Legislation forms a solid foundation for communication network cybersecurity
Finland has the world’s cleanest communication networks, and cybersecurity has always been a central aspect of their maintenance. Finland has had legislation related to network security since the 1990s, when the construction of mobile communication networks properly began.
For geopolitical reasons, Finland has considered security aspects more thoroughly than many other EU Member States. Networks are always built according to the laws and official regulations of the time. Even before the current reforms, our legislation had a clause on the basis of which devices that cause disturbances can be slated for removal from a data communication network. This practice still does not exist in many other EU countries.
In Finland, the sector collaborates closely with the authorities that govern cybersecurity; one might speak of a strong society of trust. This is not common in many other countries – not even in the neighbouring country of Sweden.
For companies, risk management of cyber threats is a part of everyday network maintenance. A good overview of the situation is provided by the Finnish Transport and Communications Agency Traficom’s Cyber Security Centre in its monthly Cyber Weather report.
The most crucial law governing the cyber-secure construction and maintenance of communication networks in Finland is the Information Society Code, which was updated last year. It sets the requirements for communication networks and communication services concerning 1) quality, 2) methods of data protection and disturbance management, 3) communication confidentiality and privacy, and 4) preparedness. Based on the code, Traficom has issued several cybersecurity-related regulations, including Regulation 67 on Information Security of Telecommunications Services.
Finland, Greece and Hungary were the first countries fully to implement the EU’s massive telecoms package, including cyber clauses, into their legislation. Finland’s pragmatic approach to cyber issues has been noted by the rest of the EU. Germany has created a very similar definition of the critical elements of communication networks to Finland’s one, and Sweden’s legislative changes also resemble our reforms. Finland’s comprehensive cyber legislation is a good point of comparison and example for many other EU member states.