Information about science based innovations, solid facts to support decision-making, performance and business development for VTT’s partners, customers and anyone interested in high technology and its applications.
A magazine on science, technology and business

​​​

Advancing cyber security on several fronts

Matti Välimäki | 31.12.2014

​VTT is conducting extensive and versatile research and development related to cyber and information security. The KYBER-TEO project entity serves specifically industrial needs.

The same basic principle applies to cyber and information security as security in general, points out Veikko Rouhianen, Research Professor at VTT,  where his area of speciality is risk management and security. 

– One can get quite far simply by using common sense, understanding the risks, and behaving accordingly. No system will help you, if you do not use it. Information security is not the responsibility of a company’s ICT personnel only, but everyone has to observe it in their daily activities.

On construction sites, it is already a normal practice that everyone wears a helmet. Similarly, it should be totally clear that security-sensitive information is not sent by e-mail, for example. 

– A minimum requirement is an encrypted e-mail connection. The good old paper is also a surprisingly good alternative.

In addition, people should be aware of, for example, which information is security-sensitive and which is not.  

What makes the situation more complicated is the fact that when innocent-looking pieces of data are brought together, the final outcome may reveal too much.

– In such matters, we should revise our attitudes. For instance, in social media, people disclose matters they would better leave untold.

– When basic thinking related to information security is in order, it is a good point to start developing the systems in other respects as well, underscores Rouhiainen.


 

Strategic research and assignments

The distinction between cyber and information security is becoming obscure, and today these two terms are largely used as synonyms. In principle, though, cyber security is a sub-area of information security, aiming at ensuring the security of critical functions for society. The terminology is changing rapidly, however, and no unambiguous definitions have been established.  

VTT collaborates with companies and various organisations in research and development related to cyber and information security – and also performs different assignments related to these matters. 

Reijo Savola, Principal Scientist, cyber security, says that typical assignments include different information security analyses, assessments and testing. VTT also performs, for example, risk analyses and, on the basis of these, assesses system architectures and their implementation.

VTT is internationally known for its research related to information security indicators.  

– The basic idea of information security indicators is the establishment of as good a situation awareness image of information security as possible, which helps decision-making at all organisational levels. The information needed by the strategic, operative and technical levels is provided in exactly the same language they use.

The indicators make it possible to report, for instance, to the company’s management group the information security data needed by it in an easy-to-understand visual format. The key matters that have emerged in the risk analysis can be described, for example, by using a traffic light style visualisation.

– The idea is also that the necessary data is passed along throughout the various phases of risk analyses and the product and service develop­ment linked with it.

Adaptive information security is another spearhead area of VTT operations that is partly related to these indicators.

– If, for example, a certain monitoring system is used both in a hospital environment and at home, it is rational that the identification needed to access the system adapts according to the situation. In practice, this means that in a closed hospital environment or, for example, an ambulance, access to the system is easier, but elsewhere the access control is stricter. It is not sensible to require too much information, if it is not really needed.

Savola points out that adaptive features make the system lighter and easier to use.

– The role of this type of adaptive systems is also becoming more and more emphasised all the time, as IoT, the Internet of Things, becomes more common. Various types of devices we use in our everyday lives are constantly linked with each other, exchange information with each other, and travel from place to place.


 

The whole arsenal in use in the Cyber War Room

Reijo Savola is especially proud of VTT’s new Cyber War Room – a miniature-scale internet, isolated from the rest of the world, where different kinds of test attacks can be made. He estimates that, in the future, attack competence will be an important skill for cyber security professionals, to ensure the best possible expertise for defence against criminals.

– The legislation alone prohibits making this kind of cyber attacks in the open Internet, where different malware can spread. In the Cyber War Room, we do not need to rely on simulation, but we can freely use the entire attack arsenal available to us, and test the defence capabilities of different systems. This will serve both our customer companies and our strategic research.

VTT also operates in the Finnish Information Security Cluster (FISC, www.fisc.fi), involving companies that specialise in information security solutions.

– At the moment, even the big Finnish information actors are small in global scale. Still, we have a lot of expertise in this sector in Finland. In the FISC network, the idea is to enhance co-operation and to collectively gain access to larger projects and challenges, and to consider development trends at a strategic level.

And, as we are discussing cyber and information security, the work is never done. Technology and the threats related to that evolve all the time. Someone is always developing new methods of hacking into systems.

– This combat is somewhat disproportionate. We have to be prepared for any kind of threat scenarios all the time, to be relatively good at everything. Criminals, on the other hand, can focus on developing only one cyber weapon of their choice at a time; they do not need to prepare themselves across the whole front, says Savola describing the situation.


Development of industrial cyber security

VTT has been working several years for the development of industrial cyber security in several projects. 

Senior Scientist Pasi Ahonen mentions as one example of the achievements among the projects targeted at the industry the common requirements for vendors, which supports the management of automation system vendors’ information security. By applying it, an industrial company will have its various system suppliers, devices and solutions function in accordance with its own information security concept. 

VTT has also produced, for example, information security instructions for factory environment, in other words, basic rules on what every employee, from plant cleaner to automation engineer, needs to know about information security.

