Swedish Transport Administration: Handling IT security risks in the public sector – a matter of trust
It was in 2012 that the Swedish Transport Administration made the decision to install the software NetClean ProActive to ensure that nobody was viewing or downloading child sexual abuse material on the authorities work computers. Jäverdal oversaw the installation of the software and has been in charge of its use subsequently.
The initiative to install a detection tool was promoted by the HR Department. The decision was based on the moral standpoint that the Swedish Transport Administration should do what it could to fight child sexual abuse, and that it was important for such a big government department to be seen as leading by example.
However, even though the initiative came from the HR department, it was seen as an issue that should be handled by IT security. There are risks and safety concerns linked to all activities on the Internet; but there are several very specific concerns linked to the issue of child sexual abuse, according to Jäverdal who elaborates (below) on the issues on which the Swedish Transport Administration have focused.
There are risks and safety concerns linked to all activities on the Internet; but there are several very specific concerns linked to the issue of child sexual abuse.
Adhering to policy
Safeguarding the organisation’s computers and other devices so that they are not used to commit crimes, is an important policy issue.
The Swedish Transport Administration has put in place rules based on ethical and moral values. These rules govern what you can and cannot do in the office and with the equipment that is used there. It is unacceptable that a person should view or download illegal material such as child sexual abuse on devices belonging to their place of work whether it be at work or in their spare time.
Risk taking behaviour
A person who views or downloads child sexual abuse material is engaging in risky behaviour. They will have to lie to their employer and to people around them. It is reasonable to assume that a person who is willing to engage in this type of risky behaviour might break other laws or flaunt company policies.
Risking multiple types of attacks
If an employee is visiting unregulated websites and media, whether it be on their work computer or mobile, they risk that their visit can be traced back to the Swedish Transport Administration. There will be an increased risk of other attacks such as DDOS-type cyber attacks, spam and other threats. There is also a risk that the person will download malware when downloading illicit or unwanted material. The same thing can happen with unverified USB-sticks.
People who engage with this type of illicit material are vulnerable to threats and blackmail.
Blackmail
People who engage with this type of illicit material are vulnerable to threats and blackmail. This is a big security risk if the person has a prominent place in the organisation or if they handle sensitive material that they can be blackmailed to divulge.
Caring for our employees
Finally there is the risk that other employees will be subjected to the illicit material. It is perhaps not the biggest security threat, however by protecting the organisation we also ensure that we safeguard our employees from the risk of being subjected to child sexual abuse material.
More cases
More case studies from our customers
Contact us
Talk to an expert
Find out more about our products and how they fit into your existing IT protection. Our experts will be happy to guide you. Give us a call at +46 31-719 08 00 or follow the links below.