1. What is HAVARO?
HAVARO is a service produced by the Finnish Transport and Communications Agency (Traficom). HAVARO is used for detecting serious information security threats affecting Finnish companies and for issuing related alerts.
2. How does HAVARO detect information security threats?
At the core of the HAVARO service is a technical monitoring system that utilises sensors to observe a customer company’s telecommunications. The system detects serious information security threats, such as Advanced Persistent Threats (APT), and data-stealing malware. Data on the anomalies is analysed and, if an anomaly turns out to be an information security threat, the customer organisation is warned about the threat.
3. What will change in the HAVARO service?
HAVARO has been in use since 2011. In 2020–2021, the service model was changed from a government service to a service jointly provided by commercial operators and the NCSC-FI at Traficom.
4. How does the new service model work?
The HAVARO service is provided by the NCSC-FI at Traficom, which supports the operations of commercial security operations centres (SOCs). The SOCs in turn offer the service to their customers, i.e. companies operating in Finland. In addition, the NCSC-FI provides certain support services directly to the customer companies.
5. What else is new in the service?
Previously, the NCSC-FI provided the HAVARO service for the central government and organisations vital for the security of supply. In 2020–2021, the service was changed into a customer-funded service provided by commercial security operations centres (SOCs). The key features of the service remained the same even though the modernisation process did also require technical modifications. The new service model was taken into use in 2020, but the development of the service will continue. The information security experts at the NCSC-FI are developing the service in close cooperation with multiple commercial information security companies.
6. What are the benefits of the service at national level?
HAVARO generates data on the detection of common and serious information security threats in our country. With the information, the NCSC-FI builds nationwide situational awareness of cyber security, which is used to improve the reliability and security of communications networks and services and to increase understanding of information security for the benefit of all participating organisations.
7. How does the service benefit companies?
As the National Security Authority, the NCSC-FI has a unique view on information security in the Finnish society. It also receives information about global information security threats via international cooperation between authorities. Customers can use the data and services provided by the NCSC-FI and the HAVARO community.
8. How can I start using HAVARO?
To start using the service, contact a commercial security operations centre (SOC) involved in the HAVARO service production. Large companies can manage their own SOC operations.
The service is based on maintaining national situational awareness of cyber security and ensuring the security of supply. The service is primarily aimed at companies and organisations critical for the security of supply, but it can also be offered to other organisations. However, customers must meet certain conditions, including the requirement that the sensor has to be located in Finland.
9. Who produces the service?
The NCSC-FI coordinates the development and operation of the service and produces the service together with SOCs. The National Emergency Supply Agency has financed the development of the service.
10. Is using HAVARO mandatory?
Using HAVARO is voluntary.
11. Does HAVARO ensure information security in a company?
HAVARO is not intended as the only information security solution of an organisation. It complements other information security solutions in a security-aware organisation. HAVARO is a part of the overall information security solution in a company.
12. Who develops the HAVARO service?
The software development of the HAVARO service was purchased from . Traficom’s own information security specialists have also actively participated in the work.
13. The service involves storing and processing information that includes personal data. How is data protection ensured?
Agreements concluded between the NCSC-FI and the operators ensure that all parties fulfil the obligations of the GDPR and other data protection legislation.
14. Who are HAVARO customers?
All Finnish organisations that want to improve both the level of their own information security and our national cyber security can become HAVARO users. Organisations are free to decide whether they want to make it publicly known that they are using the service.