At the moment, Ahonen heads a three-year KYBER-TEO project entity (2014–2016), with an aim to develop cyber security services and practical implementation of information security solutions and practices in the industrial sector. The main sponsor of the project entity is the National Emergency Supply Agency.

– The idea is to develop and test cyber security services in the participating companies with a view to ensuring production and continuity. In bilateral cases, the confidential results are naturally revealed only to the organisation involved. At the same time, however, general information is also generated, which can be shared for everyone to use, also outside the projects. 


 

Sharing experience

The kyber-teo consists of three work packages:­ cyber protection practices and mappings, practical implementation of cyber security in domestic production, and monitoring services of production automation network.

– We also provide a forum for exchange of information and peer support. Companies can, for example, compare what functions well and what doesn’t.

One of the problems in the development of cyber security is that very little information about production stoppages caused by, for example, viruses is made public. 

– It is important to develop a more closed sharing of information system on the subject, so that people are aware of, for example, any active attacks. This will also make preparation for fending off such threats easier.

In addition to the National Emergency Supply Agency, the other customers involved in the KYBER-TEO project includes Metso Automation, Neste Oil, Outotec, Turun seudun puhdistamo, and, from the service sector, Nixu, nSense, Prosys and Nordic LAN & WAN Communication Oy.

– There is room for new companies, as we are only going through the first year of the project, hints Pasi Ahonen.​


 

 

 

