Gunnar Karlson previously served as head of MUST (Swedish Military Intelligence and Security Service). Today he works, among other things, as a consultant in intelligence and security matters. In FSN Perspektiv, he describes the ever-present intelligence threat against defence companies in Sweden and why active security protection work is so important.

In recent times, there has been much discussion about the risk of war in Sweden. But war remains a risk, not a reality. The discussion about better war preparedness is necessary. However, it must not overshadow the need to also address the threats that are a reality today. The intelligence threat is one such threat. Foreign intelligence activities are harming us now, and they also increase the risks should war befall us. Measuring with certainty the extent of other countries' espionage against us is not possible. What matters is not how much the risk increases, but that it is, by a wide margin, large enough to demand a response. That the threat exists here and now is illustrated by several court cases in recent years.

Foreign intelligence activities affect many sectors. The defence industry is naturally a sector of great interest to adversaries. They can use the information to develop better weapons more quickly and at lower cost. Furthermore, stolen information can be used to identify weaknesses in our weapons systems, thereby increasing the risks we face in war. That risk affects not only Sweden, but also allies and others who purchase from the Swedish defence industry. Among the actors that the Swedish Security Service (SÄPO) typically highlights, it is primarily Russia and China that have an interest in defence industry information.

The intelligence threat consists primarily of two components: digital threats and the threat from human sources. A skilled adversary allows these to complement and reinforce one another. Through intrusions into IT systems and signals intelligence against communications, an adversary can, in the worst case, obtain large quantities of information. If the adversary is skilled (and the target is not sufficiently so), they can also acquire information without the affected party noticing. In a digitalised world, it is natural and necessary that cyber threats receive considerable attention.

The recruitment of human sources (referred to as "agents" in SÄPO terminology) has not become less relevant as digital threats increase. A traitor on the inside can provide unique information and be directed towards the most important targets. Despite the fact that using human sources is costly and difficult, foreign powers continue to do so. The greatest attention is often given to situations where an intelligence service recruits a person who initially had no intention of becoming an agent. The term "recruitment ladder" is used to describe how an intelligence service gradually approaches an unsuspecting individual and eventually draws them into its grasp. This can take many years and occurs following careful preparation. The individual's vulnerabilities are mapped out in particular detail.

Equal attention should be paid to the risk of a person becoming a traitor on their own initiative, without any need for recruitment or persuasion. This concerns individuals who themselves initiate contact with a foreign intelligence service. In fact, many of the known espionage cases in modern times are of this nature. Individuals who are angry and embittered about their life situation and their employer are a category that frequently appears among voluntary agents. Poor financial circumstances are a factor that reinforces motivation.

Both in the case of cyber threats and human sources, intelligence services look for the weak links in the protective chain. Rather than targeting information where it is best protected, they prefer to seek out vulnerabilities, even if this means not gaining direct access to everything they are after. For a company, this means that vigilance is required not only regarding its own protection, but also regarding the security of partners, suppliers, consultants, and others who may gain access to the information. It also means that those who do not perceive themselves as part of the "defence industry" may nonetheless face the same threat landscape as that sector.

The term "transferred threat" is used when an actor is exposed to a threat that is actually directed at someone else. Those who supply to the defence industry, as well as those who sell services to and carry out assignments for the defence industry, become potential targets for foreign intelligence services. This means that at least parts of their operations need to maintain a level of security protection equivalent to that of the defence industry itself. Without this, they cannot be considered a reliable partner.

Good security protection is required to withstand the intelligence threat. How to protect oneself is no secret. However, it requires commitment, perseverance, knowledge, a strong security culture, and resources. Security costs time and money, but in today's world it is a necessary investment for those who are subject to the interest of foreign intelligence services. Protection must begin with a thorough and up-to-date security analysis. For many, this is self-evident, but unfortunately not for all. With a sound analysis as a foundation, security protection can be designed to meet one's own specific needs. Companies that lack the internal capacity and competence to understand and manage the complex intelligence threat can seek external assistance. Not having the right security protection in place is a significant risk today. For the defence industry, it is a risk that is not acceptable.

Gunnar Karlson