This year, the theme for Fingrid’s information security unit is training. According to Information Security Manager Jyrki Pennanen, the aim of the themed year is to create a tradition of exercises preparing for cyber attacks within the company and with partners. Fingrid has been taking cyber threats into account since the 1990s, but the threat situation has changed significantly in the last few years.
“It used to be enough to have the updates, antivirus software and firewall in order. Attackers were mainly lone amateurs. Now, organised crime and state operators are involved, and they have plenty of skill and resources. For a long time, we thought that the most important thing was to keep the ‘bad guys’ out. These days, we also prepare for situations where the bad guys do get in. In this, training is key,” Pennanen tells us.
Training reveals development needs
The Finnish Communications Regulatory Authority’s National Cyber Security Centre Finland monitors the cyber security situation in Finland by collecting information from different sources in Finland and around the world. It also forwards information to enable Finnish actors to protect themselves against current threats. The National Cyber Security Centre’s HAVARO system is also used by many energy sector operators. It warns about changes in the customer’s data flow that may indicate an attack or disturbance.
According to Jarkko Saarimäki, Director of the National Cyber Security Centre, keeping up to date about the threat situation and observing deviations are the starting points for information security but, without training, it is difficult to see how we should develop our own activities.
“If you don’t train, you don’t understand the deficiencies in your own operations and you can’t develop them. In cyber training, versatility is important. We need to train people in the technical ability to defend environments, as well as to make decisions and communicate during attacks.
In 2011, the National Cyber Security Centre established an information exchange group for information security for energy sector actors to enhance the networking of operators in the industry. Group members share experiences and recommendations on information security and exercises. According to Saarimäki, the group has found that cyber training is also important as a means of increasing personnel commitment.
“Working with information security is often rather abstract. During these exercises, employees see that these kinds of attacks really do take place and that they could be faced with one.”
Realistic cyber exercises open the eyes
During the themed year, Fingrid has already arranged an IT disturbance exercise and a crisis communications exercise for management. A new, important event in cyber training took place in February, as Fingrid together with Elenia piloted a training environment by JYVSECTEC, which operates at the JAMK University of Applied Sciences in Jyväskylä.
“The exercise was very realistic, and the environment corresponded to energy industry operators’ system environment. It helped our team in a completely new, concrete way to understand how cyber attacks happen and how we can defend against them,” says Jyrki Pennanen.
Elenia was also pleased with the Jyväskylä exercise.
“This was the first time that we had trained to respond to a cyber attack together with an external party. The exercise helped us understand the current situation. We noticed a clear need to develop the coordination of communications,” says Elenia’s IT Service Manager Elina Dauchy.
This autumn, the pilot will be followed by an exercise where Fingrid trains in JYVSECTEC’s environment with Helen. According to Helen’s Information Security Manager Tapio Heinäaro, the company has a few years’ tradition of cyber exercises, but the realistic training environment in Jyväskylä offers something new and necessary.
“Being able to train in a realistic automation environment in Finland and in Finnish is a very important bonus. Joint training by automation and IT teams will also be challenging in terms of coordination and is certain to offer plenty of learning points,” Heinäaro muses.
Joint exercise to end the themed year
In November, Fingrid will participate in a joint exercise with Nordic transmission system operators in Oslo. The TSOs will train together with the authorities in a scenario where a successful cyber attack targets one or more of the Nordic main grids.
“A similar exercise has never been arranged before. It’s going to be interesting, especially in terms of communication. How will information be relayed between people trying to fix the situation and, on the other hand, how can management, communications and the authorities calm the situation so that employees are able to work and respond to the attack?” wonders Jyrki Pennanen.