Cyberwatch S p e c i a l
m e d i a
CYBER ESPIONAGE A RISING THREAT?
o n
s t r a t e g i c
c y b e r
s e c u r i t y
M A G A Z I N E
2018/2 • 7,90€
A new era magazine on strategic cyber security
AUTONOMOUS FUTURE OF CARS
WHY IS STRATEGIC ANALYSIS OF THE CYBER WORLD IMPORTANT FOR BUSINESSES? Augmented reality is here! Try it with this magazine.
2018/2
5 Why is strategic analysis of cyber events important for businesses? 6 Cyber espionage – a rising threat? 10 The game is Changing 14 Autonomous future of cars 16 Energy Sector Findings 22 Finland becoming the pioneer of cyber safety
Cyberwatch M A G A Z I N E
Special media of strategic cyber security Cyberwatch-Magazine is special edition published by Cyberwatch Finland. Cyberwatch Finland Oy provides strategic situational reviews and consultation based on a holistic view of the cyber world and hybrid threats.
Publisher Cyberwatch Finland Oy Eteläranta 10 00130 Helsinki Finland www.cyberwatchfinland.fi Producer Pertti Jalasvirta pertti.jalasvirta@cyberwatch.fi Commercial cooperation Jukka Viitasaari jukka.viitasaari@cyberwatch.fi Editing Sari Sakala, Hippu Content sari@hippucontent.fi Layout Atte Kalke, Vitale Ay atte@vitale.fi Print house Printall, Tallin
What is Cyberwatch Finland?
IN YOUR HAND, YOU HAVE an analogical interface to the digital world. In this new journal, we have combined reliable printed word and the latest innovations in the digital world. Life is continuous learning with an aptitude to absorb something new. Education is the backbone of society and organizations. Increasing understanding of strategic levels of cyber threats and hybrid influencing models in organizations and learning about threats is the vision of Cyberwatch Finland. By investing in new learning, the payback period of an organization’s investment is short, and the benefits are multiple compared to many other investments in the organization. Human errors account for about 60 percent of the cyber challenges facing the organization. There are three solutions to this: education, education, and education. The management of the organization is responsible for staff training, in which cyber threats have brought the need for continuous improvement. In the ever-changing situation and frequent serious cyber-attacks, the need for education is increasingly important. Training is a cheap, fast and secure way to respond to cyber threats in organizations. Understanding the strategic situational image of a corporate management ensures that threats to the industry can be countered by agile personnel e-training. The Cyberwatch Security System, the CSS-based intelligence and training system, will bring important tools in the future. We develop the system based on Finnish top innovations and know-how. Have a good read with a new type of cyber media.
QR- and AR-operating is easy, try it!
Pertti Jalasvirta
QR
AR
= QR-code
= Augmented reality
Download any (free) QR application.
Download the Layarapplication (free).
Available from App Store, Google Play, or Microsoft Store.
Available from App Store, Google Play, or Microsoft Store.
Open the application, and scan the QR code.
Open the application, and scan -symbol-page.
The QR code contains information.
The Layar page contains something magical, try it!
The application uses your phone’s camera to scan.
For example weblink or contact information. Test the code on left.
The application uses your phone’s camera to scan.
Try scanning for example the back cover of this magazine through the Layar application.
Stock-images of cover and content: Shutterstock
Content
With an analog interface to the core of understanding strategic cyber threats
Editorial
Good leadership is the most important factor of success in the cyber world GOOD AND EFFICIENT MANAGEMENT requires intelligent and timely decisions based on a good state of
mind. Leadership is emphasized in the cyber world because changes are faster and cyber-attacks and their consequences are surprising. The interest of nations and political systems in possibilities of the cyber world is continuously growing. Cybercrime is a rapidly growing business. Cyber attacks can also be seen as new military performance. It will also be seen how terrorist organizations use and develop cyber attacks. Data can easily be stolen, manipulated and destroyed on a completely different scale than before. Cyber attacks target our entire society, especially those critical to societal functions. Political decision-makers, authorities and company management must therefore have the ability of lead. THE PRIORITY FOR CYBER SECURITY has to be prevention and protection from cyber-attacks without forgetting the restoration of functions. This requires a strategic picture of the situation and an understanding of the cyber world’s development costs and ever-changing phenomena. The statements made by the Government Office reveal a need for a comprehensive strategic picture of society as a whole. In a simpler way, one could say that it is an entity that needs to take people’s practices, the key processes in our society, digital technology and the management of this entity into account. The analysis must also always look at the cyber phenomena, their causes and consequences. The growing challenge is the difficulty of defining actors: whether it is the state, cyber criminals, terrorists or hackers. There may often be a combination of these actors. If Finland wants to be one of the forerunners of cybersecurity, this challenge must be met. No longer just the resources but competence is essential. Even a small actor may destabilize critical services of society and infrastructure. Statistically speaking, the corporate world is faced with more cyber attacks than governmental targets. Cybercrimes already cause more losses than drug crimes globally. The most desirable targets are those who are attacked to achieve social effectiveness and media perception. The central task of state management is to ensure the safety and well-being of our society. It cannot be achieved without high cyber safety. AS DIGITALISATION PROGRESSES and as the amount of IoT devices increases, potential attacks are targeting new areas such as smart homes and self-directed cars. In preparation for cyber-attacks, we must focus on people’s training, the development of our processes and practices, and technical security solutions. Cyber security should be seen as a business entity in companies. If a company wants to improve its competitiveness and reduce risks, it must invest in cyber security. People are the greatest risk, so it is the responsibility of the leaders to provide proper training for all their staff. People are motivated to learn when they understand the challenges of cyberspace for themselves and their own business. With sufficient understanding, protection and preparedness are not expensive. One has to focus on the right things and figure out cyber security as a whole. Aapo Cederberg Chief executive
Scan the page with Layar-application
Cyber security should be seen as one of the business expenses in companies.
officer, Cyberwatch
CYBERWATCH | 3
THE GENEVA CENTRE FOR SECURITY POLICY (GCSP) IS AN I N T E R N AT I O N A L FO U N DAT I O N FO CUS I N G O N E X ECU T I V E E D U C AT I O N T H AT FAC I L I TAT ES CO L L A B O R AT I O N I N S U P P O RT O F P E AC E, S ECU R I T Y A N D I N T E R N AT I O N A L CO O P E R AT I O N.
Älykäs digitaalinen oppimisympäristö Claned on digitaalinen oppimis-
ESTA B L I S H E D BY T H E SW I SS CO N F E D E R AT I O N I N 1995, T H E CENTRE EQUIPS A DIVERSE RANGE OF EXPERTS, LEADERS AND PRACTITIONERS WITH THE KNOWLEDGE, SKILLS AND COM M U N I T Y T H EY N E E D TO H E L P T H E I R O RG A N I SAT I O N S T H R I V E I N TO DAY ’ S E V E R- C H A N G I N G S ECU R I T Y L A N D S C A P E .
