The cut in IT funds: – Very regrettable

Cyber ​​defense must protect the Norwegian Armed Forces’ ICT systems from digital threats from military and civilian actors.

In the state budget for 2022 their subsidy was reduced by NOK 110 million over the previous year. In addition, the budget tightening within the military left another 90 million fewer available.

A total strangulation of 200 million.

It was part of the military’s long-term planning, the branch confirmed to NRK.

– There will be less activity when we cut budgets. There will be less exercise, time for training and you will notice where the money goes to the staff, said Defense Chief Eirik Kristoffersen. to the channel at that time.

In the state budget proposal for 2023an increase of 104 million is proposed, and among other things, a strengthening of the Cyber ​​Security Center should be noted.

But the subsidy is not up to what it was for the war in Ukraine.

– The defense budget is moving in the right direction, but the investment in cyber defense should have been more, especially in light of the criticism of the National Accounts Office, says the leader of the Association of Norwegian Officers and Specialists, Torbjørn Bongo, in Dagbladet.

Overwhelming criticism

The cut from 2021 was also made while the National Court of Auditors was working on one of its “most serious reports ever”. It was unveiled on Tuesday last week and it shows that the systems that cyber defense is supposed to protect have serious shortcomings themselves.

– Weaknesses can have serious consequences for the security of the nation, said Auditor General Karl Eirik Schjøtt-Pedersen.

• Much of the report is classified, but read the content here:

Professor and head of the digital security research group at the University of Oslo (UiO), Audun Jøsang, believes it is very regrettable that the cyber defense budget has been reduced.

– I assume that the previous government wanted to reduce operational costs and did not really want to reduce the ability to prevent cyber attacks and deal with incidents. But the budget cut probably affected – and still affects – that part too, so much so that Cyber ​​Defense has thus had a reduced ability to resist cyber attacks from powers like Russia and China, he tells Dagbladet.

With the Russian invasion of Ukraine in the background, the risk of digital attacks from Russia increases. Norway and other Western countries are exposed; we are particularly exposed to our significant position in the oil and gas sector.

– One of the main tasks of the Cyber ​​Defense Force is the operation of the ICT infrastructure of the Defense Force, which includes cyber security for it. In other words: cyber defense is not only tasked with defending the infrastructure, but also managing it, Jøsang further explains.

• The Defense Ministry now says Cyber ​​Defense saw no real cuts in the 2022 budget and that the cut was due to a planned tightening in 2021. Read their full response further down in the article.

– ICT waste

Cyber ​​security professor at Høgskolen i Inlandet (HINN) and Norwegian Armed Forces College, Mass Soldal Lund, believes Norway has wasted ICT resources.

– The National Audit Office says there is great risk associated with IT initiatives MIME (named after the wise ace Mime in Norse mythology, journal note) and MAST (military application of cloud services, journal note). The latter is about moving to cloud technology and using civilian suppliers. It’s something the Norwegian military has been working on for years, he tells Dagbladet.

He points out:

– MAST is a gigantic project with a cost of NOK 16 billion. It is well known that large government ICT projects are not always successful.

Soldal Lund also points out the Norwegian military’s takeover of ICT systems, which he calls antiquated.

The state budget proposal for 2023 states, among other things, that:Government continues to strengthen Materials Operations in 2023 through Materials Effect Improvement Funds, which is the rise in defense-specific costs (increased spending) for new material being phased in“.

– The military buys computers the same way they buy weapons. These are long-standing projects, Soldal Lund tells Dagbladet, because when the Norwegian military buys new weapons, they do so with a 10, 20 and 30-year perspective, he says and continues:

– They have the same methodology for computers, which the industry abandoned a long time ago. Then you are bound to get big, heavy, old-fashioned systems.

The Ministry of Defense responds

Dagbladet sent a series of questions on this subject to the Ministry of Defense and the Ministry of Defense (FD). FD replies that the reduction of the cyber defense framework for the period 2021-2022 was mainly related to a planned strengthening in 2021, to compensate for the backlog of components / hardware.

– It is not correct that Cyber ​​Defense received real cuts in the 2022 budget. The planned upgrade was implemented and completed in 2021 and therefore naturally did not fall within the budget for 2022. Otherwise, the Armed Forces can carry out redeployments between departments, writes FD in his reply.

It is necessary to point out that the Norwegian Defense ICT systems cannot be solved by spending more money on Cyber ​​Defense alone, they point out:

Cyber ​​defense is one of several major defense players in the cybersecurity field. The National Security Agency (NSM) and the National Intelligence Service (E-tjenesten) are examples of organizations that also have important tasks that contribute to security, writes FD.

– Concerned about closing weaknesses

FD also highlights the ICT MIME initiative, which they write is one of the measures taken to solve communication challenges and ensure secure communication between air and ground forces in the military.

– The program must be delivered in two-year delivery waves. The first wave was approved by the Storting in the fall of 2021 and part of this has already been used. It is also important to underline that the Chief of Defense has been given the authority for the strategic management of ICTs with the aim of improving management across companies in the sector.

– We are keen to work in a targeted way to close the weak points of the systems that could weaken our operational capacity, writes FD.

– Has the definition of budget priorities in the area been corrected in recent years, or should the funds have been distributed differently, given the security situation in Europe and the picture that the National Accounts Office is drawing?

– Budget priorities in the military will always be challenging. In the framework of the assignment of the Norwegian Armed Forces, we still believe that the assignment has been correct. Digital security is, and has had, a top priority.