Resilience and security in telecom infrastructure are not luxuries but necessities. Telenor is reinforcing its internal resilience efforts by investing in more robust systems and enhanced cyber defences across the Nordic region. With Sweden and Finland joining NATO in 2024, along-side long-time members Norway and Denmark, the security landscape in the region has also been reshaped. This integration enhances the collective defence posture of the region, facilitating a more coordinated response to emerging threats against critical infrastructure and broader societal stability.

Robust and secure communication is essential for crisis management and national security, particularly during high-intensity conflicts. The threat landscape can change rapidly, and we must learn to manage this uncertainty. To protect our digital backbone, we will continue to invest in resilient systems and enhanced cyber defences. This requires robust preparedness, an updated situational understanding, and holistic and thoughtfully designed solutions tailored to specific regional needs. This aligns with the recent NIS Co-operation Group’s first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors, which calls for enhanced collective cyber situational awareness and crisis management. (4)

Access to expertise

The Nordic region faces a growing challenge in accessing expertise in technology and security fields. There is a shortage of specialised competence, particularly regarding the availability of personnel who can also get a security-clearance. This shortage impacts the ability to develop and maintain robust cyber-security measures and advanced technological infrastructure, which are critical for national and regional security. In Sweden, the Security Service (Säkerhetspolisen) has highlighted the need to investigate how the Swedish security clearance system aligns with NATO’s requirements. The introduction of a more efficient clearance system in Sweden could address the administrative burdens currently faced by oversight bodies and operators, particularly in light of Sweden’s recent NATO membership.

Telenor believes that enhanced Nordic co-operation in areas hindering cross-border collaboration, such as on security clearance processes, can provide the necessary scale to address this issue. Here the roles of both the EU and national governments are important for creating harmonised frameworks that support cross-border security measures. However, this approach should carefully consider national contexts and specific regional needs, particularly where existing regulations already provide adequate security without imposing undue burdens. By aligning security policies and clearance standards across the Nordic countries, it becomes easier to share resources and expertise, facilitating a more robust and unified approach to cyber-security, technological development, and security that enhances our collective resilience against cyber threats.

In Norway, Telenor has long advocated for closer integration of businesses into Total Defence, i.e. a comprehensive national defence strategy that integrates both military and civilian resources to safeguard the nation during times of crisis or war. It is therefore positive that the recommendations from the Norwegian Defence Commission and the Norwegian Total Preparedness Commission clearly recognise the importance of using businesses as preparedness actors and resources. This approach should be expanded to a Nordic scale, incorporating regional initiatives that align business preparedness efforts across all Nordic countries. The long-term plan for the Norwegian Armed Forces states that it is ”necessary to rethink how business actors can better be integrated into total defence”.

Large business actors in the Nordics, operating in sectors such as finance, energy, food, and telecom, possess critical competencies and capacities essential for maintaining societal and national security. These companies own and manage vital infrastructure, making their role in total defence crucial. They provide valuable insight and expertise on the critical civilian functions they help maintain, contributing to the fulfilment of the Nordic countries’ obligations under NATO’s seven baseline requirements.

However, a significant challenge remains. Security laws and regulations in the Nordic countries have all become stricter, and their national implementations vary. The challenge is both horizontal and vertical: horizontally, regulations differ between countries; vertically, the implementation of security regulations varies across sectors within each national market.

For example, in Sweden, the current Security Protection Ordinance imposes significant restrictions on the ability of private corporate groups to share security-sensitive information within their own structures, hindering effective crisis preparedness and total defence planning. This regulatory burden leads to retrospective situational reporting rather than forward-looking crisis management. Amending the ordinance to allow for security protection agreements within corporate groups would be a crucial step towards more effective total defence integration. However, this amendment should also extend beyond total defence aspects to facilitate a broader scope of information sharing with the private sector.

Further, the Nordic dimension adds another layer of complexity. The lack of aligned implementation of security protection agreements and security clearances makes it difficult for companies to maintain shared infrastructure or fully engage in collaborative activities across the region. To overcome these obstacles, targeted alignment in specific areas hindering cross-border co-operation, with a focus on streamlined and efficient regulations, enabling smoother cross-border co-operation would be ideal. The Nordic Council has long championed the idea of removing barriers to cross-border co-operation and enhancing the freedom of movement within the region.

One significant hurdle for increased cross-sector collaboration is that businesses with a Nordic footprint lack adequate access to updated threat and security information and solutions for secure interaction with competent national authorities. This is a governmental responsibility and requires attention. Common initiatives across security authorities to provide open threat assessments would therefore be relevant for businesses working on risk management. One such initiative comes from Denmark, the tele-CERT proposal for how businesses and governments can collaborate more closely on cyber-security, integrating private sector capabilities into national and regional defence strategies.

Another example, specific to Norway but with the potential for wider Nordic application, is the Norwegian Business and Industry Security Council (Næringslivets Sikkerhetsråd – NSR). NSR is developing a new concept to enhance security and preparedness within the business sector. Their goal is to establish a Business Preparedness and Security Centre (NBSS), which will strengthen both physical and digital security, as well as overall preparedness in Norwegian businesses. The NBSS is designed to complement, not replace, existing collaboration between businesses and public authorities where those mechanisms are already effective. NSR sees significant value in integrating digital and physical security with preparedness under one framework. A key feature of the NBSS will be its capacity to send and receive warnings, ensuring that businesses are informed and prepared for any type of incident. For small and medium- sized businesses, which may struggle with the distinctions between these areas, the NBSS will offer predictability and clarity. Moreover, the NBSS will streamline communication between the business sector and public authorities, providing a unified point of contact that enhances co-operation and efficiency.