CYBER 9/12 STUDENT CHALLENGE
ympäristö, joka yhdistää koneoppimista, oppimisanalytiikkaa ja maailmankuulua suomalaista pedagogiikkaa. Claned personoi oppimisen jokaisen oppijan tarpeisiin.
www.claned.com
www.arcticsecurity.com
4 | CYBERWATCH
LIFE IS LEARNING AND COMPETENCE OF THINKING
Why is strategic analysis of cyber events important for businesses? THE NEED FOR A STRATEGIC VIEW OF CYBER SECURITY
has emerged in a number of recent surveys. Business leaders and other actors need a better strategic level of understanding of the cyber-world events, trends and their ramifications. The pace of change in the cyber environment can be daunting. Targets of cyber attacks are found throughout society, particularly in its vital functions and business community. Often, there are also third-party victims, companies, organisations and their clients who suffer from the attacks. Protection and safeguards are vital, but what is a sufficient level of protection, and what are the right investments for cyber security? These are difficult questions for any organisation. Strategic level analysis of the cyber world enables leaders to make better decisions for the future. Cyber events are often characterized by strong technical and cryptic terms, understanding of which requires at least a reasonable familiarity with the subject. Media has done a great job of trying to portray cryptic cyber world events in a comprehensible form for all people. Media plays an important role in boosting cyber awareness among citizens and businesses.
Cyber
security gets
Increasing cyber awareness as well as cyber education are fundamental but also cost-effective elements in ensuring business continuity in the digital era. The ability of companies to analyze and understand the impact of cyber events on their own organization can become a critical competitive factor on tightening markets. Therefore, strategic level analysis, state-of-the-art reviews, and discussion on how cyber events affect and how to respond to them are needed. Developing comprehensive security requires a shared overall understanding of the situation and the involvement of all stakeholders. This means a regular process of sharing knowledge, learning and development in a constantly changing situation - leadership. Strategic management of a company cannot be outsourced - leadership in cyber security is an increasingly important part of strategic management. Kim Waltzer Chief Analyst
its
own
Web
TV
channel
CYBERWATCH HAS LAUNCHED a cyber-
various interviews and panel
mainly in Finnish or English.
security-focused “television
discussions.
Cyberwatch cooperates closely
channel” on the web. The
The channel supports Cyber-
with the GCSP (Geneve Centre
CyberwatchTV.fi channel trans-
watch’s goal to convey the
for Security Policy),
mits live broadcasts of cyber
strategic overview of cyber
organizing training and
security events, such as
security and hybrid threats
streaming live the Geneva
Cyber Security Nordic, 10. – 11.
through society and, in
Cyber 9/12 Student Challenge.
October 2018 at the Exhibition
particular, policymakers.
Stay tuned to the
Centre in Helsinki, including
Programs and interviews are
channel!
CyberwatchTV.fi
CYBERWATCH | 5
Cyber espionage – a rising threat?
Cyber espionage is an increasing threat to our digitalized society. A society utilising digitalization enables efficient collection of data and its analysis. Companies are being monitored and people profiled for their shopping habits, consumption of services and media consumed. The spying on corporations is effective, and detection of it is harder due to all new possibilities in the cyber world.
6 | CYBERWATCH
The objects of corporation spying include still to this day corporate secrets, strategies, information of users and customers, and financial and marketing information. The spying can be camouflaged into occasional hacking or malware.
The borders in governmental spying, inquiring information and hacking have become more and more indeterminate.
The most important factors in protection towards cyber spying include recognizing the objects of protection and the threats targeted, as well as taking care of sufficient protection of them.
Tracking data integrity is even more important, and any changes in the web must leave a trace behind. (Sufficient data logging)
Tracking by websites, use of social media together with participating in social media events, as well as smartphones and mobile applications, provide unprecedented opportunities for spying, tracking and analyzing people.
The personnel is the biggest risk regarding cyber safety – new forms of action are needed. (Insider Threat)
All information is available in the digital society The information system of the City of Helsinki suffered from a major disruption: it resulted in the interruption of the health centers’ services, causing problems to metro and tram traffic, and the ticket sales got jammed. Yle,
16.5.2018
– A PIECE OF NEWS NOT EXTRAORDINARY TO US,
CYBER ESPIONAGE IS A SERIOUS THREAT TO
but a proper source for spying and information inquiring on parties. Cyber espionage is an increasing threat to the digitalized society. A huge amount of information is being collected from each of us, whether we want it or not. In practise, everything we do online will leave a trace behind. These digital footprints may serve as a channel for cyber espionage, targeted data network operators, or it can be used, for example, as a tool for influencing results in elections, as seen in the case of Facebook and Cambridge Analytica1.
FINNISH DATA CAPITALE
“If product development information is stolen from another country, the future of a company is in the balance”, says Antti Pelttari, the chief of Finnish Security Intelligence Service. The Security Intelligence Service of Finland also notes the increased importance of private ca ti companies from the viewpoint of society since ly na -a e g much of the critical isinfrastructures are id br am privately owned and operated. /c s w
1
ht
ww // s: tp
t w.
g he
rd ua
ia
co n.
-n uk m/
e
CYBERWATCH | 7
–
a
rising
threat?
5
el nt -i ns ai ch ypl aa up st -s ja us al r-p te aa af aj an / gma es t t in ta ml on ay go en ht ph -k eg. n- ee as ar in -o il nsck or ko to 07 ie ra do va 9 is 45 sp 5/ -t ck s- 97 m m 66 /0 on ba lu 70 he -6 18 ti s- el 66 va ys 20 ca ve ov a- mi at y/ lo a -s lt li id og d- -le tu aa us p ol oi us it -p -m ahn dr pl os is aa ka ec a n e su p o t uh /t 1/ on er i- ot aom /1 4/ up is ak mi 17 /1 /s tk -p to .c 20 11 t y na at ne m/ 17/ ise -k ii e m eo co 20 ut non /k el ns / fe 64 s. m/ _u in et tt de 82 e w co ki im is to w. 14 rn t. ik to ut nw w y/ ke ge Ka a- _u se 5 // sa ac ad i/ k ki k 47 s: s- eh ng .f ik ik llu 97 tp ie th .e vi va Ka ve 00 ht nc // w w ti n- i/ so -1 1 age tps: //w w w.innivi.f ilu et/3 : w ht ps // ja ti ko is 2 htt tps:n-si w w.a-va uut t a /w s i/ h rk :/ in .f 3 4 ta tpslimi yle ht he s:// p u tp ht
Cyber espionage
6
The are
costs of Cyber attacks multiplying
ACCORDING TO THE WHITE HOUSE, cyber attacks caused a 57–109 billion dollar notch in the national economy of the United States in 2016, which adds up to 46–88 billion euros.1 In comparison, the Finnish state budget for 2018 is approximately 55 billion euros. Finland together with Finnish corporations invests approximately 6 billion euros in product development, of which the share of corporations is approximately 4 billion euros.2 In contrast, the budgets for research, product development and innovation of large global corporations are grand. For instance, the Chinese online store Alibaba plans to invest more than 13 billion euros in research and development.3 Operating in areas of innovation, research and development make an important factor in companies aiming to renew. Without development or skilled personnel, there’s no prospects for growth in sight for a company. These factors are also to enable future success. How much of these investments are lost due to various forms of data leaks and spying targeted at corporations? According to the estimation of FISC (Finnish Information Security Cluster), the costs of global
cybercrime reaches already approximately a trillion4 dollars in the world market. By 2012, the costs of cybercrime were estimated to increase no less than by sixfold. The growing IoT (Internet of Things) technology increases cybercrime opportunities as well. Much of the growth will consist of the costs governmental cyber espionage and organized cyber criminals cause. In the course of the year 2017, the Finnish Security Intelligence Service dealt with multiple cases in which the operator behind corporationtargeted spying was actually a governmental actor. Targets of particular interest were secret information regarding foreign and security politics as well as Finnish technology and product development well-known for its good quality. According to the Finnish Security Intelligence Service, companytargeted cyber-attacks have become more difficult to respond to, since the companies outsource their information management as well as other key sectors. In the networked world, this kind of attack is easy to implement from anywhere outside of Finland. Data can easily be obtained in large quantities while the risk of getting caught is small.
