyberattack from Russia, which caused the local government’s website to be restricted. The attack was carried out by a group called NoName057, which also claimed responsibility for attacks on the United States and its allies (Tanner, Manenkov, 2023). In Finland, the Ministry of Foreign Affairs is the main authority in the field of cybersecurity and is responsible for cooperation on this issue at global, regional and bilateral levels. The European Union is of great importance to Finland in the field of cyberspace, with the closest cooperation on this issue being with the Baltic States and NATO. Finland has also had an ambassador for cyber diplomacy since 2014, a position now held by Jarmo Sareva (Ministry for Foreign Affairs of Finland, undated). Cyberspace and its securitization is also a topic addressed at the European level by the OSCE.

To ensure better online security in the Gulf of Finland region, it is necessary to raise social awareness of cyber threats, including possibly educating residents in this area. Furthermore, it is possible to improve technical equipment and provide better defences for companies in the private sector, or develop shared networks to share information about cyber-attacks and thus better respond to recurring threats in the future. Another point could be the expansion of national and regional security strategies in the area of cyber threats. Finland’s accession to NATO can be expected to allow for greater cooperation on this issue than was previously the case. Finland deals with cyber-attacks on a daily basis and its cyber-defence capabilities will bring some security improvements to NATO. According to Mikko Soikkeli, Director of IT at the Finnish Ministry of Defence, the aim is to enable the authorities to contribute their insights and information in the field of cyberspace to joint analyses, thus improving the overall understanding and coordination of the situation (Finnish Government, 2023). The sharing of information in cyberspace will be very important in the fight against these threats, and by extending this communication to the whole region and, by extension, to the European Union, great progress can be made in the fight against cyber threats as well as in the fight against targeted and manipulative information disseminated throughout Europe.


The cybersecurity situation is now very fluid in the Gulf of Finland countries. The Baltic States, as the world’s centre in the fight against cyber-attacks, are in a position where they are also most threatened by Russia. With Finland’s accession to NATO, it can be expected that the country will increase its cooperation in the area of combating hybrid threats also with other NATO countries, especially with the Baltic region given the previous cooperation. The latter would bring an increase in cyber-attacks from Russia, thereby potentially destabilizing the region through hybrid threats.

Based on a long-standing cooperation with Estonia, Ukraine also will play a role. The country has learned to counter and repel cyber threats, indeed, providing the very important inner workings in times of war. It is evident that the current situation in Eastern Europe will bring many new improvements in the fight against cyber-attacks, from which other European and global actors can learn.



Engelova, T. (2019, November 1). Jak se ničí dezinformace v Pobaltí: Se státem spolupracují elfové i novináři. Forum 24 (, 23.4.2023).

European Parliament (2022, January 27). Cybersecurity: main and emerging threats (, 20.4.2023).

Finish Government (2023, April 11). Report: Finland’s cyber security must be developed systematically – cooperation of the authorities and processes require further improvement (, 25.4.2023).

Kallas, K. (2023, April 17). Kaja Kallas says Ukraine is giving the free world a masterclass on cyber-defence. The Economist (, 25.4.2023).

Miller, M. (2022, August 12). How Estonia is helping Ukraine take on Russian cyber threats. Politico (, 25.4.2023).

Ministry for Foreign Affairs of Finland (n.d.). Cyber security and the cyber domain (, 21.4.2023).

Mironova, V. (2023, April 20). Russia’s invasion of Ukraine is also being fought in cyberspace. Atlantic Council (, 25.4.2023).

NCSI (n.d.). National Cyber Security Index (, 17.4.2023).

NATO (2010, November 19). Strategic Concept 2010 (, 17.4.2023).

Peck, M. (2023). Moscow is trying to play it cool, but its military moves hint at growing concern over NATO’s newest member. Business Insider (, 29.4.2023).

Soldatov, A., Borogan, I., et al. (2018, October 1). Russia’s approach to cyber: the best defence is a good offence. In N. Popescu & S. Secrieru (Eds.), HACKS, LEAKS AND DISRUPTIONS: RUSSIAN CYBER STRATEGIES, pp. 15–24. European Union Institute for Security Studies (, 17.4.2023).

Tanner, J., Manenkov, K. (2023, April 4). Relief, but some mixed feelings, as Finland joins NATO. AP News (, 18.4.2023).

Written by Ondřej Prágr