Iceland’s internet security has considerable room for improvement, RÚV reports, especially in the wake of Russia invading Ukraine.
“There is an unbelievable amount of interior matters that depend on us having maximum connectivity both domestically and internationally,” Guðmundur Arnar Sigmundsson, the department manager for cybersecurity at CERT-IS, told reporters. “It’s impossible to give prescriptions for medicine without an internet connection. This is why we emphasise internal security.”
In the wake of sanctions against Russia which followed the country’s invasion of Ukraine, numerous Russian-based cyber attacks against sanction-invoking countries have been reported. While larger countries are a far more likely target for these attacks than Iceland, Guðmundur emphasises that Iceland should still be on its guard.
“Unfortunately, we can’t fall back and relax,” he said. “We need to prepare ourselves for the fact that we can also be a target because we’re certainly a member of NATO and are taking part in these operations [against Russia].”
As many Grapevine readers are aware, there have been a number of successful hacking attempts made against Icelandic institutions. The most recent example is the capital area bus system Strætó, who were hacked and (unsuccessfully) extorted last January, but previous targets have also included energy company HS Orka and national broadcasters RÚV.
The International Telecommunications Union (ITU) ranks Iceland in 58th place out of 182 countries on their 2020 Global Cybersecurity Index (.pdf), the lowest in western Europe and far behind Norway (17th), Sweden (26th) and Denmark (32nd).
Furthermore, Iceland’s internet is connected to the rest of the world via three undersea cables. If these cables were to be disabled for whatever reason, the country would need to fall back on satellite-only connections, which they have not had to use since the early 2000s and is considerably slower and can only handle a fraction of the data transfers that Iceland depends on.