More cyber attacks - raising awareness may be the most important consequence

Several organizations have been subjected to denial-of-service attacks recently. According to the Swedish Civil Contingencies Agency (MSB), this has had a broad impact on Swedish infrastructure. SOS Alarm, Vattenfall, the Swedish Energy Agency, Kivra and MSB have had problems with their websites. The airline SAS and several universities have also been affected. There is speculation about who is behind the attacks and about other possible targets. Concerns have risen.

The attacks prompted the Minister for Civil Defense Carl-Oskar Bohlin to say: "This underlines the importance of all critical actors taking their cyber security work very seriously. In a deteriorating security situation, Sweden and other countries will be more vulnerable."

The Minister is, of course, right that critical actors in particular take their information and cyber security work seriously. However, no single actor has the whole solution, but the state has an important role, especially if the attacks can be linked to foreign powers. The National Defense Research Institute's expert notes, however, that "nothing of real value was knocked out" in this round, but that it is "a warning and indicator".

More significantly, the airline Lufthansa's recent IT problems halted 200 flights from Frankfurt, with knock-on effects for European air traffic. The disappointment of Lufthansa's switch to paper and pencil was probably not limited to those attend ing the Blackpool Wizards' Conference. The cause of the problems in this case was the severing of a fiber optic cable during repair work, leaving 1000s of passengers on the ground. In this case, there was no qualified opponent.

It has long been said that awareness of information and cyber security risks needs to be raised. After so many attacks and disruptions - intentional or not - in recent years, there should now be very few people in positions of responsibility who have not thought about their information security. Furthermore, organizations should have a picture of what the external dependencies look like. This was probably a lesson learned, for example, when Coop's cash register system went down during an attack by hostage software that exploited subcontractors.

Attacks where there is an active and deliberate adversary are of course more serious than when there are disruptions for other reasons. Minister Bohlin is therefore right to emphasize the importance of security work. A high level of information and cyber security in everyday life also provides better conditions for coping with advanced threats. TechSverige has previously pointed out the need to secure cyber security skills. The government has an important role to play here. Bohlin should also have a conversation with his colleagues at the Ministry of Education.

Fredrik Sand

Industry policy expert, TechSverige