Greater readiness repels cyber threats: VTT Technical Research Centre of Finland

Dec. 16, 2016 – Together with the National Emergency Supply Agency and the private sector, VTT Technical Research Centre of Finland says it has developed tailored solutions bringing “improved cybersecurity and disruption-free operations” to manufacturers. The results of the now ending KYBER-TEO project will make companies more able to ward off possible cyber threats.

A cybersecurity breach could easily cause millions of dollars of damage in terms of lost production alone. In addition, damaged equipment, environmental contamination and personal injuries could occur. At worst, the problem could affect the whole of society.

The VTT Technical Research Centre of Finland says the testing and project results of KYBER-TEO (2014–2016) have improved a manufacturer’s ability to purchase cyber-secure automation systems and develop its own concepts, instructions and practices for ensuring cybersecurity and operational continuity.

“In the case of every company, the cybersecurity of the tested systems was developed even further and in a better direction,” said principal scientist, Pasi Ahonen of VTT. “Hopefully, the companies have also learned how to identify information security vulnerabilities or gaps in their systems.”

For example, VTT’s closed Cyber War room helped participants to develop managed cybersecurity testing, as well as cyber training which they can pass onto customers. Such training includes exploring the attitudes of cyber attackers, and identifying and repulsing attacks.

The National Emergency Supply Agency, which is the main customer of the overall project, aims to develop cyber security for automation, particularly from the perspective of security of supply in Finland.

“Various types of automation are being implemented at an accelerating pace within a range of environments which are critical to security of supply, from manufacturing to transport and housing,” said Sauli Savisalo, a director at the National Emergency Supply Agency. “Broad-based development of the security of automation is critically important.”

The VTT Technical Research Centre of Finland suggests several best practices for manufacturers to protect themselves against cyber attacks:

• Greater awareness and training of employees in relation to cyber security;
• Clear internal guidelines and policies;
• Taking account of cyber security during the automation system procurement stage, by e.g. presenting the related requirements;
• Monitoring the status of the automation network;
• Defining and implementing secure remote-access concepts;
• Defining and implementing a secure network architecture; and
• Cyber security testing of automation systems (particularly system vendors).