How are network connections protected against influence attempts? Several measures help maintain technical capabilities in exceptional situations

The measures to maintain functional and high-performance network connections are designed to address all kinds of exceptional situations, says Virtanen. All the measures related to planning network architecture – i.e. connections, facilities and systems – share one basic objective: to ensure continuity in such a way that, even if there is a temporary interruption in the network connection, consumers never even notice the disruption.

"The technology, processes and operating models used aim to ensure the availability of the telecommunications network where it matters most. The typical cause of a fixed network outage is an excavator that accidentally digs up and cuts a fibre cable. Without a backup, large areas would be blacked out, which is why core, trunk and area networks are at least double-secured, or built using two fibres and two routes. Even if one cable suffers damage, services can continue to operate through the other physical cable," Virtanen explains.

Thanks to our comprehensive network, connections can be routed fault-tolerantly from one customer site to another. There is no single point on the route where a failure would cut off the entire service. This ensures the required capacity even for unexpected traffic peaks and gives the operator a great deal of flexibility in exceptional circumstances.

DNA’s submarine cables are also double-secured

The reliability of international telecommunications connections is particularly vital for businesses. Critical core network connections between Finland and Sweden, for example, are secured by two independently double-routed submarine cables, which are fully owned by DNA (DNA Seaway). DNA is also responsible for the condition and maintenance of the cables.

"A critical outage of even one undersea cable is highly unlikely, but two independent connections ensure that, in practice, connections abroad are always reliable. A failure could be caused by the atypical anchoring of a large ship, but, in theory, a hostile actor could also try to do intentional harm. The network architecture is designed to withstand malfunctions regardless of the cause," Virtanen emphasises.

Emergency power is used to win time, and equipment facilities are kept close to the customer

DNA also has a clear operating protocol in case of base station technology failures or power lines breaking, whether the damage is caused by a natural phenomenon or deliberate sabotage. The DNA Network Control Centre, or control room, in Lahti is notified of a network failure almost in real time. The staff, which is trained for crises, immediately initiates a fault investigation chain and actions to restore network capabilities. Some failures are repaired by automation immediately or by a staff member remotely in less than a minute, which means that the fault may never even be visible to the consumer.

"In the event of a disruption in the electricity network, each base station operates on batteries for a period of several hours, allowing for the repair of most failures. If it appears likely that power companies will be unable to restore power quickly enough, generators or other backup power engines will be taken to critical sites to ensure electricity supply. In the event of a major disruption, DNA will work in close cooperation with national and regional operators, emergency response centres, the Finnish Transport and Communications Agency (Traficom), rescue departments, the separate networks maintaining the Krivat system as well as regional subcontractors,” says Virtanen.

Data is routed from the base stations to the core network, where the actual processing is carried out. These are highly critical points for the functionality of the network and for cloud services, for example. Instead of a centralised solution, DNA has built equipment facilities to serve its core networks in several locations across Finland. Decentralisation improves the local speed of the network, reduces delay and improves operational reliability even in the event of disruptions and crises. 

Fibre secures the synchronisation of base stations

Virtanen points out that the plans to ensure network continuity in 5G and other mobile networks include safeguards against the potential threat of GPS interference. Most of the base stations are time and phase-synchronised with each other with a clock signal that is delivered to them using a fixed core connection, in most cases fibre, instead of via a GPS satellite.

"DNA is committed to complying with Traficom’s regulation, which entered into force last July, that the service capability of networks must be ensured in various circumstances. Time and phase synchronisation works for at least two weeks, even if synchronisation via the satellite positioning system is not available. 5G networks are vital for Finland's security of supply.”

Citizens may wonder how they can best prepare themselves for possible online harassment. It is, of course, impossible to say anything certain about the possible influence attempts in the near future, but it brings peace of mind to know that one is fully equipped for service disruptions.

"The best way to increase peace of mind is ensure redundancy even on a personal level: to have more than one terminal and more than one network connection at home. Businesses have the option of using SLA service-level connections, where service availability is secured by both fixed and mobile connections," Virtanen says. 

Cyberattacks test the level of data security

DNA is also constantly working to combat cyberattacks. For example, denial of service (DDoS) attacks pose an increasing threat to unprepared organisations, as they are being organised more professionally. Every year, Finnish organisations are subjected to tens of thousands of denial-of-service attacks, where so much traffic is directed to an online service that it cannot process all the requests. A DDoS attack often serves as a smokescreen for an even more serious attack.

Denial of service attacks cannot be prevented with 100% certainty, but proactive measures can significantly reduce their impact. For companies, DDoS protection is sold as a separate service in which DNA can take measures in its core network to mitigate the attack. This significantly reduces the amount of attack traffic towards the customer's internet connection, and the customer’s services and infrastructure continue functioning as planned.

“In this case, also other information security protection systems, such as firewalls and intrusion prevention services, are better able to maintain their normal functions, as the DDoS attack does not cause on overload on them,” says Virtanen.

Further information for the media

Ville Virtanen, Senior Vice President, Technology, DNA Plc, tel. +358 44 220 3272, ville.virtanen@dna.fi

DNA Corporate Communications, tel. +358 44 044 8000, communications@dna.fi