Information security and disruption-free function
- General
- Information security
- Privacy protection
- Critical infrastructure protection
- European Network and Information Security Agency, ENISA
1. General
The Ministry of Transport and Communications is responsible for legislation and strategy development concerning information security in communications networks and services. Information security refers to the administrative and technical measures that ensure the confidentiality and integrity of information and the usability of systems.
The mission of information security policy is to ensure that the general public, businesses and government all have confidence in the security and privacy protection of services provided in the information society. The trust is based on aspects such as user-friendliness, adequate privacy protection and genuine content.
The Finnish Communications Regulatory Authority, FICORA, acts as the national authority for information security.
2. Information security
A Government resolution on the national information security strategy was adopted in December 2008. The Strategy focuses on three priorities: basic skills in the ubiquitous information society; information risk management and process reliability; and competitiveness and international network cooperation.
The action plan for the information society strategy was approved in November 2009. The plan included the launch of nine key projects that focus on new and topical information security issues and the improvement of existing operations and functions.
CERT-FI is the national information security agency operating as part of FICORA whose task is to prevent, detect and resolve information security violations and to provide information about information security threats.
3. Privacy protection
The Constitution of Finland guarantees the right to confidential communications. The secrecy of letters, telephone calls and other confidential messages is inviolable. No one is allowed to handle someone else's message or identification data related to communications without permission. This also applies to messages transmitted in telecommunications networks and electronically stored messages that are protected from external parties.
The Criminal Code prescribes a penalty for the violation of the secrecy of communications. The right to confidential communications, however, can be restricted if deemed necessary, for example, for investigating certain types of crimes.
The police have the right to intercept and monitor telecommunications when investigating certain offences related to communications. Authorities responding to emergency calls have the right to obtain information about the location of the caller and the person in distress.
Telecommunications companies and other organisations transmitting electronic messages in their networks need to access some information related to the messages in order to ensure delivery.
The Act on the Protection of Privacy in Electronic Communications prescribes the extent of the right to handle messages and access identification data when transmitting messages.
Data protection in electronic communications is monitored by the Finnish Communications Regulatory Authority (FICORA) and the Data Protection Ombudsman. The police are always responsible for preliminary criminal investigation.
FICORA monitors compliance with the Act on the Protection of Privacy in Electronic Communications and with rules and regulations issued under the Act.
4. Critical infrastructure protection
In critical infrastructure protection, the Ministry of Transport and Communications actively collaborates with security authorities, the Finnish Communications Regulatory Authority (FICORA), the National Emergency Supply Agency, communications companies and other authorities and businesses.
Nearly all functions vital to society depend on the information and communications infrastructure. State information systems also depend largely on the general communications infrastructure.
The functioning of critical infrastructures in the information society, as well as the security of information and communication systems and communication services, must be assured in both normal and exceptional circumstances. The availability of services for citizens and the ability of companies to continue operating must also be assured.
The Strategy for Securing Functions Vital to Society has defined five focus areas: crisis management in state administration, prevention and control of serious environmental disasters, health protection, electronic information and communications systems and reliable supply of energy.
The strategy assigns the Ministry two tasks related to communications technology. The Ministry is to:
- ensure the functioning of electronic information and communications systems
- support the building and maintenance of warning and alarm systems
5. European Network and Information Security Agency, ENISA
In Finland, operations related to ENISA fall within the
administrative branch of the Ministry of Transport and
Communications. The Ministry actively follows and participates in
ENISA's work. For Finland, ENISA is one channel through which
information security issues can be exchanged and discussed.
ENISA was founded in 2004. It is located in the city of Heraklion
in Crete, Greece and employs some 50 people from around Europe.
The Agency assists Member States and EU institutions in issues related to information security. It collects and analyses new data on information security. The aim of the agency is to promote a well-functioning internal market within the EU.