Haminan Energia needed external help with information security – Kybermittari proved to be the right tool
The new world situation made Haminan Energia give a special focus to information security. The Kybermittari assessment carried out by Netum provided clear guidelines for the future.
The COVID-19 pandemic made Finns at once aware of what security of supply means. Since the war in Ukraine began, if not before, it has been clear which functions of society are critical in terms of security of supply. Energy production is one of the most important. For this reason, Haminan Energia decided in spring 2022 to put information security even more under the microscope.
- “Critical infrastructure companies are, of course, tempting targets for anyone wanting to cause damage to Finland,” says Jari Leskinen, ICT Manager at Haminan Energia.
Leskinen thought that it was high time to examine the level of the company’s information security from the perspective of an outside expert.
- “We’ve always been aware of our role in society and the importance of information security in our sector, but last spring brought these issues to the agenda with a whole new force,” Leskinen says.
Haminan Energia's ICT Manager Jari Leskinen
Insight and experience from a partner
The aim was to partner up with an information security expert who could critically assess the maturity level of Haminan Energia’s information security and propose measures to improve it.
- “I had discussions with several suppliers but, in the end, Netum’s way of operating distinguished it from the others. Even in sales situations, they had experienced experts there to provide strong insight. It inspired confidence and brought credibility to the process,” Leskinen says.
According to Marita Hämeenoja, Netum’s Account Director for municipal and social and healthcare sector customers, it quickly became clear to Netum that a Kybermittari assessment would be well suited for charting Haminan Energia’s starting level of information security. Developed by the National Cyber Security Centre, Kybermittari is a tool for assessing the information security maturity of various organisations that are important to society.
- “It’s an excellent tool for analysing a company’s own situational picture, but also for improving the information security level of society as a whole,” Hämeenoja says.
Kybermittari is available for anyone to use, but Hämeenoja emphasises the importance of experience and expertise in carrying out the assessment.
- “We always combine the Kybermittari assessment with workshop activities and consulting. The customer will not have to deal with the results alone, but we offer our expertise and views on future measures. In this way, we can get the most out of the tool,” Hämeenoja says.
Added value from facilitation
The Kybermittari assessment was carried out in May 2022 under the leadership of Senior Cyber Security Consultant Petri Saarenmaa. Netum facilitated the workshops, gave tasks to Haminan Energia and prepared the final report for the management team. In Saarenmaa’s view, working with information security issues essentially comes down to striking a balance.
- “Cyber security consulting is a game of trust. Excessive pessimism and painting threat scenarios are discouraging, but being overly optimistic prevents you from seeing the truth of the situation. Mutual trust helps assess the company’s pain points and areas for development transparently and honestly,” Saarenmaa says.
Saarenmaa thanks the customer for its open-minded attitude and honesty throughout the process.
- “Our confidential and open dialogue allowed us to offer the customer meaningful added value in utilising Kybermittari. We were able to put the Kybermittari results in a context and challenge the customer in looking for new operating models,” Saarenmaa says.
Haminan Energia is a small company that does not have its own project management organisation or information security team. Instead, information security issues are handled as part of other IT activities. That is why finding a suitable partner was crucial for Haminan Energia.
- “Thanks to Netum’s skilled facilitation and project management, it was easy for us to get involved in this alongside our own duties,” Leskinen says.
Petri Saarenmaa, Jari Leskinen and Marita Hämeenoja
The journey continues
With the Kybermittari assessment, Haminan Energia was able to sharpen its information security guidelines and received concrete suggestions for prioritisation and next steps. The results also revealed many positive aspects about the current situation.
- “I was delighted to learn that we didn’t fall very far short of the ideal maturity level. We’ve been on the right track when it comes to improving information security, which, of course, was good to hear from an external expert,” Leskinen says.
The assessment started from the IT network and, in the future, the plan is to extend the assessment to the OT network, i.e. the operational and automation network, which is more demanding in terms of information security.
- “Information security will never be ready, and new threats and technologies will always emerge. The first step has now been taken, and the work will continue,” Leskinen says.