Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defense shield to protect the IT systems of public and private organizations.
Norway is to implement a more robust plan to scale up its IT security infrastructure against the backdrop of increasingly malicious attacks from cyber space. This follows a high-profile cyber attack that targeted the email system at the Norwegian parliament (Storting) on 4 August.
The Norwegian government accused Russia of launching the attack, but Moscow has denied any involvement.
In the immediate aftermath of the attack, the Norwegian government called an emergency meeting with the heads of the country’s top security agencies. The meeting resulted in a plan to accelerate the development of an enhanced national IT infrastructure incorporating an embedded early warning system and defense shield to protect the IT systems of public and private organizations.
“The digital domain makes it easier for foreign states to deploy non-military means in an entirely different manner than has been the case,” said Monica Mæland, Norway’s justice minister. “We need to know more about the exact purpose of the attack on the Storting and whether it was part of a specific or broader state-run espionage operation.”
The pivotal agencies at the post-Storting attack emergency meeting included the National Security Authority (Nasjonal Sikkerhets Myndighet), the National Cyber Security Centre (Nasjonalt Cyber Sikkerhets Senter), the Norwegian Police Security Service (Politiets Sikkerhetstjeneste) and the Norwegian Intelligence Service (E-tjenesten).
The Norwegian government’s strengthened cyber protection plan involves fast-tracking collaboration between national security agencies tasked with cyber defense and the private sector. The objective is to create a collaborative platform to develop improved early warning systems, deterrents and defenses against a wide range of common and unconventional cyber threats and attacks on critical IT infrastructure.
A central feature of the new plan is closer cooperation between the Norwegian Intelligence Service¸ the Norwegian Armed Forces’ military intelligence wing and the National Cyber Security Centre to develop a broad range of defensive and offensive options.
“The combined resources of Norway’s security and intelligence services will cooperate in an unprecedented way to deal with cyber threats and attacks at a national level,” said Ine Eriksen Søreide, Norway’s foreign minister.
Naming Russia as the aggressor in the August attack on the Storting, Søreide said the accusation was based on preliminary intelligence provided by Norway’s national security agencies and leading cyber defense experts.
“Based on the intelligence that is available to the government, it is our assessment that Russia was behind the attack on Norway’s most important democratic institution,” said Søreide.
Denying any involvement in the attack on the Storting, Moscow described the accusation as a “serious and deliberate provocation” by Norway that threatened to complicate existing and future bilateral political, trade and security relations.
“Norway has provided no evidence of involvement by Russia,” said Konstantin Kosachev, chairman of the Russian Federation Council’s foreign affairs committee. “This accusation lacks concrete evidence. If evidence exists, it should be examined by experts from our two countries. We received no such invitation from Norway.”
The cyber attack on the Storting targeted the email accounts of MPs and senior government officials. Email accounts breached included those belonging to MPs both in the ruling Conservative (Høyre) and opposition Labour (Arbeiderpartiet) parties. Email messages and data from several compromised accounts was downloaded in the cyber attack.