October 6, 2012
Sweden: Hacker attacks should open our eyes
Our IT systems are extremely vulnerable. Important social functions can easily be knocked out, as the recent attacks gives a warning about. The lack of an effective collaboration between our agencies and the companies that supply the services and systems that are the backbone of our society, writes John Färm, specialist in community management.
Most of us can manage a day or two without the Riksbank, the government or even the Armed Forces website. In particular evening. But we should not belittle the real threat that these attacks represent. Practically the whole of Swedish society today is online.
A very small group of malicious hackers would now be able to cripple essential elements of the country's infrastructure and critical systems. It could for example result in your savings account is deleted, the electricity knocked out, your medical records are published on the internet and your phone subscription is closed.
It is high time to take a common approach on Sweden's IT security and create synergies with clear common requirements. Swedish authorities tend to be well credulous about this issue. Should something serious may happen, like the Tsunami in 2004, for the Swedish authorities to act? We need a coordinating authority, and takes a clear responsibility to protect what is important in our country, even if it is connected.
The other day we were able to read about a group that hacked 100 universities worldwide, including Linköping and Uppsala University, and picked out an unknown amount of protected data. Behind was a group called the Ghost Shell, who says he wanted to demonstrate society's vulnerability to cyber attacks. Other examples in recent times is when one of our parliamentary parties were hacked and got personal data filing published. Although Tax has been hacked and stating that the perpetrators have collected personal information protected.
Right now a massive cyber attack against some of Sweden's most important government websites, which obviously we are closest with bewilderment. In recent days we have noticed that more and more of our socially critical government websites stopped working while media reports on further threats of new attacks.
Sweden has long been a leader in IT. Today, almost all of our key functions, such as the entire financial system, but also the majority of telephone exchanges, including 112 online.
We have in the past year has been internationally acclaimed because we asked Julian Assange extradition, for many, he personifies freedom of expression online. In addition, the founders of The Pirate Bay, one of the world's largest file-sharing sites, prosecuted and convicted, and that police did recently raided hosting PRQ. In PRQ has among other WikiLeaks been around.
This has led to a large and worldwide network of hackingkulturen targeted against Sweden in order to take revenge. The group that claimed responsibility for the recent attacks calls itself Anonymous. The group has previously been known for several spectacular attacks, including spring 2012 when they hacked a secret conference between the FBI and Scotland Yard as they recorded and put on YouTube.
But IT security is not just about hacking. An event with serious consequences here in Sweden were TietoEnator's crash, which led to many of our agencies and their systems suffered widespread disruption. Among other things, many of Apoteket customers do not get essential medicines. The day also Telia accused of outsourced systems that handle national security, outsourced to Logica. Logica was also the company that was hacked when Tax databases emptied of protected personal data.
Despite these serious threats and ongoing attacks against Sweden, our government barely managed to give us any information about what is going on. Several days after the attacks, there is still no information about what is happening on cert.se, which is the place where information about the current IT security should be. Nor is there any information on informationssakerhet.se or krisinformation.se to provide the public with updates on major events in our country. All of these pages operated by Swedish Civil Contingencies Agency, MSB, which has overall responsibility for these issues.
The truth is that our IT systems, which today controls virtually the entire country, is extremely vulnerable. In an attack on the systems can be important social functions easily knocked out. More and more of our key systems placed today with external suppliers without set clear requirements for adequate protection.
What is missing is effective collaboration between our agencies and the companies that supply the services and systems that are the backbone of our society. We can not afford to again wait until the really big disaster occurs.
We know that it is on the way, maybe today, and we have the ability to take action. The only thing missing is a decision.
specialist in social crisis, President BRM Europe AB