CWNordics

FEBRUARY-APRIL 2018

Home
Home

Editor’s comment

Top IT priorities for The quarterly magazine from Computer Weekly, focusing on business IT in Sweden, Denmark, Norway, Finland and Iceland
Nordic CIOs in 2018

Cyber attacks
of 2017 drive
security efforts

Sweden steps up
cyber defence
measures

Nordic banks face

decisions over
digitisation as PSD2
comes into force

Sweden’s Stena
Line on voyage of
discovery to digital
transformation

The role of ethics

in software
development

Digital destiny

AGSANDREW/GETTY
Nordic technology leaders
discuss their plans for 2018
computerweekly.com
cw nordics February-April 2018 1
 CW
EDITOR’S COMMENT
Computer Weekly, HOME
25 Christopher Street,
Home London EC2A 2BS
General enquiries 020 7186 1400
EDITORIAL
Editor’s comment
Editor: Karl Flinders
020 7186 1423 | kflinders@techtarget.com
Top IT priorities for
CIOs’ digital diaries will be full this year

I
NordicEditor
CIOs in in
chief:
2018Bryan Glick
020 7186 1424 | bglick@techtarget.com
PRODUCTION n the first CW Nordics ezine of 2018, we take a look at some of the priorities of the region’s CIOs. Digital transformation will be the
Cyber attacks
Production editor: Claire Cormack
of 2017 drive broad challenge for CIOs in the Nordic region, it seems. This is hardly surprising given the amount of IT advances in recent years that
020 7186 1461 | ccormack@techtarget.com
security efforts have arrived with the promise of changing businesses for the better.
Senior sub-editor: Bob Wells
020 7186 1462 | rwells@techtarget.com In our lead article, read how CIOs must learn more about their organisation so they can apply the latest digital developments to the
Sweden steps Jaime
Sub-editor: up Lee Daniels business strategy. An example of this is a project by the Finnish Tax Administration to merge its operations team with its developers.
cyber
020 defence
7186 1417 | jdaniels@techtarget.com
measures CIOs also discuss the importance of managing and harnessing data, the spread of cloud computing and the increased use of artificial
Sub-editor: Ryan Priest
020 7186 1420 | rpriest@techtarget.com intelligence this year.
Nordic banks SALES
face And let’s not forget security – always a priority for today’s CIO. Such is its
decisions over
Sales director: Jat Hayer
digitisation as PSD2
07557 433681 | jhayer@techtarget.com
importance that in this quarter’s ezine, we look separately at the security priori-
ties for CIOs and CISOs this year. After 2017, when we saw cyber attacks such
D igital transformation
comes into force
as WannaCry and NotPetya, this is hardly surprising. When Danish shipping will be the broad challenge
Published by TechTarget
company Maersk was hit by the latter, cyber security became personal in the
CIO N
Sweden’s Stena
275 Grove Street, Newton,
Line on voyage of MA 02466
Nordics. Find out how senior IT leaders in the region are planning to respond for s in the ordics
discovery to digital
www.techtarget.com
transformation to such threats now that their boards have had a wake-up call. Meanwhile, the
© 2018 TechTarget Inc. No part of this
publication may be transmitted or reproduced EU’s General Data Protection Regulation adds urgency, with huge fines for organisations that fail to protect customer data.
In any form or by any means without written
The role of ethics
permission from the publisher. TechTarget Another challenge, this time for CIOs in the financial services sector, arrives courtesy of another EU regulation. The second version of
in software
reprints are available through The YGS Group.
development its Payment Services Directive (PSD2) has just come in to force. EU banks now have to prove they can share customer data – if permitted
About TechTarget by the customer – with third-party financial services firms by opening up their application programming interfaces (APIs). This will lead
TechTarget publishes media for information to fintechs and the banks themselves offering new services, including account aggregators and money management apps. This could
technology professionals. More than 100
focused websites enable quick access to a have a huge impact on the banking sector, but it will take time. Read how Nordic financial services firms will adapt to this culture change.
deep store of news, advice and analysis about
the technologies, products and processes Also read how the Swedish government is stepping up its cyber security efforts and find out from Stena Line’s CTO about the ferry
crucial to your job. Our live and virtual events
give you direct access to independent expert
company’s digital transformation. n
commentary and advice. At IT Knowledge
Exchange, our social community, you
can get advice and share solutions Karl Flinders, editor
with peers and experts.

cw nordics February-April 2018 2

 IT PRIORITIES 2018

Home

Editor’s comment

Top IT priorities for

Top IT priorities for Nordic CIOs in 2018
Nordic CIOs in 2018

Tech leaders in Denmark, Finland, Norway and Sweden discuss their intentions for the year ahead. Eeva Haaramo reports
Cyber attacks
of 2017 drive

F
security efforts

or IT leaders in the Nordic region, the beginning of each year

NUZZA11/ADOBE
Sweden steps up is the time to set out their priorities for the next 12 months. A key priority
cyber defence for Finnish dairy giant
measures In 2017, artificial intelligence (AI) and blockchain tech-
Valio is to develop how
nologies dominated the public debate and IT departments were
IT and the business work
Nordic banks face kept busy by several large-scale cyber attacks, but what about the
decisions over
together, to improve
year ahead? Computer Weekly asked a select group of CIOs and
digitisation as PSD2 existing business
comes into force analysts in Denmark, Finland, Norway and Sweden for their take processes and to create
on the top IT priorities in 2018. new models
Sweden’s Stena As in 2017, digital transformation will continue to be a buzzword
Line on voyage of
discovery to digital
in 2018 as Nordic companies seek to reap the business benefits of
transformation digitisation. “For the CIO, this means that both the technologies
and the IT service delivery models must be updated,” said Anders
The role of ethics Elbak, research manager at analyst firm IDC in the Nordics.
in software
development “But also, the CIO needs to understand the company’s busi-
ness, and start discussing its strategic direction, to drive the digi-
tal agenda. CIOs will increasingly be responsible for creating new
business rather than just supporting the needs of business units.”
Juha Penttilä, CIO at Finnish dairy giant Valio, agrees. For him, a
key priority for the year ahead is to develop further how IT and the
business work together, both to improve existing business pro-
cesses and to create new models.

cw nordics February-April 2018 3

 IT PRIORITIES 2018

Home

Editor’s comment In 2018, the Finnish Tax Administration (FTA) will do this by
merging its operational and IT development teams into a single
Top IT priorities for organisation, according to Markku Heikura, CIO at the FTA. “The
Nordic CIOs in 2018
goal is to improve the agility of our development functions as well
as better match customer-centricity and our operational needs,”
Cyber attacks
of 2017 drive said Heikura. “At the same time, we aim to enhance how well our
security efforts development actions meet our strategic goals.”

