Nationwide vulnerability coordination
Mesiä, Matias (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024052917946
https://urn.fi/URN:NBN:fi:amk-2024052917946
Tiivistelmä
Critical vulnerabilities are among the biggest threats to any organization's digital environment. Attacks exploiting new vulnerabilities happen faster and faster every year. Attackers can potentially use a critical vulnerability to compromise a device or a system remotely from the Internet. The most critical assets to defend and monitor against critical vulnerabilities are those on the edge of the Internet. For example, VPN devices, mail servers, and network services must always have the newest security updates, patches, or the vendor's recommended mitigation techniques applied.
National Cyber Security Centre Finland (NCSC-FI) is a part of the Finnish Transport and Communications Agency, Traficom. One of the roles of NCSC-FI is to help customers with cybersecurity incidents and provide guidance and situational awareness. Helping organizations related to critical vulnerabilities in widely used products, services, or code libraries is part of the backbone of NCSC-FI's against against cybersecurity incidents in Finland. The task of this thesis was to gather information about four critical vulnerability coordination cases that had a broad impact or needed many resources from organizations in Finland. Based on lessons learned from these cases, the result aimed to provide a public description of what NCSC-FI actions are related to critical vulnerabilities and what needs improvement in Finland and from NCSC-FI.
The analysis of past incidents in Finland serves as a guide for organizations to learn from the incidents, even if they didn't encounter them. NCSC-FI publishes advisories about critical vulnerabilities that can be exploited remotely and usually have been exploited at the time or subsequently.
One of the most crucial aspects of developing NCSC-FI's future actions related to critical vulnerabilities is sharing information about the cases afterward. In the event of a widespread cyber incident affecting numerous organizations in Finland, advisories and other publications are promptly released to disseminate information that could aid in securing or investigating their environment. However, it was observed that only a small amount of information was shared about the cases in subsequently. While the information is already publicly available on NCSC-FI's websites, various media statements, or public presentations, the importance of centralized and timely information sharing cannot be overstated.
National Cyber Security Centre Finland (NCSC-FI) is a part of the Finnish Transport and Communications Agency, Traficom. One of the roles of NCSC-FI is to help customers with cybersecurity incidents and provide guidance and situational awareness. Helping organizations related to critical vulnerabilities in widely used products, services, or code libraries is part of the backbone of NCSC-FI's against against cybersecurity incidents in Finland. The task of this thesis was to gather information about four critical vulnerability coordination cases that had a broad impact or needed many resources from organizations in Finland. Based on lessons learned from these cases, the result aimed to provide a public description of what NCSC-FI actions are related to critical vulnerabilities and what needs improvement in Finland and from NCSC-FI.
The analysis of past incidents in Finland serves as a guide for organizations to learn from the incidents, even if they didn't encounter them. NCSC-FI publishes advisories about critical vulnerabilities that can be exploited remotely and usually have been exploited at the time or subsequently.
One of the most crucial aspects of developing NCSC-FI's future actions related to critical vulnerabilities is sharing information about the cases afterward. In the event of a widespread cyber incident affecting numerous organizations in Finland, advisories and other publications are promptly released to disseminate information that could aid in securing or investigating their environment. However, it was observed that only a small amount of information was shared about the cases in subsequently. While the information is already publicly available on NCSC-FI's websites, various media statements, or public presentations, the importance of centralized and timely information sharing cannot be overstated.