A lot can happen in six years. But what has not happened is that four state institutions have corrected deficiencies in the protection against possible hacker attacks. This is criticized by the state watchdog Statsrevisorerne, when the authorities were first warned six years ago. These are four institutions that are important to society. For six years they have had a cyber defense with major gaps.
- The state auditors must strongly urge Banedanmark, the Danish Emergency Management Agency, the Danish Health Data Agency and the Ministry of Foreign Affairs to implement measures to protect against ransomware attacks, it says.
The authorities' protection was reviewed in 2018 and 2021. Both the National Audit Office and several experts criticize their lack of action.
A report from the National Audit Office highlights that neither the Ministry of Foreign Affairs, Banedanmark nor the Danish Emergency Management Agency have implemented measures to ensure that the institutions can restore normal operations after a possible attack.
Major deficiencies in cybersecurity
Associate professor of cybersecurity at CBS Jan Lemnitzer believes that IT security is not prioritized high enough by the management of the four institutions.
- While the threat of cyber attacks are getting bigger and bigger, there are still major shortcomings in the cybersecurity of these institutions, he has told the online media Version2.
He points out that there have been several attacks from "Russian state actors" aimed at, among other things, the defense alliance NATO and countries' foreign ministries.
The Danish Health Data Agency and Banedanmark have not made comprehensive risk assessments, where they critically review the institution's infrastructure to assess the threat. This means they cannot judge how to intervene and improve security.
- If your risk assessments - where you decide how the budget should be spent and how the efforts should be prioritized - do not meet the standard requirements, then your cyber defense does not meet the requirements, Jan Lemnitzer has told Version2.
The State Auditors have asked Minister of Digitalization Marie Bjerre (V) for a statement.
/ritzau/
Text, graphics, images, sound, and other content on this website are protected under copyright law. DK Medier reserves all rights to the content, including the right to exploit the content for the purpose of text and data mining, cf. Section 11b of the Copyright Act and Article 4 of the DSM Directive.
Customers with IP agreements/major customer agreements may only share Danish Offshore Industry articles internally for the purpose of handling specific cases. Sharing in connection with specific cases refers to journaling, archiving, or similar uses.
Customers with a personal subscription/login may not share Danish Offshore Industry articles with individuals who do not themselves have a personal subscription to Danish Offshore Industry.
Any deviation from the above requires written consent from DK Medier.
