The cyber threat is one of the biggest security threats against Denmark. The Center for Cybersecurity's Threat Assessment describes the cyber threat to Denmark coming from the areas of cyber espionage, cyber crime, cyber activism, destructive cyber attacks and cyber terror. The assessment is made with the aim of informing authorities and companies about possible threats in the field of cyber security. The latest annual assessment of the cyber threat against Denmark was released in June 2022, but in this article we will also take a closer look at specific threats and incidents Denmark has experienced since the release of the threat assessment, which precisely points to why cyber security is such an important focus area.
The 5 threat levels
CFCS works with 5 threat levels:
- None: Here there is no indication of threat, and attack or malicious activity is unlikely
- Low: There is a potential threat, and attack or harmful activity is less likely
- Medium: General threat, and attack or malicious activity is possible
- High: There is a recognised threat with capability, intent and planning. Attack or harmful activity is likely
- Very high: There is a specific threat with capability, intent, planning and possible implementation. Attack or harmful activity is very likely
It is on the basis of these threat levels that CFCS publishes its annual assessment of the cyber threat against Denmark.
The Cyber Threat 2022
CFCS assesses the cyber threat in the areas of cyber espionage, cyber crime, cyber activism, destructive cyber attacks and cyber terrorism. This year, CFCS has raised the level of threat from cyberactivism to medium, while the other threat levels remain unchanged from previous years. In the following, we go into more detail on the 5 areas.
Cyber espionage
The threat level from cyber espionage remains very high. This is a persistent threat, emanating primarily from China and Russia, which continuously leads to cyber attacks against Danish targets. This threat is primarily directed at the Ministry of Foreign Affairs and the Ministry of Defence, but also applies to authorities and companies in other sectors critical to society, including, for example, the transport sector, universities and research.
Cybercrime
The threat from cybercrime is also very high, with the most serious threat coming from ransomware attacks. The very high threat from cybercrime is sustained by cybercriminals' capabilities for collaboration, division of labour and specialisation. Here, the threat is directed at all companies and industries.
Cyberactivism
The threat from cyber activism is raised from low to medium as mentioned. This follows activist attacks against European NATO countries during the war in Ukraine by groups. There is assessed to be a possibility that pro-Russian hackers will target Denmark.
Destructive cyber attacks
The threat coming from destructive cyber attacks is assessed to remain low. In other words, it is assessed as less likely that foreign states currently intend to carry out this type of attack against Denmark, which is typically carried out in the context of conflicts or geopolitical tensions.
These types of threats are particularly targeted at the power, internet and transport sectors. The threat may increase at short notice in case the security situation changes.
Cyberterror
The threat from cyberterror is assessed by the CFCS to be none. This is because militant extremists do not have the capacity to carry out this kind of attack, which is on a level of destruction with conventional terror.
The CFCS also assesses that Russia is actively using cyber attacks as a means to influence behaviour and attitudes in other countries. But at the same time, they stress that the 2022 threat assessment must be seen in the context of a broader set of cyber threats that were also serious before Russia's invasion of Ukraine.
Why it is important to be aware of the cyber threat
However, since the release of the threat assessment in June, there have been several cyber security incidents that could well affect the overall threat assessment.
In August, 7-Eleven suffered a ransomware attack which resulted in all of the chain's systems in Denmark going dark, and stores were unable to accept credit card payments.
And as recently as September, three leaks were discovered on two different gas pipelines in Danish and Swedish waters, which seriously sparked the debate on how vulnerable Denmark is to cyber attacks against the energy sector and how such attacks can take shape.
Only a month later, all train services in Denmark were halted for a whole day after a DSB subcontractor identified a security breachst in their IT system. Although it was not confirmed that this was a hacker attack, it tells us that the cyber threat could also have a major impact on the transport sector.
These three incidents have each received massive media coverage because they illustrate very clearly the concrete impact cyber attacks can have on different sectors, but also because they are evidence that there is a real threat in the cyber security field.
Concluding thoughts
While the CFCS threat assessment report against Denmark may contribute to increased concern, it is important to remember that there are many precautions that businesses and individuals can take to minimise the risk of being exposed to cybercrime and attacks.
For example, we always recommend a general increased awareness of potential threats, which can be easily promoted with awareness and phishing training. Here you learn to identify advanced cyber threats through intelligent simulations. Of course, we also know that it is not possible to defend against every kind of cyber attack, but raising awareness is certainly not a bad place to start.
Emilie Hartmann
Emilie is responsible for Moxso’s content and communications efforts, including the words you are currently reading. She is passionate about raising awareness of human risk and cybersecurity - and connecting people and tech.
View all posts by Emilie Hartmann