Finland has established a national organization to appraise domestic communications network security concerns and evaluate vulnerabilities to attacks from the cyber domain. The Network Security Advisory Board (NSAB) will engage with state agencies, corporations, and municipalities as a national resource for those that require external expertise to improve network security and bolster defenses against cyber threats. It will allow state and municipal organizations to implement enhanced security, integrate security technologies, and better monitor cyber risks and threats to communications networks.
It was launched with a specific timeframe and mission, which includes addressing critical cyber security issues identified by the Finnish government and is set to conclude in June 2022. The NSAB’s activation followed the ratification of the Finnish Act on Electronic Communications Services, which became law in January 2021. “Informing the NSAB, our objective is to strengthen the broad social importance of cyber security and cooperation across important sectors,” said Timo Harakka, Finland’s transport and communications minister. “The prerequisite for economic success is national security, and Finland’s advanced approach continues to attract widespread international interest.”
For Finland, the establishment of the NSAB directly responds to the European Union’s joint risk assessment report on the security of 5G networks (JRAR-5GN) published in October 2019. The collaborative collective risk initiative was launched during Finland’s rotating six-month presidency of the Council of the European Union, which ended on 31 December 2019. Member states endorsed the JRAR-5GN, the European Commission (EC), and the European Agency for Cybersecurity. The EU 27-backed project represented the completion of a significant step in the EC’s push for a common EU approach to improved cyber defense strategies and the security of 5G networks.
Private sector input in the NSAB is reflected in its board and backers. These include telecommunications companies Elisa, Telia Finland, and DNA, and the Finnish Federation for Communications and Teleinformatics (FiCom), the leading lobbying organization for the ICT industry in Finland. The core membership of the NSAB comprises representatives from foreign affairs, transport and communications, defense, interior, economic affairs, and finance ministries. Officials from Suomen Erillisverkot and the Finnish security and intelligence service SUPO also sit on the NSAB. Suomen Erillisverkot operates as the Finnish State’s primary ICT and network security services supplier to public authorities.
The timing of the roll-out of the NSAB was influenced by a current EU Commission proposal to update the Network and Information Systems Security Directive (NIS Directive). This aims to strengthen the range and scope of cyber security and data protection tools available to member states in a changing cyber environment. A central feature of the NIS Directive is encouraging EU organizations and member states to develop their national cyber security capabilities, preparedness, and risk management systems. This scaling-up of risk, threat, and defense capacities is taking place against the backdrop of a sharp rise in ever-more sophisticated attacks on critical IT and digital networks from the cyber domain.
The NIS Directive incorporates deep cooperation and harmonization of processes and rules, reporting, and information exchange across the EU’s 27 member states. The heightened levels of cross-border collaboration envisaged in the NIS Directive involve shared obligations coupled with standard regulations, approaches, and practices supporting national cyber security strategies. Nordic governments, especially since 2018, have urged the EU to deliver the NIS Directive under a clear regulatory framework that enables member countries to effectively deal with prevailing and next-generation cyber security risks and threats using robust cross-border collaborative mechanisms.
Constructive actions
Whether implemented at an EU or national government level, Constructive actions are crucial to building and operating IT networks with more cyber security efficacy, said Kalle Luukkainen, director general of Finland’s National Cyber Security Centre. “From our perspective, it would be valuable to involve the top management in more companies in securing their IT network operations,” said Luukkainen. “In practical situations, operating models extend across organizational boundaries in a partner network. In Finland, we have networked exceptionally well with organizations and people on cyber security issues.”
During its EU Presidency, Finland advocated for developing more efficient reporting and exchange of information systems to better manage risks, threats, and attacks from bad actors in the cyber domain targeting critical public and private IT networks. The Finnish government also championed closer cooperation on cyber security between EU 27 states and backed new powers tallowinglaw enforcement agencies to obtain information on cyber security breaches linked with criminal activities. New measures are underway to reinforce Finland’s Digital Society Project implementation. The government has released increased capital investment funding to boost information security and develop a fully functioning digital society.
