The planned reform of Finland’s cyber defense and intelligence gathering laws will likely include new provisions to give the military and national security services new effective legal tools to launch offensive operations against hostile attacks in the cyberwarfare space.
The legislative reform initiative has been tasked to the so-called Parliamentary Monitoring Group (PMG) on intelligence legislation. The PMG, which reports to the Ministry of the Interior, is expected to complete its work in the final quarter of 2016.
The proposed security legislation will add greater clarity to existing Finnish laws relating to intelligence gathering, at home and abroad, as well as strengthening cyber defense activities and capabilities within the overall domain of national security.
Under present laws, both the military and the Finnish Security Intelligence Service (SUPO) have only limited powers to acquire intelligence, while their direct operations are effectively restricted to intelligence gathering inside Finland’s borders.
"We currently lack the capacity to launch counter-attacks in cyberspace. We need to be able to adequately defend this country against foreign attacks in this domain. We need to have this tool in our back-pocket in order to establish a credible deterrent and defense structure," said Pertti Salolainen, the PMG’s deputy chairman.
The legislative reform is intended to provide the Finnish Armed Force’s National Cyber Security Unit (NCSU) with a more elevated and robust offensive capability within the specific area of cyberwarfare counter measures.
Giving the NCSU and SUPO a early strike offensive capability in cyberspace could serve as a real deterrent in the ongoing battle to defend critical Finnish military and state infrastructure against a range of attacks, including cyber espionage, said Salolainen.
Finland’s cyberwarfare capabilities have been under the spotlight since 2013 after it emerged that Turla, a Russian cyber espionage group, managed to infiltrate the Finnish Ministry for Foreign Affairs’ IT and communications platforms undetected for several years.
It is thought that Finland was informed of the Turla cyber crime group’s serial attacks by the National Defense Radio Establishment, Sweden’s military signals intelligence agency.
"Finland must have an infrastructure system in place to detect ongoing cyber threats and cyber espionage warfare attacks. That's now on our legislative agenda," said Salolainen.