Sweden implemented its national cybersecurity strategy in 2017: A National Cybersecurity Strategy. It's the second national strategy with the first being published in 2010.
The 2017 strategy covers the following strategic goals in the ENISA self-assessment: Cybercrime, security and privacy balance, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation. Public-private partnership. Institutionalised form of cooperation between public agencies, research and development, cybersecurity exercises.
Key updates were made in March 2020 through the publication of the Comprehensive Cyber Security Action Plan 2019-2022, which effectively updates and translates the national strategy into a set of tangible actions.
In March 2020, the Swedish Defence Research Agency co-authored the report, Critical Nordic Flows - Collaboration between Finland, Norway and Sweden on Security of Supply and Critical Infrastructure Protection, which explores ways in which the three countries could deepen their trilateral cooperation to prepare for potential disruptions to cross-border flows of critical goods and services. The six societal sectors targeted in the report are: Communications and digital networks, energy, food, financial infrastructure, pharmaceuticals and transport.
TRAINING AND EDUCATION IN NATIONAL CYBERSECURITY STRATEGY
|Research and Development||
The overarching goal is ensuring that high-quality higher education, research and development is conducted in the areas of cybersecurity, IT and telecom security in Sweden.
Specific measures include:
The strategic innovation partnership programmes are an important instrument for increasing the quality and benefit of higher education, research and development. One aspect of this is the potential to coordinate the investments of different stakeholders and generate synergy effects. It is the Government’s assessment that long-term partnership and cooperation between relevant stakeholders needs to continue being developed in the area of cyber security. The government therefore commits to:
Cybernode is a specific implementation of the strategy established in late 2020. It acts as a platform or network that, based on a common national agenda, initiates and runs projects and activities. Its remit is to mobilise R&I actors and respond to increasingly complex demands around, for example, globalisation, innovation development and societal challenges. In its first phase (2020-2021), the node will function as a lever for joint agendas, roadmaps and investments linked to Swedish innovation capacity. It will also promote mobilisation and concentration in joint R&D initiatives.
Education and training are seen as essential for increasing knowledge and enhancing the capability of activities to manage serious IT incidents. For example, the strategy stresses the need for skilled personnel in the area of cyber security to overcome the lack of cutting-edge expertise in both the private and public sectors. It should thus be in the interest of all relevant stakeholders to find long-term solutions to satisfy the increasing needs for skilled labour. Furthermore, regular national and international training is a prerequisite for developing and evaluating structures to manage serious IT incidents and for identifying organisational, technical and administrative development needs.
The national cybersecurity strategy is underpinned by the government maintaining the capability to manage serious IT incidents through coordinated training activities.
Roles and responsibilities:
The Swedish Civil Contingencies Agency (MSB), in collaboration with other relevant authorities, maintains the capability for long-term planning and coordination of training activities to build expertise and guarantee a good capability to manage serious IT incidents in society.
The Swedish Armed Forces maintains a corresponding capability within the scope of its responsibility. Cyber security training activities should encompass several types of training to achieve all levels and competencies that are needed to manage serious IT incidents. These training activities include everything from seminars to cross sectoral collaboration. Access to a virtual training environment significantly increases the opportunities for carrying out technical cyber security training. Such an environment makes it possible to practise the management of simulated technical problems under conditions that reflect realistic technical infrastructures and systems. This allows participants to test their processes and technical capability for managing incidents and to develop collaboration with other stakeholders at the same time. The planning for training activities should be long-term so that each individual element contributes to increasing or maintaining capability. Systematic experience management becomes an important part of implementing training results in existing plans, working methods and other activities.
Where necessary, the training activities should also take into account other threats and risks that might have a close link to the area of cyber security. One example of this is disinformation and influence campaigns. The training scenario in the area of cyber security, including disinformation and influence campaigns, can help to increase society’s overall capability to resist these threats, both in the Swedish Armed Forces’ defence planning and total defence planning. Today, a large part of national and authority specific technical training is carried out with the support of FOI’s technical platform CRATE (Cyber range and training environment).
|Higher Education Courses on Cybersecurity||
Public Private Partnerships & Collaboration
Public-private partnerships are part of the measure aimed at enhancing collaboration and cybersecurity information sharing in a complex and multi-faceted cyber risk landscape.
