In 2011, the Danish parliament voted unanimously to create a GovCERT service responsible for cybersecurity issues for government institutions and critical infrastructure. The 2011 law allows GovCERT to collect and retain traffic data (metadata) and packet data (contents) for the institutions and networks which are monitored by GovCERT. Data associated with security events can be retained for three years, whereas ordinary traffic and packet data can be retained for 12 months and 14 days, respectively. Under the law, traffic data can be shared with similar cybersecurity services in other countries. To begin with, GovCERT was part of the Ministry for Science, Technology and Innovation, but in late 2011, the new Danish government led by the Social Democrats transferred GovCERT to the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste, FE).
The Center for Cybersecurity is exempted from the Danish data protection act, the freedom of information act and the public administration act. Since the Center for Cybersecurity is part of the Danish Defence Intelligence Service, there are no legal limitations on using the retained data for other purposes than cybersecurity. However, the comments of the draft law state that the Minister of Defence will issue an administrative order which limits the internal exchange within the intelligence services of the information collected. There will be an independent oversight board for the Center for Cybersecurity, but its powers are expected to be fairly modest.
According to business insider 7 Countries Are The Gaping Holes In Europe’s Cyber Security. Denmark has a national CERT and a contingency plan for cyber incidents, but the contingency plan has not developed into a cyber strategy, and the integrated national ID system has been frequently hacked into, leading to increasing identity thefts. The detailed report has been read by article published by Mcafee
By 2017 Denmark will pour some 465 million kroner ($75 million) into developing an offensive cyber-attack capability, according to the report. This is apparently so that Denmark can expand its capabilities from focusing solely on defending itself against hacker attacks, to also attacking hostile targets.
In a bid to earn the trust of its citizens and enterprises, the Danish government is launching a comprehensive new cyber-security national strategy.
The new plan is made-up of 27 initiatives across six key areas, including strengthening energy and telecommunication infrastructures, increasing cyber-security knowledge and training and improving international partnerships.
According to local online news sources, the effectiveness of the 27 initiatives will be under constant evaluation, with a planned revision to take place in 2016.Meanwhile, the Danish national police along with Rigspolitiet, and the public prosecutor’s office, are combining forces in the creation of a cyber-crime centre with the aims of analysing, fighting and, ultimately, preventing cyber-crime. According to Danish news websites, these efforts are in reaction to the “explosion of cyber-crime” in the last two years, with a 77 percent increase in data fraud reports and 25 percent increase in cyber-based economic crime.