Building robust Nordic networks for a resilient society

Together, these seven objectives set out a comprehensive framework for resilience across all allied nations. They provide a shared strategic reference point for strengthening infrastructure, societal preparedness, and regional security. In the section below, we look specifically into the interdependence between power and electronic communication.

Digital networks rely on stable electricity, while modern power grids depend on secure network control and real-time communication. A disruption in one can have rapid knock-on effects on the other, impacting all other resilience objectives, including health, food, transport, supply chains, and continuity of government.

Across the Nordics, this interdependence is stark. Telenor operates more than 8,800 base stations in Norway alone, each reliant on electricity. If power goes down, there are rapid ripple effects on payments, public transport, healthcare, and emergency communications.

In October 2025, the extreme weather event Amy swept across the Nordics, causing widespread damage and once again highlighting how dependent digital communications are on electricity and infrastructure. At the height of the storm, around 600 of Telenor’s 8,900 base stations in Norway were temporarily out of service. Telenor Norway’s CNOC estimates that approximately 90 percent of the affected sites were down due to power loss, while the remaining were likely impacted by fibre breaks or physical damage from the storm itself. In some cases, sites were hit by both power and fibre disruptions.

Telenor Norway’s Coverage Director Bjørn Amundsen described the event as “the most extensive power failure in three decades.” However, while reserve power helped delay some outages, its limited duration meant that many base stations eventually went offline once batteries were depleted. Typically, reserve power lasts two hours in urban areas and four hours in rural regions in Norway, which complies with national backup power regulations for mobile infrastructure.

Despite these challenges, the impact on connectivity was significantly reduced thanks to dual-homing—where each base station is connected via two independent fibre or radio links. This redundancy allowed many mobile sites to maintain service even when one connection failed, demonstrating how resilient network design can help mitigate the effects of extreme weather.

There are several other examples from this year alone. The storm in Trøndelag, a central region in Norway, in January 2025, left 40,000 people without power for days, isolating homes, disrupting health services, and halting agricultural production. Comparable risks became visible when in April 2025 a major power outage struck mainland Spain, Portugal, and part of southern France, affecting nearly 60 million people, paralysing metros, stranding passengers, and cutting digital communications for hours. Another example is Ireland in January 2025, where storm Éowyn damaged power and telecom infrastructure, leaving 10 percent of fixed and 35 percent of mobile users without service. Authorities later asked operators to help map climate vulnerabilities in communications networks.

These cases point to a bigger lesson: the societal cost of outages is rarely captured in sector statistics alone. A few hours without mobile coverage is not only an inconvenience, but results in stalled payments, delayed emergency care, disrupted logistics, and a blow to public confidence. The economic damage from such disruptions can far exceed the upfront societal costs of investing in redundancy and reserve capacity. There is a growing understanding among governments that this must be funded. In Sweden, for example, the government is increasing its annual support for redundancy investments that are not commercially motivated, from around 200 million SEK in 2023 to close to an expected 2 billion in 2028. This support is directed towards not only reserve electricity but also other, similar redundancy measures to ensure that the networks continue to operate even when crisis strikes.

Resilience in the Nordics is increasingly framed around public–private integration, institutional innovation, and cross-border collaboration. The underlying recognition is clear: no single actor can safeguard societal stability alone. Operators provide critical infrastructure and expertise, while governments set strategic priorities, regulate, and co-finance preparedness. Despite strong traditions and ambitious reforms, however, much of this agenda remains in development. Translating intent into operational capacity is still very much a work in progress.

Denmark has established a dedicated Ministry of Resilience and Preparedness, consolidating responsibility for cybersecurity, emergency management, critical infrastructure oversight, and 112 services. A broad political agreement on preparedness (beredskabsaftale) was reached in 2025, earmarking significant funds for climate adaptation, cyber resilience, and crisis communication. These initiatives mark an important step towards a more systematic approach, though their success will depend on effective delivery and sustained follow-up.

Sweden exemplifies operator integration into resilience exercises. The Swedish Post and Telecom Authority (PTS) has led structured pan-operator trainings since 2005 to prepare for infrastructure disruptions, including exercises simulating coordinated cyberattacks, sabotage, and supply chain failures. These scenarios are developed in close collaboration with network operators, ensuring that crisis plans reflect both real-world dependencies and the capabilities of the actors involved. The exercises aim to strengthen collaboration between actors within the National Telecommunications Collaboration Group (NTSG) and develop routines and strategies for handling crisis situations and heightened alert.

Alongside Sweden’s collaborative structures, Finland has developed mechanisms that strengthen resilience, particularly through legal mandates and technical coordination. This includes the Interference Cooperation Working Group, coordinated by Traficom, which brings together operators, energy providers, and other stakeholders to manage network resilience under both normal and exceptional circumstances.

Beyond these operational mechanisms, Finland’s Total Defence model also serves as a broader strategic benchmark, inspiring approaches to resilience across Europe (see box).

In Norway, the Government’s 2025 white paper on Total Preparedness extended the Total Defence concept to climate change, hybrid threats, and cyber risks. It mandates updated municipal risk assessments, larger national exercises, and stronger private–public coordination. The real challenge, however, lies in translating these ambitions into operational capabilities across sectors.

