This year, the National Cyber Exercise for Municipalities and Critical Infrastructure (KYHA) strengthened cyber expertise related to the logistics sector in particular.
"The digitalization of society requires all critical infrastructure operators to participate in cybersecurity exercises", says Rauli Paananen, National Cyber Security Director, of Ministry of Transport and Communications, Finland.
Municipal actors from Kymenlaakso and critical actors from the logistics sector were invited to the exercise. Participants also included organizations responsible for nationwide traffic management and weather services. In the exercise, the cyber incidents directed at the logistics sector were targeted especially at land and sea transport and port operations.
"Fintraffic's road traffic control has participated in the exercise for several years. The exercises have been beneficial in developing our own operating methods and training practices. The exercise has helped us to understand the roles of different operators in managing challenging situations. Joint exercises between different operators are essential to ensure collective preparedness for continuously evolving threats", says Harri Seppinen, Head of Production Systems at Fintraffic's Road Traffic Services.
The exercise was carried out by the JYVSECTEC (Jyväskylä Security Technology) research, development and training centre, which has also previously conducted cyber exercises for the logistics sector.
"JYVSECTEC's previous experience in cyber exercises for the logistics sector provided excellent support for organising this year's KYHA exercise for municipalities and critical infrastructure operators. Logistically, Finland is an island, and the exercises maintain the logistics industry's ability to act in cyber incident situations", says Tero Kokkonen, Director of the Institute of Information Technology of the Jamk University of Applied Sciences (Jamk).
Alongside technical capabilities, information exchange and cooperation across supply chains play a crucial role in a cybersecurity incident. One of the objectives of the exercise was also to develop operating and cooperation models related to these deviations.
Realistic threat models and modern cyber threats
The national cyber exercises use the RGCE (Realistic Global Cyber Environment) cyber range developed by JYVSECTEC, in which the connections between information systems are built as in real life. The RGCE realistically models several dozen scoped operating environments in sectors critical to the security of supply and other sectors important to society, which can be used to produce high-quality and realistic threat models of various modern cyber threat situations. The environment is also modified according to the customer needs that have arisen in the planning of the exercises.
"The exercises carried out by JYVSECTEC emphasise the completely unique opportunity to combine all elements related to the investigation of cyber incidents, from technology to people and from operating models to communication", says Jarno Lötjönen, Business Manager at Jamk's Institute of Information Technology.
"Exclusive events are also organised alongside the national cyber exercises, where representatives of the organisations from the sectors participating in the exercise and key decision-makers in society will be able to hear what kind of entity it is about, how to participate in the KYHA exercise activities and what kind of benefits, lessons learned and expertise can be gained with them", Lötjönen continues.
This time, several Finnish ministers from different administrative branches visited the exercise for municipalities and critical infrastructure. More information on the ministers' experiences in the cyber exercise can be found in separate news.
The national cyber security exercises will be carried out by the Jyväskylä Security Technology (JYVSECTEC) Research, Development and Training Centre located at Jamk's Institute of Information Technology in cooperation with the Ministry of Transport and Communications. The Security Committee also participates in a guiding role.
More information
Rauli Paananen, National Cyber Security Director, Ministry of Transport and Communications, Finland
firstname.lastname@gov.fi
+358 29 5342 212
Tero Kokkonen, Director, Institute of Information Technology, Jamk University of Applied Sciences
firstname.lastname@jamk.fi
+358 50 4385 317
