In a world where everything and everyone is connected, the Nordic digital security landscape has grown more complex and uncertain. The evolving threat environment requires businesses and organisations to be more closely integrated with the total preparedness of the region. There is a pressing need to prioritise and develop more common solutions for security, resilience, and robustness in a Nordic and allied context. We cannot affort to ignore the opportunitites that Nordic co-operation presents.

Increased resilience

The telecommunications industry is the foundation of digitalisation in the Nordic region. Industry players build, operate, and develop telecom networks that underpin critical services essential for societal function, including power, finance, transport, and health. However, this infrastructure faces growing threats.

Telenor Nordics is particularly concerned about Russia’s systematic dismantling of civilian infrastructure in Ukraine, including electricity, payment solutions, transportation systems, broadband, and mobile networks. Acts of sabotage, such as those targeting gas pipelines in the Baltic Sea and railway cables in Europe, also serve as stark warnings. Similar incidents could easily occur in the Nordic countries. If communication networks fail – if phones do not work, SMS cannot be sent, and businesses and individuals cannot connect to the internet—the functionality of our society is at significant risk.

In response to these threats, Finland is considering, for example, taking a proactive stance in safeguarding against evolving cyber threats by significantly increasing its cyber-security investment by 30% in 2024 to counter AI-enabled cyber threats. (3) This strategic move aims to enhance the nation’s cyber-security defences across public and private sectors. This investment aligns with recommendations from the ”Security Threat of AI-Enabled Cyber-attacks” (STAIC) report, a collaborative effort between Finland’s state transport and communications agency Traficom, the National Emergency Supply Agency (NESA), and cyber-security leader WithSecure, emphasising the importance of adapting security measures to counter AI-driven attacks.

About Telenor as a Nordic preparedness actor

Telenor Nordics, comprised of operations in Norway, Sweden, Finland, and Denmark, owns and manages critical infrastructure, ensuring the secure and stable delivery of digital services across mobile, fixed networks, and broadband. This includes providing voice, data, and SMS, which are essential for the functioning of societies in these countries.

We take our commitment to provide stable and secure services during peace, conflict, crisis, and war very seriously. This responsibility requires us to maintain stringent control over ownership and operations within our critical infrastructure supply chain, reflected in our agreements with suppliers and partners. Recognising that we are a target for advanced threat actors, Telenor is acutely aware of our security responsibilities towards our customers, society, and ourselves.

We focus on integrating security and preparedness into all our processes and see great value in maintaining a good and transparent dialogue with authorities to uphold national security. Our operations adhere to national security laws across the Nordic countries, ensuring compliance and proactive measures to safeguard our infrastructure.

Increased resilience

Resilience and security in telecom infrastructure are not luxuries but necessities. Telenor is reinforcing its internal resilience efforts by investing in more robust systems and enhanced cyber defences across the Nordic region. With Sweden and Finland joining NATO in 2024, along-side long-time members Norway and Denmark, the security landscape in the region has also been reshaped. This integration enhances the collective defence posture of the region, facilitating a more coordinated response to emerging threats against critical infrastructure and broader societal stability.

Robust and secure communication is essential for crisis management and national security, particularly during high-intensity conflicts. The threat landscape can change rapidly, and we must learn to manage this uncertainty. To protect our digital backbone, we will continue to invest in resilient systems and enhanced cyber defences. This requires robust preparedness, an updated situational understanding, and holistic and thoughtfully designed solutions tailored to specific regional needs. This aligns with the recent NIS Co-operation Group’s first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors, which calls for enhanced collective cyber situational awareness and crisis management. (4)

Access to expertise

The Nordic region faces a growing challenge in accessing expertise in technology and security fields. There is a shortage of specialised competence, particularly regarding the availability of personnel who can also get a security-clearance. This shortage impacts the ability to develop and maintain robust cyber-security measures and advanced technological infrastructure, which are critical for national and regional security. In Sweden, the Security Service (Säkerhetspolisen) has highlighted the need to investigate how the Swedish security clearance system aligns with NATO’s requirements. The introduction of a more efficient clearance system in Sweden could address the administrative burdens currently faced by oversight bodies and operators, particularly in light of Sweden’s recent NATO membership.

