Sign in
Forgot password?
Create account

Corporate
11/11/2025

When the lifelines of society become targets

In a time of cyber threats, geopolitical unrest, and extreme weather, the fragility of modern society is more evident than ever. National security now hinges not only on defense forces, but on the infrastructure that keeps society running — energy, water, communications, and supply chains. How secure is our critical infrastructure? What threats are emerging, and how is Denmark responding? We took Denmark’s Minister of Resilience and Preparedness, Torben Schack’s, take on it.
Explore our latest Technical Partner Magazine

How robust is Danish infrastructure overall? Should we all be worried?

”Danish society is fundamentally safe and secure, and overall, Danish infrastructure is robust. That said, we need to assess whether the sectors are sufficiently resilient for the situation we face today. The development of the threat and risk landscape means that resilience is not a fixed goal to be achieved once and for all; rather, as a society, we must continuously adapt and assess how our resilience needs to evolve.

We must take societal security seriously—especially when it comes to motivating improvements in our emergency preparedness and resilience in our critical societal functions.”
 

The Ministry is bringing together responsibilities such as cybersecurity, supply security, and emergency preparedness under one roof. What is the rationale for uniting such diverse areas?

”Things are changing rapidly these days, on top of an already serious threat landscape. If Denmark is to remain a safe and secure society, we must have an increased focus on our overall ability to handle crises and incidents and protect vital societal functions. It makes a lot of sense to bring together areas such as cybersecurity, supply security, and emergency preparedness because it allows us to take a holistic approach to strengthening resilience across the board. It is not enough to improve only one area - for example, cybersecurity or supply security. Both authorities and businesses must adopt a comprehensive approach to addressing vulnerabilities.”
 

Denmark is increasingly electrified, and many of our readers work in electricity supply. Where does The Minister see the major threats in this area?

”Denmark currently ranks among the countries with the highest electricity supply security in the world, with an average of about 20 minutes of power outages per year—mostly caused by accidents such as damaged cables during construction work. The government is aware that the expansion of renewable energy, the phase-out of controllable thermal capacity from power plants, and rising electricity consumption due to electrification could pose future challenges to electricity supply security. These are issues that will require ongoing solutions."

Denmark is a net importer of electricity. Can society function for a period without power from abroad?

“Electricity production from solar and wind fluctuates and does not always match consumption. Therefore, there are times when Denmark relies on electricity imports. Without interconnectors to other countries, the number of minutes of annual power outages would increase. However, Denmark is well prepared and currently has electricity interconnections with the Netherlands, Norway, the UK, Sweden, and Germany. So we have good opportunities for trading electricity with multiple neighboring countries.”

Let’s turn to IT and cybersecurity. How does The Ministry assess the current threat landscape?

”We must take cybersecurity very seriously. The Agency for Societal Security, formerly known as the Center for Cybersecurity, has for many years assessed the threat from cyber espionage and cybercrime against Denmark as VERY HIGH. Most recently, the threat level for destructive cyberattacks was raised to MEDIUM in June 2024, while the threat from cyber activism was raised to HIGH in January 2023. Cyberattacks and a lack of cybersecurity can have major consequences and severely disrupt parts of our society. The government is in the process of implementing the NIS2 directive into Danish law, which will set legal requirements for cybersecurity. The directive also requires member states to develop national cybersecurity strategies. Denmark already had such strategies in place before NIS2, and preparations are underway for the next strategy, which we expect to negotiate in 2025.”

The Danish public sector is now highly digitized. Are systems prepared to withstand future cyberattacks?

“There is a continuous effort to adapt the security of public IT systems to the evolving threat landscape and technological developments. For several years, government authorities have worked to implement technical minimum requirements for IT security and to ensure proper internal processes through standards such as ISO 27001. A similar effort has taken place in municipalities and regions. The upcoming NIS2 legislation is expected to significantly standardize and raise the level of IT security across both authorities and businesses.

I believe we are in a reasonable position to withstand cyberattacks on public systems. But it is clear that we must continue strengthening our efforts in step with developments. Some authorities are well-positioned, while others may need to catch up. I am confident that NIS2 will be a strong catalyst for this, and the ministry will provide ongoing guidance and other supportive measures to authorities.”

The NIS2 directive is set to be adopted and implemented this summer. What role does the ministry play in this?

“The EU directive will be translated into national law and regulations and is expected to be implemented in Danish legislation by July 1, 2025. After that, the businesses and authorities covered by the directive must comply with the requirements in the law and any additional requirements set at the EU level or in national regulations. The law will apply to most sectors covered by the directive, with exceptions for the energy, telecom, and financial sectors, where implementation will be handled through separate legislation.
It is crucial that the affected organisations have proper guidance available when the law takes effect, and we are actively working on that, in close dialogue with relevant authorities and industry stakeholders.”

