Skip navigation, jump to content Go to navigation About the site, accessibility Home News Web map Search Frequently asked questions Help Contact
On 1 July 2011, changes were made to the Electronic Communications Act (2003:389). This means that as a visitor to a website you must now actively agree to the site’s use of cookies. Some cookies on MSB.se are necessary for the site to work properly, and these have already been saved on your computer. Other cookies are used in our improvement work, and you can accept those here. What does this entail?

The MSB and societal information security

Information security is a support task to increase the quality of societal services. The MSB has the task of supporting and coordinating work with societal information security.
Information in all its various forms is seen today as a vital resource for society to function. But information management in its various forms doesn’t just meet our needs it also creates dependencies and risks.
 
To avoid disruptions and to enable the management of crises requires appropriate preventive work with information security throughout society. The MSB has the task of supporting and coordinating that work.
 
The MSB’s task is aimed at everything from other authorities and municipalities to the private sector and individual people. A great deal of the MSB’s work in this field deals with supporting preventive measures and promoting systematic long-term work with information security on all societal levels.
 
Security measures should aim to create a more robust form of information management both when society is in its normal condition and for the handling of serious disruptions and crises. Correctly functioning everyday security is often equated with being prepared for serious emergencies.

The MSB’s task in the field of information security:

  • Support and coordinate societal information security and analyse and assess global developments in the field.
  • Provide advice and support, in relation to preventive work, to other authorities, municipalities, county councils, and the private sector and organisations.
  • Report to the government on conditions in the information security field that can give rise to a need for measures on different levels and within different areas of society.
  • Shall be responsible for a Swedish national service tasked with supporting society in its efforts to prevent and manage IT incidents.
  • Administer the national strategy and action plan for information security.
  • Coordinate the work of civil authorities with secure cryptographic services.
  • Support media companies with their preparedness planning.
  • The MSB has the right to issue regulations for government authorities when it comes to the field of information security.
  • Yearly report to the Government about the result of the mandatory it-incident reporting for Government agencies.

Regulations

On 4th April 2016 the MSB’s Regulations on information security at Government authorities (MSBFS 2016:1) came into force.
 
These regulations stipulate that government authorities must apply a management system for information security. This entails, among other things, a requirement for authorities to classify their information, to identify and manage risks, and to continually evaluate and improve their security.
 
The work must be run in accordance with established information security standards. The MSB has also produced regulations on the Civil authorities’ cryptology preparedness during and outside normal office hours (MSBFS 2009:11).

Framework for Information Security

The MSB in conjunction with other SAMFI authorities has produced a framework to support organizations to establish and employ an Information Security Management System (LIS) based on international standards in the ISO 27000 series.

Programme for increased security in industrial information and control systems (SCADA)

The MSB’s work on issues related to security in industrial information and control systems is conducted within the framework of a three-year programme. The aim of the programme is to create an increased national capacity for the prevention and handling of IT related risks and threats against the systems that steer and control vital societal services and critical infrastructure.

Communications security protection and secure cryptographic services

The MSB directs and coordinates communications security protection work and work with secure cryptographic services at the civil authorities.
 
In addition, the MSB decides which civil authorities and other vital societal services should be allocated nationally approved cryptographic services to allow for secure cross-sector cooperation. The MSB has the right to issue regulations for civil authorities in the field of communications security protection.

CERT-SE

CERT- SE is Sweden’s national Computer Emergency Response Team (CERT) tasked with supporting societal work on dealing with and preventing IT incidents. Since 1 January 2011 CERT-SE has been a part of the MSB. Some of CERT-SE’s tasks are to respond promptly when IT incidents occur, cooperate with authorities that have specific tasks in the field of information security, and act as Sweden’s point of contact for equivalent services in other countries.
 

 

Customize your shortcuts by telling us who you are!