Finland (FI)

Finland's Cyber Security Strategy was published in January 2013 as a Government Resolution. It defined the central objectives and policies for meeting challenges in the cyber domain and for securing its functioning. The Strategy outlines the vision and strategic policy settings of cybersecurity and noted that an implementation programme was needed to execute the strategic policy settings and achieve the desired end state of the Cyber Security Strategy Vision. Since 2014, the Security Committee has been evaluating implementation of the strategy. 

The strategy covers 14 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: Cybercrime; security with privacy balance; citizen awareness; critical information infrastructure protection; national cyber contingency plans; international cooperation; public-private partnership; incident response capability; baseline security requirements; incident reporting mechanisms; R&D; cyber security exercises; incentives for the private sector to invest in security measures; training and educational programmes.

The new Implementation Programme for Finland's Cyber Security Strategy for 2017–2020 focuses on the development of cybersecurity within the service complex of the state, counties, municipalities, the business sector and the third sector where the individual citizen is the customer. The business community provides most digital services and their cyber security through international service complexes and networks.

 

EDUCATION AND TRAINING IN NATIONAL STRATEGY 

Education on cybersecurity

Finland prioritises the development of cyber competences of citizens, the business community and the public sector in the area of secure digitisation. 

Training and Exercises

  • General awareness of the basics of cybersecurity needs to be part of daily life in the digital information society. 
  • The training of experts needs better coordination to avoid fragmentation in education and research among educational establishments while extending research in the field. 
  • Competence building on information and cybersecurity for public administration personnel needs to be improved. 
  • The Secretariat of the Security Committee (Ministry of Finance) is tasked with monitoring the effectiveness of cyber security exercises in conjunction with the annual progress reports on the Implementation Programme. The ministry will plan and execute projects and services through its VAHTI activities and determine the required level of self-sufficiency in cryptology with other relevant authorities. 

Better information and cybersecurity skills for citizens

  • The National Defence Training Association of Finland will annually organise a cyber security curriculum for basic courses open to all citizens as well as continuing education and special training for professionals.
  • The Finnish Association for the Welfare of Older People will create a national peer-to-peer learning model intended for senior citizens and extend it to those that need it. This model will maintain and disseminate general learning methods on information technology for the aged nationwide. One of its syllabi will focus on information security and cyber issues so that older people can safely carry out online transactions (telemedicine, pharmacy, online banking, etc), ensuring that interest in e-services and awareness of their associated risks increases amongst this age group.

Annual national information and cybersecurity week

The Confederation of Finnish Industries with the Ministry of Finance, companies and the Secretariat of the Security Committee will organise a national information and cyber security week every October as part of the European Cyber Security Month (ECSM). During the week information and cyber security will be communicated to citizens, companies and public administration by means of information plugs and events. The week will culminate in the national information and cyber security day.

Basic skills in cyber security and the digital environment – general education and professional training

As a part of multiliteracies, teachers’ continuing education will develop and advance contents associated with information and cyber security. By producing supplementary materials the Finnish National Agency for Education will advance multiliteracies as well as the basic skills of information and cyber security. This is coordinated through the Ministry of Education and Culture, Finnish National Agency for Education.

Research on Cybersecurity

Cyber security research will improve collaboration among the authorities, research organisations and the business community.

Further research is needed at least on the following topics:

  • Strategic management of cyber security in Finland.
  • The development of a cyber security situation picture and analysis skills.
  • The definition of the vital functions of society, critical infrastructure and cyber self-sufficiency as part of national cyber resilience. 
  • Cyber security research demands a situation picture and coordination.

The Secretariat of the Security Committee will work with other stakeholders to construct a model for research cooperation.

