— This was a serious matter for us, says Carine Smith Ihenacho, Chief Governance and Compliance Officer of Norges Bank Investment Management (NBIM), who manages the oil fund, in an interview with The Norwegian Business Daily, DN.
The 11179 billion NOK fund downloaded a compromised version of the company’s Orion platform and installed it in July 2020, according to Ihenacho. Only five months later - on December 13 th 2020, when details of the SolarWinds attack were publicly confirmed, the fund realized that it had installed a compromised version of the SolarWinds software.
— SolarWinds is a recognized supplier of IT network monitoring software and has, among others, US Pentagon on its customer list, Ihenacho says, referring to the incident in March 2020, when the update from SolarWinds was compromised, prompting users to download a malicious version of the software.
— We, the Pentagon, and a dozen Norwegian entities and many foreign ones, installed the vulnerable version of SolarWinds. In our case, this happened during a routine update in July, says Ihenacho.
Only five months after the installation, could the Norwegian Oil fund put in place countermeasures.
No indication of the Oil fund being a priority target
— It became public knowledge on 13th of December that SolarWinds had been attacked and that the new, compromised software contained a so-called backdoor. We immediately implemented measures, and after thorough analyses, we have no indication that the backdoor has been exploited during the period of time it was available in our systems, from July until December, says Ihenacho.
— There is no indication that the oil fund has been a priority target, says Ihenacho.
The Norwegian oil fund believes that the compromised version of the software contained a backdoor that could potentially provide the attacker unauthorized access. However, the Fund has no evidence of the backdoor actually having been exploited during these five months.
The oil fund terminated its business relationship with SolarWinds after the incident. Chief Governance and Compliance Officer at NBIM, Ihenacho, does not wish to comment on whether the cut-off is due to the incident.
The aim of the world’s largest sovereign wealth fund is to ensure responsible and long-term management of Norway’s revenue from oil and gas resources, for the benefit of current and future generations.
«The largest and most serious digital espionage»
— It is the largest and most serious digital espionage incident in history that we know of. And pervasive as well, says Professor of computer science, Audun Jøsang, who heads the research group for digital security at the University of Oslo, about the SolarWinds incident.
— It gives the attacker the capacity to anything. Full rights. It can retrieve any information, have the capacity to configure any system and install backdoors that allow you to get what you want, says Jøsang.
According to The Norwegian National Cyber Security Centre (NCSC), there a several victims of the SolarWinds attack so far been identified in Norway, including both public organizations and private companies. NCSC is a part of the Norwegian Security Authority and handles digital attacks against critical infrastructure and information.
— It includes both public organizations and private companies. We are, however, not able to name them specifically. Several of these companies have installed the malicious version of the update. As far as we can see, this has not had major consequences for Norway. No one has observed that the backdoor has been used, says Bente Hoff, the Director of the NCSC.(Vilkår)Copyright Dagens Næringsliv AS og/eller våre leverandører. Vi vil gjerne at du deler våre saker ved bruk av lenke, som leder direkte til våre sider. Kopiering eller annen form for bruk av hele eller deler av innholdet, kan kun skje etter skriftlig tillatelse eller som tillatt ved lov. For ytterligere vilkår se her.