Listen Live
    Personal data online

    Media Catches Norway's Negligent Cyber Defense With 'Pants Down'

    © Photo : Pixabay
    Europe
    Get short URL
    1103

    Norway's broadcasting company NRK has revealed serious security weaknesses in a number of official websites, including that of the National Criminal Investigation Service, a number of the military's internal sites, as well as the National ID Center; roughly a quarter of the handpicked websites in the public domain have failed NRK's security test.

    Recently, NRK has been at pains to check the safety of Norway's network, particularly scrutinizing the use of secure connections via HTTPS. An astonishing number of significant deficiencies have been unveiled, which may serve as proof that secure connections in fact are not as secure as everybody thinks.

    NRK graded the tested websites' performance from A (best) to F (worst). According to the recommendations of Norway's Agency for Public Management and eGovernment (DIFI) public websites should at least yield a B-performance or higher. Nevertheless, a total of 102 domains or 24 percent of public websites with HTTPS are reported to have flunked NRK's test. An F-grade means that the site is using incorrect or outdated encryption, which is open to serious security vulnerabilities.

    One of the 'failed' sites which were revealed to have security deficiencies was the tip portal set up by the National Criminal Investigation Service NCIS to gather information on, among other things, bomb chemicals, radicalization and violent extremism on the Internet, as well as trafficking and the sexual exploitation of children.

    Cybersecurity expert Runa Sandvik points out that NCIS has in fact failed to follow the advice experts presented as early as September 2015.

    ​"I believe it's sad that they haven't done anything about it. Of all the organizations in Norway, NCIS is a body that should be able to put on a good performance," says Sandvik.

    Per Thorsheim of the country's security council admits that he himself, with his personal background of security knowledge, would never use such a page due to possible risks.

    "I'd most likely find other ways to inform them," he said.

    Another major participant, which is closely linked to the police and also proved to be vulnerable, is the National ID Center, whose primary goal is to help other competent bodies fight against fake identity papers.

    NRK's investigation went so far as to expose vulnerabilities in two websites owned and operated by the military. Both had weaknesses that made it possible to read e-mails outside of Norway's armed forces' internal systems. In the event of a worst-case scenario, valuable information may have been intercepted by malicious individuals.

    "There should be no such weaknesses in our system, and we were really caught pants down," communication manager Knut Grandhagen of Norway's Cyber Force said.

    "It is very sad that large, serious and important agencies have websites with a very poor safety level. It is a stain on their reputation," regretted Per Thorheim. 

    Related:

    Missing the Cut: Norway's First Paperless School Fails to Cut Paper Waste
    Cold Shoulder: Norway's Rejected Refugees Dumped Off in Arctic Russia
    Tags:
    security checks, cyber attack, NRK, Norway
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik