OM DU VILL HA FRED, RUSTA FÖR CYBERKRIG : sveriges cyberförsvar ur ett avskräckningsperspektiv

Sammanfattning: In accordance with the EU Network and Information Security directive (NIS directive), the Swedish government made it mandatory for specific authorities and organizations to report IT-related incidents to the Swedish Civil Contingencies Agency (MSB). In their report from 2017, MSB stated that due to the low frequency of incoming information, the report doesn’t give an accurate picture of the actual circumstances. The same year the European Commission adopted a cybersecurity package containing multiple initiatives aimed to further better member states resilience, deterrence and handling of cyber-attacks. Due to the insufficient information in MSBs’ report, it´s difficult to determine whether the Swedish cyber defence has the ability to deter antagonistic states to conduct cyber operations or not.   The purpose of this theory-consuming single-case study was to examine the Swedish cyber defence from a deterrence perspective and thereby provide new understanding regarding Swedens’ ability to deter within the cyber domain. To do this, a conceptual framework was constructed constituting of  Phil Williams’ theory on the requirements of successful deterrence, and David J. Lonsdales’ model for cyber deterrence. Contemporary Swedish political documents, doctrines, reports and statements made up the empirical material that has been examined through qualitative text analysis.   The result of the analysis revealed that the Swedish cyber defence, from a deterrence perspective, can be described as inadequate. Despite meeting the basic requirements for deterrence to succeed, the Swedish cyber defence lacks what Lonsdale calls a comprehensive flexible cross-domain offensive capability. The absence of a cross-domain retaliatory capability in the Swedish cyber defence repertoire has a negative incidental impact on deterrence credibility. According to Williams, it’s imperative that the defender possess necessary capabilities to fulfil a threat, otherwise the deterrence won’t seem credible and therefor lack effectiveness.