Almedalen, situated in Visby on the island of Gotland, is the most significant political event of the year in Sweden. From a national security point-of-view, Gotlands geo-strategic location in the middle of the Baltic Sea makes it the ideal place to discuss the increasing importance of national security, cyber and defence, which in turn was my main area to cover.
As background, Almedalen is an event that was started in 1982 by the social democratic party in Sweden, where all other major political parties joined in later. Apart from politics, the event has also developed into a meeting place for media, lobbyists and corporations throughout the years where current issues are discussed and debated. The number of events held exceeded four thousand this year which is quite impressive. Areas like sustainability, environmental issues, national security and research are just few examples of current topics.
Primarily focusing on cybersecurity, national security and defence, I attended seminars and panels at the defence and national security arena (Försvarspolitisk arena, FPA) where I had opportunity to meet up with a lot of people, ranging from senior military officers and senior government officials to journalists, defence bloggers and fellow colleagues in the industry. I also attended some seminars relating to general security and public safety which also were very rewarding.
Some of the take-aways from this year can be summarised with the following:
Total defence capabilities:
The increasing tensions with Russia have put security and defence into the public spotlight where total defence capabilities and expenditure are hot topics. Military capabilities heavily depend on various critical societal functions like infrastructure, telecommunications, logistics, which is why we need to address total defence capabilities and resilience as a whole, rather than just strictly focusing on the military aspects since that everything is inter-joined these days. This becomes paramount in the light of the shifting threat landscape (hybrid warfare/gråzonskrigföring).
Research and disruptive technologies:
We need to continue our efforts in identifying disruptive technologies, i.e. technological changes and advances that somehow affect our military capabilities on tactical, operational and strategical levels, which in turn can lead to new advances in terms of capabilities, or, introduce new types of threats that we need to address.
In regard to Swedish defence R&D efforts (FoT), additional program funding is needed to advance research in several areas if Sweden is to maintain its position as one of the leading nations. To get return on investment from research funding, we need to review corporate taxation rules to prevent promising startup companies within the Swedish defence industry from leaving Sweden, which ultimately also will affect Swedish national security and defence capabilities, not mentioning the national economy.
The national cyber security posture:
There is an increased ambition to advance the national security posture. Efforts have already been made in terms of mandatory incident reporting and continuous information security management for government entities, but more remains to be done in various areas where we need to pick up the pace. Over the coming year, the new European NIS directive, focusing on protecting critical IT-infrastructure, will certainly accelerate efforts along with the European data protection regulation, GDPR.
Co-operation and collaboration:
All actors within public and private sector need to work together to a higher extent than before. There are several on-going initiatives but these need to be deepened where we also need to conduct joint training and readiness exercises. In addition to national training efforts, we also need to extend our cyber training with international counterparts.
Accountability and responsibility:
The responsibility falls onto everybody where individuals, corporations and government agencies alike need to step up and take responsibility where every organization is responsible for their security.
Vendors and product manufacturers need to start securing their products and services.
In regard to the often miserable state of security in IoT-products, this certainly needs to change where for instance insecure devices will be used as entry or pivoting points in attacks, or participate as one of many hijacked devices in DDoS botnets, like Mirai.
Awareness, training and talent acquisition:
The understanding of the cyber domain in general and cybersecurity in particular needs to improve on all levels, where for instance executive management and senior officials must possess basic knowledge about the challenges they're up against since that the main responsibility rests on their shoulders whether they like or not.
There's a huge shortage of qualified cyber professionals worldwide, not to mention in Sweden. Public and private sector alike are struggling to find talent where we need to start focusing on training new talent in order satisfy the increasing need. This is where government, universities and private sector need to work closely together in order to shape and tailor future courses and programs.
Basic IT security training needs to be introduced already in the lower grades in order to foster general cyber knowledge and awareness. For those who later pursue a career in the cybersecurity field this will serve as a good starting point.
Many of the seminars and panels are available on-line (in Swedish) at:
Finally, I can really recommend anyone to visit Almedalen at some point as you will find it to be a very rewarding experience in many ways.
Cyberspecialist at Cybercom