The national cybersecurity strategy of Finland was adopted in 2013.
The government represents the highest level of cybersecurity management and is responsible for providing political guidance and strategic guidelines for cyber security as well as for taking the required decisions regarding the resources and prerequisites to be allocated to it.
Investments: cyber research and development in education, employment and product development aimed at making Finland one of the leading countries in cybersecurity, as well as appropriate legislation and incentives to support business activities.
Adequate definition of critical infrastructure protection: yes.
Obj. 1 - Create an efficient collaborative model between the authorities and other actors to advance national cyber security and cyber defence.
Obj 2 - Improve comprehensive cyber security situation awareness among the key actors that participate in securing the vital functions of society.
Obj 3 - Maintain and improve the ability of businesses and organisations critical to the vital functions of society as regards detecting and repelling cyber threats and risks that jeopardise any vital function and their recovery capabilities as part of the continuity management of the business community.
Obj 4 - Ensure the police have sufficient capabilities to prevent, expose and solve cybercrime.
Obj 5 - Create a comprehensive cyber defence capability for their statutory tasks.
Ojb. 6 - Strengthen national cyber security through active and efficient participation in the activities of international organisations and collaborative fora that are critical to cyber security.
Obj. 7 - Improve the cyber expertise and awareness of all societal actors.
Obj 8 - Secure the preconditions for the implementation of effective cyber security measures through national legislation.
Obj 9 - Assign cyber security related tasks, service models and common cyber security management standards to the authorities and actors in the business community.
NATIONAL CYBERSECURITY STRATEGY - NIS Capacities
|Year of adoption|
|Updates and revisions||
Ministry of Defence strategy 2025 'Securely into the Future' was published on July 2006 - Ministry of Defence Strategy 2025:
The new Implementation Programme for Finland's Cyber Security Strategy 2017-2020 was published in 2017:
It addresses the development of cybersecurity within the service complex comprising the state, counties, municipalities, the business sector and the third sector in which the individual citizen is the customer.
|Implementation and monitoring||
Government ministries and agencies are responsible for implementing the Strategy within their respective administrative branches and developing the security of supply. Ministries, agencies and establishments are to include the resources for the implementation of the Cyber Security Strategy in their operating and financial plans.
The Implementation Programme for Finland's Cyber Security Strategy 2017-2020 is evaluated and measured annually and, in that context, measures can be changed, added or removed. The updating of the Implementation Programme has been prepared in a working group chaired by Pentti Olin, Senior Advisor, Secretariat of the Security Committee and Tuija Kuusisto, Security Manager, Adjunct Professor, Ministry of Finance, Kimmo Rousku, General Secretary of VAHTI, Ministry of Finance, Rauli Paananen, Deputy Director, Finnish Communications Regulatory Authority (FICORA), and Nadja Nevaste, Advisor, Secretariat of the Security Committee as members.
The Government Information Security Management Board (VAHTI) is responsible for processing and coordinating the central government's key information security and cyber security guidelines.
|Operational capacity building||
The national computer response team (CERT) and computer incident response team (CSIRT) were established in 2014.
The National Cyber Security Centre Finland (NCSC-FI) is a national information security authority. It develops and monitors the operational reliability and security of communications networks and services with the operational names of CERT-FI and NCSA-FI.
CERT-FI - solving information security violations and threats against network, communications and value-added services. Gathering information on such incidents. Disseminating information on information security matters. Its objectives are to ensure that public communications networks and communications services function safely and properly, and to safeguard functions that are vital to society.
NCSC-FI - national information security authority: develops and monitors the operational reliability and security of communications networks and services. Its CERT duties consist of preventing, detecting and resolving security breaches, as well as of informing of information security threats. The Centre's NCSA duties include the responsibility for security matters related to electronic transfer and processing of classified information.
|Policy requirements for an inventory of systems and classification of data. Policy requirements for security practices mapped against risk levels. Policy requirement for annual cyber-security audit. Requirement for public report on government capacity. Requirement for public and private procurement of cyber-security solutions based on international accreditation/certification schemes without additional local requirement.|
Business and Public Private partnerships
Partial steps have been taken to define a public private partnership (PPP) for cyber security. NOKIA is part of the European cPPP. The country has business and industry cyber security councils. NOKIA Bell Labs participates in the European 5G PPP also on security and privacy aspects and standardisation. Ericsson Finland also participates in the 5G PPP and is actively involved in 5G security standardisation.
The main target of FISC is to improve cyber security and support its member organisations’ activities in the following areas: increase cross-boarder activities, promote public-private-partnerships, conduct market surveys, enable national depth and width of high-level education and dialogue with national and international regulatory bodies.
|Latest WISER update||July 2017|
Compliance with the GDPR and NIS Directive: Report a cyber incident
|Report a cyber incident to nation CERT/CSIRT||
Finnish University and Research Network, Computer Emergency Response Team (FUNET CERT) - information security service provided through Funet membership fee: wiki.eduuni.fi/display/funetcert/English.
F-Secure Rapid Detection Service - private all-in-one intrusion detection and response service with threat intelligence and behavioral analysis, where the latter is maintained in F-Secure's cloud. No private or personal data is collected, which is important for compliance with European data protection laws.
F-Secure Rapid Detection Service
In 2017, NATO and Finland stepped up their engagement with the signing of a Political Framework Arrangement on cyber defence cooperation. Finland is actively engaged with NATO on a number of cyber defence activities, including participation in NATO’s annual flagship cyber defence exercise – Cyber Coalition, as well as NATO’s Crisis Management Exercise.
|Languages||Suomi, Swedish, English|
|Date of last WISER update||July 2017|