AI generated image by deeznutz1 via Pixabay
The scale and nature of cyber threats against governments is changing. In a Global Government Forum webinar, public sector experts from three countries discussed the causes, managing risk across the supply chain, and the part AI is playing in assisting perpetrators of cybercrime – and in defending against it
The cybersecurity threats faced by governments are always evolving, with criminals and state actors working hard to exploit vulnerabilities. In this webinar, experts from the national cybersecurity centres of Belgium, Norway and Finland shared insights into the factors behind the current cyber landscape and how governments can defend against attacks.
The session began with an overview of the changing nature of cyber threats against governments and public institutions, fuelled in part by geopolitics and an increase in the threat from state-sponsored actors.
Martin Albert-Hoff is director of Norway’s National Cyber Security Centre. He noted that the current geopolitical situation is playing a “huge role” in the changing cybersecurity landscape and driving an increase in cyber threats, attacks and related influence in politics, as well as use of cyber in warfare.
Janne Allonen, deputy cybersecurity director at the Ministry of Transport and Communications’ Office of the National Cyber Security Director of Finland, agreed that attacks are becoming more diverse.
The more traditional opportunistic incidents like phishing, ransomware, malware and distributed denial-of-service are still very common, he said, but these are increasingly interspersed with attacks by state actors like Russia, China and North Korea which are more sophisticated in nature.
At a time when governments and economies are increasingly digitised, attacks are becoming more frequent and more damaging.
One of the threats Norway faces, as highlighted in a report last year by the Norwegian Intelligence Service is ‘pre-positioning’, whereby state-sponsored actors work to establish a foothold in critical infrastructure to enable what Albert-Hoff described as “future digital sabotage”.
“We are getting more and more dependent on technology… and when you start using a lot of different types of technology, the situation gets more complex, and as the complexity grows, it’s harder to have a complete and holistic understanding of the vulnerabilities in our systems. That, in turn, exposes us,” he said.
“Pre-positioning and [cyber] sabotage could really hurt a digitalised society.”
Read more: Lessons from Canadian cyber-defence
Shoring up the supply chain
This led to a conversation about public sector reliance on private sector technology and how to ensure the supply chain is secure.
While Albert-Hoff acknowledged that a degree of digital dependency on private sector companies is necessary, he warned that the public sector should be “aware of the consequences when we put so many eggs in one basket”.
Another of the panellists, Taco Mulder, who works at the Centre for Cybersecurity Belgium, agreed. Some governments’ dependence on the private sector is very high, which is “totally understandable”, he said, but that makes it imperative not to “lose all your internal knowledge”. He advocates maintaining control over the supply chain through audits and certifications, for example, and building cybersecurity measures into procurement.
The European Union’s NIS2 Directive, which aims to enhance cybersecurity across the bloc by imposing stricter security requirements on a broader range of sectors and entities, is useful and is being integrated into new contracts, Mulder said. But with related obligations still being worked into law, contracts signed before the directive came in may not protect against cybersecurity weaknesses.
“There’s basically a constant revision and updating of the expectations of the supply chain,” he said.
Allonen pointed out that in Finland and many other countries, critical infrastructure related to energy, telecommunications, finance and healthcare is privately owned.
“This makes the private sector the lifeblood of national cybersecurity,” he said.
Collaboration, therefore, is critical. Finland’s National Cyber Security Centre has established information sharing and analysis centres that bring together companies – some of them competitors – from 16 sectors with a focus on exchanging information between them and across the whole of government.
And digital sovereignty is another issue, with Mulder highlighting that it’s sensible not to be too dependent on suppliers in countries “that could basically cut us off and put us on the black list if we don’t agree on certain issues”.
Read more: Ukraine ‘deepens cooperation’ with Estonia in digital governance and cybersecurity
Basic cyber hygiene being missed
At a more foundational level, creating the conditions for good cybersecurity in government relies on civil and public servants practicing basic cyber hygiene. This includes measures such as choosing strong passwords and changing them regularly, using multi-factor authentication, and ensuring IT security updates are installed – all of which can drastically increase the protection of government systems.
