HAVARO service

HAVARO is a national monitoring and early warning system provided by the NCSC-FI especially for critical infrastructure providers and central government. HAVARO detects malicious or abnormal traffic on an organisation’s network traffic using identifiers for information security threats from different sources.

The NCSC-FI receives data on the anomalies and analyses them. If an anomaly turns out to be an information security threat, the NCSC-FI warns the organisation. Based on the data provided by HAVARO, other parties may also be warned about a detected threat. This means that, besides helping individual organisations, the system maintains an overview of the information security threats targeted at Finnish networks.

Instead of being a government service, HAVARO will be jointly provided by commercial operators and the NCSC-FI. Some of the events will be processed and reported by information security operations centers (SOC). In the future, the service will be financed at market-based terms.

The new concept of the service is internationally unique: public authorities and commercial information security companies with their clients will form a service ecosystem, or a network, to enhance the detection capability and overall situation in national information security.

The production model will be modernised so that the service portfolio consists of services provided by the NCSC-FI and information security companies subject to a charge. The key features of the service will remain the same even though the modernisation process requires technical modifications, too. The information security experts at the NCSC-FI are developing the service in close cooperation with multiple commercial information security companies.

The development, commercialisation and implementation phases of the project will take years.

As the National Security Authority, the NCSC-FI has a unique view on information security in the Finnish society. In addition, the NCSC-FI receives information about global information security threats via international administrative cooperation. Finnish customers will receive specific information security knowledge and they can use the data and services provided by the HAVARO network.

To start using the service, contact a commercial security operations center (SOC) involved in the HAVARO service production. Large companies can handle their SOC operations themselves.

The service production principles are maintaining national situation awareness of cyber security and ensuring the security of supply. The service is primarily provided for critical infrastructure providers. However, the service may also be provided for other organisations that meet certain requirements.

The NCSC-FI coordinates the development and operation of the service and produces the service together with SOCs. The National Emergency Supply Agency has financed the service development.

Using HAVARO is voluntary.

HAVARO is not designed as the only information security solution for an organisation. It complements other information security solutions in a security-aware organisation. HAVARO is a part of the overall information security solution in a company.

A Reaktor team of around 10 people is involved in the software development. The project is estimated to go on for about 18 months.

The software development is divided into the following categories:

i) development of a sensor monitoring traffic;

ii) portal creating an interface for SOCs and users;

iii) interface serving as a service channel between sensors, central system and external systems;

iv) data warehouse for storage of service data.

The data warehouse will contain, for example, identifiers used by the system and monitored traffic that client companies have identified as malicious. In addition, the data warehouse will contain client-specific data on the clients’ situation and general reporting data on the overall situation of information security.

The NCSC-FI complies with the data protection legislation in force. Agreements concluded between the NCSC-FI and the operators ensure that all parties fulfil the obligations of the GDPR and other data protection provisions. The results of a data protection study commissioned to support the project will be taken into account in the service.

The number and names of HAVARO clients is not public information. Providing the information of being a HAVARO client is at the discretion of each company or organisation.

The original article was published on 06.05.2019 in Finnish.