Thank you and good afternoon. All, all of you here at the, I don't know. Yeah. The conference all will continue tomorrow, but is there, I think that that would be more some workshop, right? Exactly. Yeah. We are regular workshop exactly. Reference day. Exactly. Tomorrow is work.
Ah, yeah. Okay.
That, that's how it works. Yes. Yeah. So today I'm gonna talk to a little bit about how we work with cybersecurity on a national level. You see this picture here is actually the Danish minister of the defense sitting right there. And the funny thing with that picture is that also that's the only physical meeting that we have had in the council throughout two years. So that was taken in January last year.
Maybe if you look very closely, you'll see the date there, but it's, it's kind of been very interesting to work on such an important matter in, in an environment that you are literally cannot, you know, sitting in, in these team in Skype sessions, but that's how it has been.
So yeah, let's jump into it. A few of them, of those, and also for you that watch from, from outside I'm B eing.
As, as I said, I co-chair the private part of the national data cybersecurity council. I will get into the structure of this, but I also have a very long history in the I C T industry. So I also work in the business association, which represent about roughly 800 Danish I C T companies. And I am also working in the private business in, in the company of legal. As you see here, there's very old man, going back to 99. And I think this is just besides that.
Obviously you can see who that is, but the small blue cube, there is also kind of a starting point from where all the cybersecurity began with that. Wasn't a cyber, that was an appliance. That was an email appliance.
That was a mail server DNS server. So kind of fast forward through today is that this is only 22 years ago. I think it it's quite astonishing when you look at, you know, that kind of huge movement towards just getting internet access.
And then now we are ending up here in, in, in having the requirement for nationals councils and working and government regulations, etcetera, etcetera. I think it, it, it just to give you a little bit perspective on, on the journey, but jumping into the council itself and the history behind that, I think it's, it's important just to state that we have a strategy in Denmark. The strategy has been built and is expiring now by, by end of this year. And the reasoning why the council has been established is a growing demand from the private sector.
So we learned down this path that it is not enough just doing something for critical sector.
It's not enough just being doing, you know, what governments do we need to make that approach far more broader. And that's what, what had happened. And that's the pass of this, this, this council. So I would say the demand has been there awareness and the broader public has been required and we need political attention to make things move. And I also think the, the, the, what, what, what the pass to this is that there's so many diverse initiatives going on.
And I think we just now now gain here, we just listened on. It's just another initiative.
There are, you know, so many things. So, so sometimes you also need to kind of to consolidate some of the initiatives and make sure that they're coordinated. And finally, we see that knowledge sharing is, is too is too limited.
You know, we, we do not learn from each other.
We don't learn from the incident.
So, so those are the things that kind of led to the, to the council itself. The structure of the council is built on 2020 members.
It was, as you saw established, actually we are appointed in December, 2019, it's a private and public council. There are 20 members which represent the public sector, the private companies, universities, and consumers. So it's kind of tried to bridge more or less every single interest that we can find. Some members are appointed in their personal capacities simply because they are very well skilled people and others are nominated by professional business associations.
So it, it, it's, it's a little bit different how people has been kind of come to the council members are appointed for two year terms of our term will now expire end of this year. And actually, I can't say how it's gonna evolve next year.
We know it's gonna evolve. We know there's gonna be a new council, but it's on, on the, on the government. The chair is, is for the public part is done by the Danish agency for digitization and as well as the Danish center for cybersecurity also that I, I did reference yesterday on, on the talk on the ransomware.
They do a lot of work looking at who was actually in this council here at this site. Here, you have a range of organizations, obviously for all of you that are ordained, they will, might not be that relevant, but I think it would probably now maybe Danske bank DFDS, a very large shipping company cooler plus large, large scale manufacturing company in a medical area, KPMG auditing company, and also cybersecurity company and other companies as well. This is the consumer organizations also represented in the way in looking here at the universities.
We actually do have free universities collected in, in the council. And finally also the free governmental bodies, which is the agency of digitization, which is part of the Danish minister of finance. We have the business association business agency, which is yes, under the minister of, of business and finally the minister of justice, which is also in, in the council.
So it, it yet, again, is very wide and, and this is the way it's, it's been put together, looking at the mandate that we did receive from the government initially, or that we should focus on the, on, on the strategic level. And obviously when you have a council like this it's easy.
So, okay. We have to work with that. We have to work with that. What can we put on the agenda, but specifically advice and support in the development of, of the new national strategy.
And that's more or less been the work that we've been doing, but also contribute to knowledge, sharing, advice, guidance, and strategic level development of a cyber conferences. And finally also join in for the October cybersecurity month that goes on, on the ENISA the European cybersecurity agency level. So those are kind of the, the basis of the foundation of the mandate that, that the council received.
And I will get to you a few things that we also kind of learned that that makes sense. So why this private public partnership, I think, you know, the first line here cybered does not distinguish between private and public sector, actually the, the criminals out there, they don't care. I think it's just getting more and more and more cruel.
