Swedish Defense on the Fence : Roles to play for the Armed Forces 2015-2020

Levin, Mattias

January 2023

The reason for conducting this case study is to analyze the roles of the Armed Forces of Sweden, as described by the Swedish policymakers. The research question is firstly what those roles are, and as a secondary objective, if those roles are conflicting. By analyzing the two major policy documents produced on Swedish security and defense policy during the period 2015-2020 these questions have been answered. The concept of roles has been central to the thesis and how conflicting roles are a source of organizational problems. The analysis of the material has been done by using discourse analysis in order to identify roles and the underlying discourse where they are constructed. Earlier research shows the importance of security and defense policy in directing the Armed Forces on what and how they should function. The roles were inductively found to be those of National Defender, Neighborhood Helper, Domestic Resource, and Expeditionary Crisis Manager. The results from this thesis show that the Policymakers view the two former roles concerned with national defense and providing military assistance in Sweden’s close vicinity as primary roles for the Armed Forces. The roles could be conflicting because of the non-alignment status of Sweden during the periods. The level of cooperation with other states and/or organizations makes Sweden’s ability to receive and give help uncertain. This is important in understanding Swedish defense and security policy in the context of its application to become a NATO member state in 2022.

Sweden

Swedish Armed Forces

Försvarsmakten

NATO

Security policy

Defense policy

Role theory

NATO and their gold card holders : An entanglement analysis of Sweden and Finland's decision to apply for membership in NATO

Moregård, Emelie

January 2024

The aim of this paper is to gain a greater understanding of the meaning-making process behind Finland and Sweden’s decision to join NATO in 2022, and by so, deviate from their long-standing tradition of military non-alignment. Instead of solely pointing to the Russian invasion of Ukraine as the official reason for NATO membership this paper suggests that the concept of strategic culture can provide one with a greater understanding of their decision to join NATO. Resulting in the question: How can the concept of strategic culture help us understand the decision by Sweden and Finland to apply for NATO membership in 2022, despite their longstanding tradition of non-military alignment? With the concept of strategic culture, the analytical framework argues that the decision-making in Finland and Sweden was shaped by historical experiences that in turn influenced their strategic culture, which worked as a shaping context for their respective strategic behaviour. This is done through an entanglement analysis, a close reading and interpretation of the empirical material such as books, peer-reviewed articles, statements, government reports, and speeches, to demonstrate if the decision to join NATO followed Finland and Sweden’s typical strategic behaviour. This paper argues that the decision to join NATO did not represent a shift in the two state’s respective behaviour, instead the decision was in line with the strategic behaviour the states have followed since the end of the Cold War. Hence, the decision to join NATO demonstrates a sign of continuity rather than a historical shift in their foreign and security policy.

Strategic culture

Sweden

Finland

NATO

entanglement analysis

strategic behaviour

security policy

foreign policy

Other Social Sciences

Annan samhällsvetenskap

Övrig annan samhällsvetenskap

The Status Of Web Security In Sweden

Alkhateeb, Firas

January 2022

Getting incorrect website content has increased in recent years, which is a reflection of the web security status on the Internet. However, when It comes to government and other professional organisations websites, they should have the best security requirements and follow security recommendations. This research will study websites located in the SE zone. The total number of investigated websites is 1166. The testing process was done in two ways. The firstway is a Dutch test website tool called Internet.nl. The second is using a tool developed as part of the research. The investigation focuses on Swedish websites and nine security extensions. These extensions prevent Man in the middle attack(MITM), downgrade attacks, Cross-Site Scripting (XSS), Click-jacking, and ensure that the correct information is obtained when a client requests a website. The paper evaluated the security between 2014 and 2022. What are the types of security taken and which sector has the best security awareness. The using of security headers had increased in 2022, the total use of tested security standards in the SE zone is around 50%, and banks have the best security awareness.

DNSsec

HTTPS

HSTS

X-Frame

X-Content-Type-Options

Content-Security-Policy (CSP)

Referrer-Policy

Digital certificate (X.509)

Computer Sciences

Datavetenskap (datalogi)

Breaking Neutrality : A Study of Sweden's Decision to Join NATO

Olofsson, Emelie

January 2024

For over two centuries, Sweden has maintained a policy of non-alignment. This tradition broke on May 18, 2022, when Sweden applied for NATO membership. According to the government, the membership was seen as essential for protecting Sweden due to the worsening security situation caused by Russia’s invasion of Ukraine. Nonetheless, this raises a critical question: Given that Sweden has faced similar crises historically without turning to NATO, why choose to do so now? By conducting a descriptive ideal-type analysis based on the theoretical concept of strategic culture, this thesis argues that Sweden’s decision to apply for NATO membership was primarily driven by a series of external pressures and shifts in the regional security landscape. More specifically, the decision was influenced by the exposure of Sweden’s inadequate defense capabilities in response to Russia’s invasion of Ukraine and Finland’s concurrent shift towards NATO. Crucially, this strategic shift to join a military alliance does not reflect a change in Sweden’s underlying strategic culture. Instead, it marks a pragmatic evolution in Sweden’s defense strategy, responding to new challenges while upholding its foundational values to ensure both national and regional stability amid global uncertainties.

