A national cyber exercise is organized annually for the Finnish state administration organizations. Valtori participates in the exercise in a cross-cutting role every year. Valtori always contributes to the areas of communication, incident management, and security.
“The national cyber exercise has great importance for us. We play a central role in dealing with deviations because Valtori produces information technology services for most central government agencies. Incidents are discussed and managed within a cooperation network between different authorities, and during the exercise in question we also held regular meetings to share situational awareness and to consider the measures”, says CSO at Valtori Jani Mattila, who participated in the exercise.
“Different kinds of expertise and experience can be gained by involving new people and new roles in the exercise. Through experience, the situation can be taken forward in real life as planned”, he adds.
Valtori reports that participation in the exercise receives positive feedback from their personnel, and this is in line with the feedback collected from the participants. In the feedback gathered in 2021–2024, the total score for the overall success of the national cyber exercises was 3.7 on a scale of 1–4.
Crisis communications as part of technical and operational cyber exercises
National cyber exercises are developed annually to correspond to the expertise required by threats and the related legislation and guidelines. For instance, the most recent government KYHA exercise used the National Cyber Security Centre's (Traficom) of Finland recent crisis communication guidelines for organizations, published at the beginning of 2025, for communication processes.
"When organisations prepare for different types of disruptions, communications must be one of the areas to be practised regularly. No organisation can refrain from communicating in the event of a cyber attack. Effective incident management and successful communications in all situations are based on clear instructions, roles and responsibilities. Without these exercises, we cannot ensure that the practices and operational plans are functional and up to date", says Jussi Toivanen, Head of Communications at Traficom's National Cyber Security Centre, who participated in the exercise.
The national cyber exercises are organized by JYVSECTEC (Jyväskylä Security Technology), a research, development and training center located at Jamk University of Applied Sciences' Institute of Information Technology, in cooperation with the Ministry of Transport and Communications of Finland. The Security Committee of Finland also participates in the implementation of the exercises in a guiding role.