RESEARCH AND DEVELOPMENT EXPENDITURE BY SECTOR (stat.fi) Billion € 7 6 Public
5
Higher
4 3 2 1 0
f-o ew l st t m -n Co .h -a ef i n to h _ S U 01 -i /T a 02 _0 5b ku 8/ ie -1 lu 01 _t st a /2 f sector 26 nve a s st ad pd 10 -i va lo y. 7- ll up o m 01 w i ka t/ n _2 pjo en -Eco2016 rou , t ) g n . education sector 12 co .S e_ ap- -U kk ab / (10 /w he /t ib a m a ov o-t 20160/al ogr oon g e. -t / 1 pr lj us ty ke 10/ t- bi ho vi /tk 7/ en n te ti il 01 m ne hi -Ac i/t m/2 elopkai w w. er .f co ev m u w w yb at h. d // -C st nc d- än s: us w. ru an lm tp cio /w w chc ch- ste t h li :/ te ar je 1 Ma tps :// ese jär 2) ht tps l-r SI- 101 2 ht oba EU a ( 3 gl ku oon Lu ilj 4 tr
Companies
2010
8 | CYBERWATCH
2011
2012
2013
2014
2015
2016
2017*
Any corporation can be target by cyber espionage EVERY EVENT IN CYBER WORLD has its value from perspective of spying, as they often produce new information about the target, its vulnerabilities and the level of cyber safety. It’s always concerning when data is being lost or the information systems of corporation show traces of outside activity. An individual case of data leakage or hacking can be disguised as an occasional act by cyber criminals. However, it can be part of a wider spying operation. If a corporation is a potential to corporate acquisition, has unique expertise, possesses critical information, its role is of significant importance or is a partner of such company, it is very likely that spyer is already in with a good collection of information regarding this company.
PROFESSIONAL SPYING
“NO ONE IS INTERESTED IN OUR
“I HAVE NOTHING TO HIDE.”
ALGORITHMS MAY KNOW YOU BETTER
Spying of corporations is well planned. It is targeted at the entire business of a corporation: from public information to technology, products, processes, channels of distribution as well as personnel.1 Cyber spying increases the means of spying corporations, and it even enables real-time spying of the target.
CORPORATE SECRETS.”
ALSO A DANGEROUS APPROACH
THAN YOUR LOVED ONES
Many corporations assume no one is interested in them. This is a dangerous illusion to have and leads to insufficient investments in cyber safety or poor surveillance on product development, for instance. All information is desired, especially the one with resale value for cyber criminals.
Hackers and especially government-level operators are more and more wily and capable of exploiting the disregard and vulnerabilities in the systems people use.
Tracking of web services, search engine history logs, shopping behaviour online, as well as profiling on social media complement in combination, a digital footprint which is then exploited based on algorithms6. This information is mostly used for targeted marketing purposes, but also acts as a channel for cyber spying. SOCIAL NETWORKS AND INTERACTION
SMARTPHONES AND APPS ARE
MARKETING 7P MODEL AS A BUSINESS ESPIONAGE TOOL
MARKETING
TECHNIQUE
COMPANYESPIONAGE 7 MODEL
PEOPLE
Social media services and communication between people play an important role in Smartphones are monitored by identifying a key person or information several different parties. Google through which people can best be has admitted to collecting influenced. Mobile applications for location information of all instant messaging services, in particular, Android phones even if this was have introduced an unprecedentedly easy and wide channel for finding and disabled in settings.2 Even factory-installed backdoors have following the right people. Even if the been uncovered.3 In addition, messages and messaging traffic were there is a myriad amount of encrypted in both ends (end-to-end applications that enable encryption), the metadata of the tracking4, listening in or messaging reveals important information watching the user. The applicafrom the spying perspective (who, with tions forward information of the who, when, where, how often, who else in phone use to software developers, the same location or conversation, etc.). commercial operators and even governmental actors.5 SPYING
PRICE
PROCESSES
AS AN INTEREST
VERY POPULAR TARGETS FOR
PRODUCTION
DISTRIBUTION
CYBERWATCH | 9
The
Game is
Changing
The events of the cyber world reflect the global political situation. Distrust of foreign service providers and their technologies reflects current phenomena in the midst of the digital revolution. Protectionism and national security concerns seem to be on the rise globally. Trade wars, hybrid influencing, election manipulation, state actors and cybercrime constantly change the security situation.1
Finland
responds to
Finland has a good record in building national security and security of supply that ensures a functioning society under all circumstances. Legislation and the ability to cooperate are the basis for national security in Finland. The Finnish Intelligence Law seems to be proceeding after the Constitutional Law Committee issued a favorable statement on the amendment and urgency 1 2 3 4
the
change
of Article 10 of the Finnish constitution. Also the proposal for the Finnish Information Management Act is proceeding.2 The Security Committee published Turvallinen Suomi 2018 -report3 that describes the comprehensive effects of the changed security situation on Finland. All this has an important role when increasing the security awareness in Finland.
The state of cyber security in Finland is not as strong as its reputation - it looks good mainly because there is no proper situational picture available.4 -
Brigadier
General
Mikko
Heiskanen
https://yle.fi/uutiset/3-10284052 https://www.lausuntopalvelu.fi/FI/Proposal/Participation?proposalId=3010f613-2ede-40c1-a59f-e75c23cddbb5 https://turvallisuuskomitea.fi/turvallinen-suomi-2018-tietoa-suomen-kokonaisturvallisuudesta/ https://www.tivi.fi/Kaikki_uutiset/suomessa-kyberturvallisuus-pahasti-hunningolla-kenraalin-mukaan-tilanne-nayttaa-paremmalta-kuin-on-6735390
Pressure to react to cyber-attacks on the rise also in Europe In Europe, the pressure to respond strongly to cyber-attacks at the political level is on the rise. Germany issued a new policy, in line with the recent resolution by NATO-countries, that they may respond to cyber attacks using cyber defense or even military actions. The policy follows the example of the super powers - responding to cyber-attacks with “all possible means”, if needed.
