Telecommunications operators' security procedures regarding SIM cards at a good level in Finland
FICORA has investigated how Finnish telecommunications operators handle SIM and UICC cards used in mobile networks and related encryption keys. On 20 February 2015, FICORA sent a clarification request of the matter to the mobile network operators in Finland.
On the basis of the replies received from the operators by 25 February 2015, it can be stated that the handling processes of SIM and UICC cards and related encryption keys are at a good level at the Finnish mobile network operators. However, details of the procedures vary among the operators and require further investigations.
FICORA estimates whether it is necessary to investigate the procedures of key management processes and central technical security controls related to the processes by making technical regulations or guidelines.
It should be noted that the article published on news website The Intercept about the subject does not mention facts indicating that specifically Finnish telecommunications operators' key material related to SIM cards would have been exposed to intelligence authorities. Investigations concerning the matter continue.
In the current security environment, the protection of communications is in central position. Technical development of the sector should be followed actively. It is necessary to ensure that the best available information security procedures are used in Finnish communications networks.
Antti Kiuru, Head of Coordination Centre, National Cyber Security Centre at FICORA, tel. +358 295 390 559