Strategy to improve Internet security in Sweden - PTS-ER-2006:12

04/07/2006

The National Post and Telecom Agency (PTS) has been assigned by the Government to submit proposals on a strategy to improve Internet security in Sweden. The aim of the strategy is to facilitate and clarify future work to secure Internet infrastructure. The strategy is directed at those parts of the infrastructure that are unique to the Internet. The point of departure for security within the Internet infrastructure is the providers' responsibility for networks and services on the basis of market requirements. Public commitment is based on there being demands that the market cannot satisfy. PTS is the sector authority for electronic communications, which also includes the Internet.

PTS's proposed vision is that in ten years' time, the Internet will be secure, rapid and have high accessibility for everyone in Sweden.

The goal of a strategy to improve Internet security in Sweden is to secure critical functions in the Internet infrastructure, which, if they were not maintained, would cause substantial disruption or interruption and in this way impede or prevent the use of the Internet for large groups of individual users or vital public businesses, authorities or organisations.

Trends and threat profiles:

  • Society is becoming increasingly dependent on the Internet
  • Society is becoming increasingly vulnerable to IT attacks
  • Vulnerabilities in protocols and programs are increasingly being discovered
  • Laws, legal proceedings and policies do not keep in pace with developments and globalisation
  • Convergence in networks, terminals and services is continuing to increase
  • Inadequate security in user environments constitutes an ever-increasing risk
  • The competence gap is widening in pace with increased complexity
  • Developments in the market involve increased internationalisation 
  • More wireless networks and services

Strategic positions adopted:

  • The physical infrastructure of the Internet should be protected against accidents, disruption, wiretapping and manipulation of information during transmission
  • Resistance to disruption in the domain name system should be increased 
  • Resistance to disruption to the exchange of traffic between Internet operators should be increased
  • Users and buyers should be trained and informed to enhance security awareness
  • The assumption of responsibility for user security should increase among Internet operators and the providers of software and equipment
  • National awareness of Internet infrastructure should be promoted. This should be done in a broader context regarding information security. The comprehensive approach and coordination of research should be improved
  • Swedish participation in international fora should be increased. This should be done in collaboration between the private and public sector
  • Crisis management regarding the Internet infrastructure should be improved

The action plan comprises a number of measures within the framework of the strategic positions adopted, showing the allocation of responsibility, level of importance, timeframe and estimated cost for the respective measure.

The management plan lays down the administrative rules concerning how the strategic positions adopted and the action plan should be attended to. For example, the management plan contains guidelines regarding how often the action plan should be updated and which party is responsible for this.