Loihde has been involved in developing Porvoon Energia’s information security for over a decade. At the heart of the long-lasting cooperation is a good and strong partnership as well as cybersecurity services suited to the need.
Porvoon Energia is a Porvoo-based energy company that offers both CO2-emission-free electricity and renewable district heating. The company’s roots date back to the year 1900. Its paths merged with Loihde in the 2010s.
“Initially, Loihde provided us with firewall service and process cameras for our power plant. From there, the cooperation began to deepen and, over the years, the cooperation has extensively expanded to a variety of information security services, such as the CSOC service,” says Osmo Bäckman, ICT Manager at Porvoon Energia.
He says that the world has changed dramatically over the last ten years and that the last few years in particular have brought with them a whole new set of information security challenges. This has required greater investments in cybersecurity than before.
“We need to be increasingly alert. We have therefore actively worked to develop our information security. We have expanded and tightened monitoring of both our electricity network and production, especially over the past five years.”
In addition to changes in the global situation, new regulations also place their own demands on energy companies. The NIS2 Cybersecurity Directive applies to operators critical to society and thus also to operators in the energy sector. It also introduces requirements for the development of security as a whole.
Loihde provided NIS2 consultation to Porvoon Energia, which gave the energy company a clear idea of what things to focus on and what to improve.
“In particular, we have developed our documentation to meet the requirements of the Cybersecurity Directive. It’s no longer enough to just do the right things; we also need documentation in writing that these things have been done," says Bäckman.
According to Loihde’s Account Manager Markku Aminoff, Porvoon Energia prepared for the NIS2 requirements well in advance of their entry into force.
“This made it possible to take into account, for example, the requirements for the service environment and to prepare in advance. Of course, information security work is always a continuous process, and documentation, for example, must be constantly maintained.”
After developing information security together for well over a decade, both the contact persons and the operating environment have become familiar.
”The cooperation has always been smooth and has worked from the start. The deployment of the new services and the related fine-tuning have also been carried out well,” says Bäckman.
He feels that, in order to achieve the best results, information security services should be centralised under one operator.
“It wouldn't make sense to break everything up into too many pieces. However, we have used a third party for information security testing, for example, so that the same partner does not carry out both the implementation and testing. With a third perspective, you can get additional observations with regard to improving information security, if necessary.”
Loihde’s Aminoff confirms that the dialogue is open and works.
"We have mutual trust. At Loihde, we always try to focus on what is most relevant to the customer and to develop it. We also want to ensure that there are no overlapping solutions, or that the investments already made by our customers are utilised as effectively as possible.”