Abstract: Critical communication faces new challenges in terms of cybersecurity in the future. Lessons from Ukraine need to be understood and incorporated to better prepare modern societies. The rapid advancement of technology provides new solutions but also introduces more challenges. Being able to upgrade or adapt old systems to new technology rather than replace them entirely is more important than ever. Concepts such as physical and digital resilience, as well as dual-use systems and artificial intelligence, play a key role in developing solutions to future challenges. Cooperation between different actors and sectors of society is pivotal.
Problem statement: What are the future challenges and solutions of communication systems and their cybersecurity in modern societies?
So what?: How to ensure modern societies can withstand the next wave of cyber and communication threats—rather than be caught unprepared when critical systems come under attack?
Introduction
Technology is developing at a faster pace than ever before, while the war in Ukraine and others elsewhere are highlighting the challenges that critical infrastructure faces in such difficult conditions. New regulations are trying to meet these challenges, especially in the EU, but often also impose new ones in the process. A key part of critical infrastructure is critical communication, the future of which is very complex, but that does not mean it cannot be prepared for. There are lessons to be learned from conflicts around the world, and emerging technologies should be put to use based on those lessons.
When envisioning the requirements for future products, it is best to start by examining what they are currently. The logical first step is to review the relevant legislation, specifically the NIS2 directive and Finland’s recently enacted Cyber Security Act. At the heart of the Cyber Security Act are the new risk management and reporting obligations it imposes on operators within its scope. The law requires, among other things, the preparation of an operating model for risk management and the reporting of cyber incidents to the authorities. It also includes requirements related to organisations’ identity and access management, log management, and other more technical areas.[1]
When envisioning the requirements for future products, it is best to start by examining what they are currently.
The Cyber Security Act has been enacted as a result of the EU’s NIS2 Directive, which aims to strengthen both the EU’s common and the member states’ national level of cyber security in critical sectors. The most relevant requirements for communication technologies include protecting communication networks and systems, separating these systems from external environments, implementing access controls, and ensuring regular updates. Last but not least, the systems have to be usable in times of severe disturbances and unusual conditions as well.[2] This calls for resilience, both digital and physical.
Key Lessons from the War in Ukraine
The war in Ukraine has, first and foremost, shown how diverse modern warfare methods are and how quickly they can evolve. At the start of the war, Russia was attacking anything and everything in cyberspace, but since then, the attacks in cyberspace have become more precise and targeted. Much more emphasis is placed on gathering intelligence and tailoring the attacks for each target to achieve the best possible results. The attacks are also more closely tied to military and intelligence operations than before.[3]
Ukraine had already improved its cyber capabilities in the years leading up to the 2022 full-scale invasion. For example, automated process control systems and their corresponding cybersecurity mechanisms were deployed. These systems consist of a hardware and software combination that uses sensors, controllers, and actuators to automatically monitor and regulate an industrial process and have successfully provided a high level of protection and functionality under conditions of armed aggression. According to Ukrainian sources, another key aspect of a successful cyber defence is, perhaps a little ironically, the effective use of offensive cyber capabilities. It seems that attack is the best defence in cyberspace as well.[4] The key ideas behind this thought are deterrence, pre-emptive strikes and effective retaliation.
The most vulnerable targets of Russian cyberattacks have been various parts of Ukrainian critical infrastructure, including the energy and telecommunications sectors. Attacks have been ongoing for over a decade, and new ones continue to occur. The most effective operations have resulted in widespread blackouts, complete shutdown of communications networks and growing public distrust of both governmental institutions and private companies alike. This highlights the immense importance of resilience in civilian infrastructure. Although not all cyberattacks are directed at civilians, they often find easier targets due to more relaxed security measures. The adoption of standardised (unique) hardware and infrastructure within organisations significantly enhances resilience and facilitates rapid recovery following cyber incidents. The importance of co-operation and support from the private sector, volunteers and especially partner states has been proven throughout the war in Ukraine.[5] Due to the war, Russia and Ukraine are developing roughly 10 times faster than non-warring states in the field of cyberwarfare.[6] Therefore, keeping track of developments within their conflict is crucial for staying up-to-date on current cyber capabilities and trends.
