Norway’s Auditor General’s Office (AGO) has questioned the general standard of cyber defence competence among leading companies and agencies in the country’s public energy sector.
It identified shortcomings in cyber defence policy and strategy in a number state-owned enterprises, including water and power resource organisation NVE (Norges Vassdrags- og Energidirektorat).
The AGO’s cyber security assessment was based on an extended appraisal by the state agency that began in 2020 and ended in March. The review scrutinised the efficacy of cyber defence policies and strategies to protect critical computer systems against the widening range of cyber attacks directed at major public institutions and companies in Norway.
The country has seen a significant rise in cyber attacks since 2019. The AGO’s audit followed a series of high-profile data security breaches at Norsk Hydro, the Norwegian parliament (the Storting) and cruise company Hurtigruten. In March, the parliament’s computer systems were breached, and data captured, for the second time in seven months.
The AGO will require the Ministry of Petroleum and Energy, which has oversight over state companies such…
