New sectoral strategies to prepare society for cyber attacks
Denmark is facing a very serious cyber threat that is potentially harmful to the security and economy of the nation. The most recent threat assessment from the Danish Centre for Cyber Security describes the threat of cyber espionage and cybercrime as 'very high'.
Consequently, as part of the national strategy for cyber and information security, the Government is now presenting six new sectoral strategies to protect the sectors that provide essential services to society against cyber-attacks.
"The threat from hackers and IT criminals is high and as our society becomes increasingly digitalised, we are also becoming more vulnerable to cyber-attacks. And if, for example, our health, energy or telecommunications sector is hit by a cyber-attack, it may have severe consequences and paralyse large parts of society. Therefore, it is necessary to strengthen our defences against digital threats and protect our most essential sectors against attacks," says Sophie Løhde, the Minister for Public Sector Innovation.
The six sectors that publish their strategies today are the health, finance, telecommunications, shipping, transportation and energy sectors.
"We are facing a very serious threat. Cyber-attacks have the potential to do as much damage as a conventional military attack or an act of terror. The threat, as we see it, comes to a large extent from foreign nations that don't have our best interests in mind. I have previously mentioned Russia's destructive behaviour, but there are others as well. In December, Britain, the United States and others pointed out that China is behind widespread economic cyber espionage. The good news is, however, that we can do much to strengthen our level of security and protect us from attacks. Which is the reason why we are launching these initiatives," says Claus Hjort Frederiksen, Minister of Defence.
The sectoral strategies have been developed in cooperation between authorities and key private actors within the individual sectors. As an example, the Ministry of Energy, Utilities and Climate has worked together with Dansk Energi, Energinet, Dansk Fjernvarme, Dinel, Radius and HOFOR in the development of the sectoral strategy for the energy sector. And while the strategy for the telecommunications sector has been developed by the industry associations Dansk Industri, Dansk Energi, Tele-Industrien, IT-Branchen and Dansk Erhverv, this has been done in close dialogue with the responsible authorities.
Each sectoral strategy contains a number of initiatives to raise the level of security. For instance, decentralised sector units have been set up within the individual sectors, focusing solely on cyber and information security in that sector, in order to facilitate coordination and communication within and across the sectors.
An inter-ministerial task force, consisting of the Danish Agency for Digitisation, the Centre for Cyber Security and the Danish Security and Intelligence Service, has assisted the sectors in developing the strategies and in creating the decentralised information security units. Among other things, these units shall contribute to performing sectoral threat assessments, preparedness exercises and knowledge sharing.
In order to strengthen the strategic coordination and implementation of the national strategy, a national steering group for cyber and information security has also been set up, in which the efforts of the individual sectors are linked to the national efforts in the area.
The six sector strategies (in Danish) are available on the websites of the respective ministries.
The national strategy for cyber and information security was launched in May 2018 by the Minister of Public Innovation, Sophie Løhde, and the Minister of Defence, Claus Hjort Frederiksen.
The government has set aside DKK 1.5 billion to strengthen the national cyber and information security.