Sweden steps up
cyber defence
Focus on data
measures Going hand in hand with Nordic organisations’ digitisation
efforts is a focus on data. Data is enabling companies to gain
Nordic banks face new insights into their businesses and automate their processes,
decisions over and for Swedish construction company Svevia, the first step is
digitisation as PSD2
comes into force to expand its sensor network. “For us, a key priority is collecting
data from our production machinery and trucks, weather data
Sweden’s Stena from stations and sensors,” said Emil Dahlin, CIO at Svevia.
Line on voyage of
discovery to digital
At Finland’s Valio, data management is playing a central role,
transformation in particular transforming data into business-relevant information
by combining different data sources, smart analytics and machine
The role of ethics learning. This is necessary to achieve the company’s goal of intro-
in software
development ducing more proactive IT services.
“The aim is to move from the traditional ‘ticket world’ towards A key priority for Svevia
a predictive operational model where problems are fixed even is collecting data from
before a user reports them,” said Valio’s Penttilä. “Also in this production machinery and
sector, analysing data collected from our processes will play a trucks, and weather data

MIKAEL DUBOIS
central role.” from stations and sensors,
Data is also closely linked with new regulatory requirements. says CIO Emil Dahlin
The EU’s General Data Protection Regulation (GDPR), which

cw nordics February-April 2018 4

 IT PRIORITIES 2018

Home

Editor’s comment takes effect in May, will require all companies to re-evaluate their respondents planned to increase their cloud spending – and
approach to data management as future breaches can lead to the trend shows no sign of abating, with cloud-based services
Top IT priorities for fines of up to €20m, or 4% of an organisation’s worldwide annual attracting interest as companies aim to make their workplaces
Nordic CIOs in 2018
turnover. This will sharpen companies’ focus on data, including more digital and mobile.
data classification, flows and security. The Norwegian municipality of Trondheim started its cloud transi-
Cyber attacks
of 2017 drive “This includes an intense examination of [legacy] IT systems tion in 2016 and is now accelerating the process. “When we moved
security efforts and procedures, and identifying and documenting where data
resides, where it is backed up and when it is in transit,” said IDC’s
Sweden steps up
cyber defence
Elbak. “This broadly requires new tools and discontinuation of “When we moved into the
measures old systems, but more notably new processes to both secure and
document the different types of data.” cloud for office support and
collaboration tools, we realised
Nordic banks face For many Nordic companies, the first half of 2018 will be taken
decisions over up by a last-minute dash to attain GDPR compliance.
digitisation as PSD2
comes into force Fred Johnsen, management consultant at PA Consulting in we were taking our workforce
Denmark, said many IT departments expect to be so tied up
Sweden’s Stena with new regulations that they will have limited capacity for into a new decade of efficiency
Line on voyage of
and job satisfaction”
discovery to digital
further digital development, especially as they cannot afford to
transformation reduce their cyber security investments.
“With the recent wave of data breaches, widespread ransom- Bjørn Villa, Trondheim
The role of ethics ware attacks and theft of cryptocurrencies, I don’t see any pause
in software
development in spending time and money on digital security in 2018,” said
Johnsen. “The buzzwords will be phishing, encryption, physical to the cloud for office support and collaboration tools, we realised
security and doxing.” we were taking our workforce into a new decade of efficiency and
job satisfaction,” said Bjørn Villa, CIO at Trondheim. “Taking this
Digital workplace further, we are bringing all our services to all screens and putting
Another IT priority expected to continue in 2018 is the popu- an even stronger focus on mobile first. To increase general user sat-
larity of the cloud. In 2017, Computer Weekly and TechTarget’s isfaction, we are also planning to shift volume purchase away from
IT Priorities survey found that more than half of Nordic Microsoft OS-based devices over to Chrome OS.”

cw nordics February-April 2018 5

 IT PRIORITIES 2018

Home

Editor’s comment Svevia’s Dahlin has similar plans for 2018, with the construc-
tion company rolling out a new digital workplace platform based Robotic software automation will continue to be a priority
Top IT priorities for on technologies and cloud services from Microsoft. The plat- for many Nordic CIOs looking to improve efficiency
Nordic CIOs in 2018
form includes collaboration and document management tools
for both PCs and smart devices, with emphasis on ease of use
Cyber attacks
of 2017 drive – such as face recognition for logins – and the safe use of third-
security efforts party mobile devices with role-based segmented integration
with its IT environment.
Sweden steps up
cyber defence
measures Cognitive computing
Finally software robots, or robotic process automation (RPA),
Nordic banks face continues to be a priority for many Nordic CIOs looking to
decisions over improve efficiency. Most of these robots are still rule-based and
digitisation as PSD2
comes into force are used to replace repetitive manual tasks, but this year com-
panies plan to add more intelligence to their automation efforts.
Sweden’s Stena “The next step will be to implement more advanced function-
Line on voyage of
discovery to digital
ality related to cognitive technologies in existing RPA solutions,”
transformation said PA Consulting’s Johnsen. “These include machine learning,
natural language processing and the ability to deliver advanced
The role of ethics analytics back to the business.”
in software
development IDC’s Elbak agreed that companies’ interest is growing in the
capabilities of AI and machine learning technologies – but there
are still a few bridges to cross.
“Many organisations lack the competencies to build a cognitive

ALPHASPIRIT/ADOBE
system – and even to identify how it can be used,” he said. “But
as machine learning, in particular, becomes easier to access via
software, cloud and APIs [application programming interfaces],
organisations will embrace the technology.” n

cw nordics February-April 2018 6

 SECURITY INVESTMENT

Home

Editor’s comment

Top IT priorities for

Cyber attacks of 2017 drive security efforts
Nordic CIOs in 2018

The volume of last year’s cyber attacks has increased boardroom focus on security. Eeva Haaramo reports
Cyber attacks
of 2017 drive

