Cyber criminals have moved towards disrupting business or government infrastructure availability as a leverage point for financial or political gain. The public sector has proven particularly vulnerable to these attacks, with criminals threatening critical national infrastructure like water supplies, transportation, and basic operations in local and national governments.

Whilst this attack did not affect the Norwegian government’s operations, the disruption of public services can directly affect the lives of all of us and even lead to breakdown the everyday functioning of civilians and broader society. For that reason, this attack should be a warning to all local and national governments that critical public services and their cyber-physical systems must be secured, and that special priority attention must be given to OT and critical infrastructure environments.

Governments are increasingly relying on cyber-physical systems, such as OT, IoT, ICS and IoMT, to modernise critical infrastructure and optimise public services. However, these devices also expose governments to new cyber threats and vulnerabilities. Therefore, it’s important to implement network segmentation so unnecessary connectivity and the movement of malware can be restricted, as well as real-time monitoring and analysis to identify anomalies and potential intrusions quickly.