"The aim is our trust"

As part of the Danish Science Festival, the IT University and the newspaper Dagbladet Information gathered a number of experts to discuss cyber warfare in Denmark and how prepared we are for it. The Minister of Resilience and Preparedness, Thorsten Schack Pedersen, also participated in the talk.

EventsCarsten Schürmann

Written 6 May, 2025 14:50

Denmark is one of the most digitalised countries in Europe. So, what would happen if Denmark's digital infrastructure were attacked? This was explored by a panel consisting of Anders Puck Nielsen, military analyst at the Danish Defence Academy, Mille Østerlund, Head of Cyber Services at KOMBIT and Carsten Schürmann, Professor and Head of ITU's Center for Information Security and Trust (CISAT), when the IT University of Copenhagen filled Auditorium 1 for the Danish Science Festival. 

In a survey by Statistics Denmark, 81% of Danes responded that they agree or strongly agree with the statement 'I generally trust public digital solutions.' And this trust within society is crucial, as it can be challenged in cyber warfare. When hackers attack critical infrastructure, such as government websites or telecommunications networks, the real target is often trust.

"My colleagues at CISAT and I have researched many different aspects of cybersecurity and cyber warfare. I also travel around the world as an election observer, where I examine how technology is used in electoral processes. We can see that technology is now something that can be attacked by other states," said Professor at ITU, Carsten Schürmann. "We have a new situation in terms of warfare, where societal trust is at stake. In Denmark, we have built our society on trust. It is this trust that is at risk when we talk about cyber warfare, and that is very serious."

At the Danish Defence Academy, the new warfare in cyberspace is also being examined. They have noticed the same trends regarding the attack on societal trust.

"The cyber domain is a domain where things can happen all the time. We have what we call the attribution problem, where one must ask 'who is really behind this?'. And then it quickly enters the concept, which is a bit broader than just cyber, which is hybrid warfare. It is about how, in all possible ways, some try to destroy things for each other and achieve some goals without it becoming an open war with military means against military means. So, there are different methods to attack others, and there are different sectors or layers in society, and often it is trust that they try to hit, because they want to make people afraid," said Anders Puck Nielsen, military analyst at the Danish Defence Academy.

The pressure has increased

One of the sectors that is feeling the increased pressure of cyber-attacks is the water and utility sector. At Kalundborg Utility Mads Elmkvist is Head of IT, and he told the audience and the panel about the real experiences they have had. Kalundborg Utility provides, among other things, drinking water and district heating to the municipality's residents and businesses, including Novo Nordisk. For Mads Elmkvist and his employees, cyber-attacks are not just a hypothetical scenario. They are already feeling increased pressure.

"I know that we can withstand the threats we see today, and when I say this so confidently, it's because we experience it daily. I can best speak for Kalundborg Utility, but it actually applies to the entire Danish utility sector, which is experiencing attempts at destructive attacks. And we are resisting them. We all have water and electricity," said Mads Elmkvist. "In the utility sector, we have been thinking about supply security for many years. It is the core function of what we do, to succeed in this. Now we have a new dimension, which increasingly involves attempts at destructive cyber-attacks, which we have not seen to the same extent as we do now. Fortunately, I have some skilled employees who succeed in resisting. We have a society where we trust that we can get electricity, water, and heat delivered."

Mads Elmkvist and Kalundborg Utility have also learned about cyber security, the hard way, but they now use their learnings to increase security for the entire utility sector.

"Kalundborg Utility has been open about being struck by a ransomware attack in 2021, which was a straightforward ransom attack, and this is something we have talked a lot about in the utility sector because we hope others can learn from it. We got through it relatively unscathed because we had the right procedures and tools available, and that learning should be shared. There could be some simple solutions that make us stronger the next time we are attacked,” said Mads Elmkvist.

Room for optimism

Just like Mads Elmkvist assured that the utility sector is ready to withstand threats and attacks, partly by being open about previous attacks, the other participants also shared how we in Denmark can prepare for potential attacks.

"Denmark is actually quite good at cybersecurity right now. In a report from the International Telecommunication Union, a UN organization, it was stated in 2020 that Denmark was ranked 32nd between Kazakhstan and China in terms of cybersecurity. In 2024, we are now a role model for other countries. This means that the investments in cybersecurity in Denmark have been very successful," said Professor Carsten Schürmann.

Mille Østerlund from KOMBIT said, that we need to continuously practice, because that is how we become better equipped to handle an attack. It is not only the responsibility of the general public, but equally the responsibility of the authorities to be prepared to provide assistance if services suddenly go down.

"I believe that as authorities, we should make an effort to have contingency plans for how public authorities can step in and assist in cases where some of the services we provide fail, and where lives may be at risk. We need to have plans for the worst-case scenario, and then we need to practice. What you train for never happens exactly as you expect. Something else happens, but by practicing, we intuitively learn how to act in a crisis situation. And then we become better at handling it. I think it is this awareness that we need to cultivate much more," said Mille Østerlund.

The problems are also on the political agenda. In 2024, the Ministry of Resilience and Preparedness was established and minister Thorsten Schack Pedersen contributed with knowledge about where we are today and what needs to happen in the future regarding the digital security of Denmark.

"We are working at full capacity to be geared up for the current risk landscape. This applies to both authorities – I play a strong role in ensuring cross-agency coordination – both in preventing and mitigating these obstacles and crises from hitting us, but also in ensuring that when they do hit us, they are handled as efficiently as possible and that we can return to normalcy," said Thorsten Schack Pedersen.

The trust between authorities, businesses, and citizens is what is at stake in cyber warfare. This was the focus of all participants. This could be a good sign when Denmark continues to prepare to be ready if cyber warfare truly hits. 

Further information

Theis Duelund Jensen, Press Officer, phone +45 2555 0447, email thej@itu.dk