Telenor believes that enhanced Nordic co-operation in areas hindering cross-border collaboration, such as on security clearance processes, can provide the necessary scale to address this issue. Here the roles of both the EU and national governments are important for creating harmonised frameworks that support cross-border security measures. However, this approach should carefully consider national contexts and specific regional needs, particularly where existing regulations already provide adequate security without imposing undue burdens. By aligning security policies and clearance standards across the Nordic countries, it becomes easier to share resources and expertise, facilitating a more robust and unified approach to cyber-security, technological development, and security that enhances our collective resilience against cyber threats.

Robust and secure communication is essential for crisis management and national security, particularly during highintensity conflicts.

Integrating business

In Norway, Telenor has long advocated for closer integration of businesses into Total Defence, i.e. a comprehensive national defence strategy that integrates both military and civilian resources to safeguard the nation during times of crisis or war. It is therefore positive that the recommendations from the Norwegian Defence Commission and the Norwegian Total Preparedness Commission clearly recognise the importance of using businesses as preparedness actors and resources. This approach should be expanded to a Nordic scale, incorporating regional initiatives that align business preparedness efforts across all Nordic countries. The long-term plan for the Norwegian Armed Forces states that it is ”necessary to rethink how business actors can better be integrated into total defence”.

Large business actors in the Nordics, operating in sectors such as finance, energy, food, and telecom, possess critical competencies and capacities essential for maintaining societal and national security. These companies own and manage vital infrastructure, making their role in total defence crucial. They provide valuable insight and expertise on the critical civilian functions they help maintain, contributing to the fulfilment of the Nordic countries’ obligations under NATO’s seven baseline requirements.

However, a significant challenge remains. Security laws and regulations in the Nordic countries have all become stricter, and their national implementations vary. The challenge is both horizontal and vertical: horizontally, regulations differ between countries; vertically, the implementation of security regulations varies across sectors within each national market.

Three elements are fundamental for a robust total defence:

Strong societal resilience, crosssectoral situational awareness, and the willingness and ability for mutual support and co-operation.

Source: Report to the Norwegian Total Preparedness

Integrating business

For example, in Sweden, the current Security Protection Ordinance imposes significant restrictions on the ability of private corporate groups to share security-sensitive information within their own structures, hindering effective crisis preparedness and total defence planning. This regulatory burden leads to retrospective situational reporting rather than forward-looking crisis management. Amending the ordinance to allow for security protection agreements within corporate groups would be a crucial step towards more effective total defence integration. However, this amendment should also extend beyond total defence aspects to facilitate a broader scope of information sharing with the private sector.

Further, the Nordic dimension adds another layer of complexity. The lack of aligned implementation of security protection agreements and security clearances makes it difficult for companies to maintain shared infrastructure or fully engage in collaborative activities across the region. To overcome these obstacles, targeted alignment in specific areas hindering cross-border co-operation, with a focus on streamlined and efficient regulations, enabling smoother cross-border co-operation would be ideal. The Nordic Council has long championed the idea of removing barriers to cross-border co-operation and enhancing the freedom of movement within the region.

One significant hurdle for increased cross-sector collaboration is that businesses with a Nordic footprint lack adequate access to updated threat and security information and solutions for secure interaction with competent national authorities. This is a governmental responsibility and requires attention. Common initiatives across security authorities to provide open threat assessments would therefore be relevant for businesses working on risk management. One such initiative comes from Denmark, the tele-CERT proposal for how businesses and governments can collaborate more closely on cyber-security, integrating private sector capabilities into national and regional defence strategies.

Another example, specific to Norway but with the potential for wider Nordic application, is the Norwegian Business and Industry Security Council (Næringslivets Sikkerhetsråd – NSR). NSR is developing a new concept to enhance security and preparedness within the business sector. Their goal is to establish a Business Preparedness and Security Centre (NBSS), which will strengthen both physical and digital security, as well as overall preparedness in Norwegian businesses. The NBSS is designed to complement, not replace, existing collaboration between businesses and public authorities where those mechanisms are already effective. NSR sees significant value in integrating digital and physical security with preparedness under one framework. A key feature of the NBSS will be its capacity to send and receive warnings, ensuring that businesses are informed and prepared for any type of incident. For small and medium- sized businesses, which may struggle with the distinctions between these areas, the NBSS will offer predictability and clarity. Moreover, the NBSS will streamline communication between the business sector and public authorities, providing a unified point of contact that enhances co-operation and efficiency.

