Finland's Cyber Security Strategy was published in January 2013 as a Government Resolution. It defined the central objectives and policies for meeting challenges in the cyber domain and for securing its functioning. The Strategy outlines the vision and strategic policy settings of cybersecurity and noted that an implementation programme was needed to execute the strategic policy settings and achieve the desired end state of the Cyber Security Strategy Vision. Since 2014, the Security Committee has been evaluating implementation of the strategy.
The strategy covers 14 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: Cybercrime; security with privacy balance; citizen awareness; critical information infrastructure protection; national cyber contingency plans; international cooperation; public-private partnership; incident response capability; baseline security requirements; incident reporting mechanisms; R&D; cyber security exercises; incentives for the private sector to invest in security measures; training and educational programmes.
The new Implementation Programme for Finland's Cyber Security Strategy for 2017–2020 focuses on the development of cybersecurity within the service complex of the state, counties, municipalities, the business sector and the third sector where the individual citizen is the customer. The business community provides most digital services and their cyber security through international service complexes and networks.
EDUCATION AND TRAINING IN NATIONAL STRATEGY
|Education on cybersecurity||
Finland prioritises the development of cyber competences of citizens, the business community and the public sector in the area of secure digitisation.
Training and Exercises
Better information and cybersecurity skills for citizens
Annual national information and cybersecurity week
The Confederation of Finnish Industries with the Ministry of Finance, companies and the Secretariat of the Security Committee will organise a national information and cyber security week every October as part of the European Cyber Security Month (ECSM). During the week information and cyber security will be communicated to citizens, companies and public administration by means of information plugs and events. The week will culminate in the national information and cyber security day.
Basic skills in cyber security and the digital environment – general education and professional training
As a part of multiliteracies, teachers’ continuing education will develop and advance contents associated with information and cyber security. By producing supplementary materials the Finnish National Agency for Education will advance multiliteracies as well as the basic skills of information and cyber security. This is coordinated through the Ministry of Education and Culture, Finnish National Agency for Education.
|Research on Cybersecurity||
Cyber security research will improve collaboration among the authorities, research organisations and the business community.
The Secretariat of the Security Committee will work with other stakeholders to construct a model for research cooperation.
|Higher education courses on cybersecurity||
Public-Private Partnerships & Clusters
A component of the national strategy is ensuring that appropriate legislation and levers are in place to support the business activities and their development in this field. For example, a key project of the Government is the creation of a growth environment for digital business operations in Finland, such as the preparation and implementation of a national information security strategy for increasing the level of trust in the Internet and in digital practices. The strategy was prepared in close cooperation with private sector. A development group for information security in business was set up to support the preparation of the strategy. The strategy is intended to focus on ensuring competitiveness and the right conditions for exports, developing the EU's digital single market and safeguarding privacy protection and other fundamental rights. The strategy aims to bring about change whereby information security will be an integral part of different systems, terminal devices and services. The strategy also deals with matters that damage trust, such as information security violations and large-scale infringements of privacy protection in networks.
The Finnish Information Security Cluster (FISC) has the remit to improve cybersecurity and support member organisations’ activities, such as increaing cross-boarder activities, promoting public-private-partnerships, conducting market surveys, strengthening high-level education and interacting with national and international regulatory bodies. FISC helps connect competencies on mobile and open source technologies and showcasing Finland as a strong national brand for trustworthy, reliable and efficient operations and companies.
FISC co-operates with the Federation of Finnish Technology Industries and other relevant national IT and security related institutions.
Finnish Information Security Cluster (FISC) was set up in 2012 by major Finnish information security companies as a promotional tool for their business and operations across the country and globally. Most of its 80 members are SMEs focusing on information and cyber security technologies but large companies are also part of its membership.
The Federation of Finnish Technology Industries promotes competitiveness and the operational preconditions for the largest and most important export sector in Finland. A constantly developing technology industry creates the basis for the Finnish welfare state. Technology Industries of Finland has over 1,600 member companies.
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification
|National Computer Security Information Response Team (CSIRT) / Computer Emergency Response Team (CERT)||
Notification obligations in the event of a cyber-attack/data breach
Finnish University and Research Network, Computer Emergency Response Team (FUNET CERT) - information security service provided through Funet membership fee: wiki.eduuni.fi/display/funetcert/English.
F-Secure Rapid Detection Service - private all-in-one intrusion detection and response service with threat intelligence and behavioral analysis, where the latter is maintained in F-Secure's cloud. No private or personal data is collected, which is important for compliance with European data protection laws.
F-Secure Rapid Detection Service
|Languages||Suomi, Swedish, English|
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.