HAVARO is a detection and alert system for information security violations aimed at companies critical to the security of supply, including energy network Fingrid and the power supplier, Fortum. For the past two years the system has operated to alert companies when anomalies in traffic are suggestive of a security breach.
For example, if a company employee accidentally downloads a malicious program which begins to steal information, it’s detected by the Cyber Security Centre. A duty officer observes the software and classifies it according to the severity of the security breach.
A yellow alert may require further action on the part of the customer, while a red alert is clearly hazardous and should be immediately flagged to the customer, explains the Centre’s cyber security expert, Erka Koivunen.
Yle’s A-studio revealed that HAVARO has been installed in scores of banks, ICT companies, energy sector firms and in the systems of the national broadcaster YLE, health care and the most critical manufacturing industries. The system is installed only with the consent and at the expense of customers.
Over 600 red alerts issued last year
In 2013, the system dealt with 15 million notifications, with the Cyber Security Centre officers investigating some 20,000 cases in greater detail. In total 622 customers were given an alert of the highest severity.
“The most typical cases involved malware being successfully installed through the Java software platform, after which it began to steal information,” says Koivunen. “The concern for customers was that these cases were undetected by all other security software.”
According to Koivunen, the key to HAVARO’s efficiency is that the system continuously stores the identifying markers of new attacks. Furthermore, it has access to state information from other nations that is only available for official use, rather than just commercially available data.
However, the system is not bulletproof and attacks that are closely tailored to a particular system and which defy tagging strategies can escape notice.
Protecting security of supply
Fingrid is one of HAVARO’s earliest subscribers. The company's ICT director, Kari Suominen says that the national power network has seen a few red alerts pop up since it signed up for the service.
“In the worst case, malware that’s able to transmit to user accounts reached our network,” said Suominen. The threat was identified and the targeted computer was decontaminated.
Suominen estimates that attacks against companies are not necessarily targeted directly at supply companies such as Fingrid and Fortum, yet largely stem from malicious attempts to infect a larger number of companies on a broader scale.
However, he does stress that firms need to be prepared for sophisticated, tailored attacks if and when they might happen.