Norway (NO)

Norway implemented its new cybersecurity strategy in 2019: National Cyber Security Strategy for Norway, following the first version in 2012 and a white paper in 2017 (Stortingsmelding: "ICT security. A shared responsibility"; in Norwegian). The white paper highlights the growing number of vulnerabilities as the result of digitisation across borders, sectors and companies while challenging the responsibilities between civilians and the military spheres. The white paper anticipates the new strategy in several ways, from strengthening cooperation between public and private organisations to establishing a national fraework for digital incident response and building ICT security competences. The 2018 annual report from the Norwegian Security Authority (NSM) is a portfolio of risks and vulnerabilities from public authorities, the business community, academia and other stakeholders. Its main findings are that the increasing digitisation of services and automation are generating new security challenges and increased threat exposure.

The 2019 strategy covers the following goals in the ENISA self-assessment classification: Cybercrime, security and privacy balance, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, R&D, cyber security exercises, incentives for the private sector to invest in security measures, training and educational programmes.

The strategic vision is that: In Norway, it is safe to use digital services. Private individuals and companies have confidence in national security and trust that welfare and democratic rights of the individual are being safeguarded in a digitised society.

The Norwegian Ministry of Justice and Public Security is responsible for coordinating public security in the civilian domain, outlining government policy for cybersecurity, including national requirements and recommendations for public and private companies.

EDUCATION AND TRAINING IN NATIONAL CYBERSECURITY STRATEGY

Awareness and Competence	The Norwegian strategy places emphasis on our working together to reinforce cyber security in society. Based on the current security challenges, the following strategic goals are considered fundamental: Norwegian companies digitalise in a secure and trustworthy manner, and are able to protect themselves against cyber incidents. Critical societal functions are supported by a robust and reliable digital infrastructure. Improved cyber security competence is aligned with the needs of society. Society has improved ability to detect and handle cyber attacks. The police have strengthened their ability to prevent and combat cyber crime.
Research and Education	The strategic goal for competence in the national strategy is improving cybersecurity competence aligned with the needs of society. Competence and knowledge about threats, vulnerabilities and effective measures are the precondition for protecting digital values against cyber incidents. Private individuals, companies and authorities need access to information about cybersecurity challenges and appropriate measures to tackle them. Top priority is therefore given to specialisation in cybersecurity as of vital importance to national security. The 2019 national strategy sets out the competence goals and conditions for the long-term build-up of capacities in cybersecurity, encompassing research, development, education and measures designed to raise awareness in the business community and among citizens. Goals: Attractive and competent research environments for prominant researchers and post-graduates. The number of specialists in cybersecurity meets the needs in the labour market and accommodates national security considerations. Cybersecurity competence is sufficiently addressed in study programmes where ICT constitutes a key component, including ICT and technology courses, as well as study programmes in other disciplines that include cybersecurity to a relevant extent. Good post- and supplementary education in ICT and cybersecurity at vocational colleges, universities and university colleges. Cybersecurity is included in relevant professional training courses and vocational courses to a sufficient extent. Pupils and apprentices have digital skills including competences that enable them to experience life skills and succeed in further education, working life and participation in society. Private individuals have knowledge and skills that provide them with good judgement of digital issues and that protect them from their privacy and assets online.
Higher Education Courses on Cybersecurity	University of Agder – Master in Cybersecurity. Year established: 2019. Student Intake: 45. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. Noroff School of Technology and Digital Media – Bachelor Degree in Cybersecurity. European Credit Transfer System (ECTS): 180. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – Bachelor Degree in Digital Infrastructure and Cybersecurity. European Credit Transfer System (ECTS): 180. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – Master Degree in Information Security. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – Master Degree in Communication Technology. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – Master Degree in Experienced-based Information Security. European Credit Transfer System (ECTS): 90. Focus: Law, ethics, policy, privacy, cybercrime disciplines with some modules on information security. NTNU, Faculty of Information Technology and Electrical Engineering – Master Degree in Security and Cloud Computing. This is an Erasmus Mundus double degree programme. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – Master Degree in Communication Technology and Digital Security. European Credit Transfer System (ECTS): 300. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – PhD in Information Security. European Credit Transfer System (ECTS): 180. Focus: System security, network security, component security, SW security. NTNU, Faculty of Information Technology and Electrical Engineering – PhD in Information Security and Communication Technology. Focus: System security, network security, component security, SW security.
Public-private partnerships	Public-private partnerships help prioritise preventive cybersecurity and cybersecurity in critical societal functions in the context of the Norwegian strategy. Public-private partnerships are an essential ingredient in resolving cybersecurity challenges through collaboration between all relevant stakeholders at national and international levels. Specifically, challenges need tackling through joint inputs and across traditional sectoral boundaries to accommodate all security needs. The business community has a central role to play with its requisite skills, resources and functions and as a driving force for digitisation and innovation. A substantial part of Norway's critical digital infrastructures is owned and operated by private companies. Therefore companies also have a role to play in protecting the dependency of society on digital solutions as authorities play a limited role in the development of cyberspace. Increased collaboration is expected to lead to better situational awareness and better decisions while allowing greater access to human and other resources. The approach to intensified cooperation brings together the diverse capacities, knowledge and skills of public and private companies, authorities as legislators, facilitators and supervisory bodies along with law enforcement having designated powers to invesitgate and prosecute cybercrime. Guiding principles: Authorities and the business community working together to identify and discuss cybersecurity challenges and exchange experiences. Reciprocal obligations based on transparency, trust and mutuality. Authorities contributing to establishing a business community where cybersecurity services are in demand, developed and provisioned. Capabilities from the business community are an integral part of the partnership. The Norwegian Center for Cyber and Information Security (CCIS) is a partnership of key national cyber security stakeholders, giving access to a variety of resources, both funding and man-power. The institution operates in close co-operation with the Norwegian University of Technology (Norges teknisknaturvitenskapelige universitet; NTNU). One of its primary tasks is to ensure that education in the field of cyber security is available at all levels from elementary schools to post graduate university studies. The COINS Research School of Computer and Information Security is led by CCIS/NISlab. Participants in the research school include NTNU, University of Oslo, University of Bergen, University of Agder, University of Stavanger, and University of Tromsø. COINS integrates Norwegian research groups in Information Security to a larger entity by building stronger relationships between doctoral students in the network, establishing more incentives to excel and increasing student mobility through access to a larger network, including the hosting of internationally recognised researchers.
IT/Cyber Clusters	The purpose of the Joint Cyber Coordination Centre (FCKS) is to improve national capacity in detecting and withstanding serious cyber-attacks, offer strategic analysis and maintain a comprehensive record of threats and risks. NorSIS, the Norwegian Centre for Information Security is an independent organisation working to improve knowledge and understanding of cybersecurity, such as advice and guidance to citizens and companies, especially SMEs: Slettmeg.no: A free service that aids people who experience privacy violations online. Nettvett.no: A free service providing information, advice and guidance on a safer use of the Internet. The information is aimed at individuals, from child to adult, consumers and small and medium enterprises. NettVett is a service in cooperation with The Norwegian National Security Authority (NSM) and the Norwegian Communications Authority (Nkom).
EU Cyber Professional Register for national stakeholders	The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications. Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
Latest Update & Disclaimer	January 2021. The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.

Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Response teams	NorCERT (Norwegian and English) is the national computer emergency response team, operating under the National Cyber Security Centre (NSM); (Norwegian: https://nsm.stat.no/; English: nsm.stat.no/english/). Its tasks include dealing with counter threats to the independence and security of Norway and other vital national security interests, primarily espionage, sabotage or acts of terrorism. HelseCERT (Norwegian; www.nhn.no/helsecert) is the joint information security competence center for the Norwegian health care sector. UNINETT (English; www.uninett.no/en) develops and operates the Norwegian national research and education network, interconnecting about 200 Norwegian educational and research institutions and more than 300,000 users, as well as giving them access to international research networks. It is a neutral party, and is run non-profit. UNINET CERT (English) is its computer emergency response team. UiO-CERT (English; www.uio.no/english/services/it/security/cert/) is the computer security incident response team (CSIRT) for the University of Oslo, handling IT-related security incidents, such as virus, break-ins and vulnerabilities for the constituency. FinansCERT is a dedicated industry computer security incident response team (CSIRT) for the Norwegian financial sector, which is represented by Finance Norway – FNO. It serves banks, life insurance and pension companies that are members of Finance Norway (Norwegian: http://www.finanscert.no/index.html; English: http://www.finanscert.no/engelsk.html). Basefarm Group's Security Incident Response Team Basefarm SIRT/BF-SIRT). Its constituency is industrial, ISP Customer Base, Basefarm AS (Norway), Basefarm AB (Sweden), Basefarm BV (Netherlands), acting as the primary contact point for the Group.
Report a cyber incident to national CERT/CSIRT	NorCERT: Norwegian: https://nsm.stat.no/; English: nsm.stat.no/english/ Team Email: norcert@cert.no Telephone: +47 23 31 07 50 HelseCERT Norwegian; www.nhn.no/helsecert Team Email: incidents@helsecert.no Telephone: +47 73 56 57 56 Public PGP Key UNINETT CERT English; www.uninett.no/en Team Email: cert@uninett.no Telephone: +47 73 55 79 60 Public PGP Key UiO-CERT English; www.uio.no/english/services/it/security/cert/ Team Email: cert@uio.no Telephone: +47 22 84 09 11 FinansCERT Norwegian: http://www.finanscert.no/index.html; English: http://www.finanscert.no/engelsk.html Team Email: post@finanscert.no Public PGP Key Basefarm Group's Security Incident Response Team Basefarm SIRT/BF-SIRT) Constituency: industrial, ISP Customer Base, Basefarm AS (Norway), Basefarm AB (Sweden), Basefarm BV (Netherlands), acting as the primary contact point for the Group. Email: sirt@basefarm.com Telephone (emergency number): (+47) 4000 4200
Guidance and Updates	cert.no, https://nsm.stat.no/ provides updates on new cyber threats, related news and events. All information is provided in Norwegian as the English version does not feature these updates. Twitter (Norwegian): @NorCERT provides information in both Norwegian and English.
Languages	Norwegian; English
Latest Update & Disclaimer	January 2021. The information contained here is the result of desk research carried out by CYBERWISER.eu.

EDUCATION AND TRAINING IN NATIONAL CYBERSECURITY STRATEGY

Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error