The most vulnerable targets of Russian cyberattacks have been various parts of Ukrainian critical infrastructure, including the energy and telecommunications sectors.
The cyber dimension appears to play a supporting role in kinetic conflicts worldwide, while also serving as a method of hybrid warfare. Recently, it has acted as a key component of information operations above all else. When it comes to Russia, it seems that most cyber resources are directed against countries supporting Ukraine, rather than Ukraine itself. Just like within Ukraine, communication systems seem to be a priority target for Russian operations in nations supporting Ukraine as well.[7] Even if a ceasefire in Ukraine were to come into effect, Russia would continue its cyber operations, which it tries to maintain below the threshold of traditional warfare. As such, national resilience needs to be strengthened even further.
Russia’s information operations outside Ukraine have likewise been targeting civilian societies in an attempt to change public opinion towards narratives that Russia could better exploit. Russia extensively utilises artificial intelligence in its information operations to generate an endless stream of content for social media and other similar platforms. The platforms disseminate disinformation by instructing AI models to generate large volumes of false narratives — for example, creating thousands of articles containing disinformation and publishing them online.[8]
The most recent example of this occurred in Moldova this year, where Russia used massive amounts of AI-generated disinformation to influence the parliamentary election. AI was used to, for example, impersonate Western media, flood comment sections with anti-EU comments and create completely new news sites that look legitimate at a glance while actually promoting Russian propaganda.[9] Russia is also using AI for reconnaissance and exploitation in cyber operations.[10] According to an official Ukrainian report, the use of AI in cyberattacks has reached a new level. Hackers use it not only to craft phishing messages but to create completely new malware as well.[11] Despite the use of AI and other developments in technology, the human factor remains the most vulnerable link in the cybersecurity and vulnerability management chain.[12]
Raising cyber awareness and maintaining a high level of cyber hygiene (including regular updates, strong passwords, and avoiding suspicious links and attachments) among personnel remains essential. Phishing attacks, malware deployment, and the creation of botnets are among Russia’s leading tactics for information theft and disruption of information and communication systems at this stage of the conflict.[13]
Future Communication Solutions as a Strategic Capability in a Global Context
In a conflict situation, whether it is kinetic or non-kinetic in nature, an attack will eventually succeed in disabling at least some parts of a system. When that happens, resilience steps in. First and foremost, systems need to have backups in case of a failure. Secondly, repairs must be made quickly.
Resilience is not limited only to physical infrastructure. The importance of digital resilience is often still overlooked, but in a modern digitised society, it is a crucial part of security. Digital resilience enables maintaining operations in exceptional conditions with minimal effort.[14] In an ideal situation, this capability is already included in the system during the design phase. If the system already exists, it is essential to identify the most critical components for maintaining continuity of service and understanding how the system responds to disturbances. If the system is critical and fails to remain operational during a disruption, it needs to be improved.[15] The support of reliable vendors and a well-functioning supply chain is critical.
Resilience is not limited only to physical infrastructure.
Dual-use systems improve resilience because interchangeable components and personnel between civilian and military system maintenance can significantly enhance the speed at which systems are repaired. If something can be used by both the military and civilian society, that means there will be more of them available, ensuring the logistics chains are not stretched too thin. It can also provide an opportunity to transfer a system from civilian to military use or the other way around, and means parts from one can be used in the other, greatly improving the scalability of military systems during crises. Regardless of whether the system is in civilian or military use, it is essential to remember that effective resilience requires personnel, in addition to components, to be close by; otherwise, repairs cannot be completed quickly.
Dual-use products are not without issues, primarily the differing requirements of security when comparing traditional civilian and military use cases. However, developing such products still provides a competitive edge to companies that wish to succeed in the current geopolitical environment. What needs to be kept in mind, however, is the risk-based approach to such products. That is what the cyber law[16] and the Critical Entities Resilience Directive[17] call for, but it is also the key to understanding the security requirements of military use cases. All data should not be processed on the same device, as gaining access to it would then instantly provide an attacker with all the information. This is also true for critical infrastructure, and separating systems from one another can be an effective way to prevent single threats from compromising entire capabilities.
