Skip to content

IT experts criticise Finland's patchwork cyber security

Finland's national cyber security director, however, says he doesn't accept this negative assessment.

käsi läppärin näppiksellä
Some security experts say Finland would struggle to ward off a major cyber attack. Image: AOP
Yle News

This week the Ministry of Transport and Communications launched a new cyber security programme to help prevent data breaches such as the one involving therapy centre Vastaamo, which exposed the company's patient database to the dark web.

Some IT experts say Finland is ill-equipped to handle wide-scale cyber attacks.

Martti J. Kari, who lectures on cyber and hybrid threats at Jyväskylä University, said that while Finland has a number of cyber security systems, these networks are often highly decentralised.

Companies have their own safeguards whereas the National Cyber Security Centre mainly monitors critical infrastructure. The Defence Forces are meanwhile responsible for protecting their own networks.

"We're missing an organ that would safeguard the national cybersecurity environment," Kari said.

Jarmo Vähätiitto of Finland's Defence Command said he sees the same types of problems.

"In Finland, cyber security expertise is at a very high level at universities, in the corporate sector and among public authorities. The challenge is that it is all so decentralised," he explained.

Both Kari and Vähätiitto said legislation needs to change to improve the situation.

"Laws both limit and to some extent don't support the kind of information exchange needed in situations that develop quickly and are broad in scale," Vähätiitto said.

Kari meanwhile said he would like to see the government, private sector and researchers work together to put forward a plan.

"Right now Finland can't compel all companies to adopt a certain level of security. If a manager can cite reasons such as cost for not updating a system, the recommendation doesn't carry much weight," Kari said.

A lack of central oversight relates to the case of private mental-health provider Vastaamo. The company had designed its own IT system, which turned out to have significant flaws. Police have so far received some 25,000 criminal reports in connection with the hacking of Vastaamo's database.

"If the law said companies of a certain size are obligated to have certain systems, or if the state covered the costs, the situation would be far more straightforward," Kari said.

Cooperation "excellent"

Finland's National Cyber Security Director, Rauli Paananen, said he doesn't believe Finland wouldn't be able to thwart a major cyber attack.

"Perhaps there's not a lot of awareness about what agencies can do these days. Cooperation between authorities is excellent," Paananen said.

Minister of Transport and Communications Timo Harakka said Finland's new cyber security development programme launched this week aims to streamline cyber security capabilities across all sectors.

Implementing the programme will cost some 5.9 million euros between 2022 and 2025.

More than 80 organisations across the private sector, cyber security industry, central government, and universities contributed to the preparation of the programme.

Latest: paketissa on 10 artikkelia