Wärtsilä and Elisa have been building their cyber security partnership through tight co-operation and mutual trust since 2019. Building cyber security is now more important than ever before for international technology companies for many reasons, including national security.
Thousands of tankers, cruisers, container and cargo ships sail with the power of Wärtsilä’s low-carbon engines. Gas and liquid-fuel powered plants on every continent rely on the environmentally friendly technology of Wärtsilä.
The company employs approximately 17,500 people in 79 countries, and its turnover was EUR 5.8 billion in 2022.
Teemu Eronen, Wärtsilä’s Director of Cyber Security, is responsible for ensuring that cyber security threats do not endanger Wärtsilä’s business continuity.
“Cyber security is about minimising risks to your business. We must quantify the impact of cyber security in monetary terms and develop it as part of our competitive advantage, reputation and public affairs. At the very least, cyber security needs to fulfil our legal and contractual requirements. Cyber needs to be reported in a language that can be understood from the business perspective. We should not be focusing on technology only.”
Expanded co-operation now includes detecting and responding to cyber threats of end users
During the years of cyber security partnership between Wärtsilä and Elisa, the risk of cyber threats has grown exponentially due to geopolitical changes, the war in Ukraine and developments in artificial intelligence. The tight and productive collaboration has allowed Wärtsilä to prepare for the expanded threat landscape.
“Elisa’s ability to provide excellent co-operation and services is its obvious strong point as a global cyber security service provider. I would especially like to thank Elisa’s excellent Service Delivery Manager Vuokko Siiskonen, who has wonderfully drawn together our cyber security development projects and initiatives”, Eronen says.
In cyber security, trust is of the essence, and the expertise and co-operation between Elisa and Wärtsilä have deepened their trust. Currently, the Elisa Cyber Security Centre monitors and observes the current and future cyber security threat landscape at Wärtsilä, including the digital identity, devices and e-mails of the company’s end users.
“I have noticed that whenever we receive an alert about a cyber security incident, the cyber security experts at Elisa respond to the threat as if they were wärtsilians – they help their colleagues to remove the risk and minimise threats”, Eronen describes the tight collaboration between the companies.
The increased capacity to detect threats, respond to them and recover from threatening incidents have improved Wärtsilä’s ability to ensure the continuation of its business regardless of the situation.
OT environments integrated into the situational picture of cyber security
The cyber security co-operation between Wärtsilä and Elisa has expanded to include operational technology (OT) environments, i.e., the cyber security of production plants.
“The production lines for energy storages and ship engines are going through digitalisation and automation, which also turns them into potential targets for cyber-attacks. Elisa has helped us build up our capacity to monitor and detect cyber security threats and our ability to respond to such threats at our production plants. The cyber security of our OT environments is exceedingly important to us. It helps us ensure that our products fulfil their high quality requirements as it allows us to detect any spyware or malware that might be trying to sneak its way into our products”, Eronen says.
The two companies are planning to expand their co-operation even further. Next on the cyber security roadmap is the monitoring and detection of cyber threats involving the cloud services that Wärtsilä employs and responding to those threats.
“My goal is to use the same cyber security playbooks and processes with our cloud services to implement all of the immediate measures to remove cyber threats or at least minimise them together with Elisa regardless of time and place”, Eronen envisions.
Genuinely global partner
The successful partnership with Elisa has highlighted the speed and flexibility of Elisa’s services to Wärtsilä compared to the company’s previous experiences with global service providers.
“Elisa’s service offers concrete corrective actions unlike some large international service providers. Their response during emergencies was mostly to sell us new services”, Eronen states.
It is important for Wärtsilä that its operations are safeguarded in the same way regardless of the continent or the country.
“Even though Elisa operates primarily in the Nordic countries, it is still able to offer us a genuinely global cyber security service that safeguards our business operations.”
Part of the national cyber security of Finland
“When we were selecting the cyber security service provider for Wärtsilä, choosing a service provider that operates in Finland was of strategic importance to me. At the time, the geopolitical change, substantial increase in cyber threats and more sophisticated methods of attack were already apparent. This strategic vision proved to be correct, and we were right to take this precaution”, Eronen contemplates.
Finland has a strong national cyber security ecosystem that includes industry players and authorities alike, including the National Cyber Security Centre, Police of Finland, Finnish Defence Forces, National Emergency Supply Agency, cyber security detection system Havaro and the internationally unique Tieto cyber security preparedness exercises.
“We would not be able to co-operate nationally without a cyber security partner that operates in Finland. Having such a partner allows us to be part of the national cyber security ecosystem, learn from others and provide added value to them. After our NATO membership, it would also be incredibly difficult to have a partner whose cyber security centre operates in a low-cost country that is not allied with NATO”, Eronen states.
Eronen thinks that participation in national cyber security is part of the company’s responsibility. “It is important to bear in mind that large international companies can serve as a pathway for hostile cyber groups to infiltrate the core of the Finnish society.”
Cyber security requires investments now
Eronen is concerned about the low investments into cyber security from many Nordic companies.
“15–20% of your company’s IT budget should be allocated to cyber security. Cyber security experts should be able to illustrate and explain how cyber security threats can impact business continuity and the kind of losses that may result from the threats in the worst-case scenario. Companies that are active in the global market should especially have a board that is able to analyse the risks and effects of cyber and digital security on their business”, Eronen contemplates.
Eronen praises the senior management of Wärtsilä for choosing quality over cost in improving the company’s cyber security.
“When it comes to cyber security, we should forget the traditional relationship between an IT service provider and customer. This mindset might lead to customers cutting corners for lower costs and service providers compromising on the quality of their services in turn. That’s not adding value to the cyber security”, Eronen points out to his colleagues.
“Cyber security co-operation requires a lot of negotiating and overcoming differences of opinion between the customer and the service provider. The role of cyber security experts is to be diplomatic messengers within their organisations”, Eronen envisions how to develop cyber security partnerships even further.
Article in Finnish: Näin Wärtsilä varautuu kyberuhkiin