LiU students present cybersecurity report

The report was commissioned by Linköping Science Park and Security Link, and financed by Tillväxtverket, the Swedish Agency for Economic and Regional Growth. The work has been supervised by LiU professor Erik G. Larsson within the framework of Security Link, a strategic research initiative in safety and emergency preparedness, coordinated at LiU.

Emmy Englund and Linnéa Tullin have interviewed around 20 people in the industry and carried out literature searches. They summarise their results in the report (in Swedish) “Cybersäkerhet – En kartläggning av Sveriges nuläge 2020 och framtidsutsikter för branschen” (Cybersecurity – A Survey of Sweden’s Current Position and Future Prospects).

Opportunities but also risks

“We describe new technologies, such as artificial intelligence, 5G, quantum computing and the internet of things, and the advantages these will bring. However, they all have implications for cybersecurity, and all of them bring both opportunity and risk”, says Emmy Englund.

“These new technologies involve risks that we have difficulty imagining, such as the risk that an online household appliance is the target of a cyberattack.”

Linnéa Tullin agrees:
“We’re seeing a technological race in which companies compete to bring new products to the market: security is only a secondary consideration. In addition, we must consider the human factor: it’s difficult to motivate co-workers to change password at regular intervals, or to be careful about whom they allow into the office”, she says.

The report describes the current situation for cybersecurity in Sweden – the companies that are active, what they do, their areas of special expertise, and their prospects for the future. The authors conclude that Sweden has made significant progress in digitalisation, and the level of expertise is high. This gives a good environment in which to work with cybersecurity, but more education and greater awareness are needed, not only at company but also individual levels.

Emmy Englund Photo credit Privat“Cybersecurity is a broad field that is receiving increasing attention, and we have written a broad report that briefly takes up many fields. We hope that company security managers and other individuals read it, and understand the significance of everything being connected. Managers of small companies usually fail to understand how vulnerable they are: they don’t regard themselves as possible targets of a cyberattack. Maybe they are not even working within IT, but what would happen if their complete inventory system crashed?” asks Emmy Englund.

If all online refrigerators and freezers were switched off on a warm summer day, what would be the effects on the food supply? And what happens if robot vacuum cleaners map out our homes, without us knowing about it?
Linnéa Tullin Photo credit Privat“When many small pieces of the puzzle are collected from different sources, the information gained can be used in undesired ways, and cause huge damage”, says Linnéa Tullin.

We all bear a large responsibility, but several of the people interviewed pointed out how important it is that the systems are designed to make it easy for users to get it right.

Swedish initiatives

Erik G. Larsson, professor of communication systems at LiU, is impressed by the students’ report.
“This is an extremely weighty report, and I’m impressed by the way in which Emmy and Linnea have worked on it. Cybersecurity is such a rich and multifaceted field, and the research behind this report has required not only extensive analysis but also in-depth interviews with many actors from highly diverse sectors of society”, he says.

“The report also shows that we must increase Swedish initiatives in research into cybersecurity. We must look at everything – from how we can improve the interfaces of systems to avoid human error, to how we can improve risk analyses and develop new technical solutions for the secure processing, communication and storage of information. It’s remarkable how clearly this message has come from all the actors interviewed for the report”, says Erik G. Larsson.

For Emmy Englund and Linnéa Tullin the work has been interesting and something of an eyeopener.
“We have learnt loads about cybersecurity. It’s been really great to interview so many highly skilled folk, and they’ve been genuinely interested in contributing to the report.”

What advice can you give to people worried about security?
“Well, they should read the report, and consider carefully what information they are not worried about others knowing. Review which apps they use and what they share on social media. People should also think about what information they divulge through various online products”, is the answer from Linnéa Tullin.

Emmy Englund adds: “It’s not difficult to learn the basic principles of cybersecurity: our report contains many examples so that as many people as possible can read it. It’s also a good idea to read the small print before approving how your personal data is used, and make a conscious choice.”

The work has been partly at LiU and partly within Unitalent, a consultancy agency that builds on the expertise of students and researchers at LiU.

“This has been an unusual but extremely interesting consultancy project”, says Emmy Englund, who has just graduated in information systems analysis and is heading to the Stockholm School of Economics to work on her master’s.

Linnéa Tullin has completed her master’s in industrial engineering and management, and is to start her professional career working with, among other topics, information security.
“I’m really looking forward to it. The more I learn about the field, the more interesting it becomes.”

Download the report, in Swedish, at Linköping Science Park

Translated by George Farrants