Telenor Nordics supports establishing closer co-operation on preparedness and crisis management. For such co-operation to be effective, governance and collaboration frameworks need to be formalised, especially regarding mechanisms for twoway information sharing. This requires significant speed and direction. It is also aligned with the NIS Co-operation Group’s report that recommends enhancing resilience through improved co-operation and information sharing among stakeholders. Alignment across the Nordics would significantly enhance collective security and preparedness.

Procurement requirements for preparedness

Increased expectations for businesses in the context of increased preparedness levels result in higher costs. A report from the Confederation of Swedish Enterprise highlights a critical dilemma: ”…a company’s ability to survive and develop depends on the ability to get paid for the work performed.” Both large and small business actors who have the capacity and wish to contribute to increased security and resilience face a significant challenge: few customers have the incentive or willingness to pay suppliers daily for the ability to deliver products or services continuously during war.

For business actors, predictable framework conditions and contract predictability are essential for making investment decisions. The Norwegian Defence Research Establishment (FFI) has identified challenges related to delivering services in the upper part of the crisis spectrum. This places entirely different demands on both authorities and businesses and will require new forms of co-operation and ways of working. This is challenging, but change can be facilitated within the framework of strategic partnerships.

Danish initiative: Nordic Tele-CERT – strengthening cybersecurity across borders

Denmark, through a proposal from Teleindustrien, Dansk Erhverv, and DI (as outlined in their joint political initiative on Digital Infrastructure 2025–2030), has suggested the creation of a Nordic tele-CERT. This initiative is aimed at fortifying cyber-security co-operation across the Nordic region. The concept suggests the creation of a collaborative framework, similar to a Computer Emergency Response Team (CERT), that would operate at a regional level across the Nordic countries to address cyber-security threats and incidents affecting telecommunication infrastructure. This tele-CERT would involve the collaboration of telecommunications companies and possibly other stakeholders across the Nordic region to share intelligence, coordinate responses to cyber threats, and strengthen the overall security posture of the telecommunications sector.

The price of preparedness: can businesses sustain total defence demands?

The conditions for companies to survive and develop depend on their ability to get paid for the work they perform. Products or services that no one is willing to pay for in the long term will not survive and will be outcompeted. Businesses that carry too high a risk in relation to potential profits, and operations that incur higher costs than competitors, cannot survive in the long term. Increased expectations for companies to plan for their Total Defence needs lead to higher costs. Very few customers have the incentive or willingness to pay their suppliers on a daily basis to ensure that goods or services can be continuously delivered during wartime.

From the Confederation of Swedish Enterprise: Konkurrenskraftiga företag stärker försörjningsberedskapen och totalförsvaret, Strategic Recommendations for Industry, February 2024 (translated)

Security legislation creates barriers

National autonomy refers to the requirement that critical telecoms functions and their operations should be located within national borders. Authorities in all Nordic countries have, in different ways, tightened legislation and regulations related to national security. For telecom operators and their Nordic suppliers, a major challenge is the lack of alignment among national security laws in areas that affect cross-border co-operation and operations across these countries. Recent years have seen a trend towards fragmentation, which has unfortunately reduced the ability of businesses to build security based on common Nordic solutions. Further, the inability to share IT systems between Nordic countries due to these regulatory differences not only increases operational costs but also compromises security by necessitating the development of isolated, locally developed solutions.

For Telenor Nordics, fragmented security legislation in areas affecting cross-border co-operation and various national autonomy requirements mean we must dismantle systems, infrastructures, and competence we have built over years. This trend also impacts our suppliers, who have sought to establish ”Centres of Excellence” in the Nordic region in recent years, an organisational setup that now is at risk of no longer functioning effectively. Such centres could also serve as hubs of innovation and training, attracting top talent and fostering cutting-edge research and development in cyber-security and related fields. Beyond enhancing the region’s digital resilience, such co-operation can significantly boost Nordic innovation and competitiveness and attract international investment and position the Nordics as a leader in digital innovation and cyber-security.

The telecom industry is inherently international and technology-driven, relying primarily on international equipment suppliers. These suppliers typically have numerous offices in various countries, many of which are outside both Europe and NATO. It is natural and necessary for all telecom operators to use these suppliers to develop, maintain, and support the platforms they sell to remain relevant. It is neither practical, desirable from a quality perspective, nor economically viable to exclusively limit the set of suppliers. At the same time, it is extremely challenging to security-clear and authorise the entire supply chain. However, we acknowledge the criticality of supply chain security as set out in the NIS Co-operation Groups report.