The European Commission recommends that the Member States boldly name the partners behind the cyber-attacks. That is not an easy statement. Not all EU countries are necessarily willing or even capable to address the attacker. On the basis of current developments, the risk is to develop even more challenging political conflicts.
http://europa.eu/rapid/press-release_MEMO-18-4486_en.htm https://www.infosecurity-magazine.com/news/trump-takes-offensive/
10 | CYBERWATCH
”While the primary responsibility for responding to hybrid threats rests with the targeted nation, NATO is ready, upon Council decision, to assist an Ally at any stage of a hybrid campaign. In cases of hybrid warfare, the Council could decide to invoke Article 5 of the Washington Treaty, as in the case of armed attack.” - Brussels Summit Declaration, 11.-12.8.2018
The United States reversed the PPD-20 directive restricting cyber-attacks Trump reversed the Presidential Policy Directive 20 (PPD-20) directive. The originally secret PPD-20 directive signed by president Barak Obama in 2012, came later into the public knowledge by Edvard Snowden, defined US requirements for co-operation between authorities to initiate cyber-attacks. The directive has been blamed for bureaucracy and slowing down US counter-measures. At the same time, the directive has forced the formation of a comprehensive situational overview before any possible cyber-attack. The revocation of the directive will enable US Cyber Command to act faster and more autonomously without extensive regulatory oversight and cooperation requirements. At the practical level, operations may be more straightforward, but there is a risk of getting into a perpetual cyberwar. The decision demonstrates the need and desire to develop a more effective military cyber performance of the major powers. The decision also has a guiding effect on international attitudes on how to respond to counterattacks. https://www.infosecurity-magazine.com/news/trump-takes-offensive/
Threats of AI-based cyber-attacks are increasing The artificial intelligence competition is fierce. The development of artificial intelligence creates new business opportunities, but it will also bring new opportunities to cybercriminals. For example, automated attacks can take advantage of multiple vulnerabilities in the device environment. It is quickly changing the anatomy of cyber-attacks. There is a clear need to invest more in artificial intelligence in the development of cyber security. Finland could be one of the pioneers here. https://www.dailydot.com/debug/ai-malware/
STRATEGIC SITUATIONAL AWARENESS OF THE CYBER WORLD TO KEY STAKEHOLDERS OF THE SOCIETY
Cyberwatch CEO appointed as a Chairman of World UAV Committee THE CEO OF CYBERWATCH FINLAND, Mr. Aapo Cederberg, has been appointed as a Chairman of Cyber Security Committee of World UAV Federation (WUAVF). The Federation was established in June 2017 as a global platform for collaboration and development for drone systems, industry members, governments and professionals. At the moment it has 13 member countries. At the same assembly held in September 2018 in Jakarta, the Capital of Indonesia, Mr. Pertti Jalasvirta, Partner of Cyberwatch Finland was appointed to establish the Finland Chapter of World UAV Federation. The Federation holds conferences and seminars, conducts training courses, publishes pamphlets and newsletters and promotes the prerequisites for the whole industry. The second Drone World Congress and UAV Expo was held in June 22-24 at Shenzhen, China, and the next World Congress and Expo will be held again in June next year in Shenzhen. WUAVF International Headquarter and Secretariat Office is based in Shenzhen, China, and the Secretary General is Mr. Norman Ng.
INTERESTED? ORDER NOW!
www.cyberwatchfinland.fi
CYBERWATCH | 11
CYBERWATCH FINLAND STRATEGIC ANALYSIS STRATEGIC SITUATIONAL AWARENESS Cyberwatch Finland provides strategic situational reviews and consultation based on a holistic view of the cyber world and hybrid threats. Our reviews are based on data from publicly available sources including news, industry reports, and vulnerability and incident disclosures. The data is processed using Artificial Intelligence (AI) and analyzed by cyber security experts to deliver the timely conclusions and insights needed by today’s leaders and executives.
VALUE FOR DECISION MAKERS Our goal is to bring real value to decision makers and enable them to apply these PEOPLE LEADERSHIP TECHNOLOGY PROCESSES
insights to an organization’s risk analyses, strategic decisions and tactical execution. Correct and reliable information form an understanding and strategic awareness that creates a robust foundation for cyber security. Improved situational awareness and education helps organizations to prepare and protect themselves from constantly changing cyber and hybrid threats.
12 | CYBERWATCH
MONTHLY REVIEW
QUARTERLY REVIEW
THEME REPORTS
The Cyberwatch Monthly Review
The Cyberwatch Quarterly Review
A Cyberwatch Theme Report
is a compact analysis of the most
is a broad perspective analysis of
provides deep analysis of
significant cyber incidents,
the most significant events in
a specific theme, business
security breaches, vulnerabilities
cyberspace, evaluating the
sector or topic of importance.
and cyber attacks, analyzed
backgrounds, trends and
Theme Reports can be
through the lens of their relative
forecasting emerging themes that
ordered on a case-by-case
impact and importance to today’s
deliver actionable insights.
basis and updated as
organizations.
required.
EDUCATION AND CONSULTATION
CYBERWATCH TV
CONTACT US
Cyberwatch Finland offers both
Cyberwatch Finland provides
Cyberwatch Oy, Eteläranta 10
live and e-learning training to
an Internet TV channel with
00130 Helsinki, Finland
facilitate learning and awareness
topical interviews, discussions
of cyber security and hybrid
on cyber security and hybrid
threats at all levels of your
threats and live TV broadcasts
organization. Focused briefings
of important cyber security
on topics specific to your
industry events.
organization are also available.
Aapo Cederberg, CEO +358 40 024 6746 aapo.cederberg@cyberwatch.fi Kim Waltzer, Chief Analyst +358 40 771 4737 kim.waltzer@cyberwatch.fi
www.cyberwatchfinland.fi
CYBERWATCH | 13
Autonomous Cyber security is a threat and an opportunity for hyper-linked cars.
future
of
report to their manufacturer that develops better software code and autonomous functions. The best example is the car manufacturer Tesla, who already work exactly like this. Cars are also linked to different traffic control systems, which are developed to operate more independently on the basis of the data they collect. The key question will be “who has access to all the accumulating data, and how will the data ultimately be used?”
