Skip to content

Share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page
PA IN THE MEDIA

8 out of 10 authorities find it difficult to maintain the right level of security

Read the full article in Swedish in Altinget.se

Sweden, today, is one of the leading countries in digitisation in the EU. This has made us fast and cost-effective but also vulnerable. Harmful effects in one area can quickly have extensive consequences for others as well. Electricity supply and payment systems are clear examples.

Outdated IT systems
An audit report from the Office of the Auditor General (OAG) in October shows that 31 out of 49 government agencies studied have problems with obsolete IT systems. The OAG believes the authorities have not worked on the issue in the long term, which causes a number of problems.

For example, about 80 per cent of the authorities in the survey state they have difficulty maintaining the desired level of information security in one or more of their business-critical systems. More than one in ten authorities answer that this applies to all or most of the systems.Together with issues like the IT events at the Swedish Transport Agency a few years ago, the OAG’s report indicates security has been too low a priority in many large public projects in Sweden.

Far from enough
This spring came the new Security Protection Act. It should improve protection against many threats to minimize serious national consequences. But the national capacity, including available resources, is still far from sufficient to live up to the intentions of the legislation.

Operator-driven threats
With 80 per cent of the authorities surveyed failing to maintain the desired level of information security, we can assume security-sensitive operations also have sub-par security. These are activities that, according to the new Security Protection Act, must be protected from operator-driven threats as there’s a risk of serious national consequences if the system goes down.

Imagine an attack
Sweden today has evolved far beyond the parameters of the old Security Protection Act. An important difference is that threats or attacks are no longer delimited by national borders but spread internationally. Imagine yourself if an attack knocked out central payment systems. How many hours or days would it take before it had serious national consequences?

Resources
In investigations such as SOU 2018: 82, new supervisory authorities are also proposed for security protection, such as the Swedish Financial Supervisory Authority, the Swedish Transport Agency, the Swedish power grid, the Swedish Post and Telecom Agency, and the Swedish Energy Agency. On the other hand, there is great uncertainty regarding the need for resources, delimitation, coordination and the new sanctions proposed. Several of the new supervisory authorities also have supervisory objects that were not previously covered by the Security Protection Act.

The issue of resources is, as in all major social projects, crucial to success and should not be underestimated. The Swedish Financial Supervisory Authority, for example, estimates a need for ten full-time positions to manage its new role.

Today, Sweden cannot offer credible protection to many of the country's security-sensitive operations. It has not even been possible in certain sectors to ascertain what these activities are. But with the new safety protection legislation in place, including other investigative proposals, we will hopefully see a change.

Now, all actors, both private and public, must spend time and resources on integrating a credible security protection into their operations.

Contact the author

PA Consulting Group in Sweden

Maria Gustavsson

Maria Gustavsson

Transformation and financial services expert

Per Blom

Per Blom

Implementation, Government and public services expert

Joacim Sundell

Joacim Sundell

Country Head, Transport and public sector expert

Oskar Almén

Oskar Almén

Energy and utilities expert

Peter Wardell

Peter Wardell

Digital, IT-strategy and sourcing expert

Lan-Ling Fredell

Lan-Ling Fredell

Fintech and Innovation Expert

×

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.