Author: James Malcolm

In an effort to better understand how other European countries are approaching multi-actor crisis information-sharing in the subsea space, the Salient project has international data collection opportunities included. As part of this lessons learnt activity, Robert and I recently visited Helsinki. It was an illuminating trip where various Finnish stakeholders generously shared their experiences and insights.

We learnt about how both geography and history have long shaped Finland’s approach to national security, the country’s comprehensive security concept, and the ways in which government/industry information-sharing is structured and trusting relationships are built. We also learnt about how Finland has responded to recent subsea infrastructure security incidents in the Baltic Sea.

While data analysis is ongoing and transferring insights from one country to another can be complicated, especially when those two countries have key differences (think the differences in population size), it is far from impossible. Both the UK and Finland have a long maritime history, both are acutely aware of the importance and vulnerabilities of subsea infrastructure, and both now sit alongside each other in NATO, thinking through these common security challenges. Indeed, for me, two initial information-sharing puzzles emerged out of the visit and are exercising my thinking.

The first puzzle is around establishing and communicating a common, national narrative around security. Finland has long had to consider its security through a lens that envisions possible existential challenges given its long shared border and its interwoven history with Russia. But this also provides the country with a hook on which national security and resilience efforts are placed. The country maintains compulsory military service for all men over 18 and has long established arrangements to ensure the stability of core functions, such as food supplies, in times of crisis. This focus on societal preparedness and resilience is both constant and continually being updated. For example, the country’s National Emergency Supply Agency has framed its most recent strategy around the ‘Shockproof Finland’ concept, “aligning the content and scaling of preparedness work with the requirements of the changed security environment” (NESA website).

Building such a national effort around societal preparedness and resilience is undoubtedly complex, time-consuming and multi-faceted. I am aware that the UK has its own ecosystem here, including, for example, Local Resilience Forums. I am keen to learn more about the nature and scope of this work, but as a member of the public I can’t say I have a clear sense of a national narrative in this space. Of course the characteristics of a societal preparedness and resilience agenda and its associated governance architecture would differ from that seen in Finland. But I left Helsinki wondering how the kind of national mission to ensure say, the resilience of supply chains, could be built in the UK particularly when we have a different history, differing threat perceptions, and distinctions in political culture. What combination of leadership, strategic communications strategy and governance arrangements could support these efforts in the UK?

The second puzzle is around determining how important the length of information-sharing chains is for improving multi-actor knowledge transfer in the UK. It was repeatedly noted in our interviews that the relatively small size of Finland’s population and the accompanying smallness of the community responsible for subsea infrastructure security had an impact on information-sharing. On the positive side of the ledger, my first impression is that it can help insulate the country against the kind of continuity challenges around knowledge transfer often noted in relation to the UK with our large civil service characterised by regular staff rotation. In Finland efforts to sustain the interpersonal relationships that underpin effective sharing seemed to be helped by the small size of the stakeholder community. Yes, individuals still change jobs, but given the parameters of the operational ecosystem are smaller, these individuals were not necessarily moving so far away that connections become harder to sustain.

The importance of proximity in building and sustaining effective working has long been discussed. Nearly two decades ago, in my PhD study into UK port security, the benefits for information-sharing that physically embedding staff from one department in the office of another department were clearly articulated during data collection. Here embedding staff helped to literally reduce the space between organisations, creating an opportunity for shared understanding and trust to develop. But in the larger stakeholder network associated with UK subsea infrastructure security, I left Helsinki wondering in what other ways the space between actors could be reduced to help replicate a natural advantage of smallness.

If you have any reflections on this post and/or any suggestions on literature I can look at for inspiration, please do get in touch at subseasecurity@coventry.ac.uk

Two weeks ago, Robert and I, had the pleasure of introducing our SALIENT funded project at a NATO Advanced Research Workshop in the Republic of Ireland. The workshop, ‘Integrating Cyber Awareness in Government and Private Sector Networks for Cooperative Critical Underwater Infrastructure Protection’, was funded through NATO’s Science for Peace and Security programme. We were two members of the four person organising committee.

The event brought together civil servants, security personnel, subsea cable industry representatives and academics from multiple European countries to discuss cable security. Across one and a half days, discussions focused on the current threat situation around subsea cables and the technological and governance responses being deployed to enhance cable security, particularly in Northern European waters.

While the full set of insights from the event will be captured in a forthcoming project report and edited volume, I was struck by a couple of things in particular. First, there was fascinating analysis of the different ways cables could be weaponised and recognition of the need to consider the whole cable supply chain when considering risk and resilience. There was also passionate discussion about the implications of the increased securitisation of cables for the broader governance of the sector, alongside principles such as freedom of navigation. Securitisation has practical consequences on how the day-to-day functioning of the subsea cable industry operates and we need to understand these impacts, positive or negative, in greater detail.

Second, there was common agreement that a multiplicity of actors – state and non-state – have a role to play in cable security and that a whole of society approach was needed to pursue greater subsea cable resilience. The work of NATO, the European Union, and different European governments was discussed and the importance of trust building to underpin these collaborative efforts was a consistent theme. The workshop emphasised that there remain challenges in facilitating effective cooperation, particularly between governments and industry, with differences between collective approaches to risk management, data/knowledge sharing and long-term planning noted.

Overall, I was struck by the commonality of purpose expressed by those present at the workshop. There was universal agreement that subsea cables were important, that the potential negative impact of a major security incident across multiple cables could be significant, even if the likelihood of such an event remains relatively low. There was acceptance that no one group of actors, or one country can tackle the security challenge alone; that cooperative forums exist within and between countries, but they could be more effectively utilised. This is a timely reminder that committing to cooperation and subsequently establishing top-level structures to facilitate it is so often easier that ensuring the mechanics of cooperation on a day-to-day basis function optimally in different threat environments. It is here that I hope our SALIENT project on multi-actor crisis information-sharing can make a positive contribution to knowledge and practice.

Our SALIENT project is one part of a wider portfolio of funded projects the Centre for Peace and Security (CPS) are currently delivering in relation to Critical Maritime Infrastructure Protection (CMIP).

CPS are working with Professor Ian Speller (Maynooth University) on a NATO Science for Peace and Security project titled, ‘Integrating Cyber Awareness in Government and Private Sector Networks for Cooperative Critical Underwater Infrastructure Protection’. Centred on a two-day workshop, the project will bring together state and non-state actors to examine key cyber-physical vulnerabilities facing North Atlantic undersea cable networks through the lens of hybrid warfare tactics. The event will facilitate a shared understanding of the threat landscape, identify gaps, and assess existing EU-NATO policies and jurisdictional authorities related to securing this vital infrastructure.

Our other project, ‘Improving multi-actor cooperation to protect subsea infrastructure in the Republic of Ireland and United Kingdom’ is funded through a grant from Coventry University’s Economic and Social Research Council Impact Acceleration Account. This project aims to map the actors involved in subsea security efforts in both the Republic of Ireland and United Kingdom alongside ongoing cooperation activity between the two countries in this space. Focused on day-to-day interactions, the project provides an important grounding for SALIENT’s crisis-specific analysis of multi-actor information-sharing in the UK.