What can public authorities and businesses do?
Given the possible consequences of the security situation, it is a good idea for public authorities, companies and other organisations to have a plan B for their operations, ensure their cyber hygiene and review their security measures. Here is support and further information for these efforts.
Based on the assessment of the Swedish Armed Forces, MSB assumes that the current security situation may continue for a long time and that Sweden must act accordingly. This requires both immediate alertness and long-term focused resilience on the part of public authorities and companies responsible for vital societal functions. Examples of possible consequences include an increased risk of cyber-attack, the risk of supply chain disruptions, and attempts to disinform the populace and spread rumours.
MSB's provides support via the Civil Protection Mechanism, donating its own supplies or larger donations arranged by other actors, always to meet requested needs received by MSB via the EU Civil Protection Mechanism.
Trade associations, public authorities or the like seeking to arrange resource provision can contact MSB’s registrar: firstname.lastname@example.org.
Close safety gaps and raise the threshold
Public authorities with a specific responsibility for emergency preparedness (authorities responsible for security under the Emergency Preparedness Ordinance, krisberedskapsförordningen) and companies or organisations responsible for essential social services may need to take measures such as reviewing their security and business continuity measures to reduce vulnerabilities.
Stable systems with good resilience help to raise the threshold for an antagonist seeking vulnerable points to attack. Continuity management also includes having a plan B in place, for example, should several employees in key positions simultaneously fall ill, or if supplies of essential goods and services are disrupted.
Review cyber hygiene
Cyber-attacks (e.g., ransomware) can have a major impact on critical services, both across society and for individual companies. Therefore, CERT-SE considers it necessary to remind organisations about ensuring their cyber hygiene. CERT-SE is responsible for Swedish cyber-incident preparedness at MSB.
Report serious IT incidents in vital societal functions
Vital societal functions are those activities, facilities, nodes, infrastructure and services that are essential for maintaining important public services.
Cyber incidents can seriously affect governments and businesses. Information about what constitutes an IT incident, which incidents should be reported and how to make reports can be found on this page.
Need help managing an ongoing IT incident? Contact CERT-SE.
Share information carefully
MSB urges caution in disseminating information that potential reveals vulnerabilities that could be exploited by an adversary. At the same time, openness and coordinated communication are essential to counter and prevent the spread of rumours.
Review security protection
Security protection is about securing important information and operations from espionage, sabotage, terror attacks or other crimes that may threaten Sweden’s security. From 1 December 2021, an amended Security Protection Act will apply. Read more about security protection on the website of the Swedish Security Police, which will be updated throughout 2022 based on the new legislation.
Property owners' responsibility for shelters
It is not currently required to refurbish, inspect or otherwise clear out shelters. However, property owners should keep an eye on the state of their shelters, and occasionally check both shelters and shelter storage. A shelter sign should be posted. If one is missing, it can be purchased from various suppliers.