Billy Joel

It is summer in my part of the world. Sun is shining for a few hours, then rain is cooling everything back down. And when the refreshment is over, sun warms and invites us all to go to the beach and enjoy.

It surely is hard to work under these conditions!

Late last week (I was away the computer all week - only occationaly checking mail on my cellphone...puh, I am hot...), my ears picked up a heated discussion on the radio. IKT-Norge (the organization for ICT in Norway) was extremely conserned (sorry, Norwegian text) about the fact that the Swedish government decided to allow surveillance of all the internet traffic in the Swedish backbones.

IKT-Norway claimed that this would become an extreme security threat to Norway (almost all the backbones in Norway are connected through Sweden - thus most of the Internet traffic to and from Norway is routed through Sweden). And this guy Hallstein Bjerke at IKT-Norge said things like the Swedish surveillance team might pick up sