As has been publicised widely, Iceland’s Department of Civil Defence and Emergency Management (Almannavarnir) has declared a state of uncertainty because of the Log4j vulnerability affecting computer systems.
According to the agency’s website:
“The severity of the vulnerability lies first and foremost in how widespread the Log4j code library is and the depth and richness of the access it can provide to internal systems.
It is important to note that this vulnerability is not specific to Iceland but is a global problem; furthermore, it is concentrated primarily in network and system operations. The general public need not be particularly afraid of its impact on their home computers or mobile phones.”
Íslandsbanki responded to the vulnerability as soon as its existence was reported, in cooperation with CERT-IS and other operators of important infrastructure. Among other things, modifications were made to solutions used by customers, but the modification did not affect customers themselves. The Bank’s systems have been thoroughly examined and monitoring has been stepped up, so that it will be possible to identify attempts to exploit the vulnerability and respond to such attempts quickly and securely.
The vulnerability in question did not affect Íslandsbanki’s systems, but the Bank is continuing to strengthen its defences against it.
Customers are encouraged to keep their system security measures up to date, particularly to include businesses’ computer systems, and to ensure that the vulnerability is not present.