A Norwegian expert on digital security is worried about all the Norwegian business owners and executives now heading for China after diplomatic relations have resumed. Jack Fischer Eriksen warns about the risk of espionage and hacking, if security is overlooked in Norwegians’ zeal to strike new business deals.
Norway’s largest business delegation ever was in Beijing this week, led by Fisheries Minister Per Sandberg with the aim of selling lots more salmon, cod, king crab and other seafood. While ministers like Sandberg get data guidance and security assistance from Norway’s police intelligence service PST, Eriksen told newspaper Dagens Næringsliv (DN), private business don’t, and therefore must take their own precautions.
Eriksen is the director of Næringslivets sikkerhetsråd, a Norwegian business security council that’s set up as a cooperation among employers’ organizations including NHO, Virke, Spekter, FNO, Bedriftsforbundet and the Norwegian Shipowners’ Association. “We have reason to believe that most (of those traveling to China) haven’t taken any special security precautions,” Eriksen told DN.
In their zeal to strike new business deals in China, many Norwegian business owners and executives may be overlooking the need for digital security. “I fear that valuable amounts of information can go astray because people are aware they can be subjected to intelligence-gathering operations via their information technology platforms,” Eriksen said.
He said that most large companies like Telenor, Statoil and others that traveled to China last month with Prime Minister Erna Solberg probably take precautions, noting that many high-level international business travelers leave all their personal and company data equipment at home and only carry a new Ipad with them into China or Russia that they never use again. Others copy their passwords onto a memory stick to avoid having to type them in while in China.
“I would seriously evaluate what equipment you bring with you, including telephones that actually are now computers, if you use them at work,” he said. “Several major companies have a policy of not bringing your own equipment that would be hooked up to the company network again upon return. Lots of things can get into the equipment when you’re out traveling and using wireless networks without you being aware of it, you can be overheard or under surveillance.”
Smaller companies, Eriksen said, may not be aware of the risks or have organizations savvy enough to define and address them. Several companies questioned by DN confirmed that they hadn’t thought to take any special precautions while in China. Others were prepared, for example, that censorship by Chinese authorities means they can’t gain access to various services or that Facebook, Dropbox or Google don’t function without a VPN (Virtual Private Network) tunnel. Facebook and Twitter are banned in China.
Chinese officials at the embassy in Oslo reacted sharply to Eriksen’s concerns, claiming that China itself has been a major victim of cyber attacks. Any allegations of espionage against Norwegian businesses, they told DN, were “completely groundless and irresponsible.”
Eriksen pointed to formal warnings issued by both PST and the Norwegian military, that both China and Russia currently pose major threats to data security in Norway. “With that as a backdrop, data security when traveling is important.”