The TIETO22 exercise is the largest joint cybersecurity exercise organised for Finnish companies and authorities. The exercise serves as a form of sparring, allowing companies to develop their continuity management, preparedness and crisis communications in the context of cybersecurity and strengthening the resilience of several industries against cyberattacks.
The aim is to provide an opportunity for critical infrastructure providers to practice the management of cybersecurity incidents and for authorities to practice the provision of support aimed at restoring the operating capability of companies. The exercise is a scenario-based, strategic-level exercise consisting of three parts.
This time, the exercise will include participants from numerous sectors and, of course, all key Finnish service providers from the telecommunications, ICT, security and media sectors. Also participating in the exercise will be the authorities governing said sectors, the National Emergency Supply Agency, the National Cyber Security Centre of the Finnish Transport and Communications Agency Traficom, the Finnish Defence Forces, the Finnish Broadcasting Company Yle, the police and many others.
Critical infrastructure and public communications are dependent on the companies responsible for providing these services and their information systems. Large-scale cybersecurity incidents compromise society’s ability to function and can even endanger the safety of individual citizens. Preparing digital society for threats and managing cybersecurity incidents require close and seamless cooperation between companies, their customers, partners and authorities.
Exercises support companies’ continuity management and preparedness and develop contract-based cooperation
The goals of the exercise include developing cooperation-based operating culture and cooperation models and identifying concrete cybersecurity development needs, which will be taken into account in everyday practices via the National Emergency Supply Agency’s digital security development programme, for example.
Finland’s strength lies in the expertise of critical infrastructure providers and the capacity of Finnish authorities to strengthen the operating capabilities of companies in the event of a crisis with the help of observational data, operating instructions and expert support, for example. Working together allows us to identify major disruptions faster and form an overview of challenging circumstances more quickly. These efforts, in turn, contribute to our ability to mitigate the impacts of disruptions and restore normal operation. Close cooperation also facilitates the efficient allocation of the support provided by authorities in the event of large-scale disruptions affecting multiple companies.
The exercise is organised by the National Emergency Supply Agency, with practical arrangements handled by the National Emergency Supply Organisation’s Digital Pool in collaboration with the National Cyber Security Centre of the Finnish Transport and Communications Agency Traficom. The TIETO22 exercise is the latest in a long line of Finnish cybersecurity exercises that have been organised regularly every other year in various forms since the late 1970s.
The events of the exercise:
- Opening event 17 February 2022
- Phase 1 Training day 16 March 2022
- Phase 2 Training days 17–19 May 2022
- Phase 3 Orientation day 18 August 2022
- Phase 3 and the exercise’s Intensive phase/Game 20–22 September 2022
- Phase 4 Debrief day 9 November 2022
- Phase 4 Follow-up seminar 20 September 2023
The figure below shows the timeline of events of the TIETO22 exercise: