Think of oil rigs and gas pipelines, and one imagines large machines and steel and concrete structures. The truth is that much of it is now controlled by sensors, robots and complex digital systems.

Last year it happened in the United States. The attack on the Colonial Pipeline on May 7, 2021 cut off gas supplies to large parts of the United States East Coast. It was only with a single password that the hackers managed to block important documents, put the company out of service and thus force the closure of the gas pipeline. The attack came from DarkSide, a group of criminals based in Russia. This time the motive was financial gain and they managed to get a ransom of five million dollars. Another time, it may be states with geopolitical interests that are behind it.

A few years ago, it was mainly individuals who were attacked, now it is more and more organizations, but also critical infrastructures such as gas pipelines, wind turbines or railways that are affected.

The digital battlefield has become central to modern warfare. Several major attacks by Russian hackers have hit banks and government institutions in Ukraine. A massive cyberattack on January 13 took down a number of websites and left messages warning Ukrainians “to be afraid and expect the worst”. Also in February and March, several similar attacks followed.

Click here to subscribe to Norwegian debate newsletters

Norway more vulnerable

The war in Ukraine makes Norway’s position as a supplier of oil and gas to Europe particularly vulnerable. Norwegian oil and gas have acquired a completely different strategic importance for Norway and our allies in Europe. With the massive development of renewable energies, Norwegian gas is absolutely essential to push back Europe’s dependence on Russian gas. Russia, for its part, has every interest in maintaining its place in the European energy mix, to the detriment of renewables and to the detriment of Norwegian gas.

After Norway’s support and arms contribution to the war in Ukraine, we are on Russia’s “hostile countries” list. On March 7, the Russian authorities released a list of states that “wage hostilities against Russia, Russian businesses and Russian citizens”. Listen is long and includes all EU countries, as well as countries such as the United States, Canada and Australia.

Overall, this makes a cyber attack on Norwegian targets more likely.

Here you can read more comments from Hilde Nagell

A government responsibility

When attacks are part of a war or strike critical infrastructure, the authorities have a special responsibility. The attack on the Colonial Pipeline also had political consequences. After the incident, President Biden announced a number of measures strengthen preparedness and increase authorities’ efforts to prevent cyberattacks.

It’s doubtful that these measures alone can prevent new attacks like the one on the Colonial Pipeline, but they still represent a change of pace: Biden has made cyber defense an important issue for his administration.

The EU has also strengthened its cyber defence. In December, they launched an update of the digital defense strategy. In the European Commission’s proposal, for example, energy companies risk fines if they don’t have a good enough security check, lack guidelines or don’t have routines to check the security of their suppliers.

In addition, the EU is currently strengthening its preparedness in light of the war in Ukraine. Attacks on European targets have become more likely. Additional efforts are therefore being made to increase the security of “critical” companies, in particular energy and telecommunications infrastructure providers. Cooperation and intelligence sharing is an important part of that, and it’s also on the table. a proposal establish a separate contingency fund for digital attacks.

Norway needs to increase its cyber readiness

The armed forces and the National Security Authority (MSN) are already doing a lot to ensure digital readiness, but there is reason to wonder if efforts now need to be stepped up. Here are some measures that may be relevant:

• Modernize and strengthen security standards in the public sector, including the use of cloud services, two-factor identification and encryption.
• Better sharing of information between private sector companies and between the private sector and the authorities
• Using buying power to impose stricter security requirements on public sector software vendors
• Best Practice for Event Logging
• Strengthen the knowledge of the population on digital preparation

Read more about the Norwegian debate here

This week there is a budget conference at the Hotel Klekken. The government will decide on short-term and long-term crisis budgeting, including allocations for defense and security. Cybersecurity should take center stage in this discussion.