A
security efforts

nother month, another large-scale cyber attack. That’s
Sweden steps up what 2017 felt like for many. Notably, the WannaCry ran-
cyber defence
measures somware attack in May, followed by NotPetya a month
later, paralysed computers – and companies – globally.
Nordic banks face One of the hardest hit was Danish shipping giant Maersk, which
decisions over estimates NotPetya cost it up to €300m in lost revenue. But
digitisation as PSD2
comes into force have these highly publicised attacks affected Nordic companies’
approach to cyber security?
Sweden’s Stena “Ransomware attacks [in 2017] were definitely a wake-up call
Line on voyage of
discovery to digital
for many companies since they affected businesses of all sizes
transformation and from all sectors,” said Mika Susi, chief policy adviser, corpo-
rate security, at the Confederation of Finnish Industries.
The role of ethics “I think many companies realised the chance of getting attacked
in software
development nowadays is more probable than ever.”
Petteri Arola, head of cyber security for Fujitsu in the Nordics,
agreed. Cyber security awareness has been a growing trend
for a few years as Nordic companies’ business models become
increasingly digital, but Arola said the recent large-scale ran-
somware attacks have helped to push these issues higher on the
boardroom agenda. “Attitudes have changed. An important factor
here is that when an issue is raised for the [executive] board’s
attention and is driven by the board, it will get enough resources
and budget,” added Arola.
No safe haven from cyber attacks
In 2017, cyber threats and security blunders also threw more fuel
on the fire for Nordic cyber security. Most notably the Swedish
government was hit by an IT security scandal in July when a major
data leak from the Swedish Transport Agency was uncovered.
The leak was a result of the agency outsourcing its IT mainte-
nance to IBM in the Czech Republic in 2015, but failing to carry out
the required security clearance checks. This meant driving licence
data and information about all vehicles in Sweden – including
police and military – became available to foreign IT workers with-
out security clearance.
Another theme dominating Nordic headlines was cyber espio-
nage. In January 2017, Swedish prime minister Stefan Löfven pub-
licly stated the country could not rule out the potential of Russia
trying to interfere with its elections.
In April, Danish prime minister Lars Løkke Rasmussen accused
Russia of hacking its government emails. “What’s happening is
very controlled. It’s not small hacker groups doing it for the fun

cw nordics February-April 2018 7

 SECURITY INVESTMENT

Home

Editor’s comment of it,” said Frederiksen. “It’s connected to intelligence agencies or Wennmark, solution consulting manager for the Nordics at
central elements in the Russian government, and holding them off ServiceNow, feels increased cyber security awareness has led
Top IT priorities for is a constant struggle.” to greater focus on developing structured, automated processes
Nordic CIOs in 2018
Soon after this a global cyber espionage campaign, dubbed for IT security.
Cloud Hopper, was discovered. China-based hacker group APT10 “The majority of companies have mainly manual routines for
Cyber attacks
of 2017 drive is suspected as being behind the attack, which targeted busi- how they handle security-related work. This is changing,” he said.
security efforts nesses and government agencies through IT service providers. “And with GDPR [EU General Data Protection Regulation], the
Among the targeted countries were Sweden, Norway and Finland. cost of not being compliant is significant. This triggers the need
Sweden steps up for a much more automated and structured security process.”
cyber defence
measures Countering cyber threats But this is not true for all. While the Nordics in general fare well
But it isn’t all doom and gloom. Preparedness for cyber attacks in global comparison – in a recent PwC survey, 41% of its Nordic
Nordic banks face has improved in Nordic companies in recent years. Frederick respondents had some kind of a cyber incident response plan,
decisions over
digitisation as PSD2
comes into force

Sweden’s Stena
Line on voyage of
discovery to digital
transformation

The role of ethics

in software
development

MATEJMO/GETTY
cw nordics February-April 2018 8
 SECURITY INVESTMENT

Home

Editor’s comment compared with 37% globally – Arola stressed there was a lot of By now, it is apparent to companies and governments that
divergence in cyber security approaches. cyber threats are here to stay, and Nordic organisations recog-
Top IT priorities for “There are still companies where cyber security maturity is at nise they have to take new measures to prepare for them. Arola
Nordic CIOs in 2018
a fairly early stage. They haven’t properly prepared [for cyber pointed out a growing trend is buying cyber security as a ser-
threats], taken them seriously enough or don’t understand how vice, particularly in Finland.
Cyber attacks
of 2017 drive they should be treated,” he said. “In Finland, companies are more ready to buy cyber security
security efforts “They have bought an anti-malware product and think the issue as a service. In Sweden, they might want to build their internal
is sorted. But the situation is much more complex – protection expertise more. But everywhere, the direction is towards buying
Sweden steps up needs to have multiple layers and the threat situation has to be as a service,” said Arola.
cyber defence
measures constantly monitored.” “This is also because there is a shortage of cyber security
expertise. Experts in this sector are in high demand and there
Nordic banks face Cross-border collaboration aren’t enough of them to go around. So even if companies
decisions over Governments have also woken up to this and invested in would like to do these things internally, they might not find the
digitisation as PSD2
comes into force cross-border collaboration. right talent.”
In the wake of the Russian cyber espionage news, Danish and
Sweden’s Stena Swedish defence ministers released a statement in August 2017 Expertise needed
Line on voyage of
discovery to digital
promising deeper defence cooperation, including against hybrid Expertise is also needed as the cyber security sector
transformation threats. These were defined as various forms of cyber attacks, becomes increasingly complex. Notably, Wennmark expects
disinformation and false news. the number of companies using artificial intelligence and
The role of ethics A month later, Finland’s capital Helsinki celebrated the opening machine learning for security automation to grow in the
in software
development of a European Centre of Excellence for Countering Hybrid Threats coming year.
(Hybrid CoE). But first comes legal compliance, as all European companies
The centre is tasked with supporting its member countries’ handling personal data prepare for GDPR, which comes into force
“efforts to enhance their civil-military capabilities, resilience and in May.
preparedness to counter hybrid threats”. “GDPR will be the big thing in 2018. First prepare and comply,
Initially, it is joined by Finland’s neighbours Estonia, Latvia, then understand how to optimise and automate the processes
Lithuania, Norway and Sweden, alongside France, Germany, around maintaining compliance and customer requirements,”
Poland, Spain, the UK and the US. said Wennmark. n

cw nordics February-April 2018 9

 CYBER SECURITY

Home

Editor’s comment

Top IT priorities for

Sweden steps up cyber defence measures
Nordic CIOs in 2018

Sweden is tightening its cyber security defences as part of a national security strategy. Gerard O’Dwyer reports
Cyber attacks
of 2017 drive

