NIS-implementation

Implementation of the NIS Directive The National cyber security policy Law and ordinance Regulations

The aim of the strategy is to create long term conditions for all actors in the society to work effectively ang continually with information and cybersecurity. The strategy encompasses central government authorities, municipalities, and county council as well as companies, organization, and private individuals.

For further development in the IT sector and reducing vulnerabilities the Swedish government has prioritized six areas that are of concern to society’s information and cybersecurity.

Six Strategic priorities

1. Securing a systematic and comprehensive approach in cyber security efforts

Information and cybersecurity are a matter for all of the society, and everyone needs to take responsibility. There needs to be a systematic cyber security effort from all parties. Collaboration and information sharing is also needed from different actors as well as supervision around cyber security.

2. Enhancing network, product, and system security

Today’s society is highly dependent on electronic devices for communication. Electronic communications are to be effective, secure, and robust and are to meet the needs of their users. There is also a demand to increase security in the industrial information and control systems. The society needs also access to secure data encryption systems for IT and communications. Common security measure to increase cyber security is the use of data encryption.

3. Enhancing capability to prevent, detect and manage cyberattacks and other IT incidents

The basis for reducing the effects of cyberattacks and other IT incidents consists of the capability to prevent, detect, and manage them. The capability to prevent, detect and manage cyberattacks and other IT incidents in society is to be improved. Relevant stakeholders are to be able to take coordinated action to manage cyberattacks and other serious IT incidents. There is to be a developed cyber defense for the most security-sensitive activities in Sweden, with a strengthened military capability to meet and manage attacks from qualified opponents in cyberspace.

4. Increasing the possibility of preventing and combating cybercrime

The amount of IT related crimes has increased sharply recently. Preventing cybercrime needs to be developed and the law enforcement authorities shall have the preparedness and capability to combat cybercrime in an effective and appropriate manner. Strengthening international cooperation against cybercrime to increase legal proceedings in Sweden is also needed.

5. Increasing knowledge and promoting expertise

Focusing on the most urgent information security there needs to be an increase of knowledge in the society as well as mapping of vulnerabilities. Higher education, research and development of high quality are to be conducted in the areas of cyber security and of IT and telecom security in Sweden. Both cross-sectoral and technical cyber security training is to be carried out regularly to enhance Sweden’s capability to manage the consequences of serious IT incidents.

6. Enhancing international cooperation

We are not alone in facing difficulties regarding information – and cybersecurity. International cooperation on cyber security is to be enhanced, as part of the objective of a global, accessible, open, and robust internet characterized by freedom and respect for human rights. Cyber security is to be promoted as part of the ambition to safeguard free flows in support of innovation, competitiveness, and societal development.

A national cyber security strategy (government.se)