Funds to be allocated to patch possible security gaps in state data systems

Foreign ownership of telecommunications companies cause for concern

print this

The state plans to invest millions of euros in upgrading the security of data networks of public administration. Contrary to some reports, there are no plans for a new, parallel data network.
      Secretary of State Risto Volanen said that a parallel network would cost many times more than patching the existing networks would.
      The government plans to budget EUR 197 million for improvements to the security of data networks of Finnish public administration. The Ministry of Defence is to be granted EUR 122.4 million for the purpose, and the Ministry of the Interior is to get EUR 74.6 million.
     
Volanen says that the aim is to increase security of the data networks “against all possible risks”.
      Risks range from electric failures to hostile attacks.
      Government security director Timo Härkönen said on Monday that one reason behind the project has been the foreign ownership of companies administering the networks, such as Sonera.
      “Naturally it is not a good situation, if there is a fixed link with a foreign operator. But of course it is not possible to end cooperation.”
     
Volanen emphasised that the state is already using several operators, servers, and networks. Improving security is only in the planning stages.
      Erka Koivunen, head of the data security unit of the Finnish Communications Regulatory Authority (FICORA), noted that just five years ago, if a network crashed, a tax office employee could simply take a file off a shelf and continue to work manually.
      It is no longer as easy as that, and the situation is the same on the private side as well.
     
Lieutenant Colonel Jukka-Pekka Virtanen, a Defence Forces liaison officer in FICORA, says that the security of data networks can be improved by using a variety of operators. This has already been done.
      Virtanen feels that setting up a completely separate network is not economically feasible. The public safety radio network VIRVE already exists. There is also a parallel network 2V, which was set up for emergency situations in the 1990s. It involves older technology and is not used much.
      Virtanen notes that critical data pools, such as population registers, need to be protected both physically and electronically. They need to be at least duplicated and dispersed.
     
The simplest improvements to data security involve measures such as putting stronger doors on cabinets containing network servers, as well as setting up emergency power sources.
      One of the more difficult risks with respect to data security is that the services are increasingly in the hands of numerous subcontractors, and not just the large operators.
      The Ministry of Defence sees managing such a dispersed production of services as a great challenge.
      Personnel responsible for data security need to be trained just to stay on top of the dispersed network of service providers, one Ministry of Defence expert told Helsingin Sanomat.


Previously in HS International Edition:
  Budget to earmark EUR 200 million for data security (4.8.2008)

Helsingin Sanomat