T
security efforts

he growing undercurrent of risk linked to the increase in The report provides a forward-looking blueprint to shape future
Sweden steps up cyber terrorism threats is changing both the character national security policy, enabling the drafting of fit-for-purpose
cyber defence
measures and direction of Sweden’s national security policy and legislation to deal with contemporary and future cyber domain
associated defence apparatus. threats. The bedrock of Sweden’s evolving national security pol-
Nordic banks face In particular, Sweden’s government and national security lead- icy will be deeper collaboration between core branches of gov-
decisions over ers are pursuing a more aggressive, capital-intensive programme ernment, the armed forces and civil defence.
digitisation as PSD2
comes into force to scale-up spending and strengthen the Nordic country’s long-
term capacity to defend itself against potentially damaging
Sweden’s Stena attacks from cyber terrorists and cyber crime organisations. The bedrock of Sweden’s
Line on voyage of
discovery to digital evolving national security policy
transformation Working towards total defence
This integrated approach to national security was outlined in will be deeper collaboration
The role of ethics the delivery of the government-appointed Swedish Defence
in software
development Commission’s (SDC) report to the Swedish cabinet in December between core branches of
2017. The report, entitled Resilience, the total defence concept
government, the armed
and the development of civil defence in 2021-2025, is based
on detailed security-specific analysis compiled by the Swedish forces and civil defences
Armed Forces (AFC) and national security intelligence agencies.
Its findings are supplemented with strategic evaluations by
inter-departmental expert groups operating in key ministries “Sweden’s long-term approach is to develop a ‘total defence’
such as finance, infrastructure and justice. capability against external threats to the country’s national

cw nordics February-April 2018 10

 CYBER SECURITY

Home

Editor’s comment security that also protects our economy and critical infrastruc- society and critical infrastructure. A conventional kinetic attack,
ture, said SDC chairman Björn von Sydow. “Our next major task and in some circumstances a cyber attack, can be considered to
Top IT priorities for will be to deliver a comprehensive assessment of the regional be an armed attack,” the report said.
Nordic CIOs in 2018
and global security situation. This will include an appraisal of The protection of national critical infrastructure – such as
cyber threats facing Sweden and what action should be taken,” public transport systems, telecommunications networks and
Cyber attacks
of 2017 drive he added. power plants – will constitute a fundamental focal point in the
security efforts The report concluded that cyber attacks posed a very real and Swedish government’s all-inclusive mission to deliver a more
immediate threat for Sweden’s economy and society. “Systems effective overall defence against future cyber terrorism threats.
Sweden steps up for electronic communications are not designed to operate in
cyber defence
measures war-like conditions. Public services that the government previ- Boosting cyber defence funds
ously operated are now under private ownership. These changes The seriousness with which Sweden is taking new and future
Nordic banks face are important preconditions for total defence planning. Cyber threats in the cyber domain is plainly visible in the government’s
decisions over attacks may have similar consequences for the operation of budgeting plans. Sweden plans to increase expenditure on its
digitisation as PSD2
comes into force

Sweden’s Stena
Line on voyage of
discovery to digital
transformation

The role of ethics

in software
development
MARKUS/ADOBE

The Swedish government plans to increase its national defence

budget against cyber attacks to support its counter-terrorism agencies

cw nordics February-April 2018 11

 CYBER SECURITY

Home

Editor’s comment signals intelligence and cyber domain defence capabilities by of hostile cyber attacks against Sweden and the country’s criti-
10% to SEK5bn (€510m) in 2018. cal infrastructure.
Top IT priorities for Sweden will add an additional SEK2.7bn to its national defence
Nordic CIOs in 2018
budget in each subsequent year. The defence budget for 2018, IT weaknesses heighten fear
which is set to run to SEK44bn, will substantially increase Sweden’s elevated sense of fear is based on the higher fre-
Cyber attacks
of 2017 drive funding for Sweden’s elite military intelligence and homeland quency of malicious cyber crime strikes against IT infrastruc-
security efforts security agencies. ture, especially in the form of distributed denial of service
These comprise the National Defence Radio Establishment (DDoS) type attacks targeting state department and banking
Sweden steps up (Försvarets Radioanstalt/FRA) and the Military Intelligence and IT/computer platforms.
cyber defence
measures Security Service (Militära Underrättelse- och Säkerhetstjänsten/
Must). These two counter-terrorism agencies form the front
Nordic banks face line of Sweden’s defence against foreign-based threats, such as Sweden’s elevated sense of fear
decisions over cyber terrorism.
digitisation as PSD2
Pivotal to Sweden’s national security, both the FRA and Must
is based on the higher frequency
comes into force
are tasked with developing effective early warning systems to of malicious cyber crime strikes
Sweden’s Stena deal with increasingly sophisticated cyber threats and attacks
Line on voyage of
discovery to digital
against critical national IT infrastructure in both state and pri- against IT infrastructure,
vately operated enterprises and sectors of the national economy.
especially in the form of DDoS-
transformation
Under the 2018 defence spending programme, the FRA and
The role of ethics Must will see their annual operating budgets grow by SEK83.5m type attacks targeting state
in software
development (€8m) in 2018. The lion’s share of the added funding will be
used to further FRA’s and Must’s increasingly expansive coun- department and banking
ter-terrorism, information and cyber security projects and pro-
grammes. These include the reinforcement of present and active IT/computer platforms
cyber war threat response capabilities.
New projects cover the development of advanced offen- Recent inter-departmental threat assessments, combined
sive smart technologies and tools that have the capacity with intelligence gathered by the FRA and Must, have identi-
to weaponise counter-strike actions against the perpetrators fied basic weaknesses in some IT systems and networks linked

