Trond Solberg is the head of DNV GL's Cyber Security Services Section. He says that modern hackers have far more resources than we think:
"For a long time, we've known of two types of hackers. There is the traditional, lonely expert who wants to demonstrate what he can do and, through this, gain prestige and be talked about. In addition, there are small teams who work 'underground', mainly motivated by financial gain from ID theft, fraud or blackmail."
Solberg says we must now take a third type of hacker into consideration:
"This hacker is nationally driven. In its most organized form, this may be a 'cyber warfare' centre where hackers have access to researchers, ordinary working hours and pension contracts. Not much information on these groups has been published, but it is known that major powers possess such aggressive attack capacity, with more or less limitless budgets," he says.
The motivation for these centres is not at all about finance or prestige.
"Here we are talking about nations whose main motivation is related to positioning and escalation in connection with national conflicts. By affecting critical infrastructure through cyber attacks, they can efficiently force the other party back to the discussion table or in some other way influence another country in the desired direction," says Solberg.
"What kind of infrastructure do the attackers look for?"
"Some kinds of critical infrastructure are particularly vulnerable to hacker attacks: oil and gas installations, maritime fleet and logistics controls, telecoms infrastructure and all kinds of power stations, power supply and networks."
Take cyber security seriously
According to Solberg, good cyber security regarding critical infrastructure can save companies and nations from enormous financial losses, huge material damage, environmental disasters and, in the worst case, the loss of human life.
He illustrates this by providing several known examples of cyber attacks. Maersk lost almost NOK 3 billion following a paralysing cyber attack on its logistics systems and fleet management, while Hydro estimates it lost NOK 700 million following a virus attack last year.
"Disturbances to the power grid are also common. Cyber attacks led to extensive power cuts in Ukraine during the conflict with Russia in 2016. Serious power interruptions in Wyoming and California in 2019 have also been attributed to cyber attacks, and the superpowers are now openly claiming to have paralysing malware lying latent in each other's power grids," he says.
"What can Norwegian companies do to protect themselves against an attack?"
"The person handling digitalization technology in critical infrastructure must do a very professional security job since the attacker has almost limitless resources. When assessing cyber-security expertise, a company system or organization is often divided into two domains: office IT and industrial control systems."
Industry knowledge essential to protect critical infrastructure
"Cyber-security knowledge relating to office IT is relatively generic and there are many good clusters of expertise on this. Such experts can just as easily secure the office network of a power organization, grocery chain, oil operator or shipowner," says Solberg.
Industrial control systems, on the other hand, require very industry-dependent knowledge.
"An expert on maritime-system security may not be able to secure oil and gas production or power distribution facilities. In order to resist nationally financed attacks, one must have in-depth security expertise and long experience of the industry's special control systems," he says.
Advanced attacks will use a combination of weaknesses in office IT and industrial control systems to succeed. These environments must therefore be looked at together and the experts on both sides must cooperate closely in order to see the overall picture.
DNV GL has specialized in cyber-security expertise relating to the control systems in the maritime sector and in the power and oil & gas industries. We combine this with IT-security expertise 'under the same roof' in order to provide the all-round handling of cyber security that is needed to resist nationally driven attacks," concludes Solberg.