Measures must be adapted to the threat landscape

This year's national threat assessments paint a more serious picture of the situation on the Norwegian continental shelf. At Havtil, we closely monitor the companies' work on security - and highlight the need for adapted measures.

Threat and risk assessments from the Norwegian National Security Authority (NSM), the Norwegian Police Security Service (PST) and the Norwegian Intelligence Service (E-tjenesten) confirm that the threat landscape on the Norwegian continental shelf is influenced by a continued heightened risk. 

"The reports from NSM, PST and the Norwegian Intelligence Service indicate that we are facing a challenging threat landscape. This also applies to the petroleum sector," says Ingvild Klaveness, head of security at Havtil. 

“The industry has worked on security for many years. Work standards in this field are high, and we have seen a positive development. However, we also see the potential for improvement, both in terms of analyses, measures and expertise," says Klaveness.

She points out that a continued, concerning threat landscape also places greater demands on the companies' security work – and that measures must be tailored to the current threat landscape. 

“Continuous improvement is a key term. This is especially true in the situation we find ourselves in," she says, and points out that the threat assessments provide a valuable insight in terms of managing the threat landscape and implementing risk-reducing measures.  

"The companies hold a major responsibility within the field of security, and we will continue to keep a close eye on this area," states Klaveness.

Espionage and sabotage

The open threat assessments from NSM, PST and the Norwegian Intelligence Service confirm that Norway is an important supplier of gas and energy to Europe and that the infrastructure on both the shelf and the onshore facilities are of interest to foreign states. 

PST points out that state intelligence activities and influence/sabotage using so-called proxy actors will colour the threat landscape. Proxy actors are defined as something or someone acting instead of, with authority from, or as a representative of others.

The petroleum industry is particularly exposed to espionage and sabotage on subsea cables, gas pipelines, facilities and installations. The consequences of such actions can be significant for both the industry and national security.   
PST believes it is "likely that Russia may see the benefit of carrying out sabotage actions against targets in Norway in 2025". They also opine that Norwegian-owned energy infrastructure could be the target of such actions. 
Furthermore, PST emphasizes that Russia poses the greatest threat within maritime covert intelligence activity. 

The petroleum sector has experienced various incidents, such as drone activity and vessels operating within proximity to facilities or subsea infrastructure. This type of operation may be undertaken to map preparedness and crisis management. 

Havtil supports and follows up the industry in the event of this type of incident.

Action required

In Risk 2025, NSM makes it clear that it is important to progress from words to action: 

"Critical infrastructure such as fibre optic cables, power lines and gas pipelines are examples of assets that we will never be able to fully secure. Backup solutions and optimal repair preparedness are therefore just as important as security measures”, writes NSM, pointing to the significance of prioritizing backup solutions and resilience, monitoring and detection measures, as well as practising contingency plans. 

This year's risk and threat assessments also underline the persistent risk associated with the cyber domain and the need for continuous development of measures and vigilance. 

In addition, it has been indicated that artificial intelligence (AI) is being developed as a tool by malicious actors with and without in-depth technical expertise. 

“AI has increased in popularity and accessibility in recent years. The opportunities resulting from AI development are significant. At the same time, the opportunities for the malicious use of such technology are increasing correspondingly,” NSM points out. 

AI is increasingly being used for attacks in the cyber domain and to identify vulnerabilities in systems. This is happening at the same time as the information values from the industrial ICT systems are being made available in the cloud to facilitate the widespread use of AI in the industry.

Vulnerabilities

In 2024, Havtil found that vulnerabilities in its security solutions are particularly exposed. This also applies to the solutions designed to provide the necessary protection for security in remote work.

Threat actors often seek the easiest point of entry. NSM points out that the insider risk is real and that preventive measures must be prioritised. Daily, security-related management is key to reducing the risk of insider activity. Preventive measures must be prioritised to reduce insider activity risks and to safeguard assets.  

Complex supply chains mean that weaknesses at a supplier level translate into weaknesses for the businesses to a greater extent than before. This in turn means that supplier security achieved through good qualification routines, follow-up of these routines, and information sharing with suppliers must be more highly prioritised.

NSM also highlights the importance of security in procurement processes. It is important to clarify the need for protection related to procurements and to uncover vulnerabilities in the processes.