FOI knows IT security from top to bottom

- FOI has a very professional and cross-disciplinary approach. With MTO (man-technology- organisation) interaction as a central theme of its research, the results are both concrete and practicable. That is of key importance to measurement methods in information security, says Per Oscarson, Information Security Unit, Swedish Civil Contingencies Agency (MSB)

Companies and authorities like MSB, the Swedish Civil Contingencies Agency, entrust FOI’s scientists with the analysis of their information security. Information security is also an organisational problem. For this reason, therefore, communication in companies and organisations is analysed from an information security perspective, enabling the scientists to develop methods for how communication should be organised. 


- An important part of FOI’s research is about predicting and evaluating IT attacks and intrusions. By studying viruses, trojans and system intrusions, we can detect weaknesses that may lie hidden in IT systems. These can then be evaluated and, using scientifically based methods, we can create a documented basis for deciding the measures that need to be taken, say Mikael Wedlin, Project Manager for the IT security research group, and Jonas Hallberg, Deputy Research Director for research in the evaluation of IT security.


IT security is needed everywhere and its importance can only increase as more and more systems are connected together in larger networks. IT security research at FOI is conducted at a technical level and IT threats can be demonstrated in a practical way.


The work on IT security may take place at different levels. It might involve setting up firewalls and protecting particular computers with antivirus programs. It might also entail studying and developing countermeasures for hostile IT weapons and so-called “cyber warfare”. Or, again, the aim could be to protect control systems for critical infrastructure such as hydroelectric power stations.


Information security is about education and ensuring that everyone concerned knows how to use technology in a safe and secure way. We know operating systems and the technology of IT security from top to bottom.