Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

Advenica

The Swedish government wants to tighten protection against espionage and tampering. A new bill means that private companies will also be covered by the new Security Protection Act.

Advenica welcomes the government's proposal to expand society's requirements to include private businesses. This hole in the security net has become increasingly more troublesome over time.

In connection with our round table discussions with the Home Secretary and the Minister for Innovation, we suggested that:

"Society's cybersecurity requirements should be governed by the nature of the business and not by its main character."

proposal

There is a great need for improvement in many sectors. Basic protection and understanding of information security must be a natural part of all types of businesses and institutions.

If you are just beginning to work with security a good start may be to make a self-assessment using the Swedish IT Security Index to get an understanding of the current situation.

Advenica

What’s the forecast for critical infrastructure? The "Weather Forecast" for critical infrastructure is that the perfect storm will be triggered in May 2018. Why just then? That’s when several phenomena in the cyber world will collide which can have major consequences.

The perfect storm is a meteorological term for a phenomenon that implies that multiple weather systems interact to create extreme conditions with immense powers that often cause great devastation.

Today this is typically predicted by advanced computer simulations and algorithms that prove in detailed accuracy that this will happen, and that society needs to prepare for the worst.

We have seen several cases in the United States where people have been evacuated from large areas in good time, prepared communities for the worst and proactively changed structures so that they can "ride out" the storm with the least impact on societal functions.

perfect storm

What’s the forecast for critical infrastructure?

The "Weather Forecast" for critical infrastructure is that the perfect storm will be triggered in May 2018. Why just then? That’s when several phenomena in the cyber world will collide which can have major consequences. GDPR is the hot topic right now. What is not mentioned so much is the NIS Directive. These two contribute to the legal aspect of the perfect storm.

Add to this another weather system - "media with hunts". Cybersecurity and information management has never been first page news for so long. It started in Sweden this summer with reporting on the Swedish Transport Agency outsourcing sensitive information to a third party without adequate protection, but news about information security keeps popping up in one report after another.

Only journalists know the reason for this, but my interpretation is that cybersecurity and information management is something that affects everyone in society. This makes it news that sells and influences ordinary people. It is highly likely that this will not change, it will become increasingly commonplace. 

The third force is the changing world situation. It is a fact that the amount of cyber attacks, cybercriminals and methods of creating chaos in the information world has dramatically increased in the last 3-5 years.

Like lots of other things in the digital world, everything increases exponentially. The same development curve applies to cybersecurity but in a negative way. Efforts to counter this will require completely different methods, budgets and methods. The question is, who can you trust?

Directive (D) + Media witch-hunt (M) + Cyber threat (C) = Perfect Storm

What can you do about it?

A good idea is to look at all aspects and conditions that apply to your own business. Then put a budget alongside each aspect or condition. Assess the risk, value and against what you have assessed and invest accordingly. If you realize that you haven’t reached the point you need to be at until the date we have identified, you need to start prioritizing, as you would in any other project based on quality, cost and time.