cw nordics February-April 2018 12


Home
Editor’s comment to the operation of power plants, defence infrastructure, fire ser-
vices, wind turbines and waste water treatment plants.
Top IT priorities for The full scale of inherent weaknesses isn’t known just yet. This
Nordic CIOs in 2018
may be revealed to a greater extent once a comprehensive risk
assessment on critical IT infrastructure is completed in 2019. This
Cyber attacks
of 2017 drive review will involve input by the FRA, Must, all state departments
security efforts and Sweden’s regional civil defence authorities.
Initial data suggests that up to 10,000 IT systems and net-
Sweden steps up works in Sweden could be vulnerable to cyber attacks. What is
cyber defence
measures known is that IT and computer operating systems employed to
run some of the country’s older power plant units and other util-
Nordic banks face ities do not use a password-based access protection shield to
decisions over guard against cyber attacks. Based on this loose degree of sys-
digitisation as PSD2
comes into force tem protection and vulnerability, it would be technically possi-
ble for hackers to gain remote access and “take over” unsecured
Sweden’s Stena internet-connected devices, such as water treatment pumps,
Line on voyage of
discovery to digital
ventilation equipment and alarm systems protecting private and
transformation state-operated facilities.
Sweden’s vulnerability to malicious attacks in the cyber domain
The role of ethics became openly visible in October 2017 after IT systems used by
in software
development public transport authorities to monitor rail traffic were targeted.
The DDoS cyber strike caused significant delays to train
schedules. The cyber attack also forced the Swedish Transport
Agency’s (Transportstyrelsen/STA) website to temporarily
crash. The website was forced offline after its servers became
overloaded in the wake of a sustained bombardment of com-
munication requests in the aggressive DDoS strike. The inci-
dent exposed vulnerabilities in the STA’s IT infrastructure and
CYBER SECURITY
capacity to repel a large-scale and sustained DDoS attack. It
also displayed the incapacity of the agency’s website and serv-
ers to deal with the multiple and large-scale communication
requests that are the hallmark of DDoS attacks.
Victims of the DDoS attack included the regional public transport
operator Västtrafik and its services in western Sweden. The attack
overloaded servers supporting the company’s ticket-booking app
and online travel planner, causing related core IT systems to crash.
“It is sometimes difficult to know who the perpetrators are,
and who is behind these attacks. It could be just high jinks.
Alternatively, it could be other parties trying to investigate what
kind of protection Trafikverket employs to safeguard its IT and
computer systems against cyber attacks,” said Patrik Gylesjö, the
vice-CEO of Stockholm-headquartered internet provider DGC.
Cyber threats have global reach
The global reach of cyber threats facing Sweden was also high-
lighted in May 2017 when the country’s 290 municipalities
began to overhaul their IT security platforms and defences fol-
lowing the notorious WannaCry ransomware attack, which
infected more than 300,000 computers across 150 countries.
In Sweden, Timrå council fell victim to the attack, with around
70 of the local authority’s computers infected.
The WannaCry ransomware cryptoworm targeted PCs run-
ning the Microsoft Windows operating system by encrypting
data and demanding ransom payments in the bitcoin crypto-
currency. The cyber attack was halted days after its discovery
when Microsoft released emergency patches. n
cw nordics February-April 2018 13
 FINANCIAL TECHNOLOGY

Home

Editor’s comment
Nordic banks face crucial decisions over
digitisation as PSD2 comes into force
Top IT priorities for
Nordic CIOs in 2018

Cyber attacks
of 2017 drive
security efforts With the latest version of the EU payment services directive coming into force, traditional
Nordic banks cannot afford to slow their digital transformations, writes Eeva Haaramo
Sweden steps up

C
cyber defence
measures
hatbots, layoffs, closer startup ties and the revised Payment customers to extend or top up their loans in a few minutes online
Nordic banks face Services Directive (PSD2) – these themes coloured the or on a mobile app. No contact with a bank employee is required.
decisions over Nordic finance industry in 2017 as banks accelerated their Meanwhile, in Finland, financial services provider OP Financial
digitisation as PSD2
comes into force digitisation efforts. And they cannot afford to slow down in 2018 Group has ventured outside traditional finance products with a
as the number of financial technology (fintech) providers com- strategy shift to become a “digitally focused multi-sector services
Sweden’s Stena ing in with new value propositions is increasing all the time, says company”. This includes mobility and health services as well
Line on voyage of
discovery to digital
Halvor Lande, head of digitisation at DNB, Norway’s largest bank. as tapping into the blockchain trend with Nordic banking giant
transformation Nordea to move residential real estate deals – and all the paper-
Sense of urgency work – to a digital platform built on distributed ledger technology.
The role of ethics “Big tech companies such as Facebook, Apple and Amazon are Nordea has also introduced its first artificial intelligence (AI)-
in software
development also starting to move into this industry and challenging tradi- powered chatbot, Nova, which is now helping the bank’s custom-
tional banking products and services,” said Lande. “This has ers with simple queries, much like Swedish bank SEB’s Amelia and
created an increased sense of urgency among all banks that we Swedbank’s Nina.
need to step up significantly in digital product development and
business reinvention.” Legacy issues
Examples are not hard to find. DNB has redefined itself as a But despite such advances, incumbent banks have a weakness
technology company with a banking licence. Its latest launch is compared with their startup counterparts. Mikko Riikkinen, a
a fully automated lending process that allows the bank’s existing fintech specialist PhD researcher at the University of Tampere,

