Norway is scaling up its national defences against cyber threats, as the National Intelligence Service’s Focus 2019 report identifies and analyses the current technology-based security challenges facing the country.
The magnitude of the challenge facing Norway is underscored in the report. The National Intelligence Service (NIS) recognises the “digital domain” as the single biggest threat to economic growth and societal stability.
The recent aggressive attack against industrial giant Hydro in March has accelerated government plans to build improved defensive expertise and capabilities to thwart attacks.
The NIS report warns of an escalating threat to national security posed by digital attacks from cyber space. These are increasingly intended to disrupt the normal workings of state governance and national security. The report forewarns of an anticipated rise in more sophisticated digital threats in the area of industrial espionage.
“We see three major areas of threat from the digital domain. These are digital campaigns that are purposely designed to influence public opinion, digital espionage, and the use of digital technologies to conduct missions aimed at sabotaging critical state and private industry IT infrastructure,” said NIS director Morten Haga Lunde.
The NIS has seen a significant increase in its operating budget since 2014, a development that has enabled the organisation to elevate its capacity to collect data that helps it to more effectively combat cyber attacks.
Bolstered funding and collaborations with private sector experts in the field have also enhanced the NIS’s ability to develop cyber defence strategies and systems designed to better predict and combat a range of threats from cyber space.
The Focus 2019 report lifts the lid on the diverse range of threats emerging. Although the majority of attacks are directed against national security agencies and IT companies that store large amounts of private and sensitive data, organisations outside of the military sphere are being more routinely targeted by malicious cyber actors.
Read more about cyber threats in Norway
- Report reveals growing threat posed by “hostile foreign actors” against Norway’s IT systems and critical national infrastructure.
- IT service providers serving organisations in Norway have received a timely reminder about their security obligations.
- Norway has accelerated plans to scale up its national security infrastructure against threats emanating from the cyber domain.
The cyber attack against the computer network operated by Helse Sør-Øst RHF, Norway’s largest healthcare authority, is one such case in point.
The sustained digital offensive against Helse Sørøst, which took place in January 2018, resulted in a serious data breach that compromised the medical records of more than three million patients.
The attack had enormous added national security implications beyond the singular criminal data breach. The attackers’ main focus was the capture of patient records linked to both Norway’s Armed Forces and NATO forces’ personnel that were engaged in military exercises on Norway’s High North territories bordering Russia in 2018.
A post-attack security appraisal of the vulnerabilities in Helse Sør-Øst’s IT systems found that some of the authority’s computers were still running on Windows XP. This left the organisation highly susceptible to data breaches, as Microsoft stopped providing security updates and support for XP in 2014. Helse Sør-Øst has since run a project to phase out Windows XP in all computers used by the administration.
“What the attack against Helse Sør-Øst clearly demonstrated is that digital espionage against Norway is not confined to traditional political and military targets,” Lunde said.
Foreign security threats
The report identified Russia and China as the two non-aligned NATO countries that pose the greatest security challenge for Norway.
The report described China and Russia as being the best equipped to conduct complex and comprehensive offensive network-based operations through their respective national intelligence and security services. Both, the report said, are “constantly honing their skills” against primarily Western targets.
The NIS report emphasised that while cyber attacks backed by “hostile foreign states” present the greatest challenge for Norway’s national security, threats from the digital domain are increasingly flowing from “non-state actors that are employing a wide range of means and tools that can be used against targets in a number of sectors”.
“The threat is highest from China and Russia. In 2018, the Norwegian authorities and commercial companies in a number of sectors were targeted by network-based operations. Some of these operations were manifestly more coordinated and efficient than in the past. This is a continuing trend,” the report observes.
Intelligence gathered by Norway’s community of national security agencies affirms that infrastructure belonging to Norwegian companies is being increasingly compromised to conduct network-based operations against third parties.
The NIS report revealed that hostile state actors are using “cyber strikes” against IT infrastructure targets in Norway to “test and develop their ability to conduct major cyber sabotage”.
Encryption viruses that are used to hold information hostage have increased in scope and are becoming more sophisticated, the report said.
“When it comes to network-based operations, there are three development trends in particular that stand out: the exploitation of third-party infrastructure, network-based sabotage operations, and the use of encryption viruses for financial extortion. A number of countries are seeing their domestic digital infrastructure compromised and exploited for use in operations,” the report said.
“Complex encryption viruses can pose a significant security risk, in addition to incurring high costs on society. In recent years, ransomware campaigns – where encryption viruses are used to hold information hostage – have increased in volume and become more sophisticated. If such network-based operations are combined with conventional means, the consequences could be severe,” it added.
The huge underlying cost of a prolonged and malicious cyber attack was felt by Hydro in March. The company has estimated the financial impact of the cyber attack at more than €30m in the second quarter of 2019. The attack also negatively affected Hydro’s first half-year profits, with losses attributed to the attack amounting to €65m for the period.
The attack in March paralysed Hydro’s computer networks and specifically hurt the operations of the aluminium group’s Extruded Solutions division. The hostile cyber action forced Hydro to switch to manual operations to combat the sustained ransomware assault on its IT infrastructure.
Hydro has a “robust” cyber-specific insurance policy in place to offset the economic impact of hostile attacks, said CEO Hilde Merete Aasheim.
“The cyber attack affected our entire global organisation, with Extruded Solutions having suffered the most significant operational challenges and financial losses. All operations had largely returned to normal by the end of the second quarter,” Aasheim said.