The Norwegian Communications Authority (Nkom) has admitted to a serious security lapse, confirming that information identifying companies designated under Norway's Security Act remained publicly available for an extended period. This exposure, which Nkom states occurred over several years, revealed the identities of entities deemed vital to national security, including those operating critical infrastructure in sectors such as telecommunications, energy, and defense.
The publicly accessible data, reportedly found within a register maintained by Nkom, detailed which specific companies were subject to the stringent requirements of the Security Act. This legislation mandates enhanced security measures for organizations whose operations are considered essential for national security interests or have the potential to be exploited by foreign powers. The exact mechanism of the public disclosure has not been fully detailed by Nkom, but it involved information that should have been classified or otherwise protected from general access.
The implications of this prolonged exposure are significant. Experts in cybersecurity and national defense indicate that such information could be exploited by state-sponsored actors, intelligence services, or organized criminal groups. Identifying companies under the Security Act provides a roadmap for potential targets for espionage, sabotage, or cyberattacks aimed at disrupting essential services or acquiring sensitive national data. The lapse compromises the very intent of the Security Act, which is to safeguard these critical assets from external threats.
Nkom stated that the vulnerability was identified in late 2023 and has since been rectified, with the sensitive information removed from public view. The regulator has initiated an internal review to determine the full scope of the exposure, including how the lapse occurred and what measures are necessary to prevent future incidents. While Nkom has not publicly named the affected companies, it has confirmed that relevant entities have been informed of the breach. The incident raises questions about the oversight and data protection protocols within government agencies responsible for national security information.
The Norwegian Ministry of Justice and Public Security, which oversees the Security Act, has been briefed on the situation. Officials have emphasized the importance of robust information security practices across all government bodies and critical infrastructure sectors. The incident underscores the ongoing challenges in managing sensitive data in a digital environment and the necessity for continuous vigilance against evolving threats to national security.
Source: e24.no