Insights | March 11, 2019

Seminar on Cyber Security in Gas Infrastructure at Roschier

Finland, Latvia and Estonia signed an Inter-TSO Compensation Agreement (ITC Agreement) on Valentine's Day. The ITC Agreement represents the first step in the opening of the Finnish-Baltic gas market, for which Finnish Gas Transmission Services will be responsible in Finland.

As of 1 January 2020, Finland’s transmission network will be connected to Baltic networks, and potentially also to other European networks from 2022. The new developments may be accompanied by new risks related to gas infrastructure. Continuity of gas transmission is crucial to the functioning of society, whether the exposure relates to a snow storm, political instability or a cyberattack. The question then arises: how can we prepare for these risks in advance?

Suomen Kaasunsiirtopalvelut Oy held a Cyber Security in Gas Infrastructure seminar at Roschier on 7 March 2019.

The participants at the seminar consisted of selected individuals from the energy sector. The seminar was held in cooperation with Roschier, Norton Rose Fulbright, F-Secure and NDC Networks.

The topics at the seminar comprised various aspects of cyber security in energy space. Anni Sarvaranta, the operative director of Finnish Gas Transmission Services, opened the seminar. Sarvaranta’s welcoming words were followed by Tomas Gardfors‘ (a partner and head of Nordic at Norton Rose Fulbright)  introduction to cyber risks in the context of energy space.  Gardfors’ colleagues at Norton Rose Fulbright, Jane E. Caskey (partner and Global Head of Risk Advisory) and Ffion Flockhart (partner), gave a presentation on specific cyber threats to the natural gas infrastructure from the perspectives of business continuity and data security.

Panel discussion on cyber threats

Finally, a panel consisting of Ville Niilekselä (a security management consultant at F-Secure), Markus Ahonen (CEO of NDC Networks) and Anna Haapanen (senior associate at Roschier) discussed different cyber threat scenarios, the sources of these threats, and how to effectively manage cyber risks. The panel concluded that some of the key factors that should be taken into consideration are (i) to acknowledge and raise awareness of different types of cyber threats, (ii) to adopt sufficient internal policies and practices in accordance with best industry practice for the management of cyber threats and, finally, (iii) to implement the policies and practices across the organization, and to the extent possible, with external stakeholders such as suppliers, contractors and other partners as well.

Laura Huomo, Energy and Capital Markets Counsel at Roschier, noted at the end of the panel discussion that this is a great opportunity for the Finnish gas industry to focus on cyber issues from the very beginning of the opening of the market and the launch of the new gas transmission operator. This is also a platform for the Finnish and Baltic gas operators to work together and to establish common cyber culture and governance.