Recently, NRK has been at pains to check the safety of Norway's network, particularly scrutinizing the use of secure connections via HTTPS. An astonishing number of significant deficiencies have been unveiled, which may serve as proof that secure connections in fact are not as secure as everybody thinks.
One of the 'failed' sites which were revealed to have security deficiencies was the tip portal set up by the National Criminal Investigation Service NCIS to gather information on, among other things, bomb chemicals, radicalization and violent extremism on the Internet, as well as trafficking and the sexual exploitation of children.
Cybersecurity expert Runa Sandvik points out that NCIS has in fact failed to follow the advice experts presented as early as September 2015.
The National Criminal Investigation Service in Norway, @Kripos_NCIS, should've done a better job with its tip site: https://t.co/LvgLvNTWUn
— Runa A. Sandvik (@runasand) 2 сентября 2015 г.
"I believe it's sad that they haven't done anything about it. Of all the organizations in Norway, NCIS is a body that should be able to put on a good performance," says Sandvik.
Per Thorsheim of the country's security council admits that he himself, with his personal background of security knowledge, would never use such a page due to possible risks.
"I'd most likely find other ways to inform them," he said.
NRK's investigation went so far as to expose vulnerabilities in two websites owned and operated by the military. Both had weaknesses that made it possible to read e-mails outside of Norway's armed forces' internal systems. In the event of a worst-case scenario, valuable information may have been intercepted by malicious individuals.
"There should be no such weaknesses in our system, and we were really caught pants down," communication manager Knut Grandhagen of Norway's Cyber Force said.
"It is very sad that large, serious and important agencies have websites with a very poor safety level. It is a stain on their reputation," regretted Per Thorheim.
