Sweden has become the latest Nordic country to bolster its cyber defence ambitions and capabilities in the face of heightened threats, with the government commissioning key defence and security agencies to establish a national cyber security centre (NCSC).
The NCSC will be created following a series of high-profile cyber attacks that targeted major Swedish corporations in 2020, including industrial security group Gunnebo.
The assignment to establish and operate the NCSC was delegated to a coalition of state security organisations led by the Swedish Armed Forces (SAF) and the National Defence Radio Establishment (Försvarets Radioanstalt/FRA), which functions as the signals intelligence (Sigint) branch of the SAF.
The NCSC formation group also includes Säpo (Säkerhetspolisen), the Swedish national security agency tasked with counter-espionage and counter-terrorism roles which operates under the jurisdiction of the Ministry of Justice. The fourth partner in the NCSC alliance is the Swedish Civil Contingencies Agency (MSB), which also operates under the Ministry of Justice and is charged with protecting Sweden’s critical infrastructure and managing local and national emergency responses.
Sweden’s government has allocated SEK440m to meet the NCSC’s projected operational costs in the period 2021 to 2025. The creation of the NCSC is a central part of Sweden’s long-term desire to boost its capacity to prevent, identify and deal with the increasing cyber threats that target critical IT infrastructure.
The NCSC will strengthen Sweden’s ability to deliver a new layer of security that shields the country from disturbances to its economic competitiveness and prosperity as it moves forward in the digital age, said defence minister Peter Hultqvist. “The digitised world we live in means we need to take more effective measures to improve our overall capacity to protect Sweden and Swedish interests,” he said. “We need to do this while reducing our vulnerabilities.
“With technology development and digitisation, threats and vulnerabilities increase. A national cyber security centre will help secure our future by bringing together Sweden’s cutting-edge expertise in the field under one roof.”
The country’s public and private sectors will both be served by the NCSC, helping to bolster security against cyber threats across Swedish society. The NCSC will also provide a new tier of security to protect IT networks from penetration by cyber criminals attempting to hack data, cripple IT systems or capture classified, confidential and high-value information.
At the core of the NCSC’s work will be coordination with the public and private actors to prevent, detect and manage cyber attacks and other IT incidents. The NCSC will also function as an expert cyber-defence resource for public and private organisations, helping them tackle a broadening range of threats.
The NCSC will also operate as a national platform for collaboration and information exchange between private and public organisations in the field of cyber security. The task of establishing the NCSC is already under way, said Dan Eliasson, director-general of the Swedish Civil Contingencies Agency (MSB). “Our planning continues to advance and it will become more intensive following the government’s confirmation of the national cyber security centre’s responsibilities and budgetary funding allocations,” he said.
“The four partners in this important project are already working as a single team. Our immediate priorities will be to appoint a CEO, establish a mechanism to pool resources and find a functioning scalable building to operate from.”
Cyber attacks against private and public IT networks are a daily event that carry huge risks for Sweden’s economy and society, said Björn Lyrvall, director-general of the FRA. According to Lyrvall, many attacks originate from state actors and criminal organisations.
“There is a undeniable need for a national cyber security centre,” he said. “Cyber attacks are taking place in the here and now and directed at everything connected to the internet. They are aimed at socially important institutions and functions, at infrastructure, research and business. A dedicated national centre will strengthen our resilience to defend against cyber threats and protect our society.”
A survey conducted by Statistics Sweden (Statista) among Swedish enterprises in 2018 found that disruption to business IT processes was the most common type of cyber attack on companies that year. Of the 60 leading companies surveyed, 33% said they had been victims of IT process disruption attacks in 2018, while 23% had experienced extortion-type cyber crimes and 16% had to defend against asset misappropriation attacks.
According to the Statistics Sweden survey, cloud security ranked the most important cyber security topic for CEOs of Swedish organisations in 2018, ahead of cyber security strategy, data security and data privacy.
The data hack on Gunnebo in August 2020 underlined the more menacing type of cyber threat against the IT networks of Swedish companies. This highly organised cyber-ransom attack compromised the company’s servers and resulted in the capturing of sensitive data files by hackers.
The hackers uploaded more than 38,000 sensitive files to a public server after Gunnebo refused to pay a ransom in bitcoin. Files uploaded from Gunnebo’s database and released to the dark web included an 18GB file containing sensitive data belonging to the group’s biggest customers, some of whom operate in high-security areas such as airport management, nuclear power generation, banking, public and private healthcare services.
“We can only speculate on what the target of the attack was, but we cannot rule out that it was an attempt at industrial espionage,” said Stefan Syrén, CEO of Gothenburg-headquartered Gunnebo. “After an initial appraisal of the attack, we followed cyber attack procedures and notified Säpo.”
Compared to routine threats from the cyber domain, the attack on Gunnebo was particularly well organised, said Syrén. Gunnebo conducted an external IT forensic analysis of the attack before reporting the incident to Säpo, he added.
The sustained hack forced Gunnebo’s IT department to shut down its servers in an attempt to isolate the attack, and the group is currently conducting a full security review of its IT systems. “The security of our IT networks is paramount for us,” said Syrén.“ As a direct result of this event, we are running a full review of our IT structure. This is time-consuming, but important.”