Yet Albert-Hoff expressed frustration that simple measures are being missed. He believes that more needs to be done to embed cyber hygiene and to ensure practices are kept up-to-date. “I’ve been in cybersecurity for 25 years and I see that it’s a topic now in boardrooms and at senior management level, and that’s good, but it’s not moving fast enough,” he said.
“I’m honestly getting really tired of advising on updating to the latest secure [software] version – that should be unnecessary so that we can focus on the really serious stuff. But still we are telling people to change their passwords.”
As the panellists highlighted, cybersecurity ‘fatigue’ – where repetitive security tasks leads to a decrease in vigilance and compliance – can be a problem.
Mulder called it “wishful thinking” but wondered aloud whether it might be an idea to require employees to pass a cyber hygiene test before they can use government systems and to re-test them periodically.
Read more: Responsibility for UK public sector cybersecurity moves to Government Digital Service
AI: a threat and an opportunity
Talk turned to artificial intelligence and its use by adversaries to plan and commit cyber attacks, as well as the use of AI by government organisations to defend themselves.
In Mulder’s opinion, one of the problems with AI is the belief among developers – whether internal or external – that the architecture and software they’ve created is safe, when in reality it may not be.
“Everybody thinks they know what they’re working on but a lot of people tend to believe that they know more than they really do, which, if you look at your architecture, is a huge vulnerability.”
He added: “A lot of AI is developed through tools like GitHub, which is fine, but even the developers themselves could potentially include attack code.”
For Allonen, there are two applications of AI in cybercrime that he finds particularly worrying. One is the use of deepfakes. The other is the use of AI to generate convincing, personalised phishing emails and to translate messages into any language almost perfectly, helping criminals orchestrate phishing campaigns and social engineering on an even bigger scale.
He also pointed out that AI can be used to gather intelligence, to scan for weaknesses and identify vulnerabilities, and to run simulations for adversaries.
AI presents what Mulder called a “multi-pronged danger”, but it is also an opportunity. He gave the example of hospitals, which can face millions of cyber-attacks every day: “There’s no human who can fight that, so the maturity increase [of AI] is also [beneficial] on the defensive side.”
Allonen agreed, adding that AI can support real-time decision-making, simulate attack scenarios, and aid in cyber exercises.
But as Albert-Hoff warned, there are also risks tied to adopting artificial intelligence too quickly. “We can unintentionally have some major incidents by using AI because we don’t understand how to use it in a proper way,” he said.
Geopolitical events and tensions and the growing presence of state actors in the cyber landscape, increasing digitisation, and technologies like AI are all quickening the pace of change in cybersecurity, and as Allonen made clear: “The bad guys run a little bit faster than the legislation or authorities can keep up.”
He recalled Finnish cybercrime expert Mikko Hypponen saying that 20 years ago, mobile phones were so big “you almost needed a truck to carry one with you”, but that now everybody has a supercomputer in their hand.
“That has happened in only 20 years. Imagine what technology brings within the next 20 years,” Allonen said.
Governments will have their work cut out to keep up with the new threats that emerge as a result – but with more and more countries establishing dedicated national cybersecurity centres, building related expertise and sharing intelligence, they are in a good place to outwit their adversaries.
The ‘How to tackle the most common cyber threats government faces’ webinar was hosted by Global Government Forum and took place on 20 November 2025. Watch the webinar in full here and hear the panellists’ discuss a range of other cyber-related topics, including:
- International collaboration and information exchange between countries and entities
- Whether it’s feasible for small countries to have a dedicated cyber centre, how they can build alliances with other countries to shore up their defences
- Legislative gaps in relation to AI in cybersecurity and how to close them
- More on basic cyber hygiene and how to encourage civil and public servants to adopt simple measures that will help protect government systems
- More on cybersecurity across the supply chain