As more businesses are likely to become subject to security laws, this challenge will only grow. This should be a serious concern for responsible authorities and represents a setback for Nordic co-operation, innovation, and effective competition. Telenor is also concerned that national ”control” is being defined as national ”ownership,” which can undermine the broader framework that includes Nordic and NATO interests. We safeguard both national and our own interests within this framework and believe that a more integrated approach is crucial.

The Norwegian government on Nordic Integration:

”The government sees a clear need for Norway to adopt a highly unified approach with our Nordic allies regarding civil support for military forces. On the military side, close co-operation has already begun. However, close collaboration and direct coordination between civilian sectors in the three countries are also necessary. There is ongoing preparedness co-operation between certain civilian sectors and actors with counterparts in the Nordic countries. For instance, agreements have been made on crisis trade and supply co-operation between Norway, Finland, and Sweden. The government recognises the need to further strengthen Norway’s civil preparedness co-operation with Finland and Sweden to support the collective ability to provide effective civil support to military forces in times of war.“

From:
Prop. 87 S (2023-2024) The Norwegian Defence Pledge Long-term Defence Plan 2025–2036

Leveraging opportunities in Nordic co-operation

Telenor’s top priority for improved preparedness is a Nordic initiative aimed at overcoming obstacles to regional co-operation. By exploring solutions to better utilise scarce personnel resources between neighbouring Nordic countries and leveraging shared technical infrastructure such as fibre networks and data centres, we can enhance national supply security with more resources readily available near all countries in the Nordic region. This collaborative approach will also strengthen the Nordic region as a whole and encourage multinational technology providers to establish competence centres within the Nordics.

Telenor Nordics expects Norwegian authorities to take concrete initiatives in their upcoming White Paper on Total Preparedness to follow up on the Total Preparedness Commission’s proposals for co-operation on digital security and increased preparedness in the Nordics. Such co-operation will necessitate changes and carefully considered adjustments and targeted alignmentof national regulations in areas affecting cross-border co-operation. The Nordic industry can contribute to solutions within a Nordic and allied framework in areas such as mobile core networks, data centres, and transport networks. It is imperative to initiate these efforts promptly and for leadership on stepping up Nordic co-operation in the digital realm.

Realistic training and exercises

To prepare for new threats in our neighbouring areas, it is important for the Nordic countries to engage in targeted training and well-planned exercises that simulate previously unthinkable scenarios. These exercises should prioritise real-world challenges and scenarios that reflect the current threat landscape. By conducting across sector training, we can better understand the interdependencies among businesses and gain insights into potential ripple effects and the scope of actual crises. Since 2017, Telenor Norway has organised ’Exercise Bukkesprang,’ Norway’s largest cross-sector ’live fire’ exercise in digital incident management, in collaboration with the Norwegian Armed Forces Cyber Defense (Cyberforsvaret) and, since 2023, with the National Security Authority (NSM). This exercise aims to strengthen Norway’s total defence and is a significant contribution to digital total preparedness.

Another notable example of a collaborative defence effort is the Nordic Response 2024 exercise, which involved more than 20,000 troops from 13 allied nations, demonstrating NATO’s capability to defend the Nordic countries.5 This exercise included extensive military and civilian co-operation, highlighting the importance of integrated training for both military and civilian emergency services. Further, the annual Exercise Locked Shields, organised by the NATO Co-operative Cyber Defence Centre of Excellence (CCDCOE) in Estonia, is the world’s largest and most complex live-fire cyber defence exercise. Locked Shields 2024 involved 4,000 experts from over 40 countries, focusing on protecting critical infrastructure from cyber threats using cutting-edge technologies such as artificial intelligence and 5G. This exercise underscores the importance of international co-operation in cyber-security, preparing nations to face sophisticated cyber threats as a coalition.

In Norway, the Directorate for Civil Protection (DSB) will lead the planning, execution, and evaluation of digital exercise in 2025 in co-operation with the National Security Authority (NSM). The aim is to strengthen society’s resilience against digital attacks by involving civilian sectors, the Armed Forces, and private industry to test and enhance Total Defence capabilities.

