The tests carried out by the National Audit Office gave them full control over the computer systems of two of the schools and control over researchers’ IT equipment and cloud storage at a third. – It is objectionable that research data is not sufficiently secured against attacks, says Auditor General Karl Eirik Schjøtt-Pedersen. This is revealed in a new report the National Audit Office presented on Wednesday. They tested the IT security at 10 of the country’s largest universities and colleges. – The aim was to gain access to sensitive research data. We carried out tests against three and succeeded with two of these. We got full control over two, says Schjøtt-Pedersen. The tests show that many research institutions are not sufficiently protected against computer attacks, emphasizes Schøtt-Pedersen. It may concern personal information, trade secrets or data that may be of interest to foreign powers. Hacked in The National Audit Office has simply hacked itself in. The National Audit Office has its own IT experts who have expertise in cyber security and hacking. The National Audit Office succeeded in taking control of the IT systems at two institutions so that they could change data and also encrypt it. They also entered a third. It took several days before the institutions discovered the hacking. This shows that research results can be exposed to computer attacks, the National Audit Office believes. – It is disappointing that research data is not better protected, especially considering the geopolitical situation we are in, and it is not entirely new. We have known for a long time that research institutions are potential targets for such intrusion operations, says Elisabeth Haugsbø, president of Tekna. Tekna organizes IT engineers, civil engineers and researchers in technical and natural sciences. They will not disclose which colleges or universities the National Audit Office succeeded in hacking. This is due to fear that malicious people will try to do the same. The survey also reveals that the universities and colleges do not have a good enough overview of what research data they have. Consequences In 2022, a Brazilian student at the University of Tromsø was arrested on suspicion of illegal intelligence for Russia. Among other things, he did research on the northern regions. PST believes that he has acquired a network and information about Norway’s policy in the northern regions. – The threat picture in this industry has worsened in recent years, says Schjøtt-Pedersen The National Audit Office points out that poor security of such information can have consequences: Financial trouble Spread of sensitive information Loss of reputation They also state that this may be of interest to criminal circles . In recent years, there has been a sharp increase in computer attacks against those engaged in research.
ttn-69