Cybersecurity
Netnod provides expert input in policy, regulatory and governance discussions that directly impact the context within which we operate.
Netnod has provided feedback on the draft legislation for critical services resilience, emphasizing concerns about the interplay between laws, the effectiveness of the all-risk approach, lack of clarity on the law's impact, and the need for positive incentives for cybersecurity.
Netnod argues for keeping content and distribution separate, ensuring that any content can be delivered across any platform. Netnod also stresses the need for robust and available services, especially in times of crisis.
At a high level Netnod has three main concerns with the request for comments regarding a national cybersecurity center (NCSC) - part 2.
Netnod believes that the act named Cybersecurity risk management & reporting obligations for digital infrastructure, providers and ICT service managers will not lead to the intended effect.
At a high level Netnod has three main concerns with the NIS2 directive and its Swedish implementation in a cybersecurity context.
At a high level Netnod has three main concerns with the request for comments regarding a national cybersecurity center (NCSC).
Netnod sees several problems with introducing yet another definition of critical and important services, this one in the context of foreign ownership.
On 2 September 2023, Netnod was given the opportunity by Sweden’s Ministry of Defence to comment on an inquiry into models for contingency supply and planning (SOU 2023:50). Netnod is critical that the investigation did not thoroughly investigate the issue of long term infrastructure investments and costs.
Netnod welcomes the additional attention brought to the important topic of cybersecurity by the Cyber Resilience Act. However, Netnod believes that approach is fundamentally suboptimal and effort should instead be put towards accountability in the digital world. That is, instead of laying down ex-ante design requirements for digital products, the regulation should improve ex-post accountability processes in a digital environment.
In general Netnod believes the trust in certification is too high
Netnod sees some issues with the interim report in the public investigation into secure and cost-effective IT operations.