To maintain and enhance preparedness and response, Telenor supports continued interaction in incident management and security exercises involving businesses. There is a need for cross-sector training arenas to test co-operation, coordination, and leadership. A key shortfall is the lack of common platforms for information sharing. Increasing the use of exercises both within and across markets can strengthen co-operation and leadership at all levels, build knowledge of capabilities, and develop essential networks. By focusing on realistic training, the Nordic countries can significantly enhance their preparedness for various threats, ensuring robust and coordinated crisis responses.

Since 2017, Telenor Norway has organised ‘Exercise Bukkesprang,’ Norway’s largest cross-sector ‘live fire‘ exercise in digital incident management.

Digital exercise 2025 in Norway

The Directorate for Civil Protection (DSB) has been tasked with leading the planning, execution, and evaluation of Exercise Digital 2025. This exercise is to be planned in close co-operation with the National Security Authority (NSM). The aim of the exercise is to strengthen society’s ability to withstand digital attacks. The exercise will take place in the autumn of 2025 and will involve entities from civilian sectors, the Armed Forces, and private industry. The exercise is intended to test the total defence’s ability to detect, manage, and coordinate a complex digital incident across sectors. Additionally, it will assess the total defence’s ability to communicate and co-operate during the management of the consequences of the digital incident.

From DSB: Totalforsvarsøvelse - Øvelse Digital 2025

Willingness to change

In today’s rapidly evolving security landscape, it is imperative for Telenor to utilise our employees across the Nordic region, employ supplier personnel in our four markets, and share technical solutions and infrastructure across borders. Our ambition is to protect communication, content, and critical infrastructure without delay.

In an increasingly complex world with mounting pressures on talent and expertise, and a growing concentration of the supplier market with extended supply chains, each Nordic country individually becomes too small. Telenor therefore advocates for the establishment of a coordinated Nordic approach to security clearance and authorisation of personnel. While each country would continue to handle its own clearances, following aligned and streamlined principles are essential for seamless cross border co-operation. This approach should also include targeted initiatives on shared transport networks, mobile core networks, and data centres, enhancing resilience while upholding national autonomy.

The time for action is now. To achieve these goals, we must foster close technical co-operation between companies and organisations across borders, driven by results-oriented leadership. Achieving this will require balanced harmonisation of security legislation in areas hindering cross-border co-operation and significantly increased levels of collaboration between national regulators. Recent initiatives, such as the Nordic Defence Co-operation’s (NORDEFCO) Vision 2030, emphasise the need for closer collaboration among Nordic countries to enhance joint military and civilian preparedness. This vision calls for strengthening of our collective defence strategies within NATO’s framework. (6) In addition, the Nordic Council’s exploration of deeper regional cyber-security co-operation highlights the urgent need for integrated efforts to address shared threats and enhance resilience across the region. (7)

Collaboration initiatives such as the Haga Co-operation have already proven effective for political and administrative coordination within civil emergency preparedness. With Sweden and Finland now part of NATO, there are significant opportunities to expand military co-operation on resilience, further solidifying Nordic collaboration and ensuring comprehensive regional security.

A united Nordic region within NATO provides a historically strong security policy foundation for changing attitudes and culture. By intensifying security co-operation across the Nordic region without delay, we vastly improve conditions for ensuring an effective, secure, and robust total defence. The stakes are too high to postpone action. We are committed to making the necessary changes now, as there is no time to waste.

Siktemerke med glans_icon
  1. Establish a Nordic regime for security clearance and authorisation:
    Develop a coordinated Nordic framework for security clearance and authorisation of personnel, guided by shared principles. This framework would streamline the process of clearing and authorising personnel across borders, enabling more efficient cross-border co-operation while maintaining high security standards

  2. Operationalise national autonomy requirements:
    Review and design national autonomy requirements to allow for cross border co-operation where appropriate. This approach facilitates the sharing of technical solutions and infrastructure in key geographical areas, ultimately enhancing robustness and resilience throughout the region. It strikes a balance between maintaining national sovereignty and leveraging the practical benefits of Nordic collaboration

  3. Enhance information sharing:
    Establish robust solutions for interaction and facilitate better access to two-way sharing of threat and security information between the public and private sectors, as well as between affiliated privatesector entities across the Nordics. This approach will ensure that both key defence actors and businesses operating in multiple Nordic regions are better equipped to respond effectively to evolving threats

  4. Integrate long-term preparedness in public procurement:
    Implement requirements that ensure long-term preparedness and national security interests are safeguarded in public procurement processes. This is crucial as economic factors play a key role in maintaining a sustainable and secure infrastructure