Systems need to be customisable for different use cases and targets. Since different users will obviously have different use cases for the product, it must be easy to adapt it to those needs. When developing a dual-use product from the ground up, this has to be kept in mind. Quite often, it can mean that a system used primarily by civilian society needs to have its security improved when it is transferred into military use. 5G stand-alone (5GSA), a 5G network that is completely independent instead of partially relying on older 4G technology, can be a part of the solution through network slicing for critical services–delivering priority service, lower latency (the time it takes for data to travel from a user’s device to a server and back) and faster speeds.[18] The slicing could also be used to increase security, for example, by isolating the part of the network used by the military from its civilian counterpart.
The Open Radio Access Network is an emerging technology that can be used to optimise the radio network with the help of open interfaces and an advanced division model for radio network functions.[19] For example, some of the base station’s functions can be transferred to the cloud, allowing it to distribute the available radio capacity more efficiently to other base stations. The concept would be useful in the dynamically changing combat situations of military operations.[20] By integrating AI into the RAN architecture, the use of radio resources and frequency management can be optimised, and the overall efficiency of the system improved by enhancing adaptation to dynamically changing telecommunications and frequency conditions.[21] The real-time operations of the AI-RAN system place additional demands on the implementation and performance of AI algorithms due to resource and latency limitations, which can be somewhat mitigated by edge computing. It means performing some of the computation “at the edge”, in other words, near the physical origin of the information, instead of in the cloud. It can help reduce the strain on networks and speed up processes, since less data is sent to a data centre and back.[22]
A key requirement for effective communication is reliability. When looking at the war in Ukraine, the disruption of communications has been a recurring theme during the conflict. Methods that are more resistant to jamming and other forms of disruption have the potential to be real game changers on the battlefields of Ukraine and in any future conflict areas. AI integration can help tackle these issues, since AI-driven networks can enhance network efficiency, reduce latency, and enable seamless connectivity across satellite, aerial, and terrestrial networks.[23] Perhaps the most significant factor influencing the development of AI is quantum computing. Quantum computers also have a way to dramatically cut down the time it takes to solve the mathematical problems currently used to cypher communication from thousands of years to hours or even minutes. That is because, unlike normal computers, quantum computers can investigate all possible solutions simultaneously, thanks to superposition and quantum entanglement. Suffice to say, the ability of quantum computers to fairly easily break nearly every type of encryption method currently in use has huge implications for cybersecurity.[24]
A key requirement for effective communication is reliability.
The best way to prepare for this is likely to look for “crypto-agile” systems—ones where switching from one form of encryption to another is easy. This way, it will be much easier to keep up with the undoubtedly rapid updates to quantum-resistant encryption methods.
Another requirement for future communications systems will be the ability to divide information into different categories of protection, for example, into public, confidential and secret. Those could easily represent civilian, critical infrastructure, and military actors, as well as their requirements for communication security. It may not be necessary to protect civilian communication against quantum threats as early as military or critical infrastructure, since these sectors are more likely to be targeted by hostile actors with early quantum capabilities. The requirements for security differ in other aspects as well, so it is something to consider when designing dual-use systems.
Cloud technologies could improve resilience and enable more dual-use items to be easily integrated into defence solutions, with tactical edge computing further enhancing resilience and preventing network overload. Thus, cloud services could be one part of a solution for developing more flexible systems and structures. The scalability of cloud networks could enable unprecedented situational awareness, support for autonomous systems, real-time target tracking and more powerful simulation tools.[25] That said, not everything can be solved by cloud services. Even with a completely separate cloud system, security will remain a significant concern, and sensitive data may be best kept out of the cloud altogether. Therefore, the need for more traditional communication solutions remains.[26]
Cloud technologies could improve resilience and enable more dual-use items to be easily integrated into defence solutions, with tactical edge computing further enhancing resilience and preventing network overload.
