“Cyber attacks take place all the time. And they’re extensive. The attacks are aimed at everyone. Both the public and private sectors are exposed,” said Anders Thornberg at an IVA meeting.
In terms of their purpose, the cyber attacks that are commonplace today are very similar to classic espionage. They take place in silence and over a long period. Small encroachments to steal bits of information of interest and then piece it all together is the common method.
“The goal is to get hold of the most highly protected secrets relating to Sweden’s security.”
The ultimate goal of the attacks is to create the potential to harm the democratic system. About ten countries are involved in illegal cyber espionage aimed at Sweden.
“Russia is aggressive and has great capacity and resources for this.”
Anders Thornberg believes that many are clueless about cyber risks. For example, allowing companies in another country to handle the operation and maintenance of IT systems for a Swedish company or organisation increases the risk of an attack.
Säpo’s IT network is not connected to the internet. But the handling of the most secret information is even more protected.
“For that we use self-contained computers that are locked away in safes,” said Anders Thornberg, pointing out that cyber threats against companies are not in Säpo’s area of responsibility.
The Saab Group, which produces defence materials, is acutely aware of the cyber threats.
“Saab is a magnet for cyber attacks. In the course of one quarter we get seven and a half million firewall alarms,” said the company’s Vice President Micael Johansson.
The attacks come from foreign governments, criminals or competitors. After 2014 when Saab sold Jas fighter jets to Brazil, the number of attacks – advanced ones –increased significantly.
“Here everything is digital. There are no paper drawings of Jas aircraft and all the functionality is in the software.”
For Saab, just like for Säpo, merely building a wall of antivirus programs around the most secret systems is not sufficient.
“Instead we hide the software in such a way that it’s extremely hard to find. And it’s not always in the same place.”
Saab also has a special and closed department that develops unique (to Saab) technology to protect software and designs.
According to Staffan Truvé, CTO at Recorded Future, the attack on 12 May that crippled computer systems in several countries using a new type of ransomware could have been anticipated well beforehand. Back in March Microsoft sent out updates which, when installed, closed the gap in the operating system.
“There were signs that something was happening. We identified the risk three months before the attack,” said Truvé.
According to him there are four main types of cyber attacker: state-financed with significant resources and know-how; criminals who are less technically skilled but want money; and skilled hacking activists with a goal, e.g. to shame a company over its practices.
“The fourth group consists of insiders who for various reasons have an agenda. They know how to go about it,” said Staffan Truvé.
Both Staffan and several of the other speakers at the meeting highlighted the shortage of specially trained analysts. Education is lacking and a national cyber strategy would be beneficial.