Uncertainty Phase Activated Due to Log4j Vulnerability

Due to the Log4j vulnerability, the uncertainty phase of the Department of Civil Protection and Emergency Management was activated in Iceland yesterday by the national police commissioner, in consultation with the computer emergency response team CERT-IS and the Electronic Communications Office of Iceland (Fjarskiptastofa), Morgunblaðið reports.

In doing so, Icelandic authorities followed in the footsteps of numerous other states in an effort to prevent hackers, criminal organizations and hostile states from taking advantage of the situation. Log4j is a widely used Java-based logging package.

According to Guðmundur Arnar Sigmundsson, division manager at CERT-IS,  the Civil Protection’s preparedness plan for cyber threats states that when there is a serious vulnerability in the systems of important infrastructure, which may or may not have been used to cause damage, then the uncertainty phase must be activated.

That, he notes, was the case this time, which is why the uncertainty phase was activated while data are being gathered on how to develop a solution.

Many services and applications rely on Log4j, including computer games like Minecraft, and it was there that the vulnerability was first discovered on Thursday. Companies, institutions and governments in numerous countries have since Friday frantically tried to prevent cyber attacks and to improve the software.

The vulnerability of the Log4j software means that commands or programs can be entered and later be used to spy, sabotage, control computer systems, or do other harm. Therefore, the extent of the damage may not be known until weeks or months from now.