Norwegian state discusses vulnerabilities with IT sector
Government is collaborating with the country’s IT industry to improve the availability of security expertise
National security, and particularly the protection of primary IT networks and communications platforms, has become an area of deep concern in Norway.
And the Norwegian government wants to work to plug security gaps in partnership with the private IT sector.
Roundtable talks between the government and industry leaders will address a broad range of issues, and the immediate aim is to identify the most pressing vulnerabilities and use best practices to resolve them.
Norway’s IT industry has been alerting the government to vulnerabilities for several years, pointing to the ever-growing risk level across the information and communication technology (ICT) sectors.
Tekna (Teknisk-Naturvitenskapeligforening), the Norwegian organisation for graduate technical and scientific professionals, issued a warning in August about the need to scale up network security and improve training for IT professionals.
In a survey of ICT professionals specialising in network security, Tekna found that 56% of professionals said they had only a medium level of security knowledge, and 10% claimed to have “little or no knowledge of ICT security systems or protocols”. Only 36% of survey respondents believed they had the required level of education in ICT security to competently undertake the work they were doing.
“What we discovered surprised us greatly,” said Tekna president Lise Lyngsnes Randeberg. “It was amazing to find that master’s degree professionals working in technology, and who are ultimately responsible for ICT security, openly admitted to having an inadequate security-based education to draw upon when attempting to fulfil their ICT work requirements.”
Tekna’s survey has added significance because it was conducted among 500 of the organisation’s most qualified members, each holding a master of science degree or higher within the ICT industry. One of the survey’s stand-out findings is that the glaring skills deficit in the ICT industry threatens to hinder, rather than bolster, efforts to eliminate security vulnerabilities in networks.
“For us, what this ICT security study shows is that it’s now of paramount importance to take immediate action, at the educational system level, to strengthen ICT security knowledge in Norway,” said Randeberg.
Read more about cyber security in the Nordics
- Sweden is tightening up its cyber security defences as part of a wider national security strategy.
- Nordic and Baltic government leaders discuss pooling technologies and competences to counter hybrid threats within the cyber security domain.
- Major cyber attacks and security breaches often make headline news these days – and their impact on the Nordic region has been growing.
- The Swedish Transport Agency exposed sensitive information by transferring its databases to a third party cloud provider without following data protection procedures.
Education and training issues are high on the agenda of the Norwegian government’s roundtable talks with the tech sector. Discussions will cover state investment in IT-related education and training at secondary schools as well as third-level colleges and technical institutions.
The long-term goal in the roundtable talks will be to redefine the ICT industry’s needs in Norway, and map out out how a unified approach between the public and private sectors can better deliver the skills needed, both in quantity and quality, to the ICT industry.
A major challenge for all concerned will be reversing the trend of fewer professionals choosing to take a PhD in ICT in Norway. This spells danger for an ambitious ICT sector that is keen to use advanced human expertise to drive innovation and competitiveness.
The collaboration between the state and the private sector is expected to produce a higher level of public spending on basic, intermediate and advanced ICT security education and training. There will be particular focus on elevating the importance of ICT within Master and Doctorate curricula, and information and communications systems security seems certain to become a mandatory part of all future ICT education and training in Norway.
Difficulty in recruiting talent
This proposed new layer of security expertise will please Norway’s ICT enterprises, which have experienced increasing difficulty in recruiting top IT talent, whether they operate in the public or private sector.
The “competitiveness factor“, and the need to improve the flow of advanced skills to the ICT industry, is very much on the minds of government officials and industry bosses. The risk of a rolling skills deficit was highlighted in August after the publication of the Abelia Reversal Barometer for 2018 (ARB-2018) technology survey.
Conducted by Oslo-based research organisation Ny Analyse, the annual Abelia-commissioned survey downgraded Norway, in terms of its competitiveness ranking against 29 other countries, from 13th to 20th position in its technology innovation, development, and available ICT skills league tables.
The key indicators in the ARB-2018 survey are rather mixed and, in some cases, conflicting. The study found that Norway remains at the top of the class, per ratio of population, when it comes to digital use, but the scale of Norway’s ICT sector and the level of ICT-related research continue to see it lag behind many western competitor nations.
“It is absolutely true that Norway has embarked on a series of measures to advance our development and use of digitisation,” said Håkon Haugli, CEO of Abelia. “Although the Norwegian government is very boastful of this, other countries are making greater gains. We must measure ourselves against the best. We score well for the scope of our education, but are placed poorly on expertise, especially in ICT.”
Sector will probably self-correct
The ARB-2018 survey contains a number of positives and indicators that suggest the ICT sector, across all its fundamental parts and despite its shortcomings, will probably self-correct sooner rather than later.
The survey observes that Norway’s ICT industry is going through an elevated innovation phase, with business and industry sectors forecast to increase their ICT-related research and development investments significantly over the next five to 10 years.
Norway’s renewed focus on ICT and network security stems, in part, from increasing state-led investments in national projects designed to provide a more effective shield around the country’s critical ICT infrastructure.
The heightened threats to national security posed by attacks from hostile actors in cyber space has triggered a number of far-reaching capital investments and security projects. The most recent and visible of these is the establishment of a National Cyber Security Centre (NCSC), which will operate under the National Security Authority (NSM), which forms part of the Ministry of Defence (MoD). The NCSC will be funded entirely from the MoD’s budget.
Significantly, the NSM has also been tasked to run an enhanced Digital Infrastructure Alert System (DIAS) project. The NOK497m (€53m) capital allocation assigned to this advanced technology venture is mainly designed to expand, strengthen and modernise the DIAS’s capabilities.