To content  

Security

  1. Information security
  2. Privacy protection
  3. Critical infrastructure protection
  4. European Network and Information Security Agency, ENISA

The Ministry of Transport and Communications is responsible for legislation and strategy development concerning information security in communications networks and services. Information security refers to the administrative and technical measures that ensure the confidentiality and integrity of information and the usability of systems.

The mission of information security policy is to ensure that the general public, businesses and government all have confidence in the security and privacy protection of services provided in the information society. The trust is based on, for example, user-friendly services, adequate privacy protection and genuine content.

The role of the Finnish Communications Regulatory Authority, FICORA, is to act as the national authority for information security.

1. Information security

A government resolution on the national information security strategy was adopted in December 2008. The strategy focuses on three priorities: basic skills in the ubiquitous information society, information risk management and process reliability and competitiveness and international network cooperation.

The action plan for the information society strategy was approved in November 2009. The plan included the launch of nine key projects that focus on new and topical information security issues and the improvement of existing operations and functions.

CERT-FI is the national information security agency within FICORA whose task is to prevent, detect and resolve information security infringements as well as providing information about information security threats.
  

2. Privacy protection

The Constitution of Finland guarantees the right to confidential communications. The secrecy of letters, telephone calls and other confidential messages is inviolable. No one is allowed to handle someone else’s message or identification information related to communications without permission. This also applies to messages transmitted in telecommunications networks and electronically stored messages that are protected from outsiders.

The Criminal Code prescribes a penalty for the violation of the secrecy of communications. The right to confidential communications, however, can be restricted if deemed necessary, for example, for investigating certain types of crimes.

The police have the right to intercept and monitor telecommunications when investigating certain petty offences related to communications. Authorities responding to emergency calls have the right to obtain information about the location of the caller and the person in distress.

Telecommunications companies and other organisations transmitting electronic messages in their networks need to access some information related to the messages in order to ensure delivery.

The Act on the Protection of Privacy in Electronic Communications prescribes the extent of the right to handle messages and access identification information when transmitting messages.

Data protection in electronic communications is monitored by the Finnish Communications Regulatory Authority (FICORA) and the Data Protection Ombudsman. The police are always responsible for preliminary criminal investigation.

FICORA monitors compliance with the Act on the Protection of Privacy in Electronic Communications and with rules and regulations based on the act.
  

3. Critical infrastructure protection

In critical infrastructure protection, the Ministry of Transport and Communications actively collaborates with security authorities, the Finnish Communications Regulatory Authority (FICORA), the National Emergency Supply Agency, communications companies and other authorities and businesses.

Nearly all critical functions of society depend on the information and communications infrastructure. State information systems also depend largely on the general communications infrastructure.

The functioning of critical infrastructures in the information society, as well as the security of information and communication systems and communication services, must be ensured in both normal and exceptional circumstances. The availability of services for citizens and the ability of companies to continue operating must also be ensured. 

The Strategy for Securing Functions Vital to Society determines five focus areas for further development: crisis management in state administration, prevention of environmental disasters, health protection, electronic information and communications systems and reliable supply of energy.

The strategy assigns the Ministry two tasks related to communications technology:

  • Ensuring the functioning of electronic information and communications systems
  • Supporting the building and maintenance of warning and alarm systems.  

4. European Network and Information Security Agency, ENISA

In Finland, operations related to ENISA fall within the administrative sector of the Ministry of Transport and Communications. The Ministry actively follows and participates in ENISA’s work. For Finland, ENISA is one channel through which information security issues can be exchanged and discussed.

ENISA was established in 2004, and its mandate continues until March 2012. ENISA is located in the city of Heraklion in Crete, Greece and employs 50 people from around Europe.

The agency assists member states and EU institutions in issues related to network and information security. It collects and analyses new data on information security. The aim of the agency is to promote a well-functioning internal market within the EU.

The Chair of Management Board of ENISA is Senior Adviser Mari Herranen from the Ministry of Transport and Communications.