Earlier this year, unidentified hackers breached the control system of a Norwegian dam  at Risevatnet, in Bremanger. The hackers discovered that the dam had a Human Machine Interface (HMI) exposed on the Internet and was able to gain access by exploiting a weak password.  

The hackers managed to fully open the gate valve of the dam, and upholding the unauthorized access for about four hours. This resulted in an estimated outflow of 7.2 million liters of water before operators detected the unauthorized activity and restored control.  

Initially the incident was mistaken for a technical malfunction, but through the investigation done by The Police Security Service and The National Criminal Investigation Service, it was discovered the hackers had uploaded a three-minute video to Telegram, showing a screen recording of the control panel connected to the dam.  The video contains a static watermark, naming a pro-Russian cybercriminal group.

The Aftermath – National security authorities’ measures for preparedness:

After observing this targeted, unwanted activity towards digital infrastructure in Norway, the Norwegian National Security Authority (NSM) issued a public warning.  The warning  was directed towards related critical sectors, and named water supply, dams and other infrastructure.  

The incident exposed serious vulnerabilities in critical infrastructure security, particularly regarding outdated control systems connected to the internet without adequate authentication safeguards. It served as a wake-up call for strengthening cybersecurity defenses in industrial control environments and underscored the growing geopolitical risks tied to cyberattacks on essential infrastructure.

How Secure-NOK answers to the security reccomendations

The incident has sharpened Norway’s focus on preparedness and cybersecurity measures and the security authorities have given more thorough official warnings and security recommendations than before. In response, NSM has urged Norwegian organizations to strengthen their defenses by implementing a set of key measures. As an experienced partner for industrial cybersecurity, it’s essential that our solutions assist in answering these measures:

• Establish thorough logging within digital infrastructure related to industrial control systems and operational technology (OT). NSM is clear on recommending that all digital activity is to be logged, especially focusing on systems connected to industrial control systems and OT. SNOK™, Secure-NOKs proprietary platform for OT-cybersecurity monitoring, provides full activity log in the OT-environment, combined with real-time alerts. This allows easier discovering and ability to handle anomalies quickly, serving as an important tool to reduce risk and strengthen the security readiness.
• Components of OT or industrial control systems should not have direct remote access via the internet. OT and IT networks should be properly segmented.
  Our solutions provide full overview of which components that are connected to internet, allowing easier identification to remove unwanted external access.
• Develop and regularly practice incident response plans to reduce negative consequences.
  NSM enhances the importance of preparedness, and rehearsing these plans regularly. The SNOK platform gives you full overview of your OT-systems: logging of all activity in your OT-environment and real-time alerts of suspicious activity. This gives a solid fundament for realistic planning and rehearsing. When employees know how to respond in a critical situation, the damage decreases significantly.  
• Digital interfaces exposed to the internet should have updated software, firmware, and hardware. Disable unnecessary functionalities. Use geo-blocking where possible.
  Our solutions provide continuous overview of which components that are exposed to internet, which needs to be prioritized for updates or shielding.

The Norwegian National Security Authority (NSM) is Norway’s primary government agency responsible for national protective security and cybersecurity. “

NSMs mission is to strengthen Norway’s ability to counter espionage, sabotage, terrorism and hybrid threats. The agency helps organizations protect civilian and military information, systems, objects and infrastructure that are relevant to national security by giving advice and performing control activities, supervision, security testing and security research

NSM is administratively subordinate to the Ministry of Justice and Public Security. In addition, the Ministry of Defence has authority of NSM with respect to their area of responsibility.

SNOK by Secure-NOK contributes to more robust, secure and stable operations

Secure-NOK provides a modular cybersecurity platform specifically designed for operational technology (OT) environments, offering solutions such as SNOK® Network Intrusion Detection System (NIDS), endpoint monitoring, PLC threat detection, and asset scanning.  

SNOK® can be distributed throughout OT networks for superior visibility and early detection of cyber threats, including non-malware attacks, without disturbing industrial processes. The platform features anomaly-based detection.  

Secure-NOKs Security Center offers specialist services in OT-security

In addition to technology solutions, Secure-NOK offers professional services through its Security Center, including continuous data analysis, consulting, vulnerability assessments, health checks, and tailored OT security training.  

The platform integrates with existing Security Operations Centers (SOC) and is compatible with common incident management systems via REST API. Secure-NOK’s solutions are built to fit industrial needs, highlighting the importance of logging, segmenting OT/IT networks, updating interfaces, and practicing incident response plans for improved cyber resilience.