Collaboration on society’s cybersecurity key for creating good operational capability to manage serious disruptions and is often the basis for collaboration during serious incidents. This involves collaboration between different stakeholders in Sweden, such as central government authorities, municipalities and county councils, trade and industry and interest organisations, but also international collaboration.
There are several good examples of collaboration in the area of cyber security in Sweden. The Cooperation Group for Information Security (SAMFI) plays an important role through its work for secure information assets in society. SAMFI consists of several central government authorities that have particular tasks in the area of cyber security: the Swedish Civil Contingencies Agency (MSB), the Swedish Defence Materiel Administration, the National Defence Radio Establishment (FRA), the Swedish Armed Forces, the Swedish Police Authority, the Swedish Post and Telecom Authority (PTS) and the Swedish Security Service. MSB has administrative responsibility for the group. The collaborative forum, the National Cooperative Council against Serious IT Threats (NSIT), analyses and assesses threats and vulnerabilities regarding serious or qualified cyberattacks against the most security-sensitive national interests. NSIT consists of the Swedish Security Service, FRA and the Swedish Armed Forces through its Military Intelligence and Security Service (MUST).
The Government sees a need to develop and deepen collaboration between authorities to increase cybersecurity across Swedish society. Several new authorities will be assigned new tasks in the area of cybersecurity when the NIS Directive is implemented in Swedish legislation. It is important that collaboration is developed on the basis of a comprehensive perspective.
Public-private collaboration is a voluntary, agreed cooperation between public and private stakeholders. Cybersecurity has several examples of platforms for public-private collaboration. One of these is MSB’s establishment of a number of forums for information sharing (FIDI) in different sectors and areas: FIDI Telecom, Swedish CERT forum, FIDI Finance, FIDI Health and Social Care, FIDI Operations and FIDI Supervisory Control And Data Acquisition (SCADA). The area of electronic communications also has the National Telecommunications Coordination Group (NTSG). NTSG is a voluntary cooperation forum aimed at supporting the restoration of the national infrastructure for electronic communications during extraordinary events in society. There is a need to further develop information sharing regarding threats, risks and security measures in order to quickly adapt the protection of more stakeholders.
To support collaboration and partnerships, the Swedish government will work towards:
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|National Computer Security Response Teams||
CERT-SE (Swedish: www.cert.se/) is the national/governmental Computer Emergency Response Team. Established in 2003, it is responsible for coordinating incident response measures for both government institutions and private entities across all Swedish networks. It is also responsible for providing an Incident Reporting Platform for collecting cybersecurity incident data.
SUNET-CERT is the Swedish University Network Computer Emergency Response Team, supporting universities, colleges and other organisations connected to the SUNET network, including the coordination of incidents, IT security competences and co-operation with other national and international CERTs (Swedish: https://www.cert.sunet.se/; English: https://www.cert.sunet.se/english/index-eng.htm).
Linköping University has its own Incident Response Team: Li.U (https://old.liu.se/insidan/it/irt?l=en), handling issues and incidents within the institution.
Other CERTs/CSIRTs are listed on the Forum of Incident Response and Security Teams (FIRST) but do not have websites.
National incident management structure (NIMS): partial coverage. The Swedish Civil Contingencies Agency's Regulations on Government Agencies Information Security 2009 (pusuant to Regulation 2006:942) requires each agency to develop its own information security management systems, based on standards supported by the Swedish Standards Institute.
Sweden conducted the National Cyber Security Exercise “NISÖ” in 2012. Sweden also participated in the multi-national International Watch and Warning Network Exercise 2013 organised by the United States.
|Report a cyber incident to national CERT/CSIRT||
Authorities are obliged to report an incident whereas other organisations may choose to report voluntarily. However, it is important to be aware of new obligations under the EU NIS Directive and GDPR applicable from 25 May 2018.
Guidelines on reporting an incident: https://www.cert.se/it-incidentrapportering/om-it-incidentrapportering/.
Telephone: 010-240 40 40 | 08-678 57 99.
The website of SUNET-CERT is currently being updated and does not include information about reporting a cyber incident (Swedish: https://www.cert.sunet.se/; English: https://www.cert.sunet.se/english/index-eng.htm).
Handelsbanken Security Incident Response Team (Handelsbanken SIRT)
Constituency: Finance Sector
Telephone: (+46) 8 701 8370
|Languages||Swedish; Some information is also available in English.|
|Latest update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.