Threats to information systems
The last major known cyber-attack on a significant actor in Swedish society was the so-called “Coop hack” where the financial and accounting systems used to manage goods flows and transactions within the Coop group and their suppliers and partners were subjected to a so-called ransomware attack. Ransomware means that access to data and applications is blocked and a ransom is demanded to restore it.
Earlier this year a major Finnish IT provider, TietoEvry, was hit with a ransomware attack that forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures.
The Danish company Demant, one of the world’s largest manufacturers of hearing aids, lost up to $95 million following a ransomware infection that hit the company in 2019. That marked one of the most significant losses caused by a cyber-security incident outside of the NotPetya ransomware outbreak -known to have incurred companies like shipping giant Maersk and courier service FedEx losses of over $300 million, each.
The significance of these event as a disruption to society should show that actors supported by foreign powers are making moves against private actors, more and more often in sectors that are important to society, and that in this way social unrest can be created and trust in the social contract undermined.
Shortage of electricity
In recent years, many countries have experienced difficulties in the electric power grid. This has led to a vitriolic and, in many cases, off the point debate which is to a large degree about energy production when it really should be about energy distribution. Political positioning and ideology are here getting in the way of a very practical problem that can be solved through investment in systems and infrastructure.
Earlier this fall, NATO’s Center of Excellence for Energy Security in Vilnius conducted a simulation in which Northern Europe suffered an energy shortage. The reasons for this were unclear, but an interesting detail was that in the simulation the Swedish electricity network went down entirely, a total blackout. This led to difficulties for the Baltic countries. Eventually, the situation was solved for the Baltics by the restarting of the Ukrainian system. It was possible for this to happen because they have plenty of trained personnel able to go out and restart the network, something they learned the hard way to do after years of sabotage and cyber-attacks from Russia. In Sweden, we have automatised operations for so long that we no longer have that personnel capacity.
China, too, has suffered an electricity shortage, and France is threatening to cut off its energy supply to Great Britain. Energy supply experts mention with concern the winter of 2021-22 as a possible turning point where we will begin to see social unrest due to problems for people and companies in different parts of Europe caused by the non-functionality of electricity supply or gas provision.
Regionalisation of the Internet
A concerning trend is mistrust of the American authority’s use of the Foreign Intelligence Service Act (FISA) symbolised by the ruling in European Court of Justice case C-311/18, or, as it is called in the media: Schrems I and II. The court decision is named after Austrian Maximilian Schrems, a lawyer and activist. He reported Facebook to the IDPC, the Irish Data Protection Commission, as he considered that Facebook in Ireland was not entitled to transfer his personal data to the USA, citing that US intelligence law is in conflict with the EU’s data protection laws.
In practice, the result of Schrems and Schrems-2 has been that the public sector in particular avoids solutions from companies in the USA due to the Cloud Act and a FISA rule stating that disclosure can take place without the person to whom the data belongs being informed of this. Thus, no privacy assessment under the Public Access to Information and Secrecy Act can be made. This despite the fact that in this case it is only the company coming under the scope of the Public Access to Information and Secrecy Act which cannot use these services.
In the situation that has come about, we can note above all that China would like to make the EU more dependent on Chinese cloud services. Currently we are wholly dependent on American cloud services and their capacity — Europe has nothing to match it — but China already has enough to be an attractive prospect. If suspicion of the American solution grows, we may turn to the Chinese solutions. Constructing European cloud services is taking a long time — here there is a parallel with the concern over semiconductors. How many of us have a European web browser or a European word-processing or email program? If all US license servers were shut down, almost all digital activity in Europe would be at risk of coming to a halt, in theory immediately.
A large part of municipal infrastructure — walls, water, and sewage systems — was built in the 1950s-1970s. This means that much of the infrastructure is now nearing the end of its lifecycle and requires maintenance urgently. Counties, regions, and municipalities also need to alter their capacity due to the growth or diminishment of their population. Even though decision makers are aware of the problem, the necessary efforts are not being made to deal with it. The problem appears to be about a generational change with regards to knowledge and experience, but it is also due to the fact that there are few people working in the municipalities and authorities who deal with matters of this type.
If the municipal infrastructure systems should fail on a large scale, this would pose a serious threat to the social contract. Citizens pay the majority of their tax to the municipalities, and they expect service and a functioning society from the municipalities in return. This is the reason why the US Congress passed the Bipartisan Infrastructure Deal (Infrastructure Investment and Jobs Act) recently, services based on that is crucial for the social contract between the citizens and the governmental sector.
Shortage of cement
Cement production has been under the microscope for decades due to the major climate impacts it causes. At the same time, Swedish-produced cement is entirely decisive for Sweden’s competitive power and the only quality that manages to meet the requirements set by the Swedish construction industry.
The only Swedish cement production company, Cementa AB (to be sure, entirely owned by the German Heidelberg Cement), has now found a method to make cement manufacturing emissions-neutral using CCS technology, but despite this, non-compliance with environmental requirements and regulations risks closure of the factory in Slite, which represents an essential segment of manufacturing for the Swedish construction industry. Cement production was for good reasons deemed an essential industry during the Cold War: cement is a critical good in times of conflict.
The Swedish Parliament approved governmental implementation of an emergency law allowing an extended temporary authorisation for Cementa’s use of industrial lime outside Slite in Gotland after 31 October this year. This is important because, quite simply, if Cementa must stop manufacturing cement for environmental reasons, the Swedish construction industry will buy cement from someone else, who will probably take significantly less care of the environment than Cementa does.
The global semiconductor shortage is continuing to trouble the electronics and vehicle industries. This cannot simply be explained by the pandemic: rather, it is about everything from a shortage of water for manufacturing facilities to China’s threats to Taiwan where the largest semiconductor producer, TSMC, is located. It is also due to the EU’s failure to build capacity, and to the USA’s and China’s use of their own manufacturing power in the ongoing trade war. The most recent problem is that it is difficult to find staff with the right training and knowledge to work in the semiconductor industry.
Shortage of gas
Even before NordStream 2 was put into service, Russia has already used this as a weapon, something they do with the entirety of their gas production and have been doing for many years — just ask the Ukrainians. Russia has now deliberately restricted the supply of gas, probably both in order to increase the price and to exercise pressure on the EU to permit the supply of gas via NordStream 2.
Gas prices are now soaring, to the delight of Gazprom and the Kremlin. The biggest win, however, is not the resulting income: it is that a means of exercising power over Europe now exists that previously only existed with regard to Ukraine and Turkey. Russia is militarised to a degree known as “whole of government”. This means that all policymaking is part of warfare, including agricultural policy and economic policy — but above all energy policy.
Supply chains and transports
Supply chains have been under pressure for a long time and were severely disrupted by the pandemic. The running aground of EverGiven in Suez and the port congestion problem in California and southern China as well as the increase in the price of containers have, taken together, sharply increased friction in the transport and supply system.
We can rely on there being continued impacts on supply chains due to geopolitical factors if China turns to a more protectionist policy and wholly or partially abandons its measures connected with the Belt-and-Road Initiative. The grey rhino is, of course, a Chinese attack on Taiwan, which would collapse the supply of semiconductors with resulting catawstrophic consequences.