cw nordics February-April 2018 14

 FINANCIAL TECHNOLOGY

Home

Editor’s comment said that although Nordic banks were early adopters of online

CARLOS BRYANT/FLICKR
banking, they are now weighed down by their legacy IT systems.
Top IT priorities for “Banks need to let go of some of the old things they have tradi-
Nordic CIOs in 2018
tionally been good at to reach the next level,” he said. “Banks are
used to developing things themselves and now they have to open
Cyber attacks
of 2017 drive up their APIs [application programming interfaces].”
security efforts The banks are well aware of their legacy challenge. In October
2017, Nordea announced it would be axing 6,000 jobs worldwide,
Sweden steps up including external IT consultants, citing digital transformation as
cyber defence
measures the key driver. That news followed the launch of its €1bn simpli-
fication programme three years earlier, which includes new core
Nordic banks face banking and payment systems.
decisions over
digitisation as PSD2
comes into force New cloud platform
In Norway, DNB – which closed 59 retail branches last year
Sweden’s Stena because of the growth in digital banking – is preparing to launch
Line on voyage of
discovery to digital
a new cloud platform in 2018.
transformation “We are moving from our old-fashioned front and development
architecture, which was built in the 1990s, to a completely new,
The role of ethics modern, cloud-based environment,” said Lande. “It is the founda-
in software
development tion for all our new development going forward. As a result, we
will launch new products in 2018 built on the cloud and integrated
into our back-end systems through our APIs.”
Harri Nummela, vice-president of digital business at OP, out-
lined similar plans. While OP is experimenting with new digital
business models, most of its investment still goes on digitis- Norway’s DNB has redefined itself as a
ing existing customer and internal work processes. “If you want technology company with a banking licence
to build new value chains and a platform economy, the pieces

cw nordics February-April 2018 15

 FINANCIAL TECHNOLOGY

Home

Editor’s comment attached to them will come from our current business and those could pay bills, access transaction data and manage their budgets
have to be digital,” said Nummela. “So this is also groundwork for from a mobile app offered by someone other than their bank.
Top IT priorities for our future business models.” “Banks will need to rethink their whole concept – and they aren’t
Nordic CIOs in 2018
Nordic banks have also realised they don’t have to develop these ready for that yet,” said Riikkinen. “They still lack the understand-
future business models alone. In November, Nordea announced a ing of how to play with startups and what their new role is. It will
Cyber attacks
of 2017 drive fintech fund targeted at Nordic startups and made investments in take a lot of time and resources for each bank to figure out how
security efforts Swedish mobile payments provider Betalo. this will work.”
In Norway, DNB has put its weight behind the DNB NXT
Accelerator programme run by the Norwegian Startup Lab. And
“Banks still lack understanding
Sweden steps up
cyber defence
measures in Finland, OP has started up an OP Lab innovation unit to work
more closely with its startup partners. of how to play with startups and
Nordic banks face Denmark’s Danske Bank has taken a slightly different approach
decisions over
digitisation as PSD2
with The Hub, its online platform. The bank works with local part- what their new role is. It will
comes into force ners in each of the Nordic countries to help startups with recruit-
ment and raising capital. take a lot of time for them to
Sweden’s Stena
figure out how this will work”
Line on voyage of
discovery to digital
Open up data
transformation This type of collaboration took a new turn when the EU’s PSD2 Mikko Riikkinen, University of Tampere
came into force in January, requiring banks to open up their pay-
The role of ethics ment and customer data for third-party providers through APIs. The choice banks face in future is whether to be producers of
in software
development Nordea made a head start on these new requirements in new customer-facing apps or a “utility” providing the APIs behind
December 2017 with the public launch of its Open Banking devel- these services. OP’s Nummela said this separation of customer
oper platform for account and payment APIs. Both OP and Danske and product layers has been a hot topic in the Nordics for almost
have announced similar platforms, but they are yet to open. 20 years, but only now are tangible changes starting to happen.
But it is not the technical aspects of PSD2 that Nordic banks “The hardest fights will be fought close to the customer inter-
will struggle with, said Tampere University’s Riikkinen – it is the face,” he said. “People’s need for [financial] services won’t disap-
cultural change. The new regulation will throw open the doors to pear, but if current finance players don’t change and renew them-
new services built on top of existing bank accounts. Consumers selves, they risk losing their places.” n

cw nordics February-April 2018 16

 DIGITAL TRANSFORMATION

Home

Editor’s comment
Digital transformation is voyage of
discovery for Sweden’s Stena Line
Top IT priorities for
Nordic CIOs in 2018

Cyber attacks
of 2017 drive
security efforts Stena Line CTO Jari Virtanen tells Eeva Haaramo how the ferry operator can differentiate
itself from the opposition by using digital tools to make its processes more efficient
Sweden steps up

F
cyber defence
measures
erry operator Stena Line has set an ambitious goal to have changed the market. At the same time, market entrants are
Nordic banks face become the world’s first ferry company powered by cogni- introducing new ways to package transportation products.
decisions over tive computing by 2021. This is a big step for a 55-year-old Now Stena Line believes it can differentiate itself by making its
digitisation as PSD2
comes into force company in a traditional industry, but one that its head of digital processes more efficient with digital tools, particularly in freight
transformation, Jari Virtanen, feels is essential. transportation. “If you look at the passenger side, most transport
Sweden’s Stena “Many of our managers say we are as efficient as we can be, companies already have a very high number of consumer-facing
Line on voyage of
discovery to digital
and yes, we are as efficient as we can be with the tools available digital services,” said Virtanen. “The big question is what is hap-
transformation today,” he said. “But we absolutely are not as efficient as we can pening on the freight and logistical side of our business.”
be if we look at the new tools available, such as artificial intelli-
The role of ethics gence and machine learning, and where we can be [with them] in Digital innovation team
in software
development just two to three years’ time.” To answer this question, Stena Line has set up a small digital
innovation team under Virtanen’s leadership. As well as devel-
Greater competition oping new services, it is tasked with predicting technological
In 2016, Stena carried 7.3 million passengers and two million developments and how the company could use these to gain a
freight units on 21 routes in the Baltic countries, Scandinavia and competitive advantage.
the UK. But the driver behind its digital push is straightforward: The team already has several ongoing projects. Stena has
greater competition. Ten years ago, car ferries were the only deployed software robotics to automate more than 100 manual
economical option for taking a holiday abroad, but cheap airlines internal processes and is tracking potential new use cases.

