The Industrial Cybersecurity Center in Norway

Team

Lars Erik Smevold

Lars Erik Smevold is a security & process control architect with more than 27 years of experience in Industrial Control Systems(ICS), telecommunication and Security – Critical Infrastructure. Lars Erik started in Norsk Hydro in 1997, since then has been working in utility companies, build Security Operation Center in ICS for Small and Medium Enterprises, then […]

Lars Erik Smevold, the Industrial Cibersecurity Center Coordinator in Norway (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has been an exponentially grown in awareness.

Norway counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • Norwegian Water and Energy Directorate
  • Petroleum Safety Authority Norway
  • Norwegian National Security Authority
  • Norwegian Energy Sector and Control System CERT (KraftCERT)
  • Norwegian Communication Authority

Among the main national laws and regulations affecting in this context in Norway, Lars Erik Smevold mentions:

  • National Security Act
  • Energy Act - Electricity/Oil&Gas
  • Electronic Communications Act
  • Norwegian Data Protection Authority - GDPR

Analysing the most widely adopted industrial cybersecurity measures by Norway organizations to protect industrial automation systems, Lars Erik Smevold highlights the application of:

  • Implementation of safety management systems
  • Network design and architectures
  • Conventional firewalls
  • Industrial firewalls
  • Backups
  • Whitelisting

The CCI Coordinator in Norway characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:

Weaknesses

  • Lack of specific CERTs

  • Lack of collaboration IT and ICS personel

Strengths

  • Public organizations driven force (industry, national issues and defence)

  • Awareness, especially regarding industrial critical infrastructures

  • Frequent events and forums on industrial cybersecurity

  • Increase of Industrial cyber security trained professionals

  • National industrial cybersecurity specific CERTs


Threats

  • High development of industrial applications without cybersecurity requirements

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Competence and collaboration, complexity

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things

  • Strategic position in the industrial cyber security sector

  • Collaboration and building competence IT and ICS

Activities