IN THE FUTURE CARS WILL CONNECT to the internet like mobile phones and computers. Research suggests that the cars’ internet connection and the ease of use of digital services on the road may become even the most important car selection criteria in the coming years. Also learning, autonomous cars are becoming more ETHERNET COMES INTO CARS common, although currently there are only early pilots. And despite their safety systems, the first humanitarian car Shared cars typically use the internet connection to control and crashes caused by autonomous cars have already monitor their use in detail and the location of the been seen. GPS technology. Economy of sharing is a strong trend. Through the car´s connected automation Everyone does not necessarily get their system and its data bus, it can be taken into own car. Shared cars can have drivers control remotely, which in the wrong hands Retroactive with varying skills and backgrounds, all is more than dangerous. However, the patches do not of which do not treat a car like theirs traditional data bus is slow and cramped, solve structural the car may even be used for criminal which means that it needs weaknesses. a standardized replacement. activities. One possible solution is an Ethernet DATA-COLLECTING CARS network for cars in the near future. But, it also In the near future, cars can be remotely connected. comes with its vulnerabilities. For example, maintenance services can diagnose faults Ethernet delivers much faster connections to cars than the remotely, or cars themselves can proactively communicate current data bus, needed for camera and video usage, for with the service company about their future needs. example. It adheres to open standards, enables decentralized Cars already have millions of software code lines that can network architecture, and works well with the TCP/IP architecture be remotely upgraded, just like computers and mobile phones. on the Internet. At the same time, there is a growing number of Cars continuously collect data from driving situations and people with long-term expertise in Ethernet vulnerabilities.
14 | CYBERWATCH
New network connections of cars will expose them to be targeted by sabotage.
cars Bluetooth technologies with several very serious vulnerabilities are already being used in automobiles on many occasions, including the integration of mobile phone services into the cars’ systems. Also, many cars’ physical security features, such as adaptive cruise speeds, lane watcher, and pocket parking assistant, which typically take on the camera’s technology, shift the responsibility from the driver to other hands. WHAT SHOULD BE DONE
Human error will likely continue be an even greater risk than autonomous vehicles – at least when it comes to accidents. However, new network connections of cars will expose them to be targeted by sabotage in quite different ways than before. The comparison between the early stand-alone technology computers and today’s hyper-connected computers also applies to cars. It is, however, much more difficult to anticipate human driving errors than weaknesses in technical solutions. For example, Ethernet vulnerabilities are constantly searched and replaced by thousands of experts, but at least one of them looks for gaps for less acceptable purposes. CYBER-SAFE CAR AND DRIVER
In new situations, the automotive industry should, together with the users, start building a culture of action where everyone has their own responsible role. The automotive production network is often global and fragmented and
consists of at least one hundred small and large subcontractors and other partners. Nevertheless, car manufacturers should look for a holistic solution in which new digital solutions have been constructed from the beginning with cyber security. Products and services are only safe when this aspect comes from the beginning. Retrospective patches do not solve structural weaknesses, for example in the architecture of information systems. Cyber secure mode of operation also requires a change of attitude from car users so that access to information systems, services and accumulation of data is only allowed for trusted parties. At the system level, the vehicles can be fitted with features that, for example, remind about safety actions on the reflection screen, or require something from the user – like an alcohol lock. Drivers may also be required to have certain cyber security knowledge, for example, when getting a driver’s license. Hyper-connected cars and traffic are all new things to which adaptation takes time. However, car operators should urgently seek solutions together. In Finland, the Ministry of Transport and Communications could play an active role in this - they already have a progressive and enabling attitude and a role in both transport and cyber security matters. Text:
Jukka
Viitasaari
CYBERWATCH | 15
Harvey
Nash/KPMG
Energy
CIO
Survey 2017
Sector
Findings
The Harvey Nash/KPMG CIO Survey is the largest IT leadership study in the world, with almost 4,500 respondents across 86 countries, representing over US$300bn of IT budget spend. THIS ENERGY SECTOR SNAPSHOT provides survey responses from more than 100 energy companies on some of the key topics, and highlights several areas where this sector’s responses differed significantly from those from across all industries.
Key
topics
LOOKING FORWARD, OVER THE NEXT 12 MONTHS, DO YOU EXPECT YOUR IT BUDGET TO? Stay the Same
WHAT ARE THE KEY BUSINESS ISSUES THAT YOUR MANAGEMENT BOARD IS LOOKING FOR IT TO ADDRESS? (TOP 5)
Increase
29%
46%
38%
Saving costs
39%
Enabling business change
32%
Energy
Energy companies are much more pessimistic about their IT budgets for next year than those in other industries, with fewer expecting a budget increase (39% vs. 46% for all industries), and more expecting a decrease (32% vs. 18%).
63% 59% 61%
Finding a way to work with restricted budgets
49%
51% 49% 39% 41%
Creating a more nimble technology platform
Energy
53% 42% All industries
51% 45%
Working more with trusted suppliers and partners
63%
Energy company Boards place a much greater emphasis on increasing operational efficiencies (75% vs. 62% for all industries), saving costs (67% vs. 54%) and enabling business change (53% vs. 42%).
Investing more in cyber security
Reducing the amount of longer-term planning
16 | CYBERWATCH
67% 54%
Delivering consistent and stable IT performance
16%
HOW HAVE YOU ADAPTED YOUR TECHNOLOGY PLANS TO DEAL WITH UNCERTAINTY? (TOP 5)
62%
Improving business processes
All industries
Decrease
75%
Increasing operational efficiencies
52% 23% 26% All industries
To deal with uncertainty, energy companies are much more likely to work more with trusted suppliers and partners (49% vs. 39% for all industries), and much less likely to create a more nimble technology platform (41% vs. 52%).
Digital
Strategy
DOES YOUR ORGANIZATION HAVE A CLEAR DIGITAL BUSINESS VISION AND STRATEGY?
Yes, enterprisewide
HOW EFFECTIVE HAS YOUR ORGANIZATION BEEN IN USING DIGITAL TECHNOLOGIES TO ADVANCE ITS BUSINESS STRATEGY?
No
effective
19%
31%
28%
10% 41%
Very effective
Not
All 27% industries
22%
16% Yes, within business units
19%
18%
All industries
34%
63%
No, but we are currently working on one
59%
Energy companies are less likely to maintain a digital business strategy than those in other industries, either enterprisewide (31% vs. 41% for all industries), or within business units (16% vs. 22%).
53% 43% 48%
Being able to easily implement new technologies
39% 40%
Achieving adequate return on investment(ROI) Attracting the right talent Securing the required financial resources Energy
Moderately effective
Like their peers in other industries, energy companies report low overall effectiveness levels in their digital strategies, with just 13% describing their digital strategies as very effective.
Overcoming resistance to change
WHICH OF THE FOLLOWING REPRESENT THE GREATEST CHALLENGES TO YOUR ORGANIZATION’S SUCCESSFUL IMPLEMENTATION OF DIGITAL CAPABILITIES? (TOP 5)
13%
36% 26% 31% 21%
When implementing digital capabilities, energy companies face much greater challenges overcoming resistance to change (53% vs. 43% for all industries) and being able to easily implement new technologies (48% vs. 39%).
