Generic threat landscape report

The generic threat landscape report contains an up-to-date analysis of those cyber security threats that are targeting critical financial infrastructure functions in Finland. From a societal security point of view the critical financial sector functions are (Government's Decision on the Objectives of Security of Supply 1048/2018):

  • the provision of financial and insurance services
  • payment transactions
  • settlement, delivery and safekeeping of securities
  • the cash supply system
  • the card payment infrastructure and card verifications
  • financial operations of the daily consumer goods retail trade.

Nordic Financial CERT is commissioned by the Bank of Finland to prepare the report once per TIBER-FI season. In preparing the report, NFCERT utilizes the knowledge it processes in its activities. In addition to that, an advisory group of financial entities and authorities is called to provide input and insight for the report to make it as relevant and topical as possible for application in TIBER-FI.

The report consists of known tactics, techniques and procedures witnessed in real-world attacks.

The generic threat landscape report is distributed to the financial entities enrolled in TIBER-FI. The report is not otherwise available.

Legal framework

In TIBER-FI testing it is important to ensure that testing activities take place within the regulatory boundaries of the European Union and local legislation. The Bank of Finland maintains legal framework documentation about aspects that should be noted to ensure legal compliance in testing. This framework is updated and amended as required to address possible areas of ambiguity.

Financial entities and testing services providers must study the legal framework and ensure that it is taken into account in testing.