More topical than ever – Clear need for joint Nordic–Estonian training in case of cybersecurity incidents
“The scale of the TIETO22 exercise was a surprise for me. A lot of effort had been put into planning the exercise, there were a lot of participants from all the critical areas of society. The participants also study each situation carefully. It, alone, was great to see how events in the real world are represented in the intensive exercise. After all, exercises are always a simulation of reality, and this truly was a success here,” says Raimo Peterson, Head of Critical Infrastructure Protection at Estonian Information System Authority.
Peterson has decades of experience in different cybersecurity incident detection exercises in various organisations. The TIETO22 exercise and visiting the venue occurred at a good time, as the Estonians will organise their own cybersecurity incident exercise a few weeks after the Finnish exercise.
“We have a smaller scale, but the Estonian Information System Authority, Government IT Providers and the Cyber Defence Unit of the Estonian Defence League are all involved. It has been interesting to see the cooperation between the different groups. We received good tips for our own exercise,” Peterson continues.
Peterson also found the involvement of the media in the exercise interesting.
“It made the scenario realistic. The media is still missing from our exercise, but it needs to be included next time.”
Raimo Peterson was surprised at the scale of the intensive phase of the TIETO22 exercise.
The TIETO22 exercise is the largest joint exercise between authorities and companies in Finland. Its three-day intensive phase brought together nearly 500 people, 165 organisations and 17 industries in late September. The biennial exercise provides training for large-scale cybersecurity incidents.
Preparedness is developed through cooperation
Unlike the Estonians, participants from Sweden were involved in the TIETO22 intensive phase both locally in Helsinki and remotely from Sweden. Andreas Rappe, Head of CERT-SE, at the Swedish Civil Contingencies Agency led his three-person White Team, which represented the authorities and central government in the exercise. They gave their Blue Team colleagues in Sweden feeds about fictitious cybersecurity incidents.
According to Rappe, participation in the joint exercise is important because there are many similar demanding situations in Finland and Sweden and a lot cooperation takes place already.
“In order to deal effectively with different vulnerabilities and threats, we need to have the capacity to solve them together. And not only between Finland and Sweden, but the other Nordic countries and Estonia. The exercises are a great opportunity to develop cooperation and to see where there is still room for improvement. Exchanging experiences on how to handle and resolve different incidents is very valuable when developing our preparedness,” Rappe says.
Peterson would also like to see Estonians participating in exercises with their neighbours.
“The exchange of information is not bound by national borders. We already have a lot of cooperation. It is only natural that we are also involved in TIETO22-type exercises.”
Raimo Peterson, Head of Critical Infrastructure Protection at Estonian Information System Authority, (left) and Andreas Rappe, Head of CERT-SE, are delighted with the strengthening of existing contacts and the new contacts established in the intensive phase of the TIETO22 exercise.
Exchange of information and direct contacts are valuable
Swedes and Estonians, alike, feel that we have a lot to learn from each other. Although the problems are similar in nature, they are always seen from a national perspective.
“Protecting critical infrastructure is carried out in each country in its own way. Discussing these ways is fruitful and particularly natural in these types of events,” Peterson says.
TIETO22 has helped to establish and develop valuable direct contacts.
“As part of the Blue Team, we were able to discuss different scenarios together with other participants. In addition, as part of the White Team, we have been able to see the structure of the exercise and how it is coordinated from the inside. All in all, the contacts have been more intense than in normal daily work,” says Rappe.
According to Rappe, the cooperation will continue in various exercises as well as in other development work.
“We are currently planning the next NISÖ (National Information Security Exercise), which will be similar to the TIETO22 exercise. Together with our colleagues, we will work out how other countries can also participate,” says Rappe.
“One of the great things about TIETO22 is the new contacts. Even though we were just visiting this time, we have already established valuable contacts. We know who to contact in different matters. Cooperation is smoother if you have already met the other party. It is a huge advantage in the event of an acute situation,” Peterson says.
Rebecca Karlsson, Andreas Rappe and Katja von Bahr participated in the intensive phase of the TIETO22 exercise in Finland and collaborated with their colleagues in Sweden.
The organisation of the TIETO22 exercise is carried out by the Digipool of the National Emergency Supply Organisation in cooperation with the National Cyber Security Centre Finland of the Finnish Transport and Communications Agency Traficom. The National Emergency Supply Agency is responsible for coordinating the exercise. Joint exercises have been organised in various forms every two years since the end of the 1980s.
Text: Leena Filpus, Photos: Meeri Utti