25% All industries
ORE LEARN M
Cybersecurity survey Operational technology Energy and Natural Resources
CYBERWATCH | 17
Energy Sector Findings
Technology & Innovation
SaaS
PaaS
IaaS
HOW WOULD YOU CHARACTERIZE YOUR CURRENT INVESTMENT IN THE FOLLOWING CLOUD SERVICES AND HOW DO YOU EXPECT THAT TO CHANGE OVER TIME? (SIGNIFICANT INVESTMENT)
20%
18%
All Industries
23%
16%
15%
All Industries
16%
20% 18%
All industries
26%
28%
27%
22%
77%
Next 1–3 Years
82%
Compared to other industries, energy companies are roughly equally likely to invest significantly in all types of cloud services, and expect to greatly increase investments in the next 1–3 years.
55% 52% 49%
Dedicating time for innovation opportunities
54% 33%
Separately funding innovation Creating an incubation lab Holding innovation contests Energy
None/ Low
Energy companies have invested less heavily in digital labor than those in other industries, with fewer making significant investments (5% vs. 9% for all industries) and roughly the same making moderate investments (13% vs. 14%).
Partnering with other organizations, e.g., academic institutions
31% 26% 27% 20% 24% All industries
ORE LEARN M
Cyber trends index KPMG experience in the Oil&Gas Sector
18 | CYBERWATCH
9%
14%
Energy
IN WHICH OF THE FOLLOWING WAYS IS YOUR ORGANIZATION FOSTERING INNOVATION?
5%
13%
All Industries Current Year
Significant Moderate
Energy
Energy
HOW WOULD YOU CHARACTERIZE YOUR CURRENT INVESTMENT IN DIGITAL LABOR?
To foster innovation, energy companies tend to rely upon the same methods as other industries, though they are somewhat less likely to dedicate time for innovation opportunities (49% vs. 54%).
Significant Differences WHICH OF THE FOLLOWING DO YOU THINK BEST DESCRIBES TH E ROLE YOUR ORGANIZATION’S CIO IS CURRENTLY PLAYING IN PROMOTING INNOVATION?
26% 52%
Leading innovation in technical/IT matters
Supporting innovation only when asked Energy
Integrating core business systems with newer digital solutions
19%
Leading innovation across the business
Not leading, but actively supporting
HOW EFFECTIVE IS YOUR IT ORGANIZATION IN EACH OF THE FOLLOWING CAPABILITIES? (VERY EFFECTIVE)
4% 16% 17% 13% 12% All industries
Compared to their peers, energy CIOs are less likely to lead innovation across the business (19% vs. 26%), more likely to lead innovation in technical/IT matters (52% vs. 44%), and equally likely to take secondary, supporting roles.
17% 19% 12%
Using partnerships Fostering innovation Facilitating the use of data and analytics Energy
25% 9% 16% 9% 16% All industries
Compared to their peers in other industries, energy companies lag in key capabilities, with far fewer very effective in using partnerships (12% vs. 25% for all industries), facilitating the use of data and analytics (9% vs. 16%), and fostering innovation (9% vs. 16%).
Conclusions SURVEY RESPONDENTS IN THE ENERGY SECTOR (the majority being Oil and Gas [O&G] companies) are much more pessimistic about their IT budgets for next year compared to those in other industries, and their boards are asking them to place a greater focus on increasing efficiencies and cost savings. This is not surprising given the uncertainty in the global economy and long-term hydrocarbon price, which is leading many to take a conservative approach to IT investment. The survey results also show a lagging industry when it comes to adopting digital technologies – energy companies are less likely to have a digital strategy in place. They also face much greater challenges when overcoming resistance to change. They are investing less heavily in digital labor when compared to their peers in other industries. Embracing new technologies can help to address many of the challenges the industry is currently facing – such as increased use of cognitive and machine learning solutions as a way of reducing reliance upon an experienced ageing workforce and cost reduction due to automation of business processes.
LEARN MORE
Cyber attacks: Ready to turn risk into advantage
CYBERWATCH | 19
dr
KPMG Clarity on Cyber Security in 100 seconds
Cyber security is crucial to achieving an adequate level of cyber resilience in our digital economy. Matthias Bossardt, Head of Cyber Security explains why cyber resilience is essential to build the trust you need to grow your business.
WATCH THE VIDEO
Emerging trends in infrastructure 2018 Trend 1: The clash of competing forces. Policy-makers and politicians focus on building bridges between opposing viewpoints and balance the needs of alla stakeholders. Trend 2: Infrastructure planners start to think about flexibility. As the pace of change quickens infrastructure planners and developers start to design projects that support a range of possible futures.
WATCH THE VIDEO
20 | CYBERWATCH
www.kpmg.com Cyber Resilience Protecting your business
Introduction ENSURING THAT YOU ARE as prepared as possible for a cyber event is no longer optional – it has become a strategic imperative for all business leaders. Over the past few decades technology, and particularly the internet, has provided a remarkable platform for business growth and innovation. It has disrupted long-standing industries, killed off established brands, allowed new players to emerge and it has transformed the way business is conducted. This has created huge opportunities for new ideas and fresh thinking – but it has brought with it many risks as well, particularly as companies become more interconnected and reliant on complex IT systems. Globally, cybercrime is now estimated to cost businesses €330 billion a year and cyber risks are among the top issues businesses have to consider when it comes to their resilience and continuity planning. In the past year both the Irish Government and the World Economic Forum have cited cybercrime among the highest of all global risks in terms of impact and likelihood of occurrence. New legislation such as the General Data Protection Regulation (GDPR) places an even greater responsibility on businesses to be cyber aware, with significant penalties for non-compliance. This report outlines some of the most common cyber risks encountered, frequently made mistakes in dealing with cyber events, insights on how your business can become more cyber resilient, and finally an overview of the legal landscape, in particular, recent legislative changes that all businesses need to act upon. I hope that you find this report to be a valuable guide in developing your businesses cyber security policies and we look forward to providing you with regular updates on the cyber issues you need to consider to protect your business.
Boardroom Questions Cyber security – what does it mean for the Board?
READ MORE
Is teaming the key to medical device cyber security? Manufacturers and providers must collaborate to contain cyber-risks as device functionality flourishes
READ MORE
Michael Daughton
INCLUDING ALSO:
READ MORE
TOP
10
Incident Response Mistakes
CYBERWATCH | 21
Finland pioneer
becoming the of cyber safety
Finland could become the northern center of cyber security if the industry’s operating condi t i o n s a r e i n v e s t e d i n .