NATO

foreign policy

security policy

strategic culture

strategic behavior

Sweden

Nato

utrikespolitik

säkerhetspolitik

strategisk kultur

strategiskt beteende

Sverige

Political Science

Statsvetenskap

Clarifying roles and responsibilities in information security : A case study of policy implementation in high-stakes environments

Alndawi, Tara

January 2024

In information security, the success of security policies is critically dependent on their implementation in organizations. This thesis explores the gap between formal definitions and the actual implementation of security policies, focusing on roles within a Swedish defense company. Using a qualitative research approach, this study employs semi-structured interviews to gather in-depth insights from individuals directly involved in security management, with the aim of uncovering the real-world complexities and challenges faced in policy implementation. This study identifies several core issues that affect policy implementation: ambiguity in role definitions, inconsistencies in policy communication at different organizational levels, and the frequent need for individuals to adapt policies to practical and situational needs. These factors contribute to the risk of security breaches by creating conditions in which policies are misunderstood or incorrectly applied. The findings highlight a significant discrepancy between how policies are intended to function and how they are implemented in daily operations, revealing a critical vulnerability in organizational security frameworks. This thesis contributes to the existing body of knowledge by mapping the landscape of security policy implementation within the context of the highly regulated defense industry. The results provide empirical evidence that improves the understanding of the interaction between policy, practice and the human element in security regimes with the aim of improving clarity and reducing the incidence of human error in security practices.

Practical policy application

policy compliance

security policy gaps

role clarity

role ambiguity

information security management

Swedish defense industry

Information Systems, Social aspects

Informationssäkerhet på ett företag inom dagligvaruhandeln

Caspersson, Helen

January 2024

Alla människor är beroende av mat. Sverige har en god livsmedelsindustri där sista steget är dagligvaruhandeln som hjälper till att Sveriges befolkning får mat på bordet. I och med att digitaliseringen ökat i vårt samhälle har det även senaste åren rapporterats i media om dataintrång riktade mot företag i Sverige. 2021 fick Coop stänga ner sina butiker då kassasystem slutade fungera på grund av en utpressningsattack mot leverantören av mjukvaran till kassasystemen som företaget använder.  Ökningen av dataintrång i Sverige har lett till att det blir allt viktigare att skydda informationen hos företagen. Information spelar en stor roll i en organisations affärsverksamhet där informationen kommer i kontakt med både teknik och människor. Det gör att ett aktivt informationssäkerhetsarbete är viktigt för att säkerhetsställa konfidentialiteten, integriteten och tillgängligheten hos företagets information. Genom en kvalitativ studie bestående av intervjuer med ledning och medarbetare på ett företag inom dagligvaruhandeln studerades hur företaget förhåller sig och arbetar med informationssäkerhet. Resultatet från intervjuerna analyserades genom att använda en tematisk analys där teman identifieras ur empirin. Resultaten av studien analyserades och diskuteras utifrån teorin med fokus på informationssäkerhetspolicys, säkerhetsmedvetenhet och organisationskultur. Slutligen diskuteras vikten av utbildning och träning för att öka säkerhetsmedvetenheten i företagets organisationskultur. / All humans need food. Sweden has a well functioning food industry, where the final step in the chain is the grocery trade and where the people can buy their food. As digitalization has increased in our society there have also been reports in the media in recent years about ransomware attacks on companies in Sweden. In 2021 the grocery chain Coop had to close their stores when their cash register system stopped working because of a ransomware attack against the supplier of the software of the system for the company’s cash registers.  The increase of computer breaches in Sweden has made it increasingly important to protect the information at companies. The information plays an essential role in an organization's business processes where it comes in contact with both technology and people. This means that active information security work is important to ensure the confidentiality, integrity and availability of the organization’s information. With the use of a qualitative study consisting of interviews with the management and employees of a company in the grocery trade a study was performed on how the company relates to and works with information security. The result from the interviews was analyzed using thematic analysis where themes were identified from the collected data. The results from the study were analyzed and discussed based on the theory with focus on information security policies, security awareness and organizational culture. Lastly the importance of education and training to increase the security awareness in the company’s organizational culture was discussed.

