There is a great potential in Finland to be the leading country in cyber security. Finland has the cleanest computers in the world. Finland has also decent legislation that obligates critical partners to implement security, but at the same time, the legislation mostly allows cyber security research. Finland enjoys a good position and strong expertise in a number of relevant areas, such as boundary defense, anti-malware, filtering of unwanted content, intrusion detection, and security testing. There are also many consulting and service companies providing security assessment, penetration testing, auditing, and training. This is a solid foundation for moving forward to international growth of business for Finnish industry and recognition for Finnish Universities, in particular, through collaboration in the Cyber Trust program.
We all need to be aware, and have a correct understanding of security incidents, network traffic and other important aspect that affect security. Therefore, we need situation awareness. For protection, we need security technologies, but we must not forget human aspects and managing security correctly, either. For that, we need security management. As a result, we will have resilient systems, services and infrastructures that are able to resist and recover from disturbances caused by the surrounding hostile environment. In the Cyber Trust program the new design for security with novel and effective tools were created. The result is a sopchisticated security policy for stakeholders.
Proactive – design for security. The program created a new proactive model of information security that is driven by knowledge of vulnerabilities, threats, assets, potential attack impacts, the motives and targets of potential adversaries.
Self-healing – utilizing the toolbox. The program developed novel and effective tools and methods to cope with challenges of dynamic risk landscape with self-healing.
Changing the mindset. The program enabled seamless cyber security integration into every-day life. By efficiently utilizing tools and methods provided through this program, stakeholders can co-operate while protecting their privacy, they can create more sophisticated security policies, media publicity can move from threats to opportunities and public awareness and understanding will move towards accepting cyber security as a natural element of a connected world.
Finland has an excellent research infrastructure supporting cyber security research and collaboration, including an extensive number of cyber security laboratories. These laboratories allow researching and experimenting cyber security threats and infrastructures without restrictions of the public Internet. Finland enhances automated and other more efficient forms of cooperation towards cyber security in the operational practice of Internet Service Provider (ISP), corporate and other networks. The research by the Cyber Trust program created methods and tools for fast, accurate, robust and privacy preserving forms of cooperation among the networked entities towards the goals for better cyber security and the capability of effectively responding to threats even on the level of national security. Proof of concepts and demonstrations offered global visibility and helped to improve partners’ businesses. Ground-breaking research together with industrial partners lead to breakthroughs and over 120 high quality publications.
Finland created Cyber Security Strategy that is seen as an example at the European Union level . Based on the strategy, The National Cyber Security Centre Finland (NCSC-FI), was established together with National Science Foundation (NSF).
Security and Software Engineering Research Site
Establishment of the Security and Software Engineering Research Site of Oulu was one aim of the Cyber Trust. The site is planned to be a part of Software Engineering Research Centre (S2ERC, https://www.serc.net) that is one of the National Science Foundation Industry/University Cooperative Research Centers (I/UCRC) operating since 2010 in US. The mission of S2ERC is to conduct a program of applied and basic research on software security, system security and software technology problems of interest to its members. The goal of this research is to enable security and software technology gains within member organizations. S2ERC consists of 13 participating universities and over twenty industrial and government affiliates in US. Security and Software Engineering Research Site of Oulu consists of three Finnish universities (University of Oulu, Tampere University of Technology, and University of Turku) and 5 industrial affiliates.
Security and Software Engineering Research Site of Oulu (later on Oulu site) is for all Finnish universities and research institutes. It will physically be based on the University of Oulu. It’s funding is based on the investment and project funding. Industrial partner that is interested in to join to the S2ERC activities sings a commitment letter for the project fee. Industrial partner also signs an Industrial Membership Agreement with the S2ERC. Oulu site sings an Academic Agreement with the academic partners of S2ERC. Finnish Universities sign an agreement with the Oulu site.
New project proposal snapshots are submitted to the Industrial Advisory Board (IAB) that consist of industrial and government affiliates. IAB approves/disapproves projects in the closed IAB meetings twice a’ year and endorses approved projects to the NSF and TEKES. Approved proposals are enlarged to new project proposals and submitted to TEKES or/and NSF by a Principal Investigator (PI) of the research site and project manager. Typical project consists of a research party and an industrial party. Parties can be either Finnish or an US party. Multiple parties are possible.
The operation of the Oulu Site will consist mainly of cooperative projects funded by participating companies, Tekes, and University of Oulu, Tampere University of Technology, and University of Turku. The approval of the IAB will be a precondition of Tekes’ financial decision. The aim of public research networked with companies is to achieve competence and results that can be used as a springboard for the companies’ own research and development projects. Additionally, the international site at Oulu will be working in close coordination with DIMECC Ltd.
Principal Investigator’s (PI’s) and Researchers at the Ball State University (BSU), Virginia Tech, and Georgetown sites will jointly work on projects, conduct exchange visits, communicate via web-conferencing, and will begin planning future funding collaborations. The new international site will allow for training opportunities for U.S.-based S2ERC Graduate Students to get international research experience. With the addition of Oulu site, students as well as faculty at the BSU, Virginia Tech, and Georgetown sites will have the opportunity to incorporate an international focus to their professional experience. This new partnership will also allow for the Industry Advisory Board members to build personal ties with the new companies that are joining the S2ERC as industry members. The Oulu site and affiliates of the Oulu site will all abide by I/UCRC principles.
Cyber Security ecosystem
Stakeholders in Finland can become prime drivers of a global Cyber Security ecosystem. To strengthen the operation of an international research site of the S2ERC in Finland, DIMECC will provide tactical support to the Oulu site. DIMECC is devoted to increasing, e.g., the pace of development of Finnish Internet Economy Competencies to enable global business opportunities. To accomplish this, DIMECC has brought together projects and organizations (academic and commercial) to foster productive collaboration and supports innovation with common frameworks and resources.
S2ERC’s IAB members will obtain access to a wider and deeper array of research projects, gain a greater ability to tap into technical expertise of new faculty, access potentially new funding sources through direct interactions with DIMECC, and have an opportunity to collaborate with international industry members and students. The addition of an international Oulu site within Finland will allow researchers, faculty, and students within BSU, Georgetown, and Virginia Tech access to a broader base of knowledge and will enhance the intellectual property that results through S2ERC research.
How to join
All the Finnish universities can join with their industrial partner(s). Funding applications for the period 2018-2019 will be submitted in the spring 2018. Commitment of industrial partners are required to the funding applications. Project proposals are presented in S2ERC showcase’ (twice a year, November 8-9, 2017, Virginia Tech Research Center, Spring 2018 (date and place are not decided at August 23rd 2017). The IAB votes for projects and the approval of the IAB will be a precondition of Tekes’ financial decision.
Presentations on Cyber Trust program
Markku Korkiakoski (Bittium): DIMECC Cyber Trust – Program Overview
Tapio Frantti (University of Oulu): Security and Software Engineering Research Site of Oulu
Clare Sullivan (Georgetown University): What is the S2ERC?