Financial Crime World

Norway Takes Steps to Enhance Cybersecurity in Financial Sector

Oslo, Norway - In a bid to strengthen cybersecurity in the financial sector, Norwegian authorities have implemented measures to ensure the resilience of critical financial infrastructures and information systems.

Cybersecurity Incidents in Norway’s Financial Sector

According to a report by the Financial Supervisory Authority (FSA), 189 IT-related incidents were reported to the agency in 2018. Of these, five were classified as security incidents. While none of the incidents were deemed critical, the FSA has established a cross-sectoral framework for managing ICT security incidents for critical infrastructures.

Regulations and Reporting Requirements

The FSA and Norges Bank, Norway’s central bank, have introduced regulations requiring financial institutions and payment systems to report material cybersecurity incidents. These reports are shared with:

  • The Ministry of Finance
  • The Ministry of Justice and Public Security
  • The Financial Infrastructure Crisis Preparedness Committee (BFI)
  • The National CERT (NorCERT)

Norges Bank’s Efforts

Norges Bank has taken steps to enhance cybersecurity in the financial sector, including:

  • Creating a draft financial sector mapping to identify critical financial infrastructures and information systems
  • Conducting red team testing to strengthen the cyber resilience of financial institutions and key ICT service providers
  • Highlighting the importance of cybersecurity and identifying contagion channels and possible consequences for the financial system

Annual Risk and Vulnerability Analysis Report (RAV)

The FSA publishes an annual RAV report that contains findings, observations, and lessons learned from supervisory activities, including cybersecurity incident reports. The report shares the supervisor’s understanding of the cyber threat landscape and cybersecurity risk control expectations.

Key Threats Identified in 2018

According to the RAV report, several key threats were identified in 2018, including:

  • Attacks on payment systems
  • Financial institutions
  • Other critical infrastructure (see Figure 2)

Norway’s National Cybersecurity Strategy

Norway’s efforts to enhance cybersecurity in the financial sector are part of its broader strategy to improve national cybersecurity. The Norwegian National Security Authority (NSM) is responsible for improving cybersecurity across the country and operates NorCERT.

The NSM is also working with international authorities, including the International Monetary Fund (IMF), to share best practices and coordinate efforts to combat cyber threats.

Conclusion

In conclusion, Norway’s financial sector is taking proactive steps to enhance cybersecurity and prevent potential attacks that could disrupt financial stability. The country’s authorities are committed to ensuring the resilience of critical financial infrastructures and information systems, and their efforts are an important step in protecting the financial system from cyber threats.