Security in a digitalized world

In the context of our annual meeting, we organized a lunchtime seminar on digital security. A hot topic, as our industry is playing an increasingly important role in managing the various cyber threats and risks that increased digitalization brings. At the same time, knowledge about digital security is still relatively low in Sweden. It is about technology, but also about law and general understanding of the potential of digital technology.

That's why we invited representatives of different perspectives to join us for a discussion.
The conversation was led by Fredrik Erixon from ECIPE, one of Brussels' leading think tanks. Also participating were Commander Per-Ola Johansson, Head of the Strategy and Analysis Section at the Defense Staff CIO Department and Lena Nyberg, Senior Vice President at Digital Route, with long experience from the IT and telecom industry and the Swedish Armed Forces Radio Establishment (FRA).

All participants, unsurprisingly, agreed on the fantastic potential of digitalization. Not continuing to digitize society was and is not an option if we are to cope with everything from healthcare and welfare to employment challenges. The big elephant in the room is trust in the new technology. Digitization is data-driven, which means that while the availability of data must increase, we need to be more careful about how it is used. Otherwise, there is a risk of heavy regulation and reduced digitization, with negative economic consequences.

Fredrik Erixon said that in the wake of Cambridge Analytica, awareness of security issues has increased, but that we still have a lot of work to do. There is a willingness to be proactive, and the EU is discussing, for example, the introduction of screening instruments and security policy assessments of direct investments from non-EU countries, such as China and Russia.

For the Armed Forces, the challenges look partly different. Per-Ola Johansson said that there is great awareness within the Armed Forces. "We know today that there are actors who have the intention, ability and opportunity to damage important IT environments. The Armed Forces work primarily to secure critical cyber infrastructure, critical societal functions and to defend ourselves against qualified attacks. This involves detecting intrusions or attempted intrusions at an early stage.

Per-Ola Johansson also spoke about the need to train "cyber soldiers" with completely different and new skills than before.

Lena Nyberg from Digital Route pointed out that there are tens of thousands of cyber attacks against authorities and public administration. But also extensive cyber attacks in the form of industrial espionage. The attacks are characterized by two things: large resources in the form of money and personnel, and clear goals. These can be short-term goals where the antagonist wants to get something immediately, but they can also be very long-term goals where doors are created for future use or to gain access to critical infrastructure. The vulnerability of society is extremely high when vital parts can be knocked out and false information can spread easily.

According to Lena Nyberg, we need to talk more about responsibility and where the responsibility lies. We need to find a balance between the opportunities we create and the risks they entail.

In the ensuing discussion, the need for joint conversations around security and how it must be seen as a competitive advantage instead of a necessary evil was emphasized. We should invest more in and use technology and innovation to protect technology. But governments, businesses and industry associations also need to create more interfaces and promote knowledge sharing. We need a common understanding of the problem in order to share security responsibilities between different actors. Only then can we work together to improve security while harnessing the full potential of digitalization.