Consultants have worked at Svenska kraftnät's vulnerable IT department without correct security agreements, according to Kalla Faktas investigation. This despite Svenska kraftnät being one of the highest security-classified authorities and responsible for the country's power supply.
Hundreds of consultants have been hired at the department and the consulting suppliers must sign security protection agreements. The suppliers are also not allowed to hire subcontractors without the authority's approval and correct security agreements.
However, in December, it was discovered that two suppliers had used subcontractors without the authority's knowledge and agreements were missing for several consultants.
Erik Nordman, security chief at Svenska kraftnät, tells Kalla fakta that the problem has been addressed.
As for my part, we have acted during the spring and in some cases complemented with certain security protection agreements with subcontractors that we previously did not have. But where we see that we would need to have agreements in place.