Telenor Nordics supports establishing closer co-operation on preparedness and crisis management. For such co-operation to be effective, governance and collaboration frameworks need to be formalised, especially regarding mechanisms for twoway information sharing. This requires significant speed and direction. It is also aligned with the NIS Co-operation Group’s report that recommends enhancing resilience through improved co-operation and information sharing among stakeholders. Alignment across the Nordics would significantly enhance collective security and preparedness.

Procurement requirements for preparedness

Increased expectations for businesses in the context of increased preparedness levels result in higher costs. A report from the Confederation of Swedish Enterprise highlights a critical dilemma: ”…a company’s ability to survive and develop depends on the ability to get paid for the work performed.” Both large and small business actors who have the capacity and wish to contribute to increased security and resilience face a significant challenge: few customers have the incentive or willingness to pay suppliers daily for the ability to deliver products or services continuously during war.

For business actors, predictable framework conditions and contract predictability are essential for making investment decisions. The Norwegian Defence Research Establishment (FFI) has identified challenges related to delivering services in the upper part of the crisis spectrum. This places entirely different demands on both authorities and businesses and will require new forms of co-operation and ways of working. This is challenging, but change can be facilitated within the framework of strategic partnerships.

To prepare for new threats in our neighbouring areas, it is important for the Nordic countries to engage in targeted training and well-planned exercises that simulate previously unthinkable scenarios. These exercises should prioritise real-world challenges and scenarios that reflect the current threat landscape. By conducting across sector training, we can better understand the interdependencies among businesses and gain insights into potential ripple effects and the scope of actual crises. Since 2017, Telenor Norway has organised ’Exercise Bukkesprang,’ Norway’s largest cross-sector ’live fire’ exercise in digital incident management, in collaboration with the Norwegian Armed Forces Cyber Defense (Cyberforsvaret) and, since 2023, with the National Security Authority (NSM). This exercise aims to strengthen Norway’s total defence and is a significant contribution to digital total preparedness.

Another notable example of a collaborative defence effort is the Nordic Response 2024 exercise, which involved more than 20,000 troops from 13 allied nations, demonstrating NATO’s capability to defend the Nordic countries.5 This exercise included extensive military and civilian co-operation, highlighting the importance of integrated training for both military and civilian emergency services. Further, the annual Exercise Locked Shields, organised by the NATO Co-operative Cyber Defence Centre of Excellence (CCDCOE) in Estonia, is the world’s largest and most complex live-fire cyber defence exercise. Locked Shields 2024 involved 4,000 experts from over 40 countries, focusing on protecting critical infrastructure from cyber threats using cutting-edge technologies such as artificial intelligence and 5G. This exercise underscores the importance of international co-operation in cyber-security, preparing nations to face sophisticated cyber threats as a coalition.

In Norway, the Directorate for Civil Protection (DSB) will lead the planning, execution, and evaluation of digital exercise in 2025 in co-operation with the National Security Authority (NSM). The aim is to strengthen society’s resilience against digital attacks by involving civilian sectors, the Armed Forces, and private industry to test and enhance Total Defence capabilities.

To maintain and enhance preparedness and response, Telenor supports continued interaction in incident management and security exercises involving businesses. There is a need for cross-sector training arenas to test co-operation, coordination, and leadership. A key shortfall is the lack of common platforms for information sharing. Increasing the use of exercises both within and across markets can strengthen co-operation and leadership at all levels, build knowledge of capabilities, and develop essential networks. By focusing on realistic training, the Nordic countries can significantly enhance their preparedness for various threats, ensuring robust and coordinated crisis responses.

In today’s rapidly evolving security landscape, it is imperative for Telenor to utilise our employees across the Nordic region, employ supplier personnel in our four markets, and share technical solutions and infrastructure across borders. Our ambition is to protect communication, content, and critical infrastructure without delay.

In an increasingly complex world with mounting pressures on talent and expertise, and a growing concentration of the supplier market with extended supply chains, each Nordic country individually becomes too small. Telenor therefore advocates for the establishment of a coordinated Nordic approach to security clearance and authorisation of personnel. While each country would continue to handle its own clearances, following aligned and streamlined principles are essential for seamless cross border co-operation. This approach should also include targeted initiatives on shared transport networks, mobile core networks, and data centres, enhancing resilience while upholding national autonomy.

The time for action is now. To achieve these goals, we must foster close technical co-operation between companies and organisations across borders, driven by results-oriented leadership. Achieving this will require balanced harmonisation of security legislation in areas hindering cross-border co-operation and significantly increased levels of collaboration between national regulators. Recent initiatives, such as the Nordic Defence Co-operation’s (NORDEFCO) Vision 2030, emphasise the need for closer collaboration among Nordic countries to enhance joint military and civilian preparedness. This vision calls for strengthening of our collective defence strategies within NATO’s framework. (6) In addition, the Nordic Council’s exploration of deeper regional cyber-security co-operation highlights the urgent need for integrated efforts to address shared threats and enhance resilience across the region. (7)

Collaboration initiatives such as the Haga Co-operation have already proven effective for political and administrative coordination within civil emergency preparedness. With Sweden and Finland now part of NATO, there are significant opportunities to expand military co-operation on resilience, further solidifying Nordic collaboration and ensuring comprehensive regional security.

A united Nordic region within NATO provides a historically strong security policy foundation for changing attitudes and culture. By intensifying security co-operation across the Nordic region without delay, we vastly improve conditions for ensuring an effective, secure, and robust total defence. The stakes are too high to postpone action. We are committed to making the necessary changes now, as there is no time to waste.