Another key communications technology is satellite use, which has seen explosive growth over the past couple of years.[27] At the forefront of this change is the emergence of non-terrestrial networks (NTNs). They are capable of circumventing conventional ground infrastructure completely.[28] These days, satellite organisations supply high-speed access to even the most remote and underserved regions of the world by providing connectivity from space.[29] This has already been proven critical to Ukraine’s military command structure.[30] It does not take a lot of imagination to picture how important NTNs are in areas where critical infrastructure on the ground has been partially or entirely destroyed. To put it simply, NTNs are likely to become an almost mandatory backup system for both civilian and military communication during future crises.[31]
Strengthening National Resilience
By combining lessons from Ukraine and elsewhere with the possibilities of emerging technologies, it is possible to identify solutions to the future challenges of critical communication in modern societies. Perhaps the most essential requirement of any future critical infrastructure is resilience, both digital and physical. Especially based on the experiences from the war in Ukraine, resilience should include resistance to electronic warfare operations.
Systems need to be well protected, of course, but a foolproof system does not exist. When something eventually does go wrong, backup systems must be available, and the repair or replacement of the original must occur quickly. The way to facilitate this is by ensuring components and personnel are close enough to enable a quick response. Dual-use systems are one way to achieve this, as the expertise of personnel and interchangeable components can be borrowed from civilian systems to military ones and vice versa.
Systems need to be well protected, of course, but a foolproof system does not exist.
Dual-use systems do provide challenges, too. Ensuring sufficient security for the military use of civilian products is the most prominent one. Testing the systems and practising with them can also prove to be more challenging than it would be with strictly military systems, but Finland, fortunately, has a long history of close co-operation between the military and other parts of society. Future systems also need to be highly customisable, as the operational environment is constantly changing. This is most evident in Ukraine, where the development cycle of drones is becoming increasingly rapid.
Prominent trends in technology, such as AI, 5G/6G, satellites, cloud services, or quantum computing, are also expected to provide unique opportunities and challenges for communications systems.[32] It is therefore imperative to focus on the development of these key capabilities in the near future. Being able to adapt existing systems to new innovations and use cases is a significant financial and time-saving benefit compared to the prospect of acquiring completely new hardware and software every time a new capability is developed. Critical infrastructure operators must build a networked, cyber-secure entity that utilises alternative forms of data transfer and advanced technologies to achieve the necessary resilience at various operational levels.
[1] Finnish Information Security Cluster (FISC). NIS2 OPAS 1.0 REV 2. 2025. https://teknologiateollisuus.fi/fisc/wp-content/uploads/sites/11/2025/03/NIS2-OPAS-1.0-JULKAISU.pdf.
[2] Kyberturvallisuuslaki (124/2025). Finlex. Accessed November 12, 2025. https://www.finlex.fi/fi/lainsaadanto/saadoskokoelma/2025/124.
[3] Maksym Pavliuk, interview by Cyberwatch.
[4] Ibid.
[5] Ibid.
[6] Arto Räty, interview by Cyberwatch.
[7] Serhii Prokopenko, interview by Cyberwatch.
[8] Bulletin of the Atomic Scientists. “Russian Networks Flood the Internet with Propaganda, Aiming to Corrupt AI Chatbots.” March 2025. https://thebulletin.org/2025/03/russian-networks-flood-the-internet-with-propaganda-aiming-to-corrupt-ai-chatbots/.
[9] Euronews. “Inside Russia’s AI-Driven Disinformation Machine Shaping Moldova’s Election.” September 23, 2025. https://www.euronews.com/next/2025/09/23/inside-russias-ai-driven-disinformation-machine-shaping-moldovas-election.
[10] Serhii Prokopenko, interview by Cyberwatch.
[11] Maksym Pavliuk, interview by Cyberwatch.
[12] Державна служба спеціального зв’язку та захисту інформації України. Російські кібер операції: аналітика за I півріччя 2025 (TLP:CLEAR). 2025. https://cip.gov.ua/services/cm/api/attachment/download?id=71278.
[13] Maksym Pavliuk, interview by Cyberwatch.
[14] Gofore. “Digital Resilience in Finland – Who Protects Us in a Crisis?” Accessed November 12, 2025. https://gofore.com/en/digital-resilience-in-finland-who-protects-us/.
