Norway has officially adopted its national strategy in 2012.
The national strategy is built upon 4 main objectives:
Obj.1 - Better coordination and common situational understanding
Obj.2 - Robust and secure ICT infrastructure for everyone
Obj.3 - Good ability to handle adverse ICT events
Obj.4 - High level of competence and security awareness
In order to reach these objectives the national strategy also identifies seven priority actions:
- Ensure a more comprehensive and systematic approach to information security
- Improve ICT infrastructure
- Ensure a common approach to information security in public administration
- Safeguard society’s ability to detect, alert and handle serious ICT incidents
- Safeguard society’s ability to prevent, detect and investigate cyber crime
- Continuous efforts to raise awareness and competence
- High quality national research and development in the field of information security
For each strategic priority a status update and a list of specific areas of focus is described.
National Cyber Security Strategy
|Year of adoption||Norway National Cyber Security Strategy 2012|
|Updates and revisions||
No revision of the actual national strategy is currently available. However, a specific Action Plan (Norwegian language) describing in more detail specific aspects of the national strategy has been published by the norwegian Government in 2012.
|Implementation and monitoring||
The national strategy has been developed jointly by the Ministry of Government Administration, Reform and Church Affairs, the Ministry of Defence, the Ministry of Justice and Public Security and the Ministry of Transport and Communications.
The Ministry of Justice and Public Security is primarily responsible for following up the strategy.
|Legal conditions||The first Norwegian NCSS was published in June 2003 covering 2003-2006. A second version of guidelines was established for the period 2007-2010. The latest version of NCSS was published in December 2012.|
|Operational capacities||The NCSS focuses on a broad set of stakeholders such as the Government, Business Community and the Citizens pointing out that it is the business companies that have the specific responsibilities in normal operations (and during crises). The government must establish rules and regulations and ensure that the different sectors have satisfactory cyber security strategies.|
|Progress measures||To assess the current status during follow-up of the strategy’s priority areas, the Government will regularly request a status update for sectoral implementations of action plan initiatives, in order to monitor developments in information security. The Ministry of Justice and Public Security is responsible for this work. An inter-ministerial group will be appointed to monitor the strategy continuously over the long-term. The group’s work will include following developments in security challenges and trends, and assessing whether those developments will trigger a need to revise all or part of the national strategy on an ongoing basis.|
Current status: NIS Directive and national CERTs/CSIRTs
Computer security incident
response teams (CSIRTs)
NorCERT is the national computer emergency response team. The team operates under the National Cyber Security Centre (NSM).
HelseCERT is the joint information security competence center for the Norwegian health care sector.
UNINETT CERT is the computer emergency response team for the norwegian national research network.
UiO-CERT is the computer security incident response team for the University of Oslo.
FinansCERT is a dedicated industry CSIRT for the Norwegian financial sector, as represented by Finance Norway – FNO.
|Report an incident||
NorCERT - Team Email - Main Phone +47 23 31 07 50
UiO-CERT - Team Email - Main Phone +47 22 84 09 11
|Date of last WISER analysis||October 2016|