Norway implemented its new cybersecurity strategy in 2019: National Cyber Security Strategy for Norway, following the first version in 2012 and a white paper in 2017 (Stortingsmelding: "ICT security. A shared responsibility"; in Norwegian). The white paper highlights the growing number of vulnerabilities as the result of digitisation across borders, sectors and companies while challenging the responsibilities between civilians and the military spheres. The white paper anticipates the new strategy in several ways, from strengthening cooperation between public and private organisations to establishing a national fraework for digital incident response and building ICT security competences. The 2018 annual report from the Norwegian Security Authority (NSM) is a portfolio of risks and vulnerabilities from public authorities, the business community, academia and other stakeholders. Its main findings are that the increasing digitisation of services and automation are generating new security challenges and increased threat exposure.
The 2019 strategy covers the following goals in the ENISA self-assessment classification: Cybercrime, security and privacy balance, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, R&D, cyber security exercises, incentives for the private sector to invest in security measures, training and educational programmes.
The strategic vision is that: In Norway, it is safe to use digital services. Private individuals and companies have confidence in national security and trust that welfare and democratic rights of the individual are being safeguarded in a digitised society.
The Norwegian Ministry of Justice and Public Security is responsible for coordinating public security in the civilian domain, outlining government policy for cybersecurity, including national requirements and recommendations for public and private companies.
EDUCATION AND TRAINING IN NATIONAL CYBERSECURITY STRATEGY
|Awareness and Competence||
The Norwegian strategy places emphasis on our working together to reinforce cyber security in society. Based on the current security challenges, the following strategic goals are considered fundamental:
|Research and Education||
The strategic goal for competence in the national strategy is improving cybersecurity competence aligned with the needs of society.
Competence and knowledge about threats, vulnerabilities and effective measures are the precondition for protecting digital values against cyber incidents.
Private individuals, companies and authorities need access to information about cybersecurity challenges and appropriate measures to tackle them. Top priority is therefore given to specialisation in cybersecurity as of vital importance to national security. The 2019 national strategy sets out the competence goals and conditions for the long-term build-up of capacities in cybersecurity, encompassing research, development, education and measures designed to raise awareness in the business community and among citizens.
|Higher Education Courses on Cybersecurity||
Public-private partnerships help prioritise preventive cybersecurity and cybersecurity in critical societal functions in the context of the Norwegian strategy.
Public-private partnerships are an essential ingredient in resolving cybersecurity challenges through collaboration between all relevant stakeholders at national and international levels. Specifically, challenges need tackling through joint inputs and across traditional sectoral boundaries to accommodate all security needs.
The business community has a central role to play with its requisite skills, resources and functions and as a driving force for digitisation and innovation. A substantial part of Norway's critical digital infrastructures is owned and operated by private companies. Therefore companies also have a role to play in protecting the dependency of society on digital solutions as authorities play a limited role in the development of cyberspace.
Increased collaboration is expected to lead to better situational awareness and better decisions while allowing greater access to human and other resources.
The approach to intensified cooperation brings together the diverse capacities, knowledge and skills of public and private companies, authorities as legislators, facilitators and supervisory bodies along with law enforcement having designated powers to invesitgate and prosecute cybercrime.
The Norwegian Center for Cyber and Information Security (CCIS) is a partnership of key national cyber security stakeholders, giving access to a variety of resources, both funding and man-power. The institution operates in close co-operation with the Norwegian University of Technology (Norges teknisknaturvitenskapelige universitet; NTNU). One of its primary tasks is to ensure that education in the field of cyber security is available at all levels from elementary schools to post graduate university studies.
The COINS Research School of Computer and Information Security is led by CCIS/NISlab. Participants in the research school include NTNU, University of Oslo, University of Bergen, University of Agder, University of Stavanger, and University of Tromsø. COINS integrates Norwegian research groups in Information Security to a larger entity by building stronger relationships between doctoral students in the network, establishing more incentives to excel and increasing student mobility through access to a larger network, including the hosting of internationally recognised researchers.
The purpose of the Joint Cyber Coordination Centre (FCKS) is to improve national capacity in detecting and withstanding serious cyber-attacks, offer strategic analysis and maintain a comprehensive record of threats and risks.
NorSIS, the Norwegian Centre for Information Security is an independent organisation working to improve knowledge and understanding of cybersecurity, such as advice and guidance to citizens and companies, especially SMEs:
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
NorCERT (Norwegian and English) is the national computer emergency response team, operating under the National Cyber Security Centre (NSM); (Norwegian: https://nsm.stat.no/; English: nsm.stat.no/english/). Its tasks include dealing with counter threats to the independence and security of Norway and other vital national security interests, primarily espionage, sabotage or acts of terrorism.
HelseCERT (Norwegian; www.nhn.no/helsecert) is the joint information security competence center for the Norwegian health care sector.
UNINETT (English; www.uninett.no/en) develops and operates the Norwegian national research and education network, interconnecting about 200 Norwegian educational and research institutions and more than 300,000 users, as well as giving them access to international research networks. It is a neutral party, and is run non-profit. UNINET CERT (English) is its computer emergency response team.
UiO-CERT (English; www.uio.no/english/services/it/security/cert/) is the computer security incident response team (CSIRT) for the University of Oslo, handling IT-related security incidents, such as virus, break-ins and vulnerabilities for the constituency.
FinansCERT is a dedicated industry computer security incident response team (CSIRT) for the Norwegian financial sector, which is represented by Finance Norway – FNO. It serves banks, life insurance and pension companies that are members of Finance Norway (Norwegian: http://www.finanscert.no/index.html; English: http://www.finanscert.no/engelsk.html).
Basefarm Group's Security Incident Response Team Basefarm SIRT/BF-SIRT). Its constituency is industrial, ISP Customer Base, Basefarm AS (Norway), Basefarm AB (Sweden), Basefarm BV (Netherlands), acting as the primary contact point for the Group.
|Report a cyber incident to national CERT/CSIRT||
NorCERT: Norwegian: https://nsm.stat.no/; English: nsm.stat.no/english/
HelseCERT Norwegian; www.nhn.no/helsecert
UNINETT CERT English; www.uninett.no/en
UiO-CERT English; www.uio.no/english/services/it/security/cert/
FinansCERT Norwegian: http://www.finanscert.no/index.html; English: http://www.finanscert.no/engelsk.html
Basefarm Group's Security Incident Response Team Basefarm SIRT/BF-SIRT)
Constituency: industrial, ISP Customer Base, Basefarm AS (Norway), Basefarm AB (Sweden), Basefarm BV (Netherlands), acting as the primary contact point for the Group.
|Guidance and Updates||
cert.no, https://nsm.stat.no/ provides updates on new cyber threats, related news and events. All information is provided in Norwegian as the English version does not feature these updates.
Twitter (Norwegian): @NorCERT provides information in both Norwegian and English.
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.