operate in our country. The sector directly and indirectly employs 6,000 people, and is estimated to be able to employ 20,000 in 2022. Lack of experts is one of the most significant bottlenecks in the growth of the industry. In CYBER SECURITY INDUSTRY IS CONTROLLED BY Europe, in 2022, a shortage of experts is a few strong countries: United States, China, expected to rise to as many as 350,000 people. Russia and Israel. The global market share of In order to respond to this situation, training the European cyber store industry has fallen and advanced training in the field, the examination below 7%, while it was about double that five of the number of starting places for training and years ago. Innovative cyber companies often attracting international experts to Finland are end up in an early stage of needed. They need to be supported by a ownership outside of Europe. successful Finnish cyber security Finland has major industry and effective cooperation between the private and development opportuniA lack of experts ties and clear competitive public sectors. is one of the advantages in cyber Finland’s success in the most significant security. The industry’s international environment bottlenecks in success is based on requires strong investment in the growth of the effective cooperation the know-how, so that we can industry. between industry, academia generate globally competitive and the public sector, and innovations. For example, Finland is a pioneer in these. digitalisation of a traditional industry Finland can become the northern center requires cyber security to be built-in. In of cyber security when the operating condiproducing these solutions, Finns can be tions of the sector are further strengthened. pioneers. Finland’s cyber security sector has grown By developing cyber know-how, we create a rapidly. The most well-known companies are national resource that can be used throughout F-Secure, Nixu and SSH. In addition, almost society. A successful national cyber security 100 other companies in the field already industry is also a component of the security of
22 | CYBERWATCH
society. It is also important to create growth prospects for businesses in Europe and remove obstacles of growth, such as the lack of funding needed for growth and the lack of references to internationalization. The playing field in the industry can be developed through European influence. Trustee of Finnish companies, FISC, has been involved in setting up key European cooperative organizations in the industry. The most important of these, the European Cybersecurity Organization, coordinates the EU Cyber Security Development Program together with the European Commission. The Northern European Cybersecurity Cluster, for its part, supports growth and cooperation in the field. To achieve growth in the industry, a comprehensive and determined cooperation between the various actors is required. Now, we need to create more domestic success stories in the industry.
Text: Minister of Economic Affairs, Mika Lintilä and Juha Remes, Finnish Information Security Cluster - FISC ry. The writing was published in Helsingin Sanomat on 27.7.2018.
S P E C I A L Q U A L
Online edu
Remote edu
I F I C A T
Basic edu Leadership, Management, Communication, Sote
I O N S
Cy yber A Acade emy F Finlan nd, CA AF
Cyber Academy Finland, CAF
d o do y o u you p l a cplace e y o u r yourself? self? Where
Where
Collaborative
Face to Face
Collaborative face to face learning
Collaborative online activity
Traditional lecture course
Individual online learning
Online
Instructor-driven
CYBERWATCH | 23
Designing an engagin online course Cyber Academy Content C Learning Finland, CAF Assignments D esign Leaarning enviro onmen nt
Learning design
Learning situation
Learning situation
Learning situation
Learning Learning process process
Starting point
Learning situation
Supporting social interaction online
24 | CYBERWATCH
Instructions
Learning situation
L Learning i outcomes (goals)
Learning situation
Supporting social interaction onl
-
-
Workshop 1 - Learning design methods and design, activities
Workshop 2 - Planning your learning program
-
-
Workshop 3 - Get ready d for f deployment
Workshop W k h 4 - Post P t pilot check-up
Finland Education Export Center Get inspired by Education Experience Lab New Cyber Security Innovation Lab
An Artificial Intelligence in Education
PIONEERING GLOBAL ONLINE EDUCATION WITH AI LEARNING ENVIRONMENT Welcome to a journey of your lifetime!
CYBERWATCH | 25
Finland – World Famous in Education The Happiest Country
World Economic Forum 2018
The Most Stable Country Fund for Peace 2018
The Best Primary Education World Economic Forum 2018
The Cleanest Air
World Health Organization, 2018
The Best Human Capital Potential Human Capital Report 2016
The Best Quality of Life Social Progress Index 2016
Technology Superpower Based on Education and Skills
The 1st In Innovation, The 1st Educated Nation, The 1st Digital Country, The 1st Qualified Engineers, The 1st Information Technology Skills, The 1st Funding for Technology Development, the 1st Start-Up Ecosystem.
WELCOME TO MIF ACADEMY MIF ACADEMY is pioneering global online education with an AI learning environment. In collaboration with our highly qualified partners and universities we provide Diplomas and Certificates, Vocational Qualifications and University Degrees that are valid in all European Countries. All theoretical studies, projects, tests and contact with students can be done 100% online. We deliver Finnish world-class education globally onsite, remote or online. The choice is yours.
26 | CYBERWATCH
MIF ACADEMY has digitally designed course content, made by industry expert trainers, based on Finnish pedagogy and leading educational psychology in an AI online learning environment. We are able to deliver learning analytics by applying Artificial Intelligence that reveals what factors impact individual learning. Our combination of content and educational technology results in optimized study motivation, reduced drop-outs and improved learning results. MIF is part of Nasdaq listed Soprano Plc, the leading Nordic private training group.
VISIT THE FINLAND EDUCATION EXPORT CENTER The Finland Education Export Center lies in the heart of Helsinki City, in a park by the sea. Location between The National Opera and The Finlandia Hall and standing opposite two major five stars hotels is unique. It combines beautiful Finnish nature and Helsinki City historic architecture. Finland has become known as a home for worldclass education and Finnish education system has been in the focus of international interests for several years. Education Export Center offers brilliant facilities for exploring high-quality Finnish education and training. New center has a large selection of highly qualified Finnish education organizations under the same roof. The best parts of Finnish education are always present due to our university partners education export specialists having their own workspaces in the facilities. The center also includes the main office of an award-winning intelligent learning platform developer which allows for seamless collaboration.
THE EDUCATION EXPERIENCE LAB EdTech Innovations for International Delegations The Experience Lab combines the Finnish Education system, highly qualified Finnish education organizations and EdTech startups into a total experience. Education Export Center and Experience Lab together with a wide network of Finnish Education pioneers give visitors an opportunity to explore and experience the best innovations for lifelong learning on all levels of Finnish education. In addition, Education Export Center is also a home for the Finnish Cyber Security Innovation Lab. The visitors receive a memorable picture of what Finland has to offer and how Finnish education organizations can support the development of learning and education in other parts of the world. The visits of international delegations can be planned and adapted according to each visitor’s own field and level of expertise. The Education Experience Lab is created in cooperation with: • Finnish Education authorities, • Education Finland and • their member organizations.
LIFELONG LEARNING FOR WORKING PROFESSIONALS Our 1500 training programs are specialized in Management, Communication, International trade, ICT and Digital Transformation. In collaboration with highly qualified Universities, we offer Secondary, Vocational and Higher Education programs for Teachers, Training Programs for Entrepreneurs, Training Programs and Master’s Degrees in Healthcare and Engineering with specialization in Agriculture, Water, Energy and Cyber Security. Programs can be delivered onsite, remote or online with the help of an AI Learning Environment.
SHORT PROGRAMS, DIPLOMAS & CERTIFICATES Management & Leadership programs
Strategic Change Management. Human Resource & Diversity Development. Managerial Skills & Sales Development. To learn more about JTO watch the video bit.ly/2PRMcGq.
Communication & Marketing programs
Professional Diploma in Strategy and Planning. Professional Diploma in Digital Marketing. Professional Diploma in Social Media Marketing. To learn more about Infor watch the video bit.ly/2SdqAWP.
