The Norwegian Government Security and Service Organisation (DSS) has detected a cyber-attack on the ICT platform used by 12 ministries. The matter is currently being investigated by the police.
“We are taking this incident very seriously. The Norwegian Government Security and Service Organisation (DSS) is cooperating closely with the National Security Authority (NSM) and the police. They have implemented a number of measures in response to the attack, and we are following the situation very closely,” says Minister of Local Government and Regional Development Sigbjørn Gjelsvik.
The Minister of Local Government and Regional Development will brief the Storting’s Extended Foreign Affairs and Defence Committee (DUUFK) on the matter.
“It is important to stress that the government is continuing to work as normal. DSS has initiated a number of security measures to protect the information on the affected ICT platform. Additional security measures may be required. This will be assessed on an ongoing basis,” says Gjelsvik.
DSS has set up a crisis team, and is investigating and handling the incident with assistance from the National Security Authority (NSM) and other security experts.
“We have detected a previously unknown vulnerability in one of our suppliers’ software. This vulnerability has been exploited by an unknown third party. This vulnerability has now been fixed. It is still too early to say anything about who is behind the attack or the extent of the attack. Our investigations and the police investigations will provide more answers,” says Erik Hope, Director General of the Norwegian Government Security and Service Organisation (DSS).
The incident has been reported to the police and is currently being investigated. In addition, the Norwegian Data Protection Authority has been notified.
DSS has implemented a number of extra security measures. As a consequence of one of these security measures, employees of the 12 ministries no longer have access to DSS’s shared services on their mobile phones, including email. Employees can still work as normal on their work computers in the office or from their home offices.
“We monitor the systems continuously, and we will implement further measures if and when required. In the interests of the investigation, we are unable to disclose any further details at this time,” says Hope.
DSS’s ICT platform is used by all the ministries, except the Office of the Prime Minister, the Ministry of Defence, the Ministry of Justice and Public Security and the Ministry of Foreign Affairs.
Source: Government of Norway Press Release, July 24 (EN)