The security of physical buildings is no longer as important for financial services. The truth is that in today’s society the economy and financial systems are of upmost importance and with the main threat residing in the cyber world, ensuring economic operability is top priority. This focus should be firmly integrated throughout security operations.

Recent reports on cyber-attacks that reach deeper into the banking system are increasingly raising concerns. Now criminals can not only target individual customers to cause a temporary hiatus in banking services, but they can manipulate the stock exchange and re-transfer assets from multiple accounts at once. The banking and financial sector, which has traditionally been acknowledged as the leading industry in applying cyber security, is encountering new challenges – challenges that could strongly impact consumer trust in the system, which it relies on to function.

In addition to causing more financial damage than before, the recent cyber-attacks show the devastating potential of economic damage on a government’s security. Government security is no longer only about war or internal instability; instead it’s about the security of society covering all sectors, safeguarding functions vital to society. Economic operability is one of those vital functions which is critical to all of society.

Economic and security politics are closely entwined. Without a functioning economy, there are no resources for security work. Without security ‒ and stability created by security ‒ a blossoming economy remains out of reach. In the era of global capitalism, economic and financial networks constitute the basis on which to build a stable and successful society. These networks are entirely dependent on the global cyber infrastructure and therefore safeguarding the cyber infrastructure to protect the operability of the economy and financial system should be top priority for the government. This requires a much-needed transformation from out-dated security thinking.

But preparing for cyber threats is a security task for everyone – the government cannot do it alone. Firstly, it is not the job of the government to become involved in the security issues of private companies and citizens. Secondly, the government does not have all necessary skills and tools required. Most of the critical infrastructure, which the state is dependent on, is owned by private entities and should be secured by private solutions. This applies to the banking and financial sector alike. The role of security politics is to ensure that there is good cooperation between different entities and that exaggerated actions are avoided.

If there was a direct threat, the government could step in more forcefully. But if society is prepared and has functioning defences, as well as strengthened resiliency, direct threats should not occur. Plus, there is an active conversation still continuing about where and when large-scale cyber attacks could be interpreted as a declaration of war or as an act of war. Currently the conditions under which an attack qualifies as an act of war are defined by out-dated security thinking – the number of casualties or volume of material destruction. However, as the economy and financial system play an important role in security, the government needs to re-consider this definition to also measure the amount of damage to online infrastructure.

Recognising the security threat to the economy is not a new phenomenon for global government. In 2012, in his keynote speech at the Billington Cybersecurity Summit, the Estonian President Toomas Hendrik Ilves noted that “to impoverish a country you can simply erase their banking records”. In Western society, this impoverishment of a government is more of a security threat than military attacks. Like President Ilves remarked: ”Military is not the main target”.

Information technology and cyber networks have inevitably changed the world. Our understanding of security should adapt to these new circumstances and recognise the priority of threats to the economy and financial system.

Jarno Limnéll
Director of Cyber Security, Stonesoft Plc.
Doctor of Military Science
Helsinki, Finland