news 7.6.2023

National cyber exercise targeted online services familiar to citizens

Central government actors honed their technical and collaborative skills in the National Cyber Security Exercise. In the exercise environment, the actors encountered many cybersecurity disruptions related to public administration services that targeted the systems used daily by citizens in their daily lives, such as Suomi.fi identification and systems related to data on properties and apartments.

Four national KYHA exercises are held annually in the premises of JYVSECTEC, the Cyber Security Research, Development and Training Centre of Jamk University of Applied Sciences. The central government is one of the actors that train annually. This year, participants in the exercise included the Digital and Population Data Services Agency, the National Land Survey of Finland, the Legal Register Centre and the Tax Administration. In addition to these, Traficom's National Cyber Security Centre, the Police, the Prime Minister's Office and Valtori participated in the exercise. The exercise will be led by Rauli Paananen, Director of State Cyber Security, and Tero Kokkonen, Director of the Institute of Information Technology at Jamk University of Applied Sciences.

"In addition to technical knowledge and skills, a key role in the exercise is played by practicing cooperation between different actors. This essentially involves detecting various cyber incidents and practicing processes related to the processing of threat information, as well as practical training and crisis communication of incident management processes," says Tero Kokkonen.

The organisations participating in the exercise will test operating in serious and large-scale cyber incidents in a real-life RGCE training environment. During the exercise week, several attacks were carried out in the exercise environment against government systems that would be affected by problems affecting several services used by citizens. For example, the Digital and Population Data Services Agency's Suomi.fi identification is widely used in government services where the user's identity must be verified.  

"During the exercise, we saw concretely how Suomi.fi identification is the cornerstone of secure transactions. We gained valuable experience in safe conditions," says Suvi Väärälä , Service Manager for apartment ownership services at the National Land Survey of Finland.

Thus, attacking just one critical system could temporarily drive down or slow down several systems used by other organisations, thereby making it more difficult for citizens to do business online. For organisations using shared digital services, understanding the supply and service chains is increasingly critical for information security and continuity. Participation in the national cyber security exercise enables joint learning, provides up-to-date information on the functionality of the processes, and enables the further development of these processes. Thus, training together can improve the resilience and preparedness of the entire state administration against cyber threats.

"This exercise also showed that the level of preparedness is good and cooperation between authorities works," comments Rauli Paananen, Director of State Cyber Security, on the atmosphere of the past exercise week.

The national KYHA exercise has established itself as a leading forum for national cybersecurity, fault tolerance and collaboration training. On 29.5.–2.6.2023, central government actors practiced their own IT and cooperative skills in an exercise organised by the Cyber Security Research, Development and Training Centre JYVSECTEC, the Security Committee and the Ministry of Transport and Communications at Jamk University of Applied Sciences.

Further information

Tero Kokkonen

Johtaja IT-instituutti, Director Institute of Information Technology
IT-Instituutti, Institute of Information Technology
Teknologia, School of Technology
+358504385317