The Threat Picture and Norwegian Petroleum Activities

Source: 3/20/2023, Location: Europe

The Petroleum Safety Authority Norway (PSA) has reviewed this year’s unclassified threat and risk assessments from the Norwegian Intelligence Service (NIS), the Norwegian Police Security Service (PST) and the Norwegian National Security Authority (NSM). Some points relevant for the petroleum sector are highlighted below.

Information and assessments on foreign, security and defence policy are provided by the NIS to support Norway’s civilian authorities.

Its Focus 2023 report analyses the status of and expected developments in thematic and geographical areas which the service considers particularly relevant for Norwegian security and national interests. Topics covered include Russia, China, international terrorism and conflict areas.

Combined with the National Threat Assessment 2023 from the PST, the NIS report describes national and international conditions which influence the threat picture.

The PST’s assessment concentrates on the intelligence threat, with particular emphasis on Russian and Chinese espionage. It also describes politically motivated violence – extremism and threats to people in authority.

Intelligence work can be pursued in a variety of ways, including network operations, recruitment of sources, and digital and physical sabotage.

Risk can be reduced
Risk assessments and safety measures must be updated in line with changes to the risk picture. The war in Ukraine has demonstrated that Norway must be prepared for a broad range of threats.

In its Risk 2023 report, the NSM calls attention to how the petroleum sector should reduce vulnerabilities to make the job of threat agents more difficult.

Cyber vulnerabilities exploited
Phishing attacks will still be the simplest and most widely used method for obtaining access to information about a person or an enterprise. The NSM is constantly seeing human, technological and organisational vulnerabilities being exploited to assist malicious cyber operations directed at a number of Norwegian enterprises.

Digital threat agents also exploit such vulnerabilities as weak passwords, outdated software and lack of two-factor authentication to secure unlawful access to ICT systems.

Such attacks are not always aimed directly at networks belonging to enterprises. Individuals and third-party services on which enterprises depend may be exploited because they are regarded as easier to assault than the actual targets.

Insider risk
The Norwegian security services are devoting much attention to insider risk, which can arise at any point in an insider’s period of employment. This means background checks or security declarations are not an adequate means of avoiding such risk. These issues are dealt with in more detail in the PSA’s report on maniging insider risk (Håndtering av innsiderisiko - in Norwegian only).

Industry players can help improve the national picture
Good situation and threat pictures at sectoral and national levels depend on a functioning chain which extends from alertness by the individual through reporting systems at companies to filing reports with the authorities.

Routines at enterprises for internal notification, combined with a system for onward reporting to the PSA, the power sector’s computer emergency response team (KraftCERT), the PST or the NSM, make it easier for employees to report.

The PSA has entered into an agreement with KraftCERT, which discharges the operational role as the sectoral response team for the petroleum sector and receives reports of all cyber incidents in the industry.

What must be reported?
Suspicion of, attempts at or successful security incidents, both digital and physical.

United Kingdom >>  6/14/2024 - Subsea7 announced the award of a sizeable1 contract by Dana Petroleum (E&P) Limited, for the Bittern field development, located approximately 190km ea...

Gulf Oil and Gas
Copyright © 2023 ICT All rights reserved. - Terms of Service - Privacy Policy.