Netnod responds to the national cybersecurity center consultation

On 26 April 2024, Netnod was given the opportunity by the Ministry of Defence to comment on a public consultation regarding a reorganization of Sweden’s national cybersecurity center. Netnod has responded to the request for comments (Fö2024/00785).

At a high level Netnod has three main concerns with the request for comments regarding a national cybersecurity center (NCSC):

1. Confidentiality or equivalent for shared information must be thoroughly investigated in the upcoming sub-investigation to avoid private actors having incentives not to share information. Netnod believes that the next part of the investigation should conclude that information shared with the cybersecurity center should be covered by similar confidentiality rules as information shared in the National Telecommunications Coordination Group (NTSG).
2. The investigation advocates an all-hazards perspective that risks becoming diluted. Netnod believes that an all-hazards perspective is not appropriate. Instead, specific and well-defined risks and threats should be used.
3. The investigation does not discuss risks related to strategic short-term thinking, and today's sometimes counterproductive incentives are not addressed. For example, there are no strong incentives for having a high level of cybersecurity In fact, the incentives stop when you, as an actor, have achieved a common minimum level of security. Netnod believes that incentives for information sharing and other participation must be investigated, as cybersecurity should not be merely a cost issue for the involved actors.

For further details, please see Netnod’s full response below (in Swedish).

Netnod is generally positive about the proposals, especially that the center is not a supervisory or regulatory agency or placed within such an agency.