In September 2025, the Government took a step in this direction by launching the National Security Plan for Digital Infrastructure. Building on the experience of the FEKOM programme, the plan sets new reserve-power, redundancy, including 8–24 hours of reserve power with added transmission paths for 300 base stations, and strengthened mobile coverage for 100 new urban areas (tettsteder) with 12–24 hours reserve power and multiple transmission routes by 2030. By explicitly prioritising continuity of mobile and broadband services in peace, crisis, and war, the plan positions telecom resilience as a national security priority and sets a precedent that could inspire similar approaches across the Nordic region.

Beyond national initiatives, cross-border cooperation is gaining momentum. In March 2025, Denmark and Finland signed a letter of intent to deepen collaboration on civil preparedness, hybrid threats, and infrastructure resilience in the Baltic region. Sweden’s Civil Contingencies Agency (MSB) has also stressed the need for structured Nordic cooperation on crisis preparedness and information-sharing, notably through the Haga III declaration.

Combined, these reforms illustrate a Nordic model built on shared investment, mutual trust, and systemic alignment. But they also highlight a central tension: while the direction is clear and ambitions are high, resilience still depends on consistent delivery and stronger regional mechanisms to match political rhetoric with operational reality.

The war in Ukraine has shown the world how critical resilient infrastructure is in times of crisis. Ahead of the Russian invasion in 2022, Ukrainian authorities and telecom operators made systematic preparations to ensure continuity of communications. Kyivstar, the country’s largest mobile operator, established additional network control centres, built “bunker” base stations in reinforced facilities, relocated equipment away from vulnerable sites, diversified international connectivity, and ran extensive vulnerability assessments. These measures proved decisive: despite constant bombardment and power outages, Ukraine’s mobile networks remained operational, providing citizens, government, and armed forces with vital connectivity.

The Ukrainian experience also highlights that resilience is multi-layered: it spans physical security of sites, redundant routing of traffic, diverse international links, and robust cyber defences. In the Nordics, this layered perspective is increasingly relevant from protecting subsea cables in the Baltic Sea, to securing national backbone networks, to ensuring cloud and edge services operate in trusted facilities.

The Nordic region is not Ukraine, but the lesson is universal: resilience must be designed into infrastructure before crisis strikes. For the Nordics, this means anticipating hybrid threats, preparing for extreme weather, and ensuring that redundancy and recovery mechanisms are in place.

Already today, there are examples to build on. In Norway, Telenor has pioneered dual homing of mobile core networks to reduce single points of failure. In Denmark, the physical resilience of critical telecom hubs is a central focus (see box), with backup power, hardened facilities, and redundant routing designed to withstand sabotage or prolonged outages.

In Sweden, the ‘Robust Fiber’ programme, developed with operators under Swedish Post and Telecom Authority’s (PTS) guidance, codifies how fibre should be built to resist disruption from where cables are laid, to how they are documented and maintained. This is resilience designed into infrastructure before crisis strikes.

In Finland, recent incidents illustrate that building robust networks requires more than physical protection. The Helsinki city breach, the country’s largest-ever security incident, exposed personal data from more than 100,000 students and families and nearly 40,000 city employees, demonstrating how vulnerable digital services can be. At the same time, the Akira ransomware group, active since 2023, has hit multiple Finnish organisations by exploiting VPN vulnerabilities and weak authentication. While Norway, Denmark, and Sweden demonstrate physical resilience measures, Finland’s experience makes clear the equal importance of cyber resilience.

As a whole, these experiences show that resilience in the Nordics cannot rely on one layer alone. Extreme weather, sabotage threats, and cyberattacks each expose different vulnerabilities. Building true robustness requires national investment in backup power and alternative routes, regional coordination to ensure cross-border failover, and a tighter integration of physical and cyber resilience. Only by combining these elements can the Nordics prepare effectively for the unexpected and turn strong foundations into operational delivery.

The Nordics share strong traditions of cooperation and complementary strengths. But threats do not stop at national borders, and resilience cannot remain nationally bound. The next phase must be deeper regional integration. This requires:

• Shared situational awareness across the region through joint threat monitoring and information exchange.

• Coordinated planning for redundancy in cross-border telecom and energy infrastructure.

• Formal Nordic mechanisms for joint crisis response that mobilise public authorities, operators, and security agencies together.

In May 2025, the Nordic Prime Ministers and Heads of Government issued a joint statement reaffirming their commitment to strengthen cooperation on civil preparedness and resilience. The declaration emphasised a whole-of-society, whole-of-government, all-hazards approach, highlighting the need to protect vital societal functions and ensure that regional preparedness is coordinated and interoperable.

The Nordic declaration sets the direction, but its success will require sustained investment. European data shows how resilience measures can reduce the real impact of incidents. While reported telecom security incidents across Europe reached a record high in 2024, the number of user-hours lost from system failures has declined compared with previous years. According to the European Union Agency for Cybersecurity’s (ENISA) Telecom Security Incidents 2024 report, this decline, along with a drop in lost user-hours due to malicious actions, indicates that improvements in redundancy, backup power, and incident response are paying off. At the same time, rising impact stemming from natural phenomena and human error show that vulnerabilities are evolving, underlining the need for continuous adaptation and investment.

The challenge for the Nordics is to sustain and scale such measures. That requires incentives and procurement models that value quality, preparedness, and resilience at least as highly as efficiency and cost.

At Telenor, we work every day to ensure that communication systems are stable and secure. But safeguarding societies against hybrid threats and systemic shocks also depends on reliable power supply, joint investment in reserve capacity, and procurement models that reward resilience over short-term cost savings. Resilience is not an isolated national goal. It is a regional necessity. Meeting this requirement is vital to protect the continuity of the Nordic way of life.