Companies should do right by their home countries — and stay alert

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO.

It was hardly the kind of peace and cheer one hopes to see leading up to Christmas. But on Dec. 7, the second Sunday of Advent, a collection of telecoms masts in Sweden were the site of a strange scene, as a foreign citizen turned up and began taking photographs.

The case became widely known two days later, when the CEO of Teracom, a state-owned Swedish telecom and data services provider, posted an unusual update on LinkedIn: Company employees and contracted security had helped detain a foreign citizen, CEO Johan Petersson reported. They had spotted the foreigner taking pictures of a group of Teracom masts, which are sensitive installations clearly marked with “no trespassing” signs. After being alerted by the employees, police had arrested the intruder. “Fast, resolute and completely in line with the operative capabilities required to protect Sweden’s critical infrastructure,” Petersson wrote.

But his post didn’t end there: “Teracom continually experiences similar events,” he noted. “We don’t just deliver robust nets — we take full responsibility for keeping them secure and accessible around the clock. This is total defense in practice.”

That’s a lot of troubling news in one message: a foreign citizen intruding into an area closed to the public to take photos of crucial communications masts, and the fact that this isn’t a unique occurrence. Indeed, earlier this year, Swedish authorities announced they had discovered a string of some 30 cases of sabotage against telecoms and data masts in the country.

How many more potential saboteurs haven’t been caught? It’s a frightening question and, naturally, one we don’t have an answer to.

It’s not just communications masts that are being targeted. In the past couple years, there have been fires set in shopping malls and warehouses in big cities. There have been suspicious drone sightings near defense manufacturing sites and, infamously, airports. Between January and Nov. 19 of this year, there were more than 1,072 incidents involving 1,955 drones in Europe, and as a group of German journalism students have established, some of those drones were launched from Russian-linked ships. And of course, there has been suspicious damage to undersea cables and pipelines in the Baltic Sea and off the coast of Taiwan.

I’ve written before in this publication that Russia’s goal with such subversive operations may be to bleed our companies dry, and that China seems to be pursuing the same objective vis-à-vis certain countries. But when it comes to critical national infrastructure — in which I could include institutions like supermarkets — we need them to work no matter what. Imagine going a day or two or three without being able to buy food, and you’ll see what I mean.

The upside to Teracom’s most recent scare was that the company was prepared and ultimately lost no money. Because its staff and security guards were alert, the company prevented any damage to their masts and operations. In fact, with the perpetrator arrested — whether prosecutors will decide to charge him remains to be seen — Teracom’s staff may well have averted possible damage to other businesses too.

Moving forward, companies would do well to train their staff to be similarly alert when it comes to saboteurs and reconnaissance operators in different guises. We can’t know exactly what kind of subversive activities will be directed against our societies, but companies can teach their employees what to look for. If someone suddenly starts taking pictures of something only a saboteur would be interested in, that’s a red flag.

Indeed, boards could also start requiring company staff to become more vigilant. If alertness can make the difference between relatively smooth sailing and considerable losses — or intense tangling with insurers — in these geopolitically turbulent times, few boards would ignore it. And being able to demonstrate such preparedness is something companies could highlight in speeches, media interviews and, naturally, their annual reports.

Insurers, in turn, could start requiring such training for these very reasons. After serious cyberattacks first took off, insurers paid out on their policies for a long time, until they realized they should start obliging the organizations they insure to demonstrate serious protections in order to qualify for insurance. Insurers may soon decide to introduce such conditions for coverage of physical attacks too. Even without pressure from boards or insurers, considering the risk of sabotage directed at companies, it would be positively negligent not to train one’s staff accordingly.

Meanwhile, some governments have understandably introduced resilience requirements for companies that operate crucial national infrastructure. Under Finland’s CER Act, for instance, “critical entities must carry out a risk assessment, draw up a resilience plan and take any necessary measures.”

The social contract in liberal democracies is that we willingly give up some of our power to those we elect to govern us. These representatives are ultimately in charge of the state apparatus, and in exchange, we pay taxes and obey the law. But that social contract doesn’t completely absolve us from our responsibility toward the greater good. That’s why an increasing number of European countries are obliging 19-year-olds to do military service.

When crises approach, we all still have a part to play. Helping spot incidents and alerting the authorities is everyone’s responsibility. Because the current geopolitical turbulence has followed such a long period of harmony, it’s hard to crank up the gears of societal responsibility again. And truthfully, in some countries, those gears never worked particularly well to begin with.

But for companies, however, stepping up to the plate isn’t just a matter of doing the right thing — it’s a matter of helping themselves. Back in the day, the saying went that what was good for Volvo was good for Sweden, and what was good for General Motors was good for the U.S. Today, when companies do the right thing for their home countries, they similarly benefit too.

Now, let’s get those alertness courses going.