The wait is over - the government has presented a national cybersecurity strategy
The government has adopted a new national cybersecurity strategy. The strategy sets targets for the year 2030 and will be followed by annual action plans within three pillars
- systematic and effective cybersecurity work
- developing knowledge and skills in cybersecurity
- ability to prevent and manage cybersecurity incidents.
There are always risks with strategy work - it gets in the way of reasonable measures that can be taken directly. This is also something that the Minister for Civil Defense himselfa usually say that there is danger in delay. So we waited half the term of office before the government, on the same day as the strategy was decided, commissioned MSB, FRA and FMV to map municipalities' technical capabilities in this area. Possibly such low-hanging fruit that no one saw it for two and a half years.
On the other hand, the government has also taken decisions of strategic importance before the strategy was in place. This is true, for example, of the FRA's lead role in the National Cyber Security Center - and then the division of responsibilities for cyber security in the important financial sector - where the FRA was not allowed to play the lead role. So the picture so far has been that government information and cybersecurity policies have been out of step. So a strategy may be much needed in some aspects.
The most important thing the government and the public sector can do to improve cybersecurity is to improve the supply of skills.
There are also things that are highlighted in the strategy. A high level of security under normal conditions and under difficult conditions must be based on systematic and effective cybersecurity work. So it seems reasonable that this is what is highlighted in the first pillar. TechSverige has pointed out that one of the most important things the government and the public sector can do to improve cyber security is to improve the supply of skills. It is therefore positive that this is the theme of the second pillar.
At the time of writing, the strategy is not published on the government's website, but the copy the minister waved around during the press conference looked to be quite extensive in terms of page count.
TechSverige is likely to return to the national cybersecurity strategy shortly.
Fredrik Sand
Business policy expert