free counter

Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at the same time of heavy government investment


  • Gerard O’Dwyer

Published: 01 Sep 2022 11: 14

Sweden has introduced the Electronics Protection Act (EPA), with the purpose of increasing security for users of communications devices.

Implemented by the Swedish Post and Telecom Authority (PTS) on 1 August 2022, the brand new law will, for the very first time, deliver protections that extend to non-traditional telecoms services such as for example emails, instant messaging and social media marketing group chats.

The EPA could have a significant effect on how Swedens public electronic communications networks and publicly available electronic communications services operate.

Public communications networks are defined in the EPA as electronic communications networks which are used wholly or predominantly for the provision of publicly available electronic communications services that support the transfer of information between network termination points.

Similarly, electronic communications networks are thought as transmission systems, switching or routing equipment, passive network components along with other resources, which let the conveyance of signals by wire, radio, optical or other electromagnetic means, regardless of the sort of information being transmitted.

The EPA marks the most recent government initiative to bolster user security in electronic communications networks.

Central provisions in the EPA conform with the EU Directive 2018/1972 that established the European Electronic Communications Code. It replaces Swedens current Electronic Communications Act.

The EPA and expanded rules will affect all existing and new players delivering electronic communications networks and services included in current regulations in Sweden, said Jenny Bohman, a legal adviser at the PTS.

Even though target group is public electronic communications networks providers and publicly available electronic communications services, certain provisions of the brand new law may also connect with operators offering interpersonal number-independent communications services like messaging services in internet-based apps or associated with social media marketing, said Bohman.

The number-independent interpersonal communication services included in the EPA likewise incorporate voice over IP (VoIP), the technology that allows users to create voice calls over broadband connections instead of more traditional public-switched telephone networks.

Moreover, the EPA incorporates new and much more comprehensive rules associated with the type of information to be supplied by providers to users before getting into contract agreements. The EPA provides PTS greater powers to impose penalty fees on providers and network operators that cover specific forms of violations. Fines set down in the EPA range up to maximum of SEK10m (938,000).

The EPA carries a provision, that is built-into Section hands down the Act, that seeks to advance investment in high-capacity fibre and 5G networks in Sweden. Section 1 handles facilitating individual providers and authorities to attain the maximum traffic when it comes to capacity.

Scope of the EPA covers security in networks and services, along with new rules associated with obligations on communications network providers to reveal subscriber data, number portability, switching web connection providers and emergency communications, as well as the duty of care on providers to see customers about automatic contract extensions.

The EPA will not connect with content continued electronic communications networks using electronic communications services. Virtual private networks (VPNs) aren’t regarded as content services in the EPA on the foundation that they usually do not provide content on the net and serve only as access points to encryption and IP addresses.

Beneath the new law, VPN isn’t being equated with public communications networks. This legal position applies whether or not the VPN emerges to the general public through agreements and in trade for remuneration.

The EPA may be the latest in some legislative and practical initiatives by Sweden in 2022 to strengthen IT network and data protections.

Cyber security enhancement plan

In June, the Swedish government launched an ambitious package of cyber security reinforcements offering a SEK900m capital investment to supply the National Cyber Security Center (NCSC) with a fresh purpose-built headquarters. The NCSC currently operates from an office complex owned by the Swedish Civil Contingencies Agency (Myndigheten fr Samhllsskydd och Beredskap/MSB).

The package comprises new funding and assignments for Swedens Financial Supervisory Authority (Finansinspektionen/FSA) that is being tasked with helping organisations operating in the financial services sphere to upgrade their digital resilience when confronted with heightened risks and threats from bad actors in the cyber domain.

The provision of a fresh NCSC headquarters is in motion. It involves the acquisition of a fresh property, along with the implementation of necessary adaptations and renovations had a need to ensure it is fit for purpose. Our core objective would be to make Sweden resilient against both military attacks and cyber attacks against important institutions and societal functions, said Max Elger, Swedens financial markets minister.

The tasks assigned to the FSA include improving controls on the outsourced operations of financial sector companies, especially in the technology services area. The FSA can be necessary to develop an action intend to ascertain what rule changes could be needed, including potential amendments to provide legislation to secure the required strengthening of cyber resilience from finance industry organisations.

Within the cyber security enhancement plan, the NCSCs new headquarters will house, under one roof, highly specialised cyber security units from within the National Defence Radio Establishment (Frsvarets Radioanstalt/FRA), the MSB and the Swedish Security Service (Skerhetspolisen/SPO). The FRA may be the signals intelligence division of the Swedish Defence Forces (Frsvarsmakten).

Investments we have been making will generate an extremely well-resourced national cyber security centre to coordinate work sufficient reason for the ability to effectively prevent, detect and manage cyber attacks, said Therese Naess, the NCSCs director.

The revamping of the NCSCs organisational structure, following decision to colocate specialised elements of the FRA, MSB and SPO to a fresh headquarters, may also add important value and create new synergies fundamental to bolstering Swedens cyber security capabilities, Naess said.

NCSC activities will undoubtedly be operated within Swedens Total Defence, which requires a strategically holistic method of mapping and formatting national security to get ready for external threats, known and unknown.

The PTSs role may also are more closely aligned to the NSCS and the full total Defence national security strategy. This can involve key agencies, just like the PTS, deepening their collaboration in cyber security.

A high-capability NCSC forms a significant little bit of the puzzle to strengthen Swedish societys capability to reduce the chances of cyber threats. The PTS and the major national security agencies in the NCSC will collaborate very actively to make sure Sweden gets the best defences against digital risks cyber threats in the years ahead, said Dan Sjblom, the PTSs director-general.

Read more onto it risk management

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker