TIETO22 is approaching – learn all about it!

23.1.2022 klo 16.14

TIETO22 is a large-scale cybersecurity exercise to be carried out during 2022, the aim of which is to develop participants’ preparedness (and business continuity planning) for cybersecurity incidents and especially cooperation between companies and authorities. TIETO exercises are organised every other year by the National Emergency Supply Organisation’s Digipool.

TIETO exercises have been held in the traditional TIETO exercise setting every other year since the late 1970s. TIETO20 was the first so-called hybrid exercise, in which the persons participating in the intensive phase of the exercise were connected to the game platform from their offices or homes using remote solutions.

TIETO22 will be largely similar to TIETO20 in terms of its structure. In spring 2022, those participating in the exercise will be provided with a hefty dose of theory in the areas of cyber and information security. The training has also been expanded to extensively cover different forms of broad-spectrum influencing. The exercise will culminate in a three-day intensive exercise (Role Playing Game) to be carried out in late September, in which participants will get to test their skills in a separate game environment and a scenario involving Finland becoming the target of broad-spectrum influencing.

This year, the main theme of the exercise and the intensive phase will be the financial sector, though the events depicted in the exercise have extensive impacts on our society as a whole. The simulation of the impacts of broad-spectrum influencing on society is always topical. The key aspects of the exercise will include understanding public-private partnership (PPP) and related operations and providing practical advice to participants.

Preparedness is generally based on identifying the interests of the organisation that need to be protected and defining potential threats to them. The TIETO22 exercise also highlights the identification of the criticality of supply and service chains as one of the key interests of organisations that need to be protected. These efforts can help raise situational awareness in preparedness management to a whole new level.

In practice, those participating in the intensive phase of the exercise will be assigned to the Crisis Management Teams (CMTs) of the game’s virtual companies. Each participant will be assigned specific tasks within their company’s CMT, such as communication, legal functions, managing the cooperation network or maintaining a situational picture of the unfolding crisis, for example. CMT operations offer a unique opportunity to practice operation and management during the effects of a severe society-wide security incident, giving participants a chance to test and further develop their own organisations’ crisis management processes.

Add the EU’s upcoming CER and NIS2 directives into the mix and we have the makings of what is sure to be an exciting and interesting cybersecurity exercise on our hands. All that is left is to bring everything to a boil, which will be up to you – the people participating in the exercise!

See you there!