The national cybersecurity strategy of Finland was adopted in 2013, with the Implementation Programme for Finland's Cyber Security Strategy for 2017-2020 published in 2017.
The government represents the highest level of cybersecurity management and is responsible for providing political guidance and strategic guidelines for cyber security as well as for taking the required decisions regarding the resources and prerequisites to be allocated to it.
Investments: cyber research and development in education, employment and product development aimed at making Finland one of the leading countries in cybersecurity, as well as appropriate legislation and incentives to support business activities.
Adequate definition of critical infrastructure protection: yes.
Obj. 1 - Create an efficient collaborative model between the authorities and other actors to advance national cyber security and cyber defence.
Obj 2 - Improve comprehensive cyber security situation awareness among the key actors that participate in securing the vital functions of society.
Obj 3 - Maintain and improve the ability of businesses and organisations critical to the vital functions of society as regards detecting and repelling cyber threats and risks that jeopardise any vital function and their recovery capabilities as part of the continuity management of the business community.
Obj 4 - Ensure the police have sufficient capabilities to prevent, expose and solve cybercrime.
Obj 5 - Create a comprehensive cyber defence capability for their statutory tasks.
Ojb. 6 - Strengthen national cyber security through active and efficient participation in the activities of international organisations and collaborative forums that are critical to cyber security.
Obj. 7 - Improve the cyber expertise and awareness of everyone in society.
Obj 8 - Secure the preconditions for the implementation of effective cyber security measures through national legislation.
Obj 9 - Assign cyber security related tasks, service models and common cyber security management standards to the authorities and actors in the business community.
NATIONAL CYBERSECURITY STRATEGY - NIS Capacities
|Year of adoption|
|Updates and revisions||
The new Implementation Programme for Finland's Cyber Security Strategy 2017-2020 was published in 2017:
It addresses the development of cybersecurity from a service perspective, spanning central and local government, the business sector and citizens.
Ministry of Defence strategy 2025 'Securely into the Future' was published in July 2006 - Ministry of Defence Strategy 2025:
|Operational capacity building||
The national computer response team (CERT) and computer incident response team (CSIRT) were established in 2014.
The National Cyber Security Centre Finland (NCSC-FI) is a national information security authority. It develops and monitors the operational reliability and security of communications networks and services with the operational names of CERT-FI and NCSA-FI.
CERT-FI - solving information security violations and threats against network, communications and value-added services. Gathering information on such incidents. Disseminating information on information security matters. Its objectives are to ensure that public communications networks and communications services function safely and properly, and to safeguard functions that are vital to society.
NCSC-FI - national information security authority: develops and monitors the operational reliability and security of communications networks and services. Its CERT duties consist of preventing, detecting and resolving security breaches, as well as of informing of information security threats. The Centre's NCSA duties include the responsibility for security matters related to electronic transfer and processing of classified information.
|Policy requirements for an inventory of systems and classification of data. Policy requirements for security practices mapped against risk levels. Policy requirement for annual cyber-security audit. Requirement for public report on government capacity. Requirement for public and private procurement of cyber-security solutions based on international accreditation/certification schemes without additional local requirement.|
Business and Public Private partnerships
The main target of FISC is to improve cyber security and support its member organisations’ activities in the following areas: increase cross-boarder activities, promote public-private-partnerships, conduct market surveys, strengthen high-level education and dialogue with national and international regulatory bodies.
NOKIA is part of the European cPPP. The country has business and industry cyber security councils. NOKIA Bell Labs participates in the European 5G PPP also on security and privacy aspects and standardisation. Ericsson Finland also participates in the 5G PPP and is actively involved in 5G security standardisation.
|Overall assessment/best practices||
Finland has taken steps towards strengthening its national strategy with the publication of a new Cyber Security Strategy for 2017-2020 in 2017. Investments include cyber research and development in education, employment and product development measures and appropriate legislation and incentives to support business activities.
It has also stepped up measures to strengthen co-operation amongst the business community, with an increasing number of initiatives being established.
|Implementation & Monitoring||
Government ministries and agencies are responsible for implementing the Strategy within their respective administrative branches and developing the security of supply. Ministries, agencies and establishments are to include the resources for the implementation of the Cyber Security Strategy in their operating and financial plans.
The Implementation Programme for Finland's Cyber Security Strategy 2017-2020 is evaluated and measured annually and, in that context, measures can be changed, added or removed. The updating of the Implementation Programme has been prepared in a working group chaired by Pentti Olin, Senior Advisor, Secretariat of the Security Committee and Tuija Kuusisto, Security Manager, Adjunct Professor, Ministry of Finance, Kimmo Rousku, General Secretary of VAHTI, Ministry of Finance, Rauli Paananen, Deputy Director, Finnish Communications Regulatory Authority (FICORA), and Nadja Nevaste, Advisor, Secretariat of the Security Committee as members.
The Government Information Security Management Board (VAHTI) is responsible for processing and coordinating the central government's key information security and cyber security guidelines.
|Latest WISER update||October 2017|
GDPR and NIS Directive: Compliance and Notification
|National Computer Security Information Response Team (CSIRT) / Computer Emergency Response Team (CERT)||
Notification obligations in the event of a cyber-attack/data breach
Finnish University and Research Network, Computer Emergency Response Team (FUNET CERT) - information security service provided through Funet membership fee: wiki.eduuni.fi/display/funetcert/English.
F-Secure Rapid Detection Service - private all-in-one intrusion detection and response service with threat intelligence and behavioral analysis, where the latter is maintained in F-Secure's cloud. No private or personal data is collected, which is important for compliance with European data protection laws.
F-Secure Rapid Detection Service
|Languages||Suomi, Swedish, English|
|Latest WISER update||October 2017|