4 minute read
OUR SHARED CYBER DEFENCE IS MORE IMPORTANT THAN EVER BEFORE
from Nordic Business
Political negotiations will soon begin on a new defence agreement, including a significantly increased budget. However, the defence must be considered more broadly than before.
The Danish ICT Industry Association consequently points to four critical areas that should be included in Denmark’s future defence efforts.
The war in Ukraine, the surging number of cyber-attacks from other nations and global unrest have made Danish citizens and politicians aware that the security threat against Denmark is real and concrete.
“Investing in new equipment and personnel to protect Denmark isn’t sufficient. The threat today is hybrid, fragmented and, not least, digital, which is why we propose four key focus areas that politicians should prioritise in the upcoming defence negotiations,” says Jacob Herbst, CTO of Dubex A/S, member of the National Cyber Security Council and chairperson of the Danish ICT Industry Association’s policy board for cyber security.
The current defence is underfunded and has built up a large technological debt, and many critical public systems need to be adequately secured.
At the same time, cyber security lags behind in many companies, and the competencies required to solve security challenges don’t exist. In its defence policy proposal, the Danish ICT Industry Association, therefore, recommends four strategic focus areas to strengthen Denmark’s cyber defence and resilience.
1. Strengthening public IT systems and critical infrastructure
According to the Danish Government IT Project Council, a large proportion of critically important public IT systems don’t have satisfactory IT security, and several state authorities don’t live up to the minimum technical requirements for IT security. Most recently, the National Audit Agency has expressed strong criticism in a report on the IT preparedness of 13 systems that are critical to society. Regions and municipalities need to catch up when it comes to IT security.
“In a digitalised country like Denmark, cyber security in public IT systems is vital for us to function as a country and to ensure the citizens’ trust in the public sector. We need to invest in better cyber security to be better prepared for all types of cyberattacks,” says Jacob Herbst.
JACOB HERBST, CTO AT DUBEX A/S
“Investing in new equipment and personnel to protect Denmark isn’t sufficient. The threat today is hybrid, fragmented and, not least, digital, which is why we propose four key focus areas that politicians should prioritise in the upcoming defence negotiations”.
The Danish ICT Industry Association suggests the following:
• A markedly increased level of investment in public IT systems and infrastructure.
• Mandatory cybersecurity training courses in the public sector.
• Increased coordination between authorities across states, regions, and municipalities.
• Increased focus on public-private collaboration (OPS).
2. Strengthening cyber defence in Danish companies
Danish companies are increasingly the target of cyber-attacks and cybercrime, negatively impacting Danish society and our digital cohesion. Many companies also carry out tasks that are critical to society. More than half of Danish companies have been affected by at least one security incident in the past 12 months, and analyses show that the IT security level is too low in more than 40% of Danish SMEs. In addition, 16% of the observed Russian cyber-attacks during the war in Ukraine targeted Denmark and the Nordic region. “Companies need to take the threat seriously and live up to their responsibility. We must not and cannot accept that a large part of the Danish business sector will stop functioning if they are hit by cyber-attacks. It is, therefore, a major task to upgrade the IT security of especially small and medium-sized Danish companies,” Jacob Herbst says.
The Danish ICT Industry Association suggests the following:
• A public-private partnership that collects and shares knowledge on cyber threats and incidents.
• Targeted efforts to raise the minimum level of security in SMEs.
• The changed mandate for CFCS includes requirements of increased efforts concerning civil society.
• A rapid and efficient Danish implementation of the NIS2 Directive.
3. Training in cyber security competencies
According to DIGITALEUROPE, a shortage of 200,000 cyber security experts exists in Europe. The Council for Digital Security estimates that by 2030 Denmark will see a shortage of 15-20,000 full-time resources within cyber- and information security. “We won’t get far with our national cyber security if we don’t have enough skilled people to solve the tasks. More than one in three Danish IT companies are currently looking for employees with cyber competencies, so trained and upskilled in cyber security,” Jacob Herbst says.
The Danish ICT Industry Association suggests the following:
• Urgent investment in the education of more cyber specialists in Denmark.
• Increased integration of cyber security knowledge in relevant (IT) education programmes.
• Increased supplementary training or continuing education in cybersecurity.
• Establishing ‘IT security driver’s licences.
• Training, recruitment and retention of IT and cyber security competencies in the Danish Defence.
• Ensuring that we attract and retain more international students and talents within cyber security.
4. Increased cyber security in the Danish Armed Forces
As the conflict in Ukraine has shown, modern warfare has changed drastically in recent years, and the Danish Armed Forces need increased digitalisation and cybersecurity. “Modern weapon systems are digital and connected, and the rapid technological development requires a significant boost of the digital backbone of the Danish Defence if we are to keep up with new digital possibilities and the associated threats to modern military defences. At the same time, increased digitalisation can help to address some of the manpower challenges that the Danish Armed Forces will soon face when the Danish Defence effort is to be expanded,” says Jacob Herbst.
The Danish ICT Industry Association suggests the following:
• Reducing the technical debt of the Danish Defence.
• Establishing a task force to strengthen cyber security in the IT systems of the Danish Defence.
• Increased investment in public-private collaboration on the development and use of Danish technology.
• Increased capacity for accreditation of Danish cyber security products.
• Increased share of the military defence budget spent on research and development.
Facts
The Danish ICT Industry Association helps its members, the industry, and society grow daily. We’re passionate about creating a digital society for everyone. A global society that’s growing, and in which Denmark stands as a beacon because we utilise technology for the benefit of the climate, the economy and the individual. We let the enthusiasts among our members set the direction for a better future. This benefits Denmark, the business sector, the individual citizen and our member companies.
Read more at www.itb.dk
A new mapping from the Danish Industry Foundation on the impact of the NIS2 Directive on the business sector shows that affected companies can expect major regulatory requirements. The Danish Chamber of Commerce, therefore, calls on the authorities to act quickly in order to equip companies as best as possible for the transition to the new rules.
