Netnod responds to the national cybersecurity center consultation (2)

On 20 June 2024, Netnod was given the opportunity by the Ministry of Defence to comment on a public consultation regarding a reorganisation of Sweden’s national cybersecurity centre. Netnod has responded to the request for comments (Fö2024/00785 - part 2).

At a high level, Netnod has three main concerns:

1. Information sharing is handled as internal or external, where internal sharing refers to information sharing between participating agencies. However, information exchange, that is two-way information sharing, needs to take place between a larger set of groups than just internal and external government agencies, including but not limited to trusted actors in the private sector.
2. The investigation concludes that the centre is not an independent unit (självständig verksamhetsgren) within the larger organisation of the National Defence Radio Establishment (FRA). There is a need to alter legislation so that information shared by one participating agency should be available to all participating agencies.
3. Information shared with NCSC by the private sector is in general covered by secrecy laws. However, there needs to exist clear rules and regulations for how information shared with the centre can be used, specifically in the context of governmental oversight and crime prevention. In addition, the centre needs explicit coordinated vulnerability disclosure processes.

For further details, please see Netnod’s full response below (in Swedish). Both the previous response - part 1 - and the current response - part 2 - are linked. 

Netnod is generally positive about the proposals. Overall, Netnod believes that there are no reasons for delaying the reorganisation of NCSC, and it should happen as soon as possible.