Event report: Conference on Digitalisation and Cyber Security in Danish municipalities, 24.10.2022
On 24 October 2022, the Danish municipalities of Norddjurs, Syddjurs and Middelfart as well as Aalborg University held a CoRA Conference on Digitalisation and Cyber Security in Danish Municipalities at the old malting factory in Ebeltoft. Around 35 participants from different municipalities attended the conference.
The first presentation of the day – Digital (im)maturity - was held by Pernille Kræmmergaard, Founder and CEO of DI2X. Pernille stated that since around the year 2000, Denmark has experienced an extensive digitalisation wave. Many initiatives have been implemented throughout the country, for example:
- public authorities and citizens have been enabled to securely communicate by e-mail,
- every citizen has a bank account – NemKonto - assigned to cash payments from the public sector and one common login solution – MitID - to all public sector websites,
- in general, responsible use of data is in focus of the public.
This extensive focus has led to a situation where a couple of years ago, Denmark was in the lead internationally when it came to public digitalisation. In Denmark, a digital motorway has been constructed, but the question is whether the Danes are able to drive on it?
More recent studies show that Denmark is now lagging slightly behind when it comes to human capital and knowledge of how to utilise data optimally. Data is priceless, but it takes skills, investments and structure to get the most out of it. Organisations need to adapt to a digital world where more advanced ways of working with data are essential.
A few years ago, IT and digital technologies were used to energize existing processes and actions and thereby solving tasks in an improved and more efficient manner. Today, we are learning to utilise digital technologies to provide interconnected solutions that are preferably both personalised and proactive.
Pernille brought forward an example where a Danish municipality uses existing digital platforms of taxi and bus companies and combines them to provide an interconnected solution for public transport. This tool presents to a passenger how different means of transport may be combined in order to bring him or her all the way from starting point to final destination. Another desirable example within the area of welfare technology could be a platform for ordering and delivering ready-cooked meals for elderly and disabled people. Today, different companies cook and bring meals to these target groups; often traditional meals consisting of meat, potatoes, sauce and a limited amount of vegetables. Future customers are likely to demand a higher degree of variety and free choice, which could be provided through a digital platform that combines existing restaurant websites and thereby enabling end users to choose their favourite meals.
When data is used in new ways and also in combination with analytics and artificial intelligence, it places great demands on cyber security. Pernille debated digitalisation vs cyber security with Jens Myrup Pedersen, Professor of Cyber Security at Aalborg University and head coach of the Danish National Cyber Security Team. A recent survey shows that both employees and managers in general feel, that they are in control of cyber security, but in reality, the situation is different. Many public organisations and private companies lack clear guidelines on cyber security, and there is no one to turn to for help on this matter. It is therefore a question of whether it is safe to continue the current development?
Jens held a presentation - Cyber Security and Attacks. All the Time but in particular right now. He stated that the cyber threat is real, and attacks are becoming increasingly sophisticated. Typically, ransomware will somehow enter a company’s systems to encrypt data, which will then only be released for a high sum of money. Sometimes, cyber criminals will also threaten to leak or sell data to other parties. Different examples of attacks were given, e.g. the one involving the Danish company AK Techotel, which hosts a booking system for 900 hotels. In 2021, a ransomware attack paralysed the booking system and encrypted data for all 900 hotels. Running a hotel without knowing who will be checking in or out is no easy task. AK Techotel was under an enormous amount of pressure from stressed out hotel managers and ended up paying the required ransom. Cyber criminals are clever, and they are determined to spot weaknesses and nudge end users to make just one mistake and thereby give them access to valuable data.
Therefore, it is of extreme importance for all companies and organisations to remember to make risk assessments with regards to cyber security and to take precautions. If something goes wrong, stay calm, ask questions. Do not panic. NIST standards have been developed to improve the security posture of government agencies and private companies dealing with data. The five Core Functions are:
- Identify: Identify which assets need protection.
- Protect: Implement appropriate safeguards to protect these assets.
- Detect: Implement appropriate safeguards to detect security threats and incidents.
- Respond: Develop techniques to mitigate the impact of these incidents.
- Recover: Implement processes to recover from cyberattacks and restore business-as-usual.