Finland’s digital infrastructure – also a trendsetter in security

Finland is the first European country in which all of the current 5G bands have been auctioned and the construction of the network has begun. At present, the 5G network is available in almost 70 localities. According to the telecommunications companies, 5G will cover Finnish households nationwide by 2025.

Construction of the 4G network only began ten years ago, and it is now available practically everywhere in Finland. Today, we use more mobile data than anywhere else in the world. The pace of development is swift, and the sums invested in network construction are significant. Telecommunications companies invest more than half a billion euros in communication networks every year. This sum is split fairly evenly between fixed and mobile networks.

In the future, cities, hospitals, and industrial plants will be dependent on 5G and the opportunities it provides for transferring, processing, and storing large amounts of data and for utilising technology.

The opportunities created by 5G will boost Finland’s competitiveness and provide the means for a green transition. 5G can be up to 100 times more energy-efficient than 4G. Furthermore, estimates rate the potential of mobile technology to reduce carbon dioxide emissions at as much as ten times the sector’s own carbon footprint.

Finland’s successful digital development is the outcome of a long-term, market-based policy to create a strong, modern society of experts.

Investments in network security in Finland

Finland also has the world’s cleanest communication networks. Cybersecurity has always been an essential aspect of maintaining our data networks. For geopolitical reasons, security perspectives have received more rigorous attention in Finland than in many other EU countries.

Networks are always constructed in line with the laws and regulations of the authorities applying at the time. Our current legislation already contains a provision allowing orders to be issued for the removal of disruptive devices from the data communications network. This practice is unique in the EU.

There is also close cooperation with the authorities responsible for cybersecurity. We could characterise our society as one permeated by trust – something that is far from ordinary in many other countries, including our neighbour to the west. There has been even closer dialogue since the onset of the coronavirus pandemic, as cyber threats are always expected to rise in unfamiliar circumstances.

International cyber pressures

The United States has been particularly vocal in calling upon European countries to ban the use of Chinese technology in the 5G networks they are building. The United Kingdom, which has exited the EU, has come under pressure and already adjusted its position twice this year: according to the latest decision, devices from the Chinese manufacturer Huawei must be removed from Britain’s data communications networks by the end of 2027.

ENISA, The European Union Agency for Cybersecurity, issued its own recommendations a year ago. They did not take a strong position on any particular manufacturers of network devices, but they called for security to be guaranteed. Decisions on this matter are to be made by the Member States. One condition of Sweden’s upcoming 5G spectrum auctions has been that devices made by Chinese telecom equipment maker Huawei and ZTE must not be used to build the network. On Monday 9th of November Swedish telecoms regulator PTS halted the auctions after a court suspended parts of its decision that had excluded Huawei from 5G networks.

Precise definitions are required in the law

In Finland, the Act on Electronic Communications Services is currently under scrutiny in the Parliament. The legislative package includes the so-called security provision. This provision states that no devices that could compromise national security may be used in the critical components of the data communications network. In practice, the provision can be interpreted as meaning that devices from Chinese manufacturers cannot be used in the critical components of the network.

FiCom has expressed its wish for more precise wording in this provision. For example, the definition of national security evolves with the times, and it can easily become confused with trade policy objectives. Furthermore, specifying which components of the network are critical is also no easy matter. The definition work is currently being addressed in a working group headed by The Finnish Transport and Communications Agency Traficom. Addressing and ensuring cybersecurity is an ongoing effort for network companies. Technological advancements will inevitably introduce new and unforeseen challenges. There is no such thing as perfectly secure technology, and a product should not be considered intrinsically cybersecure – or insecure – by virtue of its country of origin.

Elina Ussa, Managing Director, FiCom