Cyberepidemiologi : Hur kan utbrottsdetektion inom folkhälsa hjälpa IT-incidentsövervakning?

Sammanfattning: This study aims to shed light on what a comparison between cybersecurity intelligence and public health surveillance systems can yield in practical improvements. The issue at hand is best described by the amount of threats both systems must detect. Intelligent malicious software, malware, designed by humans to spread and reap havoc in the abundance of unprotected networks worldwide and contagious diseases with millions of years of evolution behind their design to bypass human defences, infect and multiply. These two threats stand as mighty competitors to actors who try to monitor their presence to be able to give advice on further action to hinder their spread. The sheer amount of experience in public health of dealing with surveillance of contagious disease can contribute with important lessons to cyber intelligence when malware is becoming an even more alarming threat against everybody who uses the Internet. To compare them both this study uses high reliability theory to understand how Folkhälsomyndigheten, Sweden’s main authority in public health surveillance, and CERT-SE, Sweden’s national computer emergency response team, operate to make their surveillance as reliable as possible to detect emerging threats. Some key findings of the study points to the lack of regional or global binding policy’s to share information in the cyber security sector of which CERT-SE takes part in. The major roll of trust-based information sharing can be subject to shifts in relationships between states and excludes states with which no bilateral arrangements are made, but who may possess information of urgent necessity. The lack of arrangements in the cybersecurity sector, correspondent to the International health regulations by World Health Organization in public health, stands as a major difference between the two sectors access to information. However, this study may not stretch as far as to prove that the greater access to information would have proved to be of ease in a specific cyberincident. Case studies of this kind or further research of how agreements can be made in an anarchistic domain like the Internet are to be continued from this study.