information security

security awareness

human factors

information security policy

organizational culture

grocery trade

informationssäkerhet

säkerhetsmedvetenhet

mänskliga faktorn

informationssäkerhetspolicy

organisationskultur

dagligvaruhandeln

Information Systems

An investigation of information security policies and practices in Mauritius

Sookdawoor, Oumeshsingh

30 November 2005

With the advent of globalisation and ever changing technologies, the need for increased attention to information security is becoming more and more vital. Organisations are facing all sorts of risks and threats these days. It therefore becomes important for all business stakeholders to take the appropriate proactive measures in securing their assets for business survival and growth. Information is today regarded as one of the most valuable assets of an organisation. Without a proper information security framework, policies, procedures and practices, the existence of an organisation is threatened in this world of fierce competition. Information security policies stand as one of the key enablers to safeguarding an organisation from risks and threats. However, writing a set of information security policies and procedures is not enough. If one really aims to have an effective security framework in place, there is a need to develop and implement information security policies that adhere to established standards such as BS 7799 and the like. Furthermore, one should ensure that all stakeholders comply with established standards, policies and best practices systematically to reap full benefits of security measures. These challenges are not only being faced in the international arena but also in countries like Mauritius. International researches have shown that information security policy is still a problematic area when it comes to its implementation and compliance. Findings have shown that several major developed countries are still facing difficulties in this area. There was a general perception that conditions in Mauritius were similar. With the local government's objective to turn Mauritius into a "cyber-island" that could act as an Information Communication & Technology (ICT) hub for the region, there was a need to ensure the adoption and application of best practices specially in areas of information security. This dissertation therefore aims at conducting a research project in Mauritius and assessing whether large Mauritian private companies, that are heavily dependent on IT, have proper and reliable security policies in place which comply with international norms and standards such as British Standard Organisation (BSO) 7799/ ISO 17799/ ISO 27001. The study will help assess the state of, and risks associated with, present implementation of information security policies and practices in the local context. Similarities and differences between the local security practices and international ones have also been measured and compared to identify any specific characteristics in local information security practices. The findings of the study will help to enlighten the security community, local management and stakeholders, on the realities facing corporations in the area of information security policies and practices in Mauritius. Appropriate recommendations have been formulated in light of the findings to improve the present state of information security issues while contributing to the development of the security community / Computing / M.Sc. (Information Systems)

Adherence to established standards

Information security framework

Information security policy

Information security practices

Security standards

Compliance

Information security risk

Procedures

005.8096982

Information policy -- Mauritius

Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness

Frangopoulos, Evangelos D.

31 March 2007

As Information Security (IS) standards do not always effectively cater for Social Engineering (SE) attacks, the expected results of an Information Security Management System (ISMS), based on such standards, can be seriously undermined by uncontrolled SE vulnerabilities. ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of standard not restricted to technical controls, while encompassing proposals from other standards and generally-accepted sets of recommendations in the field. Following an analysis of key characteristics of SE and based on the study of Psychological and Social aspects of SE and IS, a detailed examination of ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its controls with respect to SE is provided. Furthermore, enhancements to existing controls and inclusion of new controls aimed at strengthening the defense against Social Engineering are suggested. Measurement and quantification issues of IS with respect to SE are also dealt with. A novel way of assessing the level of Information Assurance in a system is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)

Information assurance

Influence

Persuasion

Actor-network theory

Objective reality

Subjective reality

ISO 27002

ISO 27001

ISO 17799

Security policy

Information security

Social engineering

005.8

Social engineering

Data protection

Computer security

能源安全對美國中東外交政策工具選擇之影響-以美國石油產量為例 / The impact on energy security of US Middle East foreign policy tool of choice-A Case Study of American Oil Production

