Cryptoworms in sectors for essential services
Publish date: 2019-06-28
Report number: FOI-R--4774--SE
Pages: 56
Written in: Swedish
Keywords:
- cryptoworms
- WannaCry
- NotPetya
- cyber security
- cyber hygiene
- continuity management
- resilience
- NIS-directive.
Abstract
This report investigates, through open English and Swedish sources, consequences of cryptoworms WannaCry and NotPetya for organisations globally in sectors defined by the NIS-directive. The report investigates why the incidents occurred and what countermeasures were implemented to manage incidents and consequences. Primary service delivery disruptions in affected organisations seem to have been limited and consequences primarily economical. No deaths or serious threats to public safety were identified. Primarily administrative IT-system were affected. Organisations more dependent on administrative IT-systems in their primary service delivery suffered more severe disruptions. Lacking cyber hygiene made organisations vulnerable and contributed to the spread of the cryptoworms, particularly WannaCry. NotPetya's advanced propagation mechanism made it difficult to anticipate and prevent, highlighting the need for continuity management. Some organisations handled incidents well despite disruptions in IT systems by switching to alternative routines. Identified measures to prevent and manage cryptoworms include improving the level of cyber hygiene and continuity management, as well as incident management information sharing. As disruptions sometimes were limited, questions arise whether such incidents would trigger incident reporting requirements. Combined with the high spreading speed of cryptoworms it raises further questions about early situational awareness, highlighting the need for effective information sharing in incident management.