cw nordics February-April 2018 17

 DIGITAL TRANSFORMATION

Home

Editor’s comment

Top IT priorities for

Nordic CIOs in 2018

Cyber attacks
of 2017 drive
security efforts

Sweden steps up
cyber defence
measures
STENA LINE

Nordic banks face

decisions over
digitisation as PSD2
comes into force The company is also taking its cognitive capabilities signifi-
cantly further. It is preparing for the full launch of its chatbot,
Sweden’s Stena Stina, after six months in a public beta. Stina can adapt its com-
Line on voyage of
discovery to digital
munication style according to a customer’s mood and is built pri-
transformation marily around IBM Watson’s natural language capabilities to help
Stena’s customers on the web, by email and SMS.
The role of ethics The ferry operator is also testing the use of predictive analytics
in software
development in its customer pricing and capacity management.
“This means we can move from mostly manual ways of pricing
our products to more automated pricing,” said Virtanen. “We will
put more time into analysis to understand what people are will-
ing to pay. In our world, if we lose just 1% in the average price, it
has an impact of hundreds of millions of [Swedish] krona on our
net results, so you have to be sure things are working when you
launch [analytics].”
Another critical activity is connecting Stena’s port equipment
with its databases and monitoring how freight cargo moves
around the port. “Port operations are expensive, so we can gain
a lot of efficiency by understanding movement in the ports,” said
Virtanen. “We are trialling this in a couple of ports.”
Digitisation experience
Virtanen’s background is in business, but he has worked in dig-
itisation for the past 15 years. In fact, he helped build up Swedish
online travel agency Sembo, which was sold to Stena Line in
2012. Now he heads the ferry company’s travel sales, customer
experience and digital transformation teams.
This includes working closely with Stena’s IT operations, which
are concentrated in a separate company, Stena IT, which in turn
is owned by the ferry operator’s parent group, Stena Ab. Virtanen

cw nordics February-April 2018 18


Home
Editor’s comment estimates that Stena Line accounts for more than 70% of the IT
firm’s business. The ferry company also works with multiple sup-
Top IT priorities for pliers to boost its cloud credentials.
Nordic CIOs in 2018
“We are increasingly moving from traditional solutions to cloud-
based services,” said Virtanen. “We use pre-packaged solutions
Cyber attacks
of 2017 drive that we modulate into our business areas. For example, we are
security efforts using Facebook algorithms when predicting volumes because
they are very good and have open source. We don’t pretend we
Sweden steps up develop all these algorithms and other cool things ourselves.”
cyber defence
measures A growing number of such services also come from start-
ups. Stena Line has spent the past year scouting startups in the
Nordics to understand what kinds of technology are available to
Nordic banks face
decisions over its business from less conventional sources.
digitisation as PSD2
comes into force “If you want to make money in this business, you can’t just rely
on traditional solutions,” said Virtanen. “We have had some good
Sweden’s Stena runs, particularly in Finland, when it comes to small, cool compa-
Line on voyage of
discovery to digital
nies we are using. This area is moving quickly at the moment in
transformation Finland, because there are a lot of ex-Nokians out there who are
creating their own companies and working as consultants.”
The role of ethics
in software
development Trial and error
But not everything has run smoothly in Stena’s digital transfor-
mation. It has not been easy to introduce a digital focus and a
culture of trial and error to a traditional, asset-heavy business,
said Virtanen. “Getting the next level of management on board is
a bigger challenge for many companies than getting their boards
involved,” he said, “because you then start to come into contact
with existing power structures and who is responsible for what.”
DIGITAL TRANSFORMATION
Stena addresses this through a “turntable programme”, which
turns the traditional mentorship model upside-down. Young men-
tors are paired with the ferry company’s managers to educate
them on what digitisation means and what the opportunities are.
“They meet in an organised way, discuss these topics and edu-
cate each other,” said Virtanen. “It is a cultural challenge to get
them on the same level, but it has turned out to work well.”
“The ones who will win are the
ones who have the best ability
to use these technologies”
Jari Virtanen, Stena Line
An important factor was finding mentors outside Stena to bring
in a fresh perspective – so Virtanen turned to startups. “Some of
the startups are very interested in getting access to a big com-
pany like Stena,” he said. “We have had a lot of interest in this.”
Virtanen also spends a lot of time talking with Stena’s staff
about the digital transformation, explaining the business oppor-
tunities it brings. “Many companies were in a hurry to participate
in the first stage of digitisation and had the attitude that it is about
gadgets and cool technology,” said Virtanen. “But the ones who
will win are the ones who have the best ability to use these tech-
nologies to improve their results and understand how they affect
their business, not the ones with the coolest gadgets.” n
cw nordics February-April 2018 19
ETHICS IN IT

Uber, Volkswagen and

the ethics of software
Following Transport for London’s
decision against Uber, Cliff Saran
looks at the role of professionalism
and ethics in software development
U ber was the latest company to get caught out for using
software to help it overcome official audits and tests.
Among the reasons Transport for London (TfL) gave
in September 2017 for not renewing Uber’s licence to
operate in London was the software that the app-based taxi firm
allegedly developed to avoid officials inspecting its drivers.
While newspaper commentary was largely about the Licensed
Taxi Drivers’ Association, which represents London’s black cab
drivers, lobbying TfL against Uber, an important part of its deci-
sion was Uber’s stealth software.
This is not the first time a company has been found to have writ-
ten software explicitly to get around official tests and audits.

Volkswagen’s admission
In May 2014, Volkswagen was found to have modified its engine
management software to detect when diesel cars were being run
on an official emissions test, so it could dial down the emissions.
The car maker effectively wrote software specifically to cheat,
according to the New York Times, which wrote: “Volkswagen
admitted 11 million of its vehicles were equipped with software
that was used to cheat on emissions tests.”
The newspaper reported that an on-road test conducted by West
Virginia University found some cars emitted almost 40 times the
permitted levels of nitrogen oxide. This led to the California Air
Resources Board’s investigation of Volkswagen.
Looking at TfL’s decision not to renew Uber’s licence to operate
in London, among its concerns was the use of so-called Greyball
software, which geofences government and official buildings.
TCMAKE_PHOTO/GETTY
HOME

