13 January 2015

Denmark throws down $75m to build up offensive cybersecurity capabilities


By Liam Tung
January 9, 2015

Following a serious breach at a Danish arms makers last year, the nation is to spend millions on beefing up its offensive cybersecurity capabilities.

Denmark is equipping its intelligence services for the first time with the tools and skills that will allow it conduct cyber-offensive operations, according to a recent report in Danish publication Politiken.

The Danish government has allocated DKK 465m ($73.6m) up to 2017 to ensure the Defence Intelligence Services (FE) are capable of launching cyber-attacks this year, a move away from its current focus on defence only. It's a sizeable spend for the country: byy way of comparison, the UK - whose population is around 11 times larger than Denmark's - spends around £93m ($140m) on its cyber-offensive and defensive capabilities every year.

It's unclear from the report exactly what offensive capabilities Denmark wants its intelligence agents to have. The move is apparently outlined in a defence bill and in a report from the Ministry of Defence that recommended such capabilities be given to the FE.

ZDNet has asked the Danish Ministy of Defence for more details on the capabilities.

News of the planned offensive capabilities follows the release of Denmark's new national strategy for cyber and information security in December. Most of the initiatives outlined in the strategy however discuss better cyber-preparedness by government agencies, their suppliers, and private sector critical infrastructure providers. Danish defence minister Nikolaj Wammen said of the threats facing the country: "there are external actors exploiting the internet to spy on Denmark and to steal trade secrets."

If Denmark is building up its cyber-offensive capabilities, it joins a growing list of nations whose intelligence services have used malware to spy on foreign targets or, as in the case of Stuxnet, used it to target other countries' national infrastructure. Sweden's armed forces in 2013 urged the government to give it with offensive cyber-capabilities in order to keep in step with other nations already using such tactics.

The most recent discovery of government-made spyware was Regin, which was believed to have been used by UK and US intelligence in the attacks on engineers at Belgian telecoms provider Belgacom in late 2013. Or, if the FBI is to be believed (and many experts don't until it provides more evidence), North Korea's attack on Sony is actually the latest example of a government-sponsored cyberattack.

The Danish defence industry was hit by its own cyberattack last year, reported to have targeted Danish suppliers of parts to the F35 Join Strike Fighter program. The suspect in that case was China.

One question raised by Danish law experts was how to ensure parliament, as required by the Danish constitution, retains control over when and where military capabilities are deployed, even online. For example, the Danish parliament must provide consent if troops are deployed to war, and some view cyber attacks as as equivalent to conventional warfare.

Wammen told Politiken that he believed this requirement could be "reconciled with the considerations that may be in relation to the implementation of operation and safety".

Read more on this story 

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

No comments: