Ericsson’s Karikytö: Cyber security is a primary focus in the development of Virve 2.0

The next generation of the public safety network, the broadband Virve 2.0, is produced in cooperation between the authorities and commercial partners. The overall responsibility for Virve 2.0 is with Erillisverkot Goup, the statutory service operator that will also produce services for the network. Ericsson will deploy the 5G Core network for the Virve 2.0 broadband public safety network and Elisa implements the radio network service.

Ensuring the cyber security of Virve 2.0 plays a key role in Ericsson’s work. Together with his unit in Jorvas, Mikko Karikytö, Chief Product Security Officer for Ericsson Group is responsible for the cyber security development.

“Cyber security is a primary focus in the development of Virve 2.0. All products that Ericsson provides for Virve 2.0 are designed, produced and tested according to our Security Reliability model,” says Karikytö.

Threats must be identified

Karikytö emphasises that, in the cyber world, no one can avoid threats.

“Because everything we do is digital and connected to some network, every operator must know which threats are relevant specifically in relation to their activities. In the same way, in a limited public safety radio network, the threats and threat scenarios must be identified. In other words, we ourselves must know what can go wrong in regard to security.”

Karikytö highlights two central cyber security perspectives, which must be taken into account in the development of Virve 2.0 and which are interesting also for those who pose a threat: the network remaining operational and the security of the data being transmitted in the network.

“Availability is especially important because the service must always be up and running. There are parties who, for one reason or another, want to disrupt network traffic or block messages from reaching end users’ devices when they are required. On the other hand, we must be able to secure the data that is transmitted in the network because it will also be of interest to threat actors. They will try to find out, for example, who sent and who received a message, when and where,” says Karikytö.

Automation is also utilised in preventing different threats.

As part of the agreement, Erillisverkot procured an automatic cyber security management tool, Ericsson Security Manager. It allows the constant monitoring and prevention of possible information security threats. Developed by the professionals in Jorvas, Security Manager is one of the first products in the world to focus on managing the security of mobile networks.

Security is a process

Mikko Karikytö emphasises that managing security can never be paused or ended completely after a certain phase. Security management is a process that goes on for as long as the service exists.

Karikytö describes building and deploying a mobile network as four phases that support each other. The work begins with standardisation and agreeing on safe protocols and algorithms. Ericsson makes sure that the technology used in Virve 2.0 is designed, developed and tested according to the agreed standard.

“The third phase is installation, which means attaching the network devices to the architecture. In this phase, the Virve 2.0 core network becomes a part of Ericsson’s radio access network. The fourth phase is operation, meaning normal daily activity. That also includes software updates and the addition of new features. Cyber security is an important part of each of these phases and the operation phase must be examined especially closely in order for the network to remain safe,” says Karikytö.

Even 4G uses encryption that is practically impossible to break. In 5G, the security perspective is taken into account already in the standardisation. Virve 2.0 is being developed on a very sound basis.

Karikytö is not worried about the continuity of the security process when it comes to Virve 2.0 because the employees of Erillisverkot responsible for the maintenance of the administrative radio network are trained professionals.

“Virve 2.0 also utilises the latest technologies, 4G and 5G. Even 4G uses encryption that is practically impossible to break. With 5G, the security perspective, such as encrypting end users’ messages, is taken into account already in the standardisation. Virve 2.0 is being developed on a very sound basis,” says Karikytö.

Global security developed in Finland

Mikko Karikytö is globally responsible for Ericsson’s products being implemented according to the company’s security standards. The group operates in a total of 180 countries making the scope of his work very extensive. In his work, Karikytö reports directly to Erik Ekudden, Group CTO and member of the Board of Directors based in Sweden.

Ericsson has decided to invest heavily in developing cyber security. The Jorvas unit and the approximately 150 experts who work there have conducted systematic cyber security development already for long. The company has also already started its own PSIRT unit (Product Security Incident Response Team) and in spring 2020 Ericsson created the position of Chief Product Security Officer, who is globally responsible for the security of their products. Mikko Karikytö, who has worked with cyber security in Jorvas for approximately 10 years and previously had the title of Head of Network Security, was chosen for the post.

“Now, it is my responsibility that every product Ericsson produces, including Virve 2.0, is implemented according to our security standards. That means they are designed, produced and tested according to our Security Reliability model,” says Karikytö.

Virve used as an example globally

In Karikytö’s international field of work, Erillisverkot and the Virve public safety network are well known and even admired.

“Our customers include mission critical networks in different countries. As a Finn and an Ericsson employee, I am always delighted to notice how well the Virve administrative radio network is known in different countries and how closely its future developments are monitored,” says Karikytö.
Virve is often referred to as a good example and its well-functioning concept is copied.

“It seems to me that Finland is a pioneer in broandband public safety networks. I also enjoy being a Virve ambassador around the world,” says Karikytö.