cw nordics February-April 2018 20

 ETHICS IN IT

Home

Editor’s comment The software reportedly presents an alternative appears to reveal a culture of contempt among
site to customers, or people wishing to book a ride ❯Many experts have warned managers. On her blog about sexual harassment at
Top IT priorities for from outside those buildings, which is used to pre- of the potential for the digital Uber, Susan Fowler wrote about a “toxic culture”
Nordic CIOs in 2018 revolution to cause social
vent officials from booking an Uber ride. and cultural unrest. Have we
in the company, where managers refuse to cooper-
Other cities have been concerned abut the use reached a tipping point? ate. “I remember a very disturbing team meeting
Cyber attacks
of 2017 drive of Greyball software. In a blog post, Gerald Gouriet in which one of the directors boasted to our team
security efforts and Charles Holland of barristers’ chambers Francis that he had withheld business-critical information
Taylor Building described Uber’s Greyball program from one of the executives so he could curry favour
Sweden steps up as a way to identify regulatory staff using the customer app and with another,” she wrote.
cyber defence
measures thereby avoiding regulatory activity, and highlighted the case of There is also the case of Uber’s God View tool, infringing users’
New York. “Uber initially robustly defended the program, but after privacy by collecting data about their location even when the
Nordic banks face six days, announced it would be withdrawn,” the pair wrote. Uber app is not being used.
decisions over The US City of Portland recently published an audit looking
Overcharging clients
digitisation as PSD2
comes into force into the use of Greyball software at Uber, which confirmed that
the transport company had admitted using such software. “In a Beyond Uber and Volkswagen, examples of unethical coding
Sweden’s Stena letter dated 21 April 2017, Uber’s counsel provided their second include overcharging clients, producing poor quality code, and
Line on voyage of
discovery to digital
response. In this response, the company admits to having used stealing intellectual property.
transformation the Greyball software in Portland for a two-week period, from In a post on open source repository GitHub, one developer has
5 December to 19 December 2014 against 17 individual rider been trying to raise the profile of coding ethics. The developer
The role of ethics accounts,” the audit report said. described how on one occasion, an employer asked to change
in software
development the value of refund vouchers on an e-commerce site to make the
Evade regulators refund worth less.
The records provided by Uber show three of those individual rid- The coder wrote: “I think we need to establish a code of eth-
ers actively requested and were denied rides on the Uber plat- ics for programmers. Doctors, social workers and even lawyers
form, the court filing stated. The company said it would never have a code of ethics, with tangible consequences for skimping
engage in a similar effort to evade regulators in the future. on them. Why not programmers as well?
But as Computer Weekly’s sister title, TheServerSide, notes, the “I want to live in a world where a programmer who hasn’t agreed
company’s record of unethical practices in software development to follow our code of ethics has a hard time getting employed. It

cw nordics February-April 2018 21

 ETHICS IN IT

Home

Editor’s comment is simply not acceptable to write code that is harmful to users.

DESIGNALLDONE/GETTY
What the hell is wrong with these people?”
Top IT priorities for The Association for Computer Machinery’s ethics statement
Nordic CIOs in 2018
says: “Software engineers shall approve software only if they have
a well-founded belief that it is safe, meets specifications, passes
Cyber attacks
of 2017 drive appropriate tests, and does not diminish quality of life, diminish
security efforts privacy or harm the environment. The ultimate effect of the work
should be to the public good.”
Sweden steps up Ethics in software engineering is also an area that has been
cyber defence
measures looked into by the BCS, The Chartered Institute for IT. The
BCS’s code of conduct for its members: “You shall have due
Nordic banks face regard for public health, privacy, security and wellbeing of others
decisions over and the environment.”
digitisation as PSD2
comes into force
Improve human wellbeing
Sweden’s Stena David Evans, BCS director of policy and community, believes an
Line on voyage of
discovery to digital
overriding outcome in the domain of computing should be to
transformation benefit society and improve human wellbeing. For organisations
that value customer relationships, ethics is very important, he
The role of ethics says: “In the academic world, ethics is top of the checklist.”
in software
development But working in an ethical manner can be challenging. “The idea
of public benefit or human wellbeing turns ethics into a misplaced
concept,” says Evans. “You can lose the reason why you do it. We
want professionals who do things that do not cause harm to oth-
ers, and we also want our IT team to understand the effects of
what they do.”
The value of working ethically should, says Evans, be ingrained
into corporate culture, including IT and software development.

cw nordics February-April 2018 22

 ETHICS IN IT

Home

Editor’s comment He says organisations will benefit if IT understands the human The industry is now entering the dawn of machine learning,
impact of what it does. where artificial intelligence (AI) is used to process vast amounts
Top IT priorities for The challenge for people working in IT is that the impact of their of personal data and then make decisions without the vagaries of
Nordic CIOs in 2018
work can be quite abstract, says Evans. “It is hard enough to think human decision-making.
about what is illegal. It’s harder to get people to understand how Ethics, as it relates to AI, was among the topics that author,
Cyber attacks
of 2017 drive their work will impact other people,” he says. broadcaster and tech philosopher Tom Chatfield spoke about at
security efforts the InterSystems Technology Summit in October.
Drive new opportunities “We are busy translating the fabric of our societies into some-
Sweden steps up A case in point is the Data Protection Act. A business may want thing machine-readable; into data on a scale that only machines
cyber defence
measures to use its customers’ data in certain ways to drive new opportu- can handle, and that, in turn, will fuel the next generation of
nities. “I have seen reputable com- machine learning,” he says.
Nordic banks face panies celebrating tech success Walker says there are two points
decisions over
digitisation as PSD2
when their developments are in “T he problem with ilicon S to consider as the world moves more
breach of the Data Protection Act,” into the digital domain: the quality
V
comes into force
says Evans. “Ethics may constrain alley is that a small startup of the translation, and its capacity
Sweden’s Stena you from doing things that may for iteration and improvement.
Line on voyage of
make money.” He argues that data
in a bedroom can disrupt major “The exponentially increasing
discovery to digital
transformation sharing is not an ethical question:
“It is the actual law.”
industries around the world . volumes of data handled by our
tools can, when used well, feed the
The role of ethics
in software
For the BCS, ethics goes hand-in- Dialogue becomes necessary ” actionable small data and intuitive
hand with professionalism. The soft- insights human lives thrive upon –
development David Evans, BCS
ware industry appears to operate but they can also create a locked-
without much regard to the impact down world in which decisions
on individuals and businesses, says Evans. “A construction com- occur beyond our scrutiny,” he says.
pany cannot build a huge dam without consultation,” he says. For Walker, this is the difference between tools that can make
“We will need this in software, but the problem with Silicon integrated health records available anywhere, at the touch of a
Valley is that a small startup in a bedroom can disrupt major button, and tools that deny someone insurance based on an
industries around the world. Dialogue becomes necessary.” inscrutable algorithmic reading of their life. n

cw nordics February-April 2018 23