Higher education courses on cybersecurity
  • Laurea University of Applied Sciences - Bachelor's Degree Programme in Business Information Technology (Cybersecurity Specialisation). Year established: 2019. Student intake: 60. European Credit Transfer System (ECTS): 210. Focus: Broad spectrum of topics, spanning system security, network security, component security, SW security; law, ethics, policy, privacy, cybercrime disciplines; organisational, risk management, business, compliance disciplines; internship. It also includes preparation for professional certification: Security+; CISM; CISSP; CASP+; CYSA+; CEH; CCSP. 
  • Laurea University of Applied Sciences - Bachelor's Degree Programme in Business Information Technology (ICT with Cybersecurity orientation). Year established: 2005. Student intake: 170. European Credit Transfer System (ECTS): 210. Focus: Broad spectrum of topics, spanning system security, network security, component security, SW security; law, ethics, policy, privacy, cybercrime disciplines; organisational, risk management, business, compliance disciplines; internship. It also includes preparation for professional certification: Security+; CISM; CISSP; CASP+; CYSA+; CEH; CCSP. 
  • JAMK University of Applied Sciences – Bachelor of Engineering, ICT with Cyber Security Orientation. Year established: 2015. Student intake: 115. European Credit Transfer System (ECTS): 240. Focus: system security, network security, component security, SW security. 
  • University of Turku - Cyber Security, Master of Science in Technology. Part of the EIT Digital Master School Cyber Security double degree programme (the only one in Finland). Year established: 2010. Student intake: 30. European Credit Transfer System (ECTS): 120. Focus:  system security, network security, component security, SW security. 
  • JAMK University of Applied Sciences - Master's Degree in Information Technology, Cyber Security. Year established: 2013. Student intake: 30. European Credit Transfer System (ECTS): 60. Focus: system security, network security, component security, SW security. 
  • University of Jyväskylä – Master in Cybersecurity. Year established: 2014. Student intake: 40. European Credit Transfer System (ECTS): 120. Focus: system security, network security, component security, SW security. 

Public-Private Partnerships & Clusters

A component of the national strategy is ensuring that appropriate legislation and levers are in place to support the business activities and their development in this field. For example, a key project of the Government is the creation of a growth environment for digital business operations in Finland, such as the preparation and implementation of a national information security strategy for increasing the level of trust in the Internet and in digital practices. The strategy was prepared in close cooperation with private sector. A development group for information security in business was set up to support the preparation of the strategy. The strategy is intended to focus on ensuring competitiveness and the right conditions for exports, developing the EU's digital single market and safeguarding privacy protection and other fundamental rights. The strategy aims to bring about change whereby information security will be an integral part of different systems, terminal devices and services. The strategy also deals with matters that damage trust, such as information security violations and large-scale infringements of privacy protection in networks.

The Finnish Information Security Cluster (FISC) has the remit to improve cybersecurity and support member organisations’ activities, such as increaing cross-boarder activities, promoting public-private-partnerships, conducting market surveys, strengthening high-level education and interacting with national and international regulatory bodies. FISC helps connect competencies on mobile and open source technologies and showcasing Finland as a strong national brand for trustworthy, reliable and efficient operations and companies.

FISC co-operates with the Federation of Finnish Technology Industries and other relevant national IT and security related institutions.

IT/Cybersecurity Clusters

Finnish Information Security Cluster (FISC) was set up in 2012 by major Finnish information security companies as a promotional tool for their business and operations across the country and globally. Most of its 80 members are SMEs focusing on information and cyber security technologies but large companies are also part of its membership.

The Federation of Finnish Technology Industries promotes competitiveness and the operational preconditions for the largest and most important export sector in Finland. A constantly developing technology industry creates the basis for the Finnish welfare state. Technology Industries of Finland has over 1,600 member companies.

EU Cyber Professional Register for national stakeholders

The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. 
This European Cybersecurity Professional Register is the place where professionals, junior or senior, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & Disclaimer

January 2021.

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

 

 

CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification

National Computer Security Information Response Team (CSIRT) / Computer Emergency Response Team (CERT)

Notification obligations in the event of a cyber-attack/data breach
NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.
GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

National contact(s)

NCSA-FI

CERT-FI

Finnish University and Research Network, Computer Emergency Response Team (FUNET CERT) - information security service provided through Funet membership fee: wiki.eduuni.fi/display/funetcert/English.

FUNET CERT

F-Secure Rapid Detection Service - private all-in-one intrusion detection and response service with threat intelligence and behavioral analysis, where the latter is maintained in F-Secure's cloud. No private or personal data is collected, which is important for compliance with European data protection laws.

F-Secure Rapid Detection Service
Contact form: www.f-secure.com/en/web/business_global/incident-response-and-forensics
Telephone: +358 10 3157510

Languages Suomi, Swedish, English
Latest Update & Disclaimer

January 2021.

The information contained here is the result of desk research carried out by CYBERWISER.eu. 

 

 

Contact us for more info

Finland (FI) | CYBERWISER.eu

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error

The website encountered an unexpected error. Please try again later.