National Cyber Security Exercise 2019 is over or is it?

Week 21 was the actual exercise week for the national cyber security exercise. The immense planning and implementation work led by the Secretary General of the Security Committee, Vesa Valtonen, culminated in the exercise week where the organisations of state administration practiced in a technical-operational cyber exercise survival in wide-ranging and multidimensional cyber incidents. Now it is time for the organizing party JYVSECTEC‘s persons in charge and participants in the exercise to heave a sigh of relief: it is over, well done we!

The actual exercise week is now over; however, now it is time to start the most important phase of all phases of a cyber security exercise: assessment, which is followed by an even more important phase: implementing the development needs as part of the operations and technology of the participating organisations.

JYVSECTEC specialists in charge of design and implementation of the exercise together with the exercise planners have started their detailed analysis of the exercise week. The primary goal is to find concrete development targets to benefit the participating organisations. The second goal, in particular for JYVSECTEC, is to find development targets for the different phases of the cyber exercise lifecycle also for the organisers of the exercise.

In a technical-functional exercise such as KYHA19, one must tip one’s hat for the technical specialists as they saved the organisations they represent, the partners is cooperation and probably the entire nation in a technically extremely demanding cyber operations. Not understating the responsibility of decision making of the leaders, the most demanding field of work is the entirety of the technical environment. Technology presents the most demanding part of cyber security and more precisely, protection against cyber threats and recovery from them. The technical virtuosos are persons whose concrete actions help to recover from an almost impossible situation. In the development of cyber knowledge, the technical staff should receive the most training; however, not forgetting the training of an organisation’s other operations and task roles.

Testing the cyber performance in a cyber practice indicates the current level of knowledge in an organisation and inevitably brings out the development needs concerning realistic exercise situations for technology, operations and instructions. An organisation’s cyber performance cannot be accomplished with one cyber exercise but a long-term development of knowledge, in which regular cyber exercises play one important role.

An idea workshop on the continuation of the KYHA exercise series was organised within the seventh national cyber exercise KYHA19 for the eminent guests including the Secretariat of the Government Preparedness Secretariat. It seems now that both exercises of year 2019 KYHA19 will be continued in 2020, i.e. JYVSECTEC will organize the national exercises: KYHA20 for the state government and KYHA20 for security authorities. In 2021, in addition to the national-level technical-operational exercises, the goal is to add a KYHA exercise for public healthcare.

We in JYVSECTEC hope that the work we have done, e.g. extensive national-level cyber exercises will encourage the organisations of state administration/public administration and all companies to develop their own cyber knowledge actively with steps suitable for each of them. The framework defined by the Security Strategy for Society and Finland’s Cyber Security Strategy contains all desirable requirements for all of us actors in cyber security.



Terho Rintanen Terho Rintanen

Key account manager at JYVSECTEC
Institute of Information Technology at JAMK University of Applied Sciences