Norway has increased its digital defence spending to buttress the country’s critical IT infrastructure against a heightened risk of state-sponsored cyber attacks from Russia.
The elevated threat level, which follows an uptick in cyber attacks and updated security situational assessments, is linked to Norway’s military and trade support for Ukraine.
Russia’s ongoing invasion of Ukraine, according to a fresh risk assessment analysis by the Norwegian National Security Authority (NSM), has the potential to lead to an increase in cyber attacks against public and private organisations in Norway.
The NSM has identified core IT systems and networks operated by state agencies and private companies operating within the transport and energy sectors as being at particular risk of cyber attack.
Government investing in stronger security
In response, the Norwegian government has approved NOK200m (€21m) in additional funding to reinforce the country’s national security against digital threats. In separate allocations, the government released NOK392m in special funding to boost the cyber defence capabilities of the Norwegian Defence Forces (NDF) and state national security organisations with national cyber defence roles.
Projects to help local government organisations secure their IT systems against cyber attack feature prominently within the scope of the new spending plan framework.
Around NOK50m is being invested to bolster the municipal sector’s capacity to handle unwanted ICT events by enabling local councils to hire cyber security expertise, including computer emergency response teams. The capital investment will serve to raise the ability of municipalities to detect, prevent and better handle digital attacks.
The NSM is receiving a NOK55m allocation to strengthen its capacity to coordinate and manage cyber attacks in the private, public and municipal sectors. The funding will also cover increases in the number of public and private enterprises that install digital intruder alert systems supplied by NSM, which are designed to provide an early warning of cyber attacks.
The cyber defence reinforcement plan also includes a NOK10m project to enhance digital resilience in society by developing digital tools that can be used by enterprises to evaluate the level of real and effective security in their IT systems.
In July, the Norwegian government circulated a general warning to all local government agencies and companies regarding the need to bolster cyber defence preparedness to deal with more regular incidents of cyber attacks and digital threats.
Growing threat to national security
Cyber threats remain the biggest external threat to Norway’s national security, said lieutenant colonel Geir Hågen Karlsen, director of strategic communication at the Norwegian Defence University College.
“We must be prepared for unconventional hybrid threats like cyber attacks. We have seen a strong increase in this type of activity in recent years,” said Karlsen.
The NSM has identified Killnet, a criminal pro-Russian hacker group, as being behind a series of disruptive and coordinated cyber attacks in Norway in June and July. The NSM’s IT network was affected by the attack when its digital services provider, Coretrek, was targeted in a “call-flooding” denial-of-service (DoS) strike. The mass calling attack resulted in the security agency’s website being taken offline temporarily.
Sofie Nystrøm, NSM
“What we saw were goal-oriented attacks with a broad reach against a large number of organisations in Norway that offer important services to the population,” said Sofie Nystrøm, the NSM’s director-general. “We expect a further escalation of the threats we have witnessed against websites in Norway. Given the situation in Ukraine, we must anticipate even more cyber attacks that target the IT systems and networks in Norwegian organisations.”
Over 40 different organisations in Norway were targeted in the June and July DoS and distributed denial of service (DDoS) attacks. Killnet is identified as the prime suspect by the NSM. The organisations affected include ferry companies Boreal and Bastø Fosen, public services e-portal Norge.no, the Norwegian Directorate of Immigration, the Norwegian Labour and Welfare Service, BankID Log-in, and the Altinn digital government document portal.
The low-cost nature of the DoS and DDoS bad actor attacks, having the capacity to render Norway’s most important public service websites and online services inaccessible for long periods, remains a source of growing concern for security experts.
The DDoS cyber attacks against organisations in Norway in June and July caused internet servers to be overwhelmed by many requests and junk traffic leaving hosted sites and services inaccessible for legitimate visitors and users.
“There have been similar attacks in other countries recently,” said Nystrom. “Although none have had lasting consequences, the cyber attacks still create uncertainty in the population and create an impression in Norway that we are one piece in the current political situation in Europe.”
Killnet is also suspected of launching DoS and DDoS-type cyber attacks against public and private organisations in Lithuania, the US, Italy and Romania in recent months. In Lithuania, cyber attacks resulted in disruption to government and national transportation services.
Russia reacting to Norway’s support for Ukraine
The NSM’s latest cyber risk assessment on the level of threat posed by Russia is based on Moscow’s hostile reaction to a number of high-profile actions implemented by Norway in support of Ukraine since May 2022.
The security agency has connected the latest wave of service-disrupting cyber attacks against Norway to two primary actions by the Norwegian government. These include a move by Norway to impede the transit of 20 tonnes of goods from mainland Russia to Svalbard, an Arctic island shared by the two countries. Russia has coal mining interests on Svalbard.
The second and more significant action, which was roundly criticised by Moscow, involved the Norwegian government’s decision to supply the Ukrainian Army with long-range multiple launch rocket artillery systems and munitions. Moreover, Norway has not ruled out providing additional military hardware to aid Ukraine’s war efforts against Russia.
Although the NSM recorded a dramatic uptick in cyber attack activity against Norwegian targets in June and July, the attack curve had already started to climb in the first quarter of 2022, when the Ukrainian embassies in Oslo, Copenhagen and Stockholm fell victim to prolonged malware attacks that attempted to compromise their IT security systems.
In March, the NSM urged companies operating offshore oil and gas installations, in addition to universities, government websites and banks, to strengthen their cyber defence readiness and systems. It said the threat included the potential of attacks from Russia by both maverick and state-sponsored bad actors.
Underscoring the degree of concern, leading organisations in Norway are receiving more regular warnings from the National Cyber Security Centre (NCSC) and the NSM to scale up their IT security defences against ever-present cyber threats, said Kjetil Are Lund, head of IT at research-based knowledge institution OsloMet.
“We, like so many other organisations in Norway, are being advised to evaluate our risk and sharpen our routines. Our investments, both in time and resources, are increasing as we introduce best practices in consultation with the NCSC and the NSM. We are also taking the logical long view that cyber threats are likely to rise rather than magically disappear,” said Lund.