This article can also be found in the Premium Editorial Download:

The Finnish government is providing technical and financial support to an IT and cyber security initiative being run in partnership with the country’s municipal districts.

Over 200 of Finland’s 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. The project will share information on strengthening municipal IT systems against a broad range of malicious attacks from the cyber domain.

The LGACT, which ran a major multi-agency joint exercise in November, will also serve as a collaborative platform and professional skills hub to test cyber risk-related predictive software. Moreover, the LGACT will cooperate with the state’s leading cyber and national security organisations to develop a range of defensive and offensive tools that reduce risk exposure to next-generation threats and attacks from cyber space.

The November cyber exercise saw the LGACT collaborate with the National Cyber Security Centre (NCSC), The Association of Finnish Local and Regional Authorities (Kuntaliitto), The Population Register Centre of Finland (PRCF/Väestörekisterikeskus) and the state IT security agency VAHTI (Valtionhallinnon Tieto- ja Kyberturvallisuuden Johtoryhmä) to run the Taisto-19 (Battle-19) cyber security exercises.

As part of the Taisto-19 drill, the coordinating agency, PRCF, assumed the role of “bad actor” to launch a hostile simulated ransomware-style attack against municipalities’ IT networks. The “hacker” demanded payment in bitcoin by a defined date and issued a ransom demand threatening to infect primary IT networks with malicious malware. The “hacker” warned it would unleash “highly destructive malware” created to cause irreversible systems failure at a significant financial cost to the local government authorities.

“Exercises like Taisto 19 are becoming increasingly relevant in a world where cyber attacks against government IT networks are more common,” said Kimmo Rousku, the director general of VAHTI. “We are seeing enthusiasm from municipalities to apply what they learn in these cyber defence exercises. The goal is to improve the security of IT networks and core operating systems.”

Operating as a department of the Ministry of Finance, VAHTI is the Finnish state’s chief government information and cyber security steering group.

VAHTI’s elevated role since 2018 has seen the agency become more engaged in projects to support the integration of information and cyber security, ICT preparedness, administrative operations, management and performance management. In the cyber security sphere, the expertise being provided by VAHTI embraces a higher focus on cryptocurrency ransomware-type threats.

Response to real attacks The Taisto-19 exercise took place against the backdrop of the high-profile cyber attack against the city of Lahti in June. The malware attack infected and compromised over 1,000 computer workstations across the public authority’s health, public utilities, education and administrative services departments. “We are seeing enthusiasm from municipalities to apply what they learn in these cyber defence exercises. The goal is to improve the security of IT networks and core operating systems” Kimmo Rousku, VAHTI The cyber attack against Lahti, which is being investigated by Finland’s National Bureau of Investigations (NBI) in cooperation with the NCSC, has resulted in a broader probe to ascertain the actual scale of attacks by cyber domain bad actors against public services websites and IT infrastructure in 2019. The NBI itself, along with other public bodies, became the target of a more general distributed denial-of-service (DDoS) cyber attack on 21 August. The force of the DDoS attack, by unidentified hackers, caused widespread server functionality failures that, in some cases, disrupted normal service on targeted websites for over two days. The NCSC and the NBI have also rolled out a new cyber security initiative to deepen their professional collaboration with organisations across the public and private sectors. The criminal purpose, and growing sophistication, of new cyber threats presents significant challenges for both the state and the private sectors in protecting critical IT infrastructure, said Antti Pelttari, the head of the Finnish national security intelligence service, SUPO. “The extreme threat is that critical infrastructure could end up in the control of a state conducting active cyber espionage. Likewise, cyber influencing constitutes a threat to national security. Steps to secure IT networks and IT critical infrastructure must take account of measures to protect the integrity of 5G-related projects and investments in future 5G networks,” said Pelttari.