National Security Authority (Norway)

Last updated
National Security Authority
Company type Government agency
Industry Intelligence agency
Founded2003
Headquarters Bærum, Norway
Area served
Norway
Number of employees
389 (2023)  OOjs UI icon edit-ltr-progressive.svg
Parent Ministry of Defence
Website nsm.no   OOjs UI icon edit-ltr-progressive.svg

The National Security Authority (NSM) (Norwegian : Nasjonal sikkerhetsmyndighet) is a Norwegian security agency (Direktorat) established on 1 January 2003 as the successor to Forsvarets sikkerhetsstab (FO/S). It is responsible for preventive national security, ICT security matters, including the national computer emergency response team (NorCERT), identifying national objects of special interest and reducing their vulnerability to internal and external threats. The agency performs threat analysis at the national level, and is also known to work with experts on computer security and with data encryption. The cooperation with the Police Security Agency (PST) and the Norwegian Intelligence Service (NIS) has been identified as a very important part of the task of maintaining an overview of potential threats to objects, and instituting proactive activities.

Contents

NSM also cooperates with the Directorate for Civil Protection and Emergency Planning (DSB), to prevent loss of life and maintain health, environment, important society functions, and material assets in connection with accidents, catastrophes, terrorism and other unwanted events in peace, crisis and war.

NSM is administratively governed and funded by the Ministry of Defence, but also reports to the Ministry of Justice and the Police in civilian matters.

Former insignia of NSM Coat of arms of the Norwegian National Security Authority.svg
Former insignia of NSM

Organizational structure

NSM is currently (as of 29 March 2007) organized in four technical/specialized departments and two administrative/support departments:

NSM organizational structure.png

Tasks

Legal/political basis

Security Act

NSM have the following responsibilities pursuant of the Security Act:

Related Research Articles

The Royal Norwegian Ministry of Defence is a Norwegian government ministry in charge of the formation and implementation of national security and defence policy, and for the overall management and control of the activities of subordinate agencies. The ministry is located at Glacisgata 1, Oslo, inside Akershus festning. The ministry is headed by the politically appointed Minister of Defence, currently Bjørn Arild Gram. The ministry controls a large group of defence-related agencies, not to be related with Ministry of Foreign Affairs that controls all intelligence-related agencies in the country.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for the cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country. Other roles include but are not limited to, the promotion of safe Internet usage and Internet culture, detecting and analyzing malware/viruses on the web, privacy protection, operating root CA, education on Internet and cybersecurity, and various other cybersecurity issues.

A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include cyber emergency response team, computer emergency readiness team, and computer security incident response team (CSIRT). A more modern representation of the CSIRT acronym is Cyber Security Incident Response Team.

The Australian Intelligence Community (AIC) and the National Intelligence Community (NIC) or National Security Community of the Australian Government are the collectives of statutory intelligence agencies, policy departments, and other government agencies concerned with protecting and advancing the national security and national interests of the Commonwealth of Australia. The intelligence and security agencies of the Australian Government have evolved since the Second World War and the Cold War and saw transformation and expansion during the Global War on Terrorism with military deployments in Afghanistan, Iraq and against ISIS in Syria. Key international and national security issues for the Australian Intelligence Community include terrorism and violent extremism, cybersecurity, transnational crime, the rise of China, and Pacific regional security.

An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by US-CERT, https://www.us-cert.gov/ US-CERT is managed by National Cybersecurity and Communications Integration Center (NCCIC), which is part of Cybersecurity and Infrastructure Security Agency (CISA), within the U.S. Department of Homeland Security (DHS). CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC) realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. US-CERT analyzes each vulnerability and determines if it is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.

<span class="mw-page-title-main">Federal Office for Information Security</span> German federal agency

The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

<span class="mw-page-title-main">Internet police</span> Term describing governmental and official involvement in cyber policing

Internet police is a generic term for police and government agencies, departments and other organizations in charge of policing the Internet in a number of countries. The major purposes of Internet police, depending on the state, are fighting cybercrime, as well as censorship and propaganda.

The Norwegian Defence Security Department (NORDSD) is a joint security and counter-intelligence military intelligence service within the Norwegian Armed Forces. Its members are a mix of civilian employees and military personnel. The head of the service holds the military rank Colonel or (naval) captain.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.

Many countries around the world have civil defense organizations dedicated to protecting civilians from military attacks and providing rescue services after widespread disasters. In most countries, civil defense is a government-managed and often volunteer-staffed organization.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

The following outline is provided as an overview of and topical guide to computer security:

<span class="mw-page-title-main">National Cyber Security Centre (Ireland)</span>

The National Cyber Security Centre (NCSC) is a government computer security organisation in Ireland, an operational arm of the Department of the Environment, Climate and Communications. The NCSC was developed in 2013 and formally established by the Irish government in July 2015. It is responsible for Ireland's cyber security, with a primary focus on securing government networks, protecting critical national infrastructure, and assisting businesses and citizens in protecting their own systems. The NCSC incorporates the Computer Security Incident Response Team (CSIRT-IE).

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Section 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16 January 2014. Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection. It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister's Office (PMO).

<span class="mw-page-title-main">TR-CERT</span>

TR-CERT is an organization within the Information and Communication Technologies Authority (ICTA) which is the national regulatory authority of the Turkish electronic communication sector. It is responsible for the analysis and risk mitigation of large-scale cyber threats and vulnerabilities, communicating information regarding malicious cyber activities or possible vulnerabilities to computer security incident response teams (CSIRT) and the public.

Department III of the Ministry of Internal Affairs, also known as the State Security Department of the Ministry of Interior, was the secret police of the Hungarian People's Republic after the State Protection Authority (AVH) was disbanded in 1956. The MIA III was called the AVH as a derogatory name due to the former replacing the latter in the Hungarian Revolution of 1956.

Azerbaijan Computer Emergency Response Team, officially known as Azerbaijan Government CERT, is a computer emergency response team of the Republic of Azerbaijan responsible for cybersecurity and gathering data concerning information technology. It operates under the Special Communication and Information Security State Service of the government of Azerbaijan. It collects data within its framework from relevant sources, including internet users, computer engineering groups, individuals or organizations and software developers. It coordinates with the foreign countries for gathering and analysing data from cybersecurity incidents involving both software and hardware tools designed for the prevention of internet and computer security.

Pakistan Computer Emergency Response Team (PKCERT) is a national initiative aimed at strengthening cyber security in Pakistan. PKCERT was established to counter the growing cyber threats and hacking attempts targeting various public sector entities.