Sweden Tries to Stem Fallout of Security Breach in IBM Contract
Swedish Prime Minister Stefan Lofven says his government is trying to safeguard sensitive information and minimize damage done by an IT outsourcing deal that could have exposed classified details to foreign powers.
His administration will now investigate the deal struck by the Swedish Transport Agency after classified information in its registers and systems was handled illegally, Lofven said at a press conference in Stockholm on Monday. The government also plans to tighten existing outsourcing rules, Lofven said.
The prime minister called the development “serious” and underscored the government’s commitment to ensuring that people “feel safe that their personal information and other sensitive information is handled correctly.”
Sweden’s transport agency, which in 2015 outsourced its IT operations to IBM, has been criticized for ignoring warnings from the Swedish Security Service. The agency also sidestepped rules in order to outsource the contract, which used vendors based in Romania and the Czech Republic. The revelations have dogged the government and Lofven is now trying to contain the fallout well ahead of elections due next year.
Sweden has already replaced the transport agency’s director general, Maria Agren. She’s also been fined by prosecutors for carelessness with secret information. This month, the agency’s chairman was removed. But the development has raised questions about the roles of the country’s sitting Infrastructure Minister Anna Johansson, Home Affairs Minister Anders Ygeman and Defense Minister Peter Hultqvist, and how much they knew about the developments.
Lofven said at Monday’s press conference that he was first informed about the breach in January, much later than some of his ministers. Asked whether he still has confidence in the cabinet members, Lofven said he would have liked to have received the information earlier, but added he has faith in all his ministers. Still, the government will review its internal information policies, he said.
According to local media including TT, Expressen and Svenska Dagbladet, a number of parties in Sweden’s parliament have said they won’t rule out demanding a confidence vote in the ministers associated with the scandal. The Moderates, the Center Party and the Left Party have all said that may happen.
Micael Byden, Supreme Commander of the Swedish Armed Forces, said on Monday the security breaches may have exposed some information about vehicles and protected identities. While the vehicle details could constitute a risk if they ended up in the wrong hands, that risk is manageable, he said. On the matter of identity security breaches, he said Sweden’s armed forces have taken the necessary measures and see no major impact.
“This is a serious incident,” Byden said. “But given what we know today, it hasn’t had any significant impact on our total operational abilities.”