邱信國, Chiu, Hsin Kuo

Unknown Date

美國擁有豐富的石油儲量，目前已探明的石油儲量即達到 485 億桶，居世界 第 9 位；同時也於 2014 年追過沙烏地阿拉伯，以平均每日 1164 萬桶的產量成為 世界上最大石油生產國。但另一方面，美國每日的石油消耗量，更大於歐洲及歐 亞大陸內 29 個國家的每日消耗量的總合，成為世界上最大的石油消費國。身為 世界上最大的能源消費國及戰後世界秩序的主導者，同時歷經一、二次世界大戰 及石油危機的重大衝擊後，深知能源的穩定供應是國家安全的重要基礎，美國必 須盡全力透過外交甚至軍事手段以確保能源的安全，所以歷屆政府都以能源安全 作為國家安全及外交政策的重點。 中東是目前全球己探明石油儲量最大的地區，也是全球石油產量最大的地區， 是以美國以能源戰略為導向的外交政策（簡稱能源外交）傳統上是以中東石油為 重心，美國也將中東地區的均勢與穩定、確保石油運輸通道的安全等視為其最根 本的國家利益之一。二次世界大戰之後，美國為了擴張或鞏固其在中東地區的影 響力而投入了大量的資源進行政治、經濟及軍事的干預。而頁岩油的出現使得美 國石油自給率大幅提高，對中東地區石油的依賴也迅速下滑。 頁岩油的出現是否會讓美國改變其向中東傾斜的外交政策，進一步將其全球 戰略部署重心進行調整至快速崛起的亞洲地區，值得我們觀察與探討。本論文以 文獻研究之方式，透過分析美國對石油進口的依賴程度與其在中東發生軍事衝突 時所採用的外交政策工具之間的關聯，嘗試探討在頁岩油革命大幅提高美國能源 自給率後，是否會影響美國對中東地區事務的干預程度。 本研究發現，石油進口比例的確影響了美國在中東地區所運用的外交政策工 具。石油進口比例高時，美國面對中東的跨國軍事衝突時傾向採取強度較高的外 交政策工具；石油進口比例低時，則採取干預強度較低的外交政策工具。是以本 研究認為，在頁岩油革命使美國進一步降低對進口石油的依賴後、將使中東這個 提供美國主要石油來源的地區的重要性降低。但另一方面，中東除了提供美國重 要的石油來源，亦是全球的石油供應中心，美國對中東地區的影響力不僅關係到 美國的能源安全，亦關係到美國全球霸權的地位。 / United States has abundant oil reserves that reserves reached 485 billion barrels, ranking No. 9 in the world; and also chase in 2014 over Saudi-Arabia, to 1164 million barrels of production per day on average to become the world largest oil producer. On the other hand, the US daily oil consumption, the greater the total combined daily consumption in Europe and Eurasia in the 29 countries, the world's largest oil consumer. As the world's largest energy consumer and the postwar world order leader, after a while, after the Second World War and the significant impact of the oil crisis, we know that stable supply of energy is an important basis for the national security of the United States must do efforts through diplomatic and even military means to guarantee energy security, the successive governments have focused on energy security as national security and foreign policy. The Middle East is currently the world's largest oil reserves in the region have been proven, is the world's largest oil production area, based on the US foreign policy-oriented energy strategy (referred to energy diplomacy) is traditionally focus on Middle East oil, the United States will in the Middle East balance and stability in the region, to ensure the safety of oil transport corridor, etc. regarded as one of the most fundamental interests of their country. After World War II, the United States in order to expand or consolidate its influence in the Middle East and put a lot of resources, political, economic, and military intervention. The emergence of shale oil self-sufficiency rate of such a substantial increase in US oil dependence on Middle East oil is also declining rapidly. Shale oil occurs whether the United States will change its foreign policy towards the Middle East tilt further its global strategic center of gravity to adjust to the rapid rise of Asia, we should observe and discuss. In this paper, after the manner of literature, through the analysis of foreign policy tools related U.S. dependence on oil imports and its military conflict in the Middle East used between attempts to discuss a substantial increase in US energy self-sufficiency rate in shale oil revolution, whether the United States will affect the level of intervention in the Middle East affairs. The study found that the proportion of imported oil does affect US foreign policy tool in the Middle East by the use of. A high proportion of oil imports, the United States when faced with cross-border military conflict in the Middle East tends to take a higher intensity of a foreign policy tool; low proportion of imported oil, then take a low intensity intervention foreign policy tool. The present study is that in the US shale oil revolution to further reduce the importance of post-import dependence on oil, the Middle East, will provide the main source of US oil region is reduced. On the other hand, the Middle East and the United States in addition to providing an important source of oil, is also a center of global oil supplies, the US forces in the Middle East not only to America's energy security, but also related to the status of US global hegemony.

頁岩油

能源安全政策

外交政策工具

能源危機

軍事干預

Shale oil

Energy security policy

Foreign policy tool

Energy crisis

Military intervention

A common defence for Europe

Ivanovski, Hristijan

16 March 2015

One of the major analytical shortcomings regularly made by EU and NATO experts today lies with exclusively seeing the European defence project as a post-World War II (WWII) phenomenon and the EU’s Common Security and Defence Policy (CSDP) as mainly a post-Cold War product. No analyst has so far seriously explored the idea of European defence predating WWII and the 20th century. Instead, since 1999 one frequently reads and hears about the ‘anomalous,’ ‘elusive’ CSDP suddenly complicating transatlantic relations. But the CSDP is hardly an oddity or aberration, and it is certainly not as mysterious as some might suggest. Drawing extensively from primary sources and predicated on an overarching evolutionist approach, this thesis shows that the present CSDP is an ephemeral security and defence concept, only the latest of its kind and full of potential. Drawing its deepest ideational roots from the (pre-)Enlightenment era, the CSDP leads to a pan-European defence almost irreversibly. A common defence for Europe is quite possible and, due to the growing impact of the exogenous (multipolar) momentum, can be realized sooner rather than later even without a full-fledged European federation. / May 2016

Europe

European Union (EU)

Strategy

Homeland security and defence

Crisis management

Strategic neighbourhood

Effective multilateralism

Grand strategy

Common defence

NATO