‘Through the exercise, we have emphasised the importance of coordinating the nation’s collective capacity during critical events in the cyber domain, across all sectors – public and private, as well as government agencies. Incidents in the cyber domain may be critical for Norwegian society, and cannot be handled by any one actor alone,’ says CEO of Norway’s telcommunication giant Telenor, Berit Svendsen.
During CyberDawn, Telenor rehearsed its response to a security incident in the cyber domain in cooperation with the Norwegian Cyber Force, the National Security Authority (NSM), the police, the Norwegian Post and Telecommunications Authority, Evry, DNB, and SpareBank 1. The objective of the exercise was to test procedures and interfaces, and to highlight vulnerabilities and missing processes.
‘We can conclude that we are now better equipped to respond to such security incidents than we were before the exercise. Among other things, we uncovered some technical vulnerabilities that we are now taking measures to close. At the same time, the exercise has highlighted how important a clear division of roles and responsibilities in the cyber domain at the national level is,’ says Storm Jarl Landaasen, Telenor Norway’s Chief Security Officer and head of the CyberDawn exercise.
He emphasises excellent dialogue with, among others, the National Security Authority, the National Criminal Investigation Service (Norway), and the National Police Directorate during the planning and implementation phases of the exercise. The National Security Authority have been given the executive responsibility for coordination and will coordinate the notification and handling of serious cyber attacks at the national level.
Help from the Norwegian Armed Forces
The Norwegian Armed Forces may have a role in providing assistance to civil society should a crisis in the cyber domain become large enough. A request for assistance from civilians will be directed to the police in the relevant police district. The police will then forward such a request to the Norwegian Armed Forces. As part of the exercise, Telenor wanted support from, among others, the Norwegian Cyber Force to see how such assistance might be realised.
‘Our role during the CyberDawn exercise was primarily to highlight how any request for assistance should be presented in order to achieve the desired result in a crisis situation, and to uncover any challenges in this process. This has not been done previously for cyber threats, and, in my view, the exercise therefore represents important ground breaking work for our nation’s security,’ says Major General Roar Sundseth, head of the Norwegian Cyber Force.
Want a new national exercise
During the planning and implementation phases of CyberDawn, it was pointed out by a variety of different authorities, that it should not be necessary for a private operator to take the initiative in a large, practically national exercise when national security and the protection of society were at stake.
The government has, as part of its political platform, defined several significant measures for cyber security and readiness: “Define the responsibilities of the authorities for the security of critical, digital infrastructure. Gather responsibility in one ministry. Reinforce readiness for cyber crime and cyber attacks. Reinforce the capabilities of the Norwegian Armed Forces for cyber operations and connect the Norwegian Cyber Force to civil cyber security where appropriate.”
‘These are positive signals. Through CyberDawn, we have established a good dialogue with the authorities, and we want to continue and reinforce that. We absolutely want to enter into dialogue with the authorities about putting into place a cyber exercise in 2015 under the auspices of the authorities,’ Svendsen underlines.