Cyber attacks may call for government-level decision-making: Finland steps up shared expertise through national cyber exercises

A national cyber exercise (“KYHA”) brought together more than 120 central government employees to improve their technical skills and mutual cooperation against cyber attacks. Held at the IT Institute of the JAMK University of Applied Sciences in Jyväskylä on 12–16 May 2025, this cyber exercise, the second one this year, turned out to be a great success.

Technical and functional cyber exercises provide a tool for training against serious and extensive cyber security incidents.

“Since 2011, JAMK has implemented development activities worth nearly EUR 25 million targeting the expertise and technical environment needed in cyber exercises. The outcome is drawn on nationally and internationally. The “KYHA” exercises are the prime example of this package,” says Tero Kokkonen, Director of the IT Institute of the JAMK University of Applied Sciences.

“The advantage with such technical and functional exercises is that they make visible the whole and interdependencies. During an exercise, a given situation can be directed towards the point where the required tasks no longer remain the responsibility of an individual public authority, and decision-making might then escalate up to government level. These are some of the processes that can be practised during a joint cyber exercise,” says National Cyber Security Director Rauli Paananen.

National cyber exercises are key in competence development

A national cyber exercise is organised for the central government annually. The Government ICT Centre Valtori also takes part in it every year in a cross-cutting role. The exercise is always attended by employees from Valtori in charge of communications, incident management and security, among others.

“The national cyber exercise has great importance for us. We play a central role in dealing with deviations because Valtori produces information technology services for most central government agencies. Incidents are discussed and managed within a cooperation network between different authorities, and during the exercise in question we also held regular meetings to share situational awareness and to consider the measures,” says CSO at Valtori Jani Mattila, who participated in the exercise.

“Different kinds of expertise and experience can be gained by involving new people and new roles in the exercise. Through experience, the situation can be taken forward in real life as planned,” he adds.

Valtori reports that participation in the exercise receives positive feedback from their personnel, and this is in line with the feedback collected from the participants. In the feedback gathered in 2021–2024, the total score for the overall success of the national cyber exercises was 3.7 on a scale of 1–4.

Crisis communications as part of technical and functional cyber exercises

National cyber exercises are upgraded annually to keep up with the competence necessitated by the threats and to comply with the relevant legislation and guidelines. In the field of communications processes, for example, the latest central-government cyber exercise drew on the recent guidelines for organisations on crisis communications, published by the National Cyber Security Centre of the Finnish Transport and Communications Agency Traficom in early 2025.

“When organisations prepare for different types of disruptions, communications must be one of the areas to be practised regularly. No organisation can refrain from communicating in the event of a cyber attack. Effective incident management and successful communications in all situations are based on clear instructions, roles and responsibilities. Without these exercises, we cannot ensure that the practices and operational plans are functional and up to date,” says Head of Communications at the National Cyber Security Centre Jussi Toivanen, who participated in the national exercise.

The national cyber exercises are organised by JYVSECTEC (Jyväskylä Security Technology), a research, development and training centre at the IT Institute of JAMK, in collaboration with the Ministry of Transport and Communications. The Government Security Committee contributes to the implementation of the exercises in a guiding role.

Inquiries: 

Rauli Paananen, National Cyber Security Director, [email protected], tel. +358 295 342 212 
Tero Kokkonen, Director, IT Institute, JAMK University of Applied Sciences, [email protected], tel. +358 50 4385 317