International Trade Programs
International B-to-B Marketing Program. Leading Multicultural Teams to Success. Tools for Solution Selling. To learn more about Fintra watch the video bit.ly/2z1Xi4r.
IT & Innovation Programs
Digital Innovation & Disruption. Agile & Lean Training Programs Software Development Learning Path
ICT & Project Management Programs
Project Champion 2.0 Program Java & Test Automation Academy IT Cloud Infrastructure Development Program To learn more about Tieturi watch the video bit.ly/2OLg0Z6.
28 | CYBERWATCH
LONG PROGRAMS, QUALIFICATIONS, DIPLOMAS AND MASTER’S DEGREES Vocational Teachers Training Program
The Finland Pedagogical Diploma to improve the quality of learning outcomes in vocational education. Develops institutions as well as builds individual capacity. Contains theoretical and practical parts.
Master’s Degree in Digital Health – Health Care
Developing the organization and digitalized operation environments. Integration of mobile and IoT applications. Managing digitalized health services. For persons who have bachelor’s degree or equivalent and 3 years of work experience.
Master’s Degree Cyber Security – Engineering
Security management in cyber domain. Auditing and testing technical Security. Cyber security implementation in practice. Cyber security exercise. For persons who have bachelor’s degree or equivalent and 3 years of work experience.
Master’s Degrees in Engineering
Engineering degrees with specializations in Agriculture, Water and Energy industries. For persons who have bachelor’s degree or equivalent and 3 years of work experience.
Further Qualification for Entrepreneurs
How to perform the tasks associated with the establishment of a company. How to recognize the risks and identify business opportunities. How to sell and market products and services. To learn more about MIF Qualification watch the videos bit.ly/2q7CYL3 and bit.ly/2RaqjT7.
MIF ACADEMY – FINLAND CURRICULUM To learn more about MIF Academy watch the video bit.ly/2R92uey. CYBERWATCH | 29
AN AI ONLINE LEARNING ENVIRONMENT LEARNING POWERED BY ARTIFICIAL INTELLIGENCE
MIF Academy has digitally designed course content, made by industry expert trainers, based on Finnish pedagogy and leading educational psychology in an AI learning environment. The AI monitors each student as they study in the learning environment and returns the data to the user as content recommendations, learning paths and strategies to improve their motivation and learning results.
A clear overview of all the courses accessible to a student. The landing page of each course gives general information and allows for communication between the teachers and the students.
The learning environment supports many types of training content which allows highly customizable learning experience.
Each course consists of different modules of content, which can then be optimized based on personal study motivation and skill-level.
With learning paths, users are provided with personalized learning experiences. These are based on their knowledge level, interests and ambition.
30 | CYBERWATCH
MIF ACADEMY LEARNING ANALYTICS MEASURING LEARNING WITH AI
By recommending students alternative study paths based on users individual data, we can optimize their time management and skill-level to help improve and maintain their study motivation. The analytics can also provide real-time insight to teachers about their students and gives them the necessary tools to intervene before a student is about to drop-out or fail the course.
Learning analytics provide real-time insight to how each student is achieving their learning results.
Accumulated study time shows how much time is actually spent on viewing the content.
Student study frequency helps teachers intervene before any drop-outs or course failures happen by monitoring students time distribution.
By rating the content from multiple different perspectives users are recommended for alternative content as well as study friends.
Topic interest maps tracks which areas are highly interesting to the students and which areas are maybe lacking or have a different difficulty scaling.
Teachers are able to monitor their students’ interactions and commenting frequency within the course.
CYBERWATCH | 31
50 +
GLOBAL QUALITY STANDARD IN ALL OUR UNITS
ISO 9 001
ALL COUNTRIES
19000
2000
STUDENTS
ORGANIZATIONS
1500
MANAGEMENT, COMMUNICATION, INTERNATIONAL TRADE, ICT AND
TRAINING PROGRAMS
DIGITAL TRANSFORMATION
TEACHER TRAINING PROGRAMS FOR SECONDARY, VOCATIONAL AND HIGHER EDUCATION
MASTER’S DEGREES IN HEALTH CARE, ENGINEERING AND CYBER SECURITY
FINNISH UNIVERSITIES
6
BUSINESS SCHOOLS
HIGH MOTIVATION, LESS DROP-OUTS, BETTER LEARNING RESULTS Artificial intelligence and advanced analytics enable us to increase student motivation, reduce interruptions and improve learning outcomes. Keywords are intuitive usability, social collaboration, personalized learning paths and collaborative knowledge creation and discussion. Course organizer is able to coach learners, plan better courses and improve existing ones.
MIF Academy supports all the major web browsers, Android and iOS. In collaboration with selected partners and universities, we are developing more and more attractive online-training programs and content that can be distributed to international markets.
DO YOU WANT TO COLLABORATE WITH US?
Now, we are looking for highly qualified partners, universities and training companies to collaborate with us as content providers and distributors locally. Please contact us info@mifacademy.com.
MIF ACADEMY and the Soprano Group’s 6 Business Schools have over 70 years of pedagogical experience, 19.000 students annually from 2.000 organizations in more than 50 countries. We have validated ISO 9001 quality standard in all our units. mifacademy.com | info@mifacademy.com
32 | CYBERWATCH
CYBER 9/12 STUDENT CHALLENGE 2019 25-26.04.2019 Join the Geneva Center for Security Policy and Atlantic Council’s Cyber Statecraft Initiative in Geneva, Switzerland on April 25 and 26, 2019 for the annual Cyber 9/12 Student Challenge! Now entering its fifth year in Europe, the Cyber 9/12 Student Challengeis a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.
AAPO CEDERBERG MEETS THE CYBERSECURITY CHALLENGE
CONTACT COMPETITION DIRECTOR GCSP Aapo Cederberg a.cederberg@gcsp.ch TO BECOME A SPONSOR FOR 2019 Pertti Jalasvirta jalasvirta@gmail.com
Students have a unique opportunity to interact with expert mentors and high-level cyber professionals while developing valuable skills in policy analysis and presentation. The competition has already engaged over one thousand students from universities in the United States, United Kingdom, France, United Arab Emirates, Poland, Switzerland, Austria, Hungary, Sweden, Finland, Estonia, Australia, New Zealand, and China. What is the Cyber 9/12 Student Challenge? We frequently hear the terms “Cyber 9/11” and “Digital Pearl Harbor,” but what might policymakers do the day after a crisis? In the Cyber 9/12 Student Challenge, students work in teams of four to tackle a major cyberattack, respond to evolving situations, and develop policy recommendations. Hosted by the Geneva Centre for Security Policy (GCSP) and the Atlantic Council, the 9/12 Cyber Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict.
CYBER 9/12 STUDENT CHALLENGE
SOPRANO GROUP
SOPRANO GROUP
Skannaa sivu Layarapplikaatiolla.
PIONEERING GLOBAL ONLINE EDUCATION WITH AI LEARNING ENVIRONMENT Welcome to a journey of your lifetime!
PIONEERING GLOBAL ONLINE EDUCATION