Strength of information security lies in cooperationPublished 09.11.2012 HAVARO, an alert and detection system FICORA has created in partnership with the National Emergency Supply Agency, was released at the CIP information security seminar. The first experiences from the system have been positive and have proved that the traditional controls are not always sufficient in the prevention and detection of malware.
The annual CIP seminar was held by FICORA and the National Emergency Supply Agency on 29 October 2012 at the House of Estates in Helsinki. In addition to the HAVARO system, cooperation at several levels was the key theme of the seminar. In their opening speeches, FICORA's Asta Sihvonen-Punkka and Ilkka Kananen of the National Emergency Supply Agency stressed the importance of public-private cooperation, but also called for internal discussion and networking among the players.
Howard A. Schmidt, the seminar's key speaker and ex-Cyber-Security Coordinator of the Obama Administration, acknowledged Finland's active role and well-organised model in the development of information security. Schmidt anchored the discussion around national and international cooperation, stressing the ability to detect information security incidents at the national level. He reminded that prevention is cheaper than cure. High-quality information security is not just combating attacks, but involves careful preparation, too.
As a response to the development needs in the sector, the alert and detection system HAVARO was released at the seminar. The system integrated with the CERT-FI information security operations has been introduced and is currently open for new clients critical to the security of supply. Examples of companies critical to the security of supply are companies or places of business with special relevance for the society's fundamental activities and sufficient contingency preparation.
It is optional to join the HAVARO system, but joining brings many significant benefits to companies. The information on situation awareness provided by the system increases understanding about the company's own and general state of information security. The system produces information which makes it also possible to alert other players about a detected threat and develop better means of detection. Clients can determine what sort of data the system processes and the ownership of the data remains with the company itself, in its own devices. HAVARO does not compete with commercial players or replace any other information security solutions. The participating companies are responsible for the costs of equipment needed for their own network.
The system monitors information security incidents only, it is incapable of monitoring the communication of individual users. The handling of data in HAVARO is regulated by legislation and in agreements between users. Although the system has been released publicly, the list of players who have joined will be kept secret.
In addition to HAVARO, the seminar presented the progress of the national security auditing criteria (KATAKRI). In his speech, Ari Evwaraye of the Ministry of the Interior addressed the general user policy of KATAKRI and the preparation of the forthcoming upgrade.
For the public parts of the seminar presentations, go to CERT-FI's website at http://www.cert.fi/esitykset/2012/cip-seminaari2012.html.