Aleksandra Kozioł
Senior Analyst
The Polish Institute of International Affairs (PISM)
Poland
The Baltic Rim will remain in Russia’s main interest due to its geographical proximity, including the Kaliningrad exclave. For the countries of the region, this will be primarily a challenge given Russia’s aggressive stance. In this context, the invasion of February 2022 is a continuation of earlier actions—the invasion of Georgia in 2008, as well as the annexation of Crimea and creation of separatist movements in eastern Ukraine in 2014. For now, it is difficult to predict the outcome of the war, but even Ukraine’s victory and the complete recovery of the country’s territory does not guarantee that Russia will give up its imperial ambitions. Nevertheless, it seems unlikely that Russia will decide to attack NATO and EU member states, which is why hybrid activities, and in particular cyber-aggression, will be all the more important.
Since the Russian invasion of February 2022, there has been a global increase in cyber-aggression. There are several reasons for this, but the most important one is that cyberattacks are perceived as activities below the threshold of war. For a growing number of actors, both state and non-state, they are becoming an effective method of achieving goals, or even of political communication. The latter is particularly clear in the case of Russia. One of the most glaring examples was the attack on the European Parliament’s website in November 2022 after it declared Russia a state sponsor of terrorism.
Cyberattacks are an ever-growing threat, not least because of their increasing number. The dependence of states and their institutions, the private sector, and citizens on digital services, including the interconnections between them, make the vulnerability to theft and falsification of data or cutting off from essential services a matter of concern. This is of particular importance not only in the context of information protection, but also hard security provisions. Russia, for example, launched a cyberattack on the KA-SAT satellite network an hour before the invasion of February 2022. By paralysing communication in Ukraine, parts of Europe, and the Mediterranean, it managed to achieve the effect of surprise. This example clearly shows that cyberattacks are being used alongside military means.
Ensuring cybersecurity in the EU has not kept pace with connecting more and more ground- and space based systems. For the most part, cyber protection is reliant on the activities of private companies, while state-owned entities have in fact only recently started to emerge. For this reason, cooperation between member states is not yet sufficiently developed, although the EU has already started to take some action. At first, it was mainly about civilian cooperation, but Russia’s war of aggression has turned the attention to military issues as well. In November 2022 the Commission and the High Representative presented a Joint Communication on an EU Cyber Defence policy. However, until now, activities taken by member states seem to be fragmented and funding does not correspond to real needs.
Meanwhile, risks in the Baltic Sea region are serious. Russia, for example, has the ability to intercept satellite navigation signals and spoof them, which can lead to a marine accident. In addition to that, other actors, including China, may become an increasing threat. This will result not only from the current tightening of the Sino-Russian alliance, but also from the growing tensions between democratic states and China related to the reduction of dependence on goods supplies from this country, which arrive in Europe mainly by sea.
In such a situation, increasing cybersecurity levels by states separately may not bring sufficient results. According to information published by the Thales Group at the beginning of 2023, most attacked countries since the Russian war of aggression are those in the Baltic Rim: Poland recorded highest number of 114 incidents related to the war, followed by Baltic countries (157 incidents in total for Estonia, Latvia, and Lithuania), Nordic countries (95 incidents in Sweden, Norway, Denmark and Finland), and Germany (58 incidents). Other European countries are hardly under such pressure.
Taking above into account, it seems reasonable for the Baltic Rim countries to initiate tightening cooperation with increased focus on information exchange, both in bilateral formats and at the EU or NATO level. An example that shows the future path is the agreement on Ukraine’s accession to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) located in Estonia. Such decisions will contribute to improving cyber resilience of Baltic Rim countries, and more broadly—the EU and NATO. Our future cybersecurity will certainly depend on unity.
Since the Russian invasion of February 2022, there has been a global increase in cyber-aggression. There are several reasons for this, but the most important one is that cyberattacks are perceived as activities below the threshold of war. For a growing number of actors, both state and non-state, they are becoming an effective method of achieving goals, or even of political communication. The latter is particularly clear in the case of Russia. One of the most glaring examples was the attack on the European Parliament’s website in November 2022 after it declared Russia a state sponsor of terrorism.
Cyberattacks are an ever-growing threat, not least because of their increasing number. The dependence of states and their institutions, the private sector, and citizens on digital services, including the interconnections between them, make the vulnerability to theft and falsification of data or cutting off from essential services a matter of concern. This is of particular importance not only in the context of information protection, but also hard security provisions. Russia, for example, launched a cyberattack on the KA-SAT satellite network an hour before the invasion of February 2022. By paralysing communication in Ukraine, parts of Europe, and the Mediterranean, it managed to achieve the effect of surprise. This example clearly shows that cyberattacks are being used alongside military means.
Ensuring cybersecurity in the EU has not kept pace with connecting more and more ground- and space based systems. For the most part, cyber protection is reliant on the activities of private companies, while state-owned entities have in fact only recently started to emerge. For this reason, cooperation between member states is not yet sufficiently developed, although the EU has already started to take some action. At first, it was mainly about civilian cooperation, but Russia’s war of aggression has turned the attention to military issues as well. In November 2022 the Commission and the High Representative presented a Joint Communication on an EU Cyber Defence policy. However, until now, activities taken by member states seem to be fragmented and funding does not correspond to real needs.
Meanwhile, risks in the Baltic Sea region are serious. Russia, for example, has the ability to intercept satellite navigation signals and spoof them, which can lead to a marine accident. In addition to that, other actors, including China, may become an increasing threat. This will result not only from the current tightening of the Sino-Russian alliance, but also from the growing tensions between democratic states and China related to the reduction of dependence on goods supplies from this country, which arrive in Europe mainly by sea.
In such a situation, increasing cybersecurity levels by states separately may not bring sufficient results. According to information published by the Thales Group at the beginning of 2023, most attacked countries since the Russian war of aggression are those in the Baltic Rim: Poland recorded highest number of 114 incidents related to the war, followed by Baltic countries (157 incidents in total for Estonia, Latvia, and Lithuania), Nordic countries (95 incidents in Sweden, Norway, Denmark and Finland), and Germany (58 incidents). Other European countries are hardly under such pressure.
Taking above into account, it seems reasonable for the Baltic Rim countries to initiate tightening cooperation with increased focus on information exchange, both in bilateral formats and at the EU or NATO level. An example that shows the future path is the agreement on Ukraine’s accession to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) located in Estonia. Such decisions will contribute to improving cyber resilience of Baltic Rim countries, and more broadly—the EU and NATO. Our future cybersecurity will certainly depend on unity.