It may be January, but political climate is heating up in the Arctic, and through the Commonwealth with Greenland, Denmark is receiving increasing attention from digital and military superpowers.
Militarily, Denmark is obliged to protect Greenland, but in terms of IT security, the situation is somewhat different. As a manager of three employees, Katrine Nathanielsen, head of Digitalimik Sullissinermut Aqutsisoqarfik (Greenland’s Agency for Digitisation), has to organize Greenland's cyber defence:
“If there is a Russian hacker that wants to get in, the risk of him succeeding is quite high,” she says, elaborating:
“We have to assume that at some point there will be a breach. Then it’s more a question of how quickly we can shut it down, contain it, and get back into operation. That is the reality we have to live with, she says, explaining that it is ultimately a question of how good basic IT security is, and refers to common cyber hygiene such as firewalls, logging, and awareness.
And it is not just anyone Katrine Nathanielsen has to keep out of Greenland’s IT systems.
In 2019, the then President of the United States Donald Trump expressed the desire to buy Greenland, and China has on several occasions openly shown interest in the large northern country with a small population—especially for the minerals in its subsoil. For years, Russia has been arming itself and patrolling diligently in the Arctic region, in which ice-free passages are opening up new strategic trade routes.
“People are definitely keeping a closer eye on each other in the Arctic than ten years ago,” says Major Henrik Gram Pedersen, head of Center for Arctic Security Studies at the Royal Danish Defence College.
Minister of Defence Trine Bramsen agrees with that assessment and writes in a reply to Version2 that the cyber threat against Greenland is quite real:
“In the Danish Commonwealth, there are attacks or attempts at attacks on companies and authorities on a daily basis. It is obvious that Greenland is, due to its geographical location, particularly vulnerable if critical functions are attacked.”
This is backed up by a recent report from the Danish Security and Intelligence Service (PET), which highlights that there is an extensive risk of cyber espionage in Greenland and Denmark.
But what threats does Greenland have to protect itself against? If you ask three experts and PET, the answer is simple: the same ones as Denmark.
PET's report specifically mentions the threat of so-called “influence operations and espionage” against Faroese and Greenlandic authorities, decision-makers, businesses and research institutions, and draws particular attention to China and Russia.
Mark Fiedel, acting head of the Danish Centre for Cyber Security, shares this view:
“Criminal and government hackers don’t care about borders, as long as they get what they’re looking for. That’s why they are just as likely to attack Greenland as they are to attack Denmark if they get the same information out of it.”
He says that information of interest that could certainly be stolen from both countries is information about the Danish Commonwealth’s research, geopolitics and security policy, as well as knowledge about raw materials and maritime transport.
“The technical implementation of a threat to Greenland is the same as of a threat to Denmark. It’s therefore also by and large the same means that are used to attack and defend oneself,” Mark Fiedel says and explains that hackers often go for the easiest and least costly target.
He is backed by Jacob Herbst, CTO at the security company Dubex and member of the Danish Cyber Security Council.
“In Denmark, one would typically go after the Danish Energy Agency, the Ministry of Foreign Affairs, etc. to get hold of this important information. The question is then, how much of the information that could be retrieved in Denmark is also available in Greenland, and is Denmark at increased risk because the information is also there,” he asks and says that Greenland is struggling with some of the same challenges as Denmark when it comes to IT security.
“In Greenland, there’s a challenge in terms of competences because it’s a small country. It’s possible to compensate in different ways, but things are more complicated when they take place over distance, and cyber incidents are no exception,” Jacob Herbst says and continues:
“There are some vulnerabilities in Greenland that are completely different because of its geography. Digital communication is even more important, and supply shortages can be outright dangerous.”
More specifically, Greenland’s digital connection to the outside world rests on two submarine communications cables—one from Iceland and one from Newfoundland in Canada. They both end in Nuuk, from where they are distributed to the west coast of Greenland, where most of the country’s inhabitants live. The technical setup makes Greenland vulnerable.
“It’s precisely when one’s as isolated and as exposed as Greenland that it’s easy to completely disrupt communication,” Jacob Herbst says, referring to the recent volcanic eruption in Tonga, which caused a frightening total blackout that made it harder to react to the situation.
“Both in Denmark and Greenland, we generally organize our society around the assumption that some fragile systems will work. So when we switch to a more digital society, also in Greenland, we forget how vulnerable we really are,” says Jacob Herbst, who believes that the West in general has “lulled itself to sleep somewhat in recent decades in relation to what the world is like out there”.
Conversely, he claims that physical attacks with infected USB sticks are less likely in a Greenlandic settlement than in Copenhagen.
Major Henrik Gram Pedersen believes that Greenland could have another role to play if the conflict between Russia and NATO in Ukraine escalates. He says that it is still too early to assess the consequences of the situation in Ukraine in the Arctic, but points out that it may be difficult to continue cooperating with Russia in the Arctic Council, even though Russia has so far spent its presidency of the Council in what the major describes as a “constructive way”.
“Greenland’s infrastructure is not in itself a definite military goal, but if the tensions from other areas spread, one could project their power by hitting civilian infrastructure and preventing society from functioning,” he says and is backed by Jacob Herbst:
“I could imagine a scenario in which Greenland is shaken to see how close its relationship to Denmark is when it really comes down to it.”
(The article continues below the picture...)
Although Katrine Nathanielsen believes that Greenland can and should stand on its own digital feet, the Danish Centre for Cyber Security rolled out its sensor network in Greenland in 2020. This happened after a debate in Denmark about the growing cyber threat against Greenland.
The sensor network will keep an eye on attacks on Greenland’s businesses and authorities.
“We set up monitoring in the Greenlandic network, so the dialogue is really good so far. The same measures that apply to the protection of Danish systems and networks now also apply to Greenland,” says Mark Fiedel from the Danish Centre for Cyber Security.
For Minister of Defence Trine Bramsen, cooperation between Denmark and Greenland is absolutely crucial:
“There is good and strong cooperation between Greenland and Denmark in the area, which is crucial in order to be able to withstand the significant threat that cyberattacks represent.”
Vi bygger bro med stærke vidensmedier, relevante events, nærværende netværk og Teknologiens Jobfinder, hvor vi forbinder kandidater og virksomheder.
Kalvebod Brygge 33. 1560 København V
Christina Blaagaard Collignon
Trine Reitz Bjerregaard