Abstract
This chapter discusses ongoing developments in cyber security regulations in the Norwegian energy sector through research and government-industry cooperation. The focus is on cyber security policies for Norwegian electric power supply entities at the strategic, tactical and operational levels. The chapter promotes the integration of regulatory requirements with traditional cyber security standards tailored to electric power supply entities and highlights how the integration contributes to effective cyber security governance and risk management.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
European Commission, Internal market, industry, entrepreneurship and SMEs, Brussels, Belgium (ec.europa.eu/growth/smes/sme-definition_en), 2021.
S. Evans (Ed.), Public Policy Issues Research Trends, Nova Science Publishers, Hauppauge, New York, 2008.
H. Fridheim, J. Hagen and S. Henriksen, A Vulnerable Electrical Power Supply – Final Report from Protection of Society (BAS3) (in Norwegian), Norwegian Defense Research Establishment, FFI Report 2001/02381, Oslo, Norway (publications.ffi.no/nb/item/asset/dspace:3605/01-02381.pdf), 2001.
J. Hagen, Securing the energy supply in Norway – Vulnerabilities and measures, presented at the NATO Membership and the Challenges from Vulnerabilities of Modern Societies Workshop of the Norwegian Atlantic Committee and the Lithuanian Atlantic Treaty Association, 2003.
Heimdall Power, The power of knowing, Sandnes, Norway (heimdallpower.com), 2021.
Information Systems Audit and Control Association, COBIT – An ISACA Framework, Schaumburg, Illinois (www.isaca.org/resources/cobit), 2021.
O. Lysne, K. Beitland, J. Hagen, A. Holmgren, E. Lunde, K. Gjosteen, F. Manne, E. Jarbekk and S. Nystrom, Digital Vulnerabilities – Safe Society (in Norwegian), NOU 2015:13, Norwegian Government Security and Service Organization, Oslo, Norway (www.regjeringen.no/contentassets/fe88e9ea8a354bd1b63bc0022469f644/no/pdfs/nou201520150013000dddpdfs.pdf), 2015.
MITRE Corporation, Common Vulnerabilities and Exposures (CVE), Bedford, Massachusetts (cve.mitre.org), 2021.
Norwegian Water Resources and Energy Directorate, The State of Information Security in the Power Supply Sector (in Norwegian), NVE Report no. 90-2017, Oslo, Norway (publikasjoner.nve.no/rapport/2017/rapport2017_90.pdf), 2017.
Norwegian Water Resources and Energy Directorate, Method for Identifying Power Supply Sensitive Information on the Internet (in Norwegian), NVE Factsheet no. 11 09/2019, Oslo, Norway (publikasjoner.nve.no/faktaark/2019/faktaark2019_11.pdf), 2019.
Norwegian Water Resources and Energy Directorate, Power Supply Contingency Regulations – Guidelines (in Norwegian), Oslo, Norway (www.nve.no/nytt-fra-nve/nyheter-tilsyn/rettleiar-til-kraftberedskapsforskrifta), 2020.
Office of the Auditor General of Norway, The Office of the Auditor General of Norway’s Study of NVE’s Work with ICT-Security in the Power Supply Sector (in Norwegian), Document 3:7 (2020–2021), Oslo, Norway (www.riksrevisjonen.no/globalassets/rapporter/no-2020-2021/nves-arbeid-med-ikt-sikkerhet-i-kraftforsyningen.pdf), 2021.
A. Oldehoeft, Foundations of a Security Policy for Use of the National Research and Educational Network, NISTIR 4734, National Institute of Standards and Technology, Gaithersburg, Maryland, 1992.
Reuters Staff, Norway’s Parliament hit by new hack attack, Reuters, March 10, 2021.
M. Royksund and A. Valdal, An Exploratory Study of the Application of Internet of Things (IoT/IIoT) in the Norwegian Power Supply Sector (in Norwegian), NVE External Report no. 2/2020, Norwegian Water Resources and Energy Directorate, Oslo, Norway (publikasjoner.nve.no/eksternrapport/2020/eksternrapport2020_02.pdf), 2020.
D. Spilde and C. Skotland, How Could Extensive Electrification of the Transportation Sector Influence the Power Supply System? (in Norwegian), NVE Note, Norwegian Water Resources and Energy Directorate, Oslo, Norway (beta.nve.no/Media/4117/nve-notat-om-transport-og-kraftsystemet.pdf), 2015.
T. Svensen, K. Kallseter and S. Husabo, Application of Digital Tools in ICT-Security Audits (in Norwegian), NVE Report no. 38/2020, Norwegian Water Resources and Energy Directorate, Oslo, Norway (publikasjoner.nve.no/rapport/2020/rapport2020_38.pdf), 2020.
Technical Support Working Group, Securing Your SCADA and Industrial Control Systems, Version 1.0, U.S. Department of Homeland Security, Washington, DC, 2005.
R. Wies, Policy definition and classification: Aspects, criteria and examples, Proceedings of the IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, 1994.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hagen, J., Toftegaard, O. (2022). Cyber Security Requirements in the Norwegian Energy Sector. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XV. ICCIP 2021. IFIP Advances in Information and Communication Technology, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-030-93511-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-93511-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93510-8
Online ISBN: 978-3-030-93511-5
eBook Packages: Computer ScienceComputer Science (R0)