Dare We Become Sick in the Future?

I probably shouldn't have been surprised when a friend asked me if we dare becoming sick in the future.

When you work with information security, you often get asked a lot of interesting questions by family and friends who may not be experts in the field and who have a somewhat hazy picture of what it is you actually do.

My friend had read DN's (a Swedish daily) excellent article on unsecure hospital systems (especially those still using Windows XP) and became very concerned.
It certainly is interesting that Windows XP is still being used, but I think we should focus on and call attention to what is often referred to as the next revolution: that we're on the way to connecting just about everything. I don't think that we fully understand what this means. Good evidence of this is that, over the years, we have become used to sentences like ”I found the control system to a crematorium on Shodan” or ”Radio-controlled pacemakers are not as difficult to hack as you might think”.

Fortunately, there are individuals in the EU who are also concerned about this – primarily because several of the connected systems belong to organisations which are critical for society to function. The EU has therefore decided on a directive, colloquially referred to as the NIS directive, which will be interpreted and legislated in all member countries. Including Sweden.

The new law will force organisations with functions critical for society to work systematically with information security and to make sure that they can continue to provide these critical functions.

This is, of course, a good thing, but I hope that the increased interest in information security generated by the NIS directive (and GDPR) will spread across society as a whole.  That people will understand why information security is so important. So that we can dare to get sick in the future.

What do you think – am I naive or do you also believe that information security should be elevated in our consciousness? For those of you interested in the NIS directive, I discuss it with my colleagues Susan Bergman and Jonas Stewén in the latest Combitech podcast. Listen to it here. (In Swedish)