Security - both supply and cyber - also has a physical dimension under NIS2. Are public/private entities sufficiently aware that “the door must be locked”?

“My impression is that authorities and businesses generally take their responsibilities seriously, and awareness is steadily increasing. But there’s still room for improvement. Denmark is in a security situation with a complex threat landscape, including many attempts to breach Danish systems and networks. A continuous effort will be needed from authorities, private companies, civil society, and individual citizens.

That’s why it’s good that the NIS2 directive is accompanied by the so-called CER directive, which focuses on the resilience of critical entities. It is, in a sense, the physical counterpart to NIS2. We are also in the process of implementing this directive, which includes requirements for appropriate physical security measures and personnel security, including training and possibly background checks.”

How does the ministry assess the physical protection of our critical infrastructure and our cyber/digital protection in general?

“Overall, Danish authorities and companies are in a good place, but we can and must always strive to improve. Both sector-responsible authorities and owners of critical infrastructure continuously work to strengthen protection and resilience so society can function even during unforeseen events.

Authorities also regularly conduct exercises and enhance emergency preparedness to be ready if something goes wrong.
The implementation of NIS2 and the CER directive will also introduce mandatory incident reporting, which enables better coordination and an overview of incidents in both the cyber and physical domains. This will enhance our ability to handle and prevent incidents through improved advice and threat assessments.”

Are there commonalities between physical and digital protection?

“Both physical and digital security must be taken seriously — they go hand in hand. Fortunately, Denmark is a society built on a high level of trust among people. But we must not be naïve. Our security procedures and protection of critical infrastructure must be designed with the understanding that not everyone in the world wishes us well. Whether we’re talking about physical or digital assets essential to our society, they must be properly protected.”

Let’s stick with tangible security. One of the goals of establishing the ministry was to coordinate emergency preparedness. How far along is the ministry in this effort?

“In August 2024, the government established the Ministry for Societal Security and Emergency Preparedness to strengthen efforts to prevent, withstand, and handle incidents that challenge the core functions of society. There is great potential in cross-sector coordination, and we are actively working to realize that.
The ministry has taken responsibility for a wide range of emergency services on land and at sea — this includes the rescue services, marine environmental emergency preparedness, the Sea Rescue Service, and emergency call centers (112).
These are now all consolidated under the Danish Emergency Management Agency. It was never the intention that the ministry should be responsible for all forms of emergency preparedness.”

In 2024, there was much talk about building emergency supplies - so-called ‘prepping.’ Have citizens taken this to heart? Will there be more initiatives from the ministry?

“Danes generally need to adopt a new preparedness mindset. Concretely, more people
need to establish a home emergency supply. The latest survey shows that half of the population has not yet started. In my view, that’s far from sufficient. What each of us does makes a difference in how well we cope as a community.”

What about future generations? How do we ensure that children and young people learn safe digital behavior and become aware of cyber threats?

“Government agencies continuously work to strengthen digital security among all citizens, including children and young people. The Agency for Societal Security offers the information portal Sikkerdigital.dk. This platform provides knowledge, guidance, and tools to help citizens navigate an increasingly complex threat landscape. It includes a learning universe where parents and children can test and build their knowledge through educational modules, tests, and quizzes about digital safety.
The agency also runs awareness campaigns on digital fraud, with young people among
the target groups. In January 2025, the agency and the police launched a social media
campaign warning about the ‘friend in trouble’ scam, where perpetrators pose as someone close and ask for money. The message was shared through one of Denmark’s biggest Instagram influencers, who has a large young audience. We will continue to focus not just on the organisations covered by the new laws, but also on SMEs and private citizens. It’s crucial that we aim to raise security awareness across the
board—tailored to the specific needs of each group.”

Finally: Is there sufficient responsiveness in public organisations and private companies regarding preparedness and security? Or do we need to further strengthen crisis awareness and preparedness?

“I completely agree that more public and private actors need to acknowledge the new
reality. But we are fully aware and actively working on it. I’ve established a forum for civil society and a forum for the business sector. We’re also working on several other initiatives to ensure that more companies, civil society
organisations, and citizens contribute actively
to our societal security and emergency preparedness.”

[Include file 'Blocks/Overlay/Custom__Blocks.cshtml' not found in 'Templates/Designs/Rapido/Paragraph/Overlay.cshtml']