Impulsehttp://www.vttresearch.com/ImpulseImpulse
Risk management in an increasingly complex worldhttp://www.vttresearch.com/Impulse/Pages/Risk-management-in-an-increasingly-complex-world.aspxRisk management in an increasingly complex world
Impulse 1/2014http://www.vttresearch.com/Impulse/Pages/Impulse-1-2014.aspxImpulse 1/2014
Business angel speaks out: Growth from the international arenahttp://www.vttresearch.com/Impulse/Pages/Business-angel-speaks-out-Growth-from-the-international-arena.aspxBusiness angel speaks out: Growth from the international arena
Challenges conceal opportunitieshttp://www.vttresearch.com/Impulse/Pages/Challenges-conceal-opportunities.aspxChallenges conceal opportunities
Cyber security requires more than just technological competenceshttp://www.vttresearch.com/Impulse/Pages/Cyber-security-requires-more-than-just-technological-competences.aspxCyber security requires more than just technological competences
Defence Forces seek a head starthttp://www.vttresearch.com/Impulse/Pages/Defence-Forces-seek-a-head-start.aspxDefence Forces seek a head start
Health benefits and efficiency without sacrificing food qualityhttp://www.vttresearch.com/Impulse/Pages/Health-benefits-and-efficiency-without-sacrificing-food-quality.aspxHealth benefits and efficiency without sacrificing food quality
VTT Impulsehttp://www.vttresearch.com/Impulse/Pages/MainPage.aspxVTT Impulse
Jari Gustafsson: Old and new workhorses as recession beatershttp://www.vttresearch.com/Impulse/Pages/Old-and-new-workhorses-as-recession-beaters.aspxJari Gustafsson: Old and new workhorses as recession beaters
The creative force of change managementhttp://www.vttresearch.com/Impulse/Pages/The-creative-force-of-change-management.aspxThe creative force of change management
Automation gives packages wingshttp://www.vttresearch.com/Impulse/Pages/Automation-gives-packages-wings.aspxAutomation gives packages wings
Modelling and simulation facilitateshttp://www.vttresearch.com/Impulse/Pages/Modelling-and-simulation-facilitates.aspxModelling and simulation facilitates
Impulse 2/2017http://www.vttresearch.com/Impulse/Pages/Impulse-2-2017.aspxImpulse 2/2017
Impulse 1/2015http://www.vttresearch.com/Impulse/Pages/Impulse-1-2015.aspxImpulse 1/2015
Impulse 2/2014http://www.vttresearch.com/Impulse/Pages/Impulse-2-2014.aspxImpulse 2/2014
Impulse 2/2016http://www.vttresearch.com/Impulse/Pages/Impulse-2-2016.aspxImpulse 2/2016
Impulse 1/2016http://www.vttresearch.com/Impulse/Pages/Impulse-1-2016.aspxImpulse 1/2016
Impulse 2/2015http://www.vttresearch.com/Impulse/Pages/Impulse-2-2015.aspxImpulse 2/2015
Impulse 1/2017http://www.vttresearch.com/Impulse/Pages/Impulse-1-2017.aspxImpulse 1/2017
Before information gets lost in numbershttp://www.vttresearch.com/Impulse/Pages/Before-information-gets-lost-in-numbers.aspxBefore information gets lost in numbers
Petri Kalliokoski: Artificial intelligence moves from words to deedshttp://www.vttresearch.com/Impulse/Pages/Petri-Kalliokoski-Artificial-intelligence-moves-from-words-to-deeds.aspxPetri Kalliokoski: Artificial intelligence moves from words to deeds
Ambassadors of service-mindednesshttp://www.vttresearch.com/Impulse/Pages/Ambassadors-of-service-mindedness.aspxAmbassadors of service-mindedness
Brazil paves the way for bioenergyhttp://www.vttresearch.com/Impulse/Pages/Brazil-paves-the-way-for-bioenergy.aspxBrazil paves the way for bioenergy
The rise of robotic carshttp://www.vttresearch.com/Impulse/Pages/The-rise-of-robotic-cars.aspxThe rise of robotic cars
Demand for energy storage is growing rapidlyhttp://www.vttresearch.com/Impulse/Pages/Demand-for-energy-storage-is-growing-rapidly.aspxDemand for energy storage is growing rapidly
What's going on in Australia?http://www.vttresearch.com/Impulse/Pages/Whats-going-on-in-Australia.aspxWhat's going on in Australia?
Looking through their eyeshttp://www.vttresearch.com/Impulse/Pages/Looking-through-their-eyes.aspxLooking through their eyes
Maintenance support for astronautshttp://www.vttresearch.com/Impulse/Pages/Maintenance-support-for-astronauts.aspxMaintenance support for astronauts
Cell screening leads to new cancer treatmentshttp://www.vttresearch.com/Impulse/Pages/Cell-screening-leads-to-new-cancer-treatments.aspxCell screening leads to new cancer treatments
Same old routine for the next 100 yearshttp://www.vttresearch.com/Impulse/Pages/Same-old-routine-for-the-next-100-years.aspxSame old routine for the next 100 years
Food in transitionhttp://www.vttresearch.com/Impulse/Pages/Food-in-transition.aspxFood in transition
By measuring you can improvehttp://www.vttresearch.com/Impulse/Pages/By-measuring-you-can-improve.aspxBy measuring you can improve
All sights on generationhttp://www.vttresearch.com/Impulse/Pages/All-sights-on-generation.aspxAll sights on generation
Better beer based on long-term researchhttp://www.vttresearch.com/Impulse/Pages/Better-beer-based-on-long-term-research.aspxBetter beer based on long-term research
Comfy but energy efficient homeshttp://www.vttresearch.com/Impulse/Pages/Comfy-but-energy-efficient-homes.aspxComfy but energy efficient homes
Designers needed in printed technologyhttp://www.vttresearch.com/Impulse/Pages/Designers-needed-in-printed-technology.aspxDesigners needed in printed technology
Finnish expertise for solving global problemshttp://www.vttresearch.com/Impulse/Pages/Finnish-expertise-for-solving-global-problems.aspxFinnish expertise for solving global problems
From ideas to major innovationshttp://www.vttresearch.com/Impulse/Pages/From-drawing-board-to-major-innovation.aspxFrom ideas to major innovations
Intelligence for machineshttp://www.vttresearch.com/Impulse/Pages/Intelligence-for-machines.aspxIntelligence for machines
It is the duty of entrepreneurs to seek growthhttp://www.vttresearch.com/Impulse/Pages/It-is-the-duty-of-entrepreneurs-to-seek-growth.aspxIt is the duty of entrepreneurs to seek growth
The creators of the future get down to businesshttp://www.vttresearch.com/Impulse/Pages/The-creators-of-the-future-get-down-to-business.aspxThe creators of the future get down to business
World in 2030 - answers to tomorrow’s questionshttp://www.vttresearch.com/Impulse/Pages/World-in-2030-answers-to-tomorrows-questions.aspxWorld in 2030 - answers to tomorrow’s questions
New power for the electronics industryhttp://www.vttresearch.com/Impulse/Pages/New-power-for-the-electronics-industry.aspxNew power for the electronics industry
Intelligent transport – a trump card for Finnish exportshttp://www.vttresearch.com/Impulse/Pages/Intelligent-transport-a-trump-card-for-Finnish-exports.aspxIntelligent transport – a trump card for Finnish exports
Advancing cyber security on several frontshttp://www.vttresearch.com/Impulse/Pages/Advancing-cyber-security-on-several-fronts.aspxAdvancing cyber security on several fronts
Salofa creates rapid tests for monitoring health and the environmenthttp://www.vttresearch.com/Impulse/Pages/Salofa-creates-rapid-tests-for-monitoring-health-and-the-environment.aspxSalofa creates rapid tests for monitoring health and the environment
Finland is good investmenthttp://www.vttresearch.com/Impulse/Pages/Finland-is-good-investment.aspxFinland is good investment
The perfect pilot environment for Arctic solutionshttp://www.vttresearch.com/Impulse/Pages/The-perfect-pilot-environment-for-Arctic-solutions.aspxThe perfect pilot environment for Arctic solutions
Pilot plants forge innovative ideas into business activitieshttp://www.vttresearch.com/Impulse/Pages/Pilot-plants-forge-innovative-ideas-into-business-activities.aspxPilot plants forge innovative ideas into business activities

CONTACT US

P.O. Box 1000, FI-02044 VTT, Finland
Tel. exchange +358 20 722 111
Opening hours Mon - Fri 8:00 - 16:30,
UTC +2 time zone

CUSTOMER SERVICE

info@vtt.fi
Tel. +358 20 722 7070
Opening hours Mon - Fri 9:00 - 11:00 and 12:00 - 15:00,
UTC +2 time zone