Computer Crime

Norway has one of the highest percentage of population with access to the internet in the world. With that comes the highest level of cyber-attack susceptibility according to Assef Y. Keren and Keren Elazari in a report to the 4th International Conference on Cyber-Conflict in 2012. This report spelled out the Cyber-Attack Index (CAS) based on four UN identified gauges of internet development that included percent of population using the internet, accessibility of national websites, percentage of persons with computers, internet users, percent of persons with telecommunication access and adult literacy rate. The higher the CAS rating the higher the susceptibility for cyber-attack. Norways rating on the CAS scale was .88. This was the highest on the list. Now the bad news, according to an article in the Norway Post from Friday, April 18, 2014 titles 45,000 cases of cybercrime in Norwegian companies, Both public and private companies were targeted in 45,000 cases of computer hacking, theft and fraud last year. The article points out that only one in nine companies has a thorough protection plan in place and only 361 cases were reported in 2013, thats less than one percent. Estimated losses are around NOK 20 billion. Just looking at the figures one would suspect that nothing is being done in Norway to counter the threat of cybercrime. One might be right. In the annual report of the Norwegian National Security Authority (NSM) it was noted that the extensive use of outsourcing to foreign countries and so-called cloud storage has weakened the protection that Norwegian jurisdiction can provide Norwegian interests. The economic decision by many companies and agencies to use cheaper and less secure protections have left many vulnerable to espionage and other ICT related crimes. NSM has created NORCERT (the Norwegian National Computer Response Team) to act as a coordinating body for all major cyber security incidents related to Norway. They are responsible for threat assessment, early warning, incident response and developing cyber defense. NSM has also created SERTIT as an independent certification authority for all IT-security. As part of the fight against cybercrime Norway has enacted new laws codifying violation of computer security with prison terms and fines. The heart of the fight is international cooperation between law enforcement jurisdictions that enable identification and prosecution of violators across international boundaries. In addition the Ministry of Justice has identified two levels of systems in Norway that require protection. First is critical infrastructure including electrical power, electronic communication, water supply and sewage, transportation, oil and gas, and satellite communication. The second is critical societal functions such as banking and finance, food supply, health service police, emergency services and rescue.