News & Stories

A Normal Day in the Cyber World – Reflections on the TIETO24 Exercise

November 28, 2024

A busy workday is about to begin at the office when things start to happen.

The access control system provider uses code that is known to be vulnerable. The Cybersecurity Center informs about the situation in its cyber weather report. The provider shifts responsibility to its subcontractor who produced the code, and there seems to be no solution in sight. There are reports of unauthorized individuals in our facilities. Our Customer Manager’s home has been broken into, and company information has been stolen. Finland’s critical infrastructure has come under attack: there are issues with electricity and fuel distribution. Water supply has also been targeted for sabotage: water flow must be quickly stopped at the factory.

These are exemplary, fictional problems, each of which could also happen to any company.

Recently, I participated in the TIETO24 readiness exercise as a crisis management team member in a fictional company. TIETO24 is Finland’s largest cooperation and information exchange exercise for businesses and authorities in preparation for extensive hybrid, cyber, and informational disturbances. It involves practicing operations in various disruption situations and familiarizing oneself with cooperation alongside authorities.

What were the key takeaways?

Impact on the company’s operations

During a crisis, it’s important to pause and consider how each event impacts our own company’s operations. This helps establish priorities for all actions needed, and there is certainly plenty of work to do. If your company operates globally, you must also consider impacts from the perspective of the entire global organization right from the start.

Checklists

Each company must have prepared checklists for various situations that ensure necessary actions are taken in the correct order. When many events are occurring simultaneously, priorities can easily become blurred—something we noticed on just the second day of training.

Event Log

At the very beginning of the exercise, we implemented an event log where we recorded all observations and details about actions taken. As long as problems emerged gradually, managing them was smooth. However, when the crisis escalated and multiple situations were ongoing at different levels simultaneously, keeping this event log up to date proved invaluable.

Status Updates

Although event logs were diligently updated, it was also necessary to hold regular status updates where crisis team members gathered to review progress. This ensured that all members of the crisis team had an accurate situational awareness and could respond quickly if adjustments needed to be made.

Anticipation

Even before any problems arose, we had started planning and ensuring backup connections and systems for our fictional company’s critical operations. It can be said that every pre-planned scenario was utilized. When a situation occurs, we try to manage with what we have, and building backup systems often becomes impossible at that point. Budget constraints can easily come into play, so it’s important to focus on the systems that are most critical for the business when creating backups.

Communication is Key

The importance and role of communication were highlighted throughout the exercise. There is much information that needs conveying; communication must remain current while taking care of regulatory obligations regarding authorities as well as employees, customers, partners, and subcontractors—and still prepare for engagement with media too! When facing a truly significant crisis, sufficient resources must be allocated for communication efforts alone since regulatory obligations come with tight deadlines requiring considerable effort.

Overall, TIETO24 was a useful exercise that helps Finnish society and various organizations to prepare for crisis situations. Only in a real situation will we see how well we have prepared and how we manage challenging situations. That’s why it’s crucial to practice different scenarios together.

TIETO24 is part of the National Emergency Supply Agency’s Digital Security 2030 development program. Read more about TIETO24 exercise.

Päivi Korvenranta
Director, Information Management

Latest news & stories

Expat Experiences: Year End in Japan

Dec 20, 2024

Did you know that in Japan, people enjoy strawberry shortcake and fried chicken for Christmas?

How to promote an equal and respectful company culture

Dec 2, 2024

Murata Finland’s cultural etiquette consists of six practices that enhance employee satisfaction and customer satisfaction.

SemiSummer inspired towards a future career in the semiconductor field

Oct 14, 2024

My name is Emma Kemppinen, and I participated in the SemiSummer* internship program this past summer.

Would you like to work on these cutting-edge technologies?

See Open positions

We are part of Murata Group – a global leader in electronic components, modules, and solutions. Murata's technologies, products and solutions are used everywhere, contributing to a safer, healthier and more efficiently connected world.

Contact us
Murata Electronics Oy
Myllynkivenkuja 6
FI-01621 Vantaa

Tel:
+358 9 879 181

Designed & Powered by Jobylon