Also, as I said, just initially here, the sharing of information is so vital. We have to learn from the incidents we have to learn of how this works.
The interesting thing by having the public sector members is that also they are bridging to the political level. So one thing that might be kind of in, in the government representative, but they are also closely connected to the political decision makers and we need to gain attention among the, at the political level to have stuff start moving on, on having initiatives.
And also finally, what we learn is that this United voice of both private and public experts has simply made the broader public, more willing to listen. And we've seen that will get to that in a second. So what have we accomplished in these two years?
Well, obviously said we delivered the, the advice. We have had a lot of workshop discussions on that matter, but we have also been in involved, obviously that came very fast peer review of this COVID 19 contact tracing app, which was a very interesting, yeah, there was some very interesting sessions literally, because what, what, what happened is that the health resource is they wanna collect a lot of data and all us as cybersecurity people, we said, you know, no bloody way, you know, that should be completely disconnected, only bare minimum, cetera, et cetera.
I'm very thankful that we kept the position because that app has turned out me a success. I will get to back back to that. We have done a numbers of webinars has also been a very good path forward. People have been very interested in listening in and finally another areas of contributions.
So working together, and that's the learnings here working together do make a difference. And the public is eager to engage when possible that comes out of these webinars. So the meetings has been very concentrated and very deep in terms of debates.
It's been very interesting and has been very fruitful, but also we have members that have very different backgrounds. There are people that are technical skill. There are people that are more look from the consumer point that people that looks in the university sectors and all this kind of kettle and bottling of, you know, cooking of various people has turned out to be quite efficient.
So it's, I think it, it, it's a learning that it can be used in many countries that if these initiatives comes in other countries, please make sure that you get a broad range of people sitting in the same room, because they all, we all share the same vision.
We wanna make things more safe, but we come with different backgrounds. The webinars has been interesting compared to classic physical events, because we have simply seen a quite astonishing more me people joining in for the webinars, because it's been more easy. It's been something you can do for two hours.
You don't have to travel cetera, et cetera. And I think also the brand of a United private and public council is the main reason for the increase in interest from the broader public that you have a United voice. So it's also a very important learning, as I said, the unexpected benefit were that suddenly we could also step into this COVID tracing app. And honestly, you know, we were very fo focused on nothing happening in that, in that app.
And then two months later we had a meeting and everyone has just tried to get an alert on their phone and go to isolation, get tested and say, how, why do I, why don't I know where I got my potential infection from, or where, where, what did you know?
So there was a little laugh among the members on, you know, actually, but I think everything, you know, concluding it, it was well done. We also been into the solar winds and, and the HN hacks. I think there was some very interesting briefings on that. I think the council also has been a voice in the public.
The council members in the social media has been able to go out and, and speak on that behalf. And the more voices that speak in, in one common direction, the better chances is that that, you know, the broader public will follow. And finally, of course the vaccination app has also kind of came back when this year, when, when we, when we had that. So path forward, I think this is taking a lead towards a robust cyber protection, and we are not talking about cybersecurity. We type talking about protection.
Protection is broader and more solid than just doing something securely.
So yes, council can set headings for all parties and initiatives in the sector. National strategy needs to be national is something that also think you should think about if you are involved in that in wherever country you live in, make sure you get kind of into all the corners, because cybersecurity is in all the corners. We also need to increase the cybersecurity competencies through the society, by expanding the education at both elementary school and university level. I think yet again, something okay.
That's easy to say, but at the reality, it makes quite a lot sense that we work on, on all the scale up on, on, on teaching and get getting learnings, no sharing, no knowledge. I think I said that already, the past is not easy, but we need to get this to work.
We need to figure out best way to share information.
Also, a thing. I think I also mentioned that yesterday is that errors is something we need to disclose and not hide. We need to reverse on the culture of that errors are embarrassing. The only way we can learn is by talking about what we make wrong, and it goes into, into the organization yourself, and also on a broader, broader scale by learning from knowledge, we pave the way for political attention and the likelihood finding increasing intention, attention and investment. This is something also I learned out of the actually in, in Estonia some years ago. And this is also the same story here.
When we talk about the experience, then also decision makers, boards, political layers, they start realizing the ity behind these things that we are talking about. So this is kind of a spiral that, that we, that we enable in that way.
There is no one to one outcome on reporting on a cyber event, but using scientifically method on a larger amount of events can discover new learnings. That's exactly one of the main arguments.
You know, why should I report my staff? Because I will never get anything interesting out of that?
No, you would not probably do not get something specific. You would not get the reasoning why you were hacked, but maybe when you connect all the dots, you will get some point saying, okay, this might be the reasoning. And I might have that. I might have that problem. And therefore for me, it's, it's relevant to start understanding that. So things are connected. And lastly, here cyber attacks will not stop because we are busy doing something else, quite a contrary. They will just increase in magnitude. And I think that was the 20 minutes. 17. We have time for questions.
