Next week the Swedish Ministry of Foreign Affairs, together with the Swedish International Development Cooperation (Sida) and the Internet Infrastructure Foundation (.SE), are hosting the second annual Stockholm Internet Forum (SIF13). Just as last year, the Cybernorms RG and Lund University Internet Institute will be present.
As a food-of-thought the organizers have asked some of the participants to present some inspiring and educating papers on different related topics. Please check them out, they all are worth reading. But one is of special interest, at least for me, since me and Jacob Dexe (both connected to the LUii) were involved in feeding the paper with some input; Cyber Security, Cyber Surveillance and Online Human Rights.
The paper is written by Anja Kovacs from the Internet Democracy Project and Dixie Hawtin from Global Partners and Associates and tries to clarfiy how the term cybersecurity is used, how it should be understood and it’s societal implications.
“…cyber security strategies must be designed and implemented in a way which is consistent with international human rights law too often this is not the case, as seen in (…) surveillance regimes…”
What me and Jacob provided for the paper is what could be seen as food-of-thought for the food-of-thought, a exemplification of some Swedish cyber security related events and processes. Here is a part of the input, which seems to have inspired some of the themes discussed in the paper:
In the report “Samhällets informationssäkerhet – Nationell handlingsplan 2012” (Information security for the society – National action plan 2012) from the Swedish Civil Contingencies Agency (MSB) we can see that out of the six aims of the national information security strategy 2010-2015, improving “freedoms, rights and personal integrity” is the foremost goal, going in line with a public discourse that has been fairly visible the last half decade or so. Whether everyone agrees on the outcome of the discussion or measures taken to secure it is another debate, but personal integrity and freedoms and rights for citizens are paramount in the spoken discourse.
Furthermore, the Swedish Defense Research Agency (FOI) are appointed to be the competence coordinators of the MSB focusing on national safeguards against cybersecurity threats. FOI has a special focus on SCADA strengthening, by researching the security of industrial systems. This has been done by coordinating and participating in international security trainings and scenarios.
However, some national cybersecurity threats have been discussed widely in the public debate. A number of public web-services have been targeted during the last couple of years. Notably the Swedish blog platform Bloggtoppen had a major information leak due to a hacker attack in late 2011, where at least 90.000 entries (some claim up to 250.000 entries) of personal data were spread around the Internet, including passwords and other details concerning a large number of journalists on major Swedish newspaper along with parliamentarians. This was discussed as a showcase for how the security measures need to be taken seriously on all levels. Also, the Swedish tax agency had a similar leak, when their – said to be trusted and secure – data host Logica had a breach discovered in early 2012. While it seems as there have been unauthorized access to the systems for at least two years, this got known when over 9.000 classified personal numbers (high risk social security numbers) were published openly on the Internet.
Also, a long range of Swedish agencies and official institutions – including the Police, the National Prosecutors Office, several news agencies and banks – have been targeted by international groups using DDOS attacks and similar techniques to demonstrate their support for Wikileaks and/or Julian Assange. This has had the effect that different governmental bodies have discussed different strategies to maintain an adequate national IT structure. For instance, the attacks against Swedish targets in October 2012 was followed by statements from the Swedish Police’ IT-section promoting pro-active measures towards “hacktivist” groups, the Swedish Minister of Justice demanded harsher punishment levels for “hacking” in quite broad terms, while the Swedish Minister of IT and Infrastructure rather focused on building robust digital infrastructure as the only way to cope with such attacks.
A lot of this isn’t really news to the observant reader of the Cybernorms blog, of course. But a reminder is never a bad thing. Please do read the paper, and keep the discussion going!