The Finnish government is providing technical and financial support to an IT and cyber security initiative being run in partnership with the country’s municipal districts.
Over 200 of Finland’s 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. The project will share information on strengthening municipal IT systems against a broad range of malicious attacks from the cyber domain.
The LGACT, which ran a major multi-agency joint exercise in November, will also serve as a collaborative platform and professional skills hub to test cyber risk-related predictive software. Moreover, the LGACT will cooperate with the state’s leading cyber and national security organisations to develop a range of defensive and offensive tools that reduce risk exposure to next-generation threats and attacks from cyber space.
The November cyber exercise saw the LGACT collaborate with the National Cyber Security Centre (NCSC), The Association of Finnish Local and Regional Authorities (Kuntaliitto), The Population Register Centre of Finland (PRCF/Väestörekisterikeskus) and the state IT security agency VAHTI (Valtionhallinnon Tieto- ja Kyberturvallisuuden Johtoryhmä) to run the Taisto-19 (Battle-19) cyber security exercises.
As part of the Taisto-19 drill, the coordinating agency, PRCF, assumed the role of “bad actor” to launch a hostile simulated ransomware-style attack against municipalities’ IT networks. The “hacker” demanded payment in bitcoin by a defined date and issued a ransom demand threatening to infect primary IT networks with malicious malware. The “hacker” warned it would unleash “highly destructive malware” created to cause irreversible systems failure at a significant financial cost to the local government authorities.
“Exercises like Taisto 19 are becoming increasingly relevant in a world where cyber attacks against government IT networks are more common,” said Kimmo Rousku, the director general of VAHTI. “We are seeing enthusiasm from municipalities to apply what they learn in these cyber defence exercises. The goal is to improve the security of IT networks and core operating systems.”
Operating as a department of the Ministry of Finance, VAHTI is the Finnish state’s chief government information and cyber security steering group.
VAHTI’s elevated role since 2018 has seen the agency become more engaged in projects to support the integration of information and cyber security, ICT preparedness, administrative operations, management and performance management. In the cyber security sphere, the expertise being provided by VAHTI embraces a higher focus on cryptocurrency ransomware-type threats.
Response to real attacks
The Taisto-19 exercise took place against the backdrop of the high-profile cyber attack against the city of Lahti in June. The malware attack infected and compromised over 1,000 computer workstations across the public authority’s health, public utilities, education and administrative services departments.
“We are seeing enthusiasm from municipalities to apply what they learn in these cyber defence exercises. The goal is to improve the security of IT networks and core operating systems”
Kimmo Rousku, VAHTI
The cyber attack against Lahti, which is being investigated by Finland’s National Bureau of Investigations (NBI) in cooperation with the NCSC, has resulted in a broader probe to ascertain the actual scale of attacks by cyber domain bad actors against public services websites and IT infrastructure in 2019.
The NBI itself, along with other public bodies, became the target of a more general distributed denial-of-service (DDoS) cyber attack on 21 August. The force of the DDoS attack, by unidentified hackers, caused widespread server functionality failures that, in some cases, disrupted normal service on targeted websites for over two days.
The NCSC and the NBI have also rolled out a new cyber security initiative to deepen their professional collaboration with organisations across the public and private sectors.
The criminal purpose, and growing sophistication, of new cyber threats presents significant challenges for both the state and the private sectors in protecting critical IT infrastructure, said Antti Pelttari, the head of the Finnish national security intelligence service, SUPO.
“The extreme threat is that critical infrastructure could end up in the control of a state conducting active cyber espionage. Likewise, cyber influencing constitutes a threat to national security. Steps to secure IT networks and IT critical infrastructure must take account of measures to protect the integrity of 5G-related projects and investments in future 5G networks,” said Pelttari.
Building cyber security expertise
Finland strengthened its cyber security defence apparatus in October when it bolstered measures contained in the National Cyber Security Strategy 2019. The resulting reform creates three strategic guidelines. These include international cooperation, improved coordination of cyber security management, planning and preparedness, and the accelerated development of cyber security competence.
The reinforcement measures are in the National Cyber Security Strategy 2019 (NCSS-2019) which are required to align Finland more closely with the European Union’s Cyber Security Strategy.
On a practical level, the NCSS-2019 includes increased spending provisions to channel more funds and professional expertise to fundamental areas such as cyber defence and offence competence. Additional resources will be made available to the NCSC to sharpen its ability to conduct 24/7 situational awareness and liaise more effectively with public authorities and the business sector.
Finland is also strengthening international cooperation as part of its multi-tiered approach to strengthen its national cyber security infrastructure. Finland’s Ministry of Defence (MoD) hosted a Cyber Ranges Exercise in Helsinki in October that showcased the European Defence Agency’s (EDA) Cyber Ranges Federation.
The EDA project provides a testing platform for 11 European member states to pool national cyber ranges expertise. The primary shared ambition is to support member states in their push to improve their respective cyber defence training capabilities.
The EDA’s Cyber Ranges Exercise event featured a live fire exercise based on a fictive but realistic training scenario. In this format, country teams were challenged to respond to, and defend against, cyber attacks launched by other country teams. The exercise used a software-defined wide area network (SD-WAN) as the backbone network technology. All participating national cyber ranges were interconnected and interacting in real time, each tasked with a specific role to play in the exercise.
“International cooperation is critical to enable individual countries like Finland to become active and effective players in the cyber domain. It is important that we continue to develop the scope of cooperative projects like the Cyber Ranges Federation platform going forward,” said Jukka Juusti, the Finnish MoD’s permanent secretary.
Read more about cyber security in Finland
National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure.
On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats.