[15] Telia. “Tämä sinun tulisi tietää digitaalisesta huoltovarmuudesta.” Accessed November 12, 2025. https://www.telia.fi/yrityksille/artikkelit/artikkeli/tutustu-digitaaliseen-huoltovarmuuteen.
[16] Kyberturvallisuuslaki (124/2025). Finlex. Accessed November 12, 2025. https://www.finlex.fi/fi/lainsaadanto/saadoskokoelma/2025/124.
[17] Critical Entities Resilience Directive. “Home.” Accessed November 12, 2025. https://www.critical-entities-resilience-directive.com/.
[18] DNA Business. “5G mahdollistaa verkon viipaloinnin, mutta mitä se tarkoittaa?” 2025. https://www.dna.fi/yrityksille/blogi/-/blogs/5g-ssa-voit-viipaloida-yritysverkkosi-mita-se-kaytannossa-tarkoittaa.
[19] Viestiupseeriyhdistys. VM 2 2021. PDF, 2021. https://viestiupseeriyhdistys.fi/wp-content/uploads/2021/08/VM-2-2021.pdf.
[20] Viestimies 1/2024. Issuu. 2024. https://issuu.com/viestimies/docs/vm_2024-1.
[21] AI-RAN Alliance. “Home.” Accessed November 12, 2025. https://ai-ran.org/.
[22] TechTarget – SearchDataCenter. “What Is Edge Computing? Everything You Need to Know.” Accessed November 12, 2025. https://www.techtarget.com/searchdatacenter/definition/edge-computing.
[23] IEEE Communications Society. “Predicting the Future of Communications Technologies.” ComSoc Technology News (CTN), 2025. https://www.comsoc.org/publications/ctn/predicting-future-communications-technologies.
[24] RocketMe Up Cybersecurity. “Quantum Computing’s Impact on Cryptography — The Future of Encryption.” Medium, n.d. https://medium.com/@RocketMeUpCybersecurity/quantum-computings-impact-on-cryptography-the-future-of-encryption-1f8804205d86.
[25] Viestiupseeriyhdistys. VM 2023 1. PDF, 2023. https://viestiupseeriyhdistys.fi/wp-content/uploads/2023/03/VM-2023-1.pdf.
[26] Timo Kotilainen, interview by Cyberwatch.
[27] Satcube. “Current Satcom Trends That Are Shaping the Future of Connectivity.” Accessed November 12, 2025. https://satcube.com/news/current-satcom-trends-shaping-the-future-of-connectivity.
[28] Avenga Magazine. “Satellite Technology in 2025 and Beyond: The Future of GEO.” April 9, 2025. https://www.avenga.com/magazine/satellite-technology-bringing-satellite-in-the-palm-of-the-hand/.
[29] Deutsche Telekom. “Satellite Communication – A Powerful Addition to Europe’s Digital Future.” Accessed November 12, 2025. https://www.telekom.com/en/company/management-unplugged/details/satellite-communication-a-powerful-addition-to-europe-s-digital-future-1093760.
[30] Paton Walsh, Nick, Alex Marquardt, Florence Davey-Attlee, and Kosta Gak. “Ukraine Relies on Starlink for Its Drone War. Russia Appears to Be Bypassing Sanctions to Use the Devices Too.” CNN, March 25, 2024. https://edition.cnn.com/2024/03/25/europe/ukraine-starlink-drones-russia-intl-cmd; Geoffrey Cain. “Volodymyr Zelensky on War, Technology, and the Future of Ukraine.” Wired, June 3, 2022. https://www.wired.com/story/volodymyr-zelensky-q-and-a-ukraine-war-technology/.
[31] SpaceNews. “Shaking Up Satcom: The Time Is Now for Radical Innovation in Satellite Communications.” Accessed November 12, 2025. https://spacenews.com/shaking-up-satcom-the-time-is-now-for-radical-innovation-in-satellite-communications/.
[32] Viestimies 2/2025. Issuu. 2025. https://issuu.com/viestimies/docs/viestimies_2_2025.
