Cybersecurity

At a high level Netnod has three main concerns with the NIS2 directive and its Swedish implementation in a cybersecurity context. 

At a high level Netnod has three main concerns with the request for comments regarding a national cybersecurity center (NCSC).

Netnod sees several problems with introducing yet another definition of critical and important services, this one in the context of foreign ownership.

On 2 September 2023, Netnod was given the opportunity by Sweden’s Ministry of Defence to comment on an inquiry into models for contingency supply and planning (SOU 2023:50). Netnod is critical that the investigation did not thoroughly investigate the issue of long term infrastructure investments and costs.

Netnod welcomes the additional attention brought to the important topic of cybersecurity by the Cyber Resilience Act. However, Netnod believes that approach is fundamentally suboptimal and effort should instead be put towards accountability in the digital world. That is, instead of laying down ex-ante design requirements for digital products, the regulation should improve ex-post accountability processes in a digital environment. 

In general Netnod believes the trust in certification is too high

Netnod sees some issues with the interim report in the public investigation into secure and cost-effective IT operations.

Netnod has submitted comments on the NIS-2 directive, a proposal from the European Commission (EC) on a directive with measures for a high common level of cybersecurity across the European Union.

On 8 August 2017, Netnod sent a response to the Swedish Government related to the proposed implementation of the EU Directive on Security of Network and Information Systems (NIS) in Sweden.