The international threat to Norway’s critical IT infrastructure is growing, a new report says.
The Norwegian National Security Authority (NSM) is the Norwegian security authority responsible for protecting the country’s national IT infrastructure. Their new report warns of an increasing threat from ‘hostile foreign actors’.
Spying equipment found in Oslo
A few years ago an Aftenposten report found a series of secret transmitters set up to behave like fake mobile base stations in key locations in Oslo, including very close to the Norwegian Parliament building and the government's guesthouse on Parkveien.
“The people who run this surveillance equipment may in principle monitor every person moving in and out of the parliament building, the goverment offices or other institutions in the area. They can also select certain persons for eavesdropping and collecting data from their smartphones”, said the newspaper.
Earlier this year, a Russian official was arrested (and later released) on suspicion of spying as he prepared to fly back to Moscow following an EU-sponsored seminar on digitisation in the Parliament’s conference hall.
The seminar contained no sensitive material, but he was accused of having planted surveillance devices in the parliament building. The incident led to the intelligence and security services cordoning off printers and other electronic equipment to look for bugs.
With that context in mind, the findings of the new report should serve as a wake-up call to government, politicians, and industry leaders alike.
An increasing reliance on digital
“Our ICT environments consist of both new and old systems based on different technologies that must work together at all times”, states the report.
“Value chains become longer and more insightful. When additional services are deployed, the use of subcontractors increases and more business systems are exposed online. New technology is introduced continuously and changes are happening ever faster.”
Forensic analysis reveals threats new and old
The report titled A Secure Digital Norway – ICT Risks 2018 offered a thorough forensic analysis of the nation’s vulnerabilities.
It went as far as to say that those who have not protected themselves must expect to be hit.
“Political, military and economic goals as well as defense, high technology and critical infrastructure industries are still particularly vulnerable. However, we also see that both targeted and non-targeted digital attacks hit a wider spectrum of people than intended.”
The report goes on to say that national security and intelligence services see a “constant threat” from network-based intelligence operations from state or state-affiliated actors against Norwegian authorities and businesses.
“ICT systems are dependent on the authorities to digitize, regulate, supervise and help Norwegian businesses focus on security and systematically work at risk. We all have a responsibility to be up to date and use our head when we are online. Norway as a nation has all the prerequisites for becoming the best in the ICT security class and it must be our common goal.”
Is public-private partnership the answer?
Norway’s government, national security agency, and industrial leaders are in talks on working together to strengthen their collective defence against external threats.
The belief is that closer cooperation will improve information sharing on risks and the evaluation of solutions.
Meanwhile, the Research Council is investing NOK 200m in research projects centred around “A safe and secure information society”.
The call for applications that took place earlier in 2018 was targeted towards projects that “build and develop knowledge communities and help to reduce digital vulnerabilities in critical societal infrastructures and in society at large.”