tisdag 7 november 2017

Cyber security - a third pillar in total defence

Introductory remarks at the 10th Annual Nordic IT Security Conference 7 November

Very honoured to be invited to this panel.

My background is military and security policy and I will speak from that perspective.

Start with a quote.

”War is violence aiming at making our opponent to give in to our demands”

When the military philosopher Carl von Clausewitz wrote this in the early 19th century the only way to achieve this was by destroying the opponents military forces. The agrarian societies of those times very resilient regarding other types of threats.

When warfighting became more industrialised and therefore more dependent on civilian society, industry, communications and energy, these assets also became targets for the enemy.

This started in earnest with the First World War and reached extreme proportions during the Second World War, when even the civilian population of a country was seen as a legitimate target.

As a result of this most countries created civilian defence structures to ensure that society would go on functioning also in wartime.

Thus creating a defence structure resting on two pillars – military defence and civilian defence.

My point here today is that the digitalisation of almost all functions in a modern society is just as big a game changer when it comes to defence as the industrial revolution and urbanisation more than hundred years ago – the reason why we created civilian defence to keep society functioning in case of war.

Our dependence on information technology has created vulnerabilities, that if we don´t address them, will pose a greater, and a more probable, threat than most conventional ways to wage war.   

This brings me back to Clausewitz:  “War is violence aiming at making our opponent to give in to our demands”.

Today violence in the Clausewitzian sense could just as well be cyber warfare. It is not the means that are important. It is what you want to achieve – to force your opponent to give in to your demands.

My conclusion is that this has led to an urgent need to create a third pillar in our total defence structure, with equal status as military and civilian defence – cyber defence. 


1 kommentar:

  1. Det finns ingen huvudman här, ingen ansvarig. Vem ska bestämma hur Skellefteå Energis cyber security lösning ska se ut? Eller Käppalaverken? Svenska kraftnät? ICA's centrallager? Trafikverkets system för norra länken etc? Fortums fjärrvärmesystem? Det är en mix av staliga aktörer, landsting och kommuner samt privata företag. Vem ska organisera och koordinera? Vem ska tillåta och vem ska förbjuda? Staten själv har noll koll på detta.