Document 3:6 (2024−2025) / Published Follow-up investigation of the Norwegian Armed Forces’ information systems for use in operations
Interaction between the systems has improved and the ability to detect and stop cyberattacks has been strengthened; however, the security status of the systems remains serious.
-
(PDF, 3.03 MB)
The pdf is in Norwegian
Brief summary
- Effective and secure information systems are crucial to the operational capability of the Norwegian Armed Forces. Information needs to be shared and commands are issued rapidly. Security threats must be detected and stopped.
- In October 2022, the National Audit Office of Norway submitted an investigation that revealed serious shortcomings in the information systems used by the Norwegian Armed Forces in its operations.
- It was one of the most serious reports presented by the National Audit Office of Norway, due to the major national security risks posed by the identified weaknesses.
- We have now investigated the follow-up of the report. We do not issue criticism as part of this follow-up. The reason is that it is too early to evaluate the effects of many of the measures that have been implemented.
- Through dialogue with the Ministry of Defence, we have prepared an unclassified report that is as comprehensive as possible.
- The National Audit Office of Norway will continue to monitor the matter.
Overall assessment
- The situation remains serious.
- The Ministry of Defence and government agencies have implemented a number of measures.
- It is too early to evaluate the scope of implemented measures.
- There have been improvements in some areas.
- In other areas, it is too early to see the effects of the measures.
- The National Audit Office of Norway does not issue criticism of the Ministry's follow-up, but will continue to monitor the matter.
Conclusions
Interaction between Norwegian Armed Forces’ information systems has improved
- Mechanisms for automated data flow between several information systems have been developed.
- The capacity for Tactical Data Link (Link 16) has increased; however challenges persist.
- The work on variant limitation of information systems is challenging and time-consuming.
- The Norwegian Armed Forces are working to find solutions for communication and information exchange that will enable faster full utilisation of new materiel.
The security status of the Norwegian Armed Forces’ information systems remains serious, despite the implementation of measures
- The Norwegian Armed Forces have gained a better overview of their information systems; however, there remains a need for clarification.
- The Norwegian Armed Forces continue to have information systems containing critical national information that do not meet the requirements of the Security Act.
- The Norwegian Armed Forces’ security management has undergone slight positive improvements; however, shortcomings remain.
- The Norwegian Armed Forces’ ability to detect and stop cyberattacks has improved; however, capacity challenges persist.
There continues to be considerable risk associated with the ICT efforts in the Mime and MAST programmes
- It has taken time to increase the delivery capacity in Mime, and the strategic partnership is not working as intended.
- The procurement of a strategic partner in the MAST programme has been cancelled, and there is uncertainty related to the implementation of the programme.
The Ministry of Defence has implemented a governance reform, which also encompasses ICT
- The new governance model has sought to clarify responsibilities and authority.
- The Norwegian Armed Forces have been given greater overall responsibility and authority related to ICT.
- Personnel and competence continue to be a challenge; however, there have been improvements in certain areas.