Tuesday, the Norwegian government announced that it has concluded that Russia was behind the cyberattack against the Norwegian parliament Stortinget on 24 August, an attack in which email accounts of both MP’s and Stortinget staff were attacked.
On 24 August, the Norwegian parliament announced a major break-in to its email systems.
“Based on information the government is in possession of, it is our assessment that Russia is behind the data attack against Stortinget”, Norwegian Foreign Minister Ine Eriksen Søreide said to Norwegian broadcaster NRK Tuesday.
“This is a serious incident targeting our most important democratic institution. The security and intelligence services cooperate closely about the national management of this incident. Based on the information the government is in possession of, it is our assessment that Russia is behind this activity”, Foreign Minister Ine Eriksen Søreide says in a press release.
Clear message to Russia
The collaboration to manage the incident is coordinated through the Joint Cyber Coordination Center.
We cannot accept that Stortinget becomes subject to this kind of attack
“The data attack demonstrates the importance of good security measures. Our increasing use of digital solutions makes threats against us move into the digital domain too. The government will continue its efforts to increase our digital security on a national level and strengthen cooperation internationally”, Søreide says.
It is the first time ever that the Norwegian government goes as far as placing the responsibility for the break-in on Russia; however, it is sure that Russia is behind the attack and gives a clear message that such a data attack is unacceptable. This is referred to as an attribution.
No legal consequences
“It is important for us to hold Russia accountable. We cannot accept that Stortinget becomes subject to such attacks”, Eriksen Søreide said during a press meeting Tuesday.
The attribution will nevertheless not have any legal consequences. The Police Security Services carries the responsibility for investigating whether anyone can be held legally accountable for the data attacks.
Expects an explanation from Norway
On its Facebook page, the Russian embassy in Norway Tuesday wrote that it expects an explanation from Norwegian authorities:
“On 13 October 2020, Norwegian authorities accused Russia of having conducted the ‘cyberattack’ against Stortinget. No evidence was presented. We find such accusations against our country unacceptable. We consider this case a serious, intentional provocation and destructive for bilateral relations. Millions of cyberattacks are conducted against Russian state web resources from abroad (for instance against the MFA web site in January-September 2018 – 77 million, and a.o. against the foreign mission in Norway), however, this provides no reason to accuse the authorities of the countries from which the claimed attacks come”, the Embassy writes.
It continues to explain that as early as in May of this year, a note was sent to the Norwegian Ministry of Foreign Affairs, describing Russia’s regulations for managing cyberattacks, however, no response was received from the Norwegian MFA.
“This testifies to the fact that Nowegian authorities have no desire for dialogue. One thus has to ask oneself about why one should establish professional management mechanisms together with European countries, according to legislation?”
The embassy writes that it expects an explanation from Norway.
Foreign Minister Søreide says digital security breaches may only be prevented if both enterprises and private persons contribute to preventive security efforts.
This article was originally published in Norwegian and has been translated by HNN's Elisabeth Bergquist.