SECURITY OF DIGITAL SUPPLY
Society’s ability to function during disruptions
Security of supply means the ability to ensure the continuity of critical operations despite disruptions.
Definition
What security of supply means
Security of supply means the ability to maintain the economic functions of society that are essential for safeguarding people’s living conditions, the functioning and security of society, and the material prerequisites for national defence during serious disruptions and emergency conditions.
Security of supply is built on functioning markets and a competitive economy. Society prepares to maintain its basic economic and technical functions in various disruptions and emergency conditions through security-of-supply measures that complement market-based activities (Finland’s Cyber Security Strategy – background memorandum, 2019)
Safeguarding security of supply
The National Emergency Supply Agency is an agency under the Ministry of Economic Affairs and Employment. It is responsible for planning and operational activities related to maintaining and developing Finland’s security of supply. The agency’s activities are based on the Act on the Measures Necessary to Secure Security of Supply. Under the Act, the Government has confirmed concrete objectives for security of supply (Government Decision 539/2008), defining the priority areas of security of supply and quantitative targets for security stockpiling and other measures. Today, the focus is on ensuring the operation of technical systems. Particular attention is paid to society’s critical information systems.
Huoltovarmuusdata Oy’s task is to implement the objectives set for security of supply, as defined in the Government Decision on the Objectives of Security of Supply of 21 August 2008/539. In accordance with the Government Decision, the basic IT structures of the information society were placed in a central role, with the requirement that their continuous operational capability be ensured for various disruption and emergency situations. To achieve this objective, the National Emergency Supply Agency has built three highly secure data centers, operated by Huoltovarmuusdata. Huoltovarmuusdata’s task is to provide services that protect information systems classified as critical to security of digital supply and ensure their uninterrupted operation even in emergency conditions.
A NETWORKED INFORMATION SOCIETY
Organizations critical to security of supply
Technological and economic development has led to the networking of production, services and society as a whole, increasing interdependencies. An efficient and optimized network economy is based on rapidly developing information and communications technology, which is highly vulnerable to many new kinds of threats and risks.
Functions critical to security of supply include energy production, healthcare, national defence, public authorities, finance and information society services. These functions are essential for society, and their continuity must be ensured in all conditions. Organizations classified as critical to security of supply have infrastructure and services that are important and critical to society’s ability to function.
Services critical to security of supply are produced by both private- and public-sector organizations, such as agencies, ministries, banks, operators and logistics centers — in other words, organizations defined by the National Emergency Supply Agency as critical to security of supply. These organizations may also have legal obligations related to the continuity management of their information systems, or requirements arising from risk management, security policies and quality systems.
news about security of supply
Video about security of supply
How security of supply affects everyone’s everyday life
Watch the video on the National Emergency Supply Agency website
System resilience and threats
The resilience of information systems, telecommunications and communications is an essential prerequisite for the uninterrupted functioning of modern society, public safety and citizens’ livelihoods. Information systems form complex and interconnected service entities, where even a single outage in a critical system can cause the entire system to become paralyzed. For this reason, the need to protect information and communications systems against technical disruptions and intentional damage has increased.
Critical infrastructure consists of the facilities, equipment, services and information systems that are so vital to nations that their incapacity or destruction would have a weakening effect on national security, the national economy, public health and safety, and the effective functioning of government.
The most serious threats to security of supply are related to the availability of raw materials and goods, as well as natural disasters, environmental catastrophes and pandemics. Other key threats to society’s economic capacity include disruptions to electronic information and communications systems, interruptions in energy supply, and serious disturbances to the health and functional capacity of the population.
For example, cyberattacks, malware, denial-of-service attacks and other forms of cyberterrorism are constantly increasing, and they can also have serious impacts on security of supply.
Globally, efforts have been made to develop activities known as critical infrastructure protection (CIP) and, in particular, critical information infrastructure protection (CIIP).
For experts
What CIP and CIIP mean in practice
CIP (Critical Infrastructure Protection) is a broader term covering the protection of physical infrastructure and operational processes. CIIP (Critical Information Infrastructure Protection) is a subcategory that focuses specifically on information and communications technology systems.
What this means in practice
Why this concerns all of us
Even a one-hour disruption in banking, healthcare or the electricity grid is felt in everyone’s everyday life.
QUESTIONS ABOUT SECURITY OF SUPPLY
Are you concerned about security of digital supply?
- Does your organization need to place information systems in security-classified facilities, duplicate systems in different locations or build a separate DR system (Disaster Recovery)?
- Does your organization need data storage services, backup services, data media storage, system capacity from high-security facilities or possibly from a separate protected facility?
- Are there foreseeable needs that require changes to existing data center facilities or an increase in the security level?
