Near the end of June this year, a large cyber-attack carried out by Russian hackers brought down multiple online services in Norway including authorities and the Norwegian version of BankID.
Attacks like this are a wake-up call that Sweden could be targeted in a similar manner, especially given the fact that it is supporting Ukraine, and joining NATO. How vulnerable is Sweden against this type of attack and what can it do to protect the interest of its citizens?
Warfare of the Digital Kind
Cyberattacks can occur for many reasons and in many forms:
- One day you can wake up to find that all of your money is gone from your account;
- In states of emergency you may find yourself unable to access health, welfare or emergency services because they have been rendered unavailable;
- Your sensitive data can be taken hostage by hackers who will demand payment to release it back to you – they do this to companies too and, of course, government agencies.
All of these can serve to sow confusion and fear into society. Crippling digital services in a country that is as digitised as Sweden would plunge the country into chaos.
Just recently, the Swedish Environmental Protection Agency (Naturvårdsverket) was hacked, with sensitive data being transferred to servers in the US.
What could be the cause behind this attack? Nobody is sure. The data stolen ranges from non-sensitive to sensitive. However, the background of the attack could be more sinister, just a test run preparing for an even bigger attack.
Who Is at Risk?
If you wanted to cause the greatest harm to a country’s digital infrastructure and terrorise its citizens with cyber-attacks, what would you target? The answers are obvious:
- First and foremost government services that offer no alternative to BankID;
- financial services including banks and stocks;
- health and welfare services.
By bringing these down, even for a day, you would cause the country to stop in its tracks.
When BankID Stops So Does Sweden
Sweden’s over-reliance on BankID is well-documented. So much so that its monopoly on the market is considered a security risk by the Swedish Supervisory Authority (Finansinspektionen).
It seems, however, that only when the problem has already occurred that people start to ask themselves – is it really such a good idea to rely on just 1 solution for everything? Whether it’s when BankID is down and people cannot perform payments or log in anywhere, or in the light of increased security risks and cyber-attacks from Russia.
Even if we disregard everything from the above, give the benefit of the doubt and say: ‘well, it’s all due to human error, things happen, it’s a normal part of life’ – it’s still not good enough – a viable alternative must exist, and passwords are not it.
Passwords Are not Good Enough
Weak, difficult to remember and keep track of, uncomfortable to use, requiring password managers and additional layers of security to be viable – passwords are the weakest link in security and a far inferior solution to e-IDs in all respects.
What Is the Solution?
Freja is a government-approved e-ID that covers the most critical government e-services such as 1177.se, Skatteverket etc. In times of crises, it’s a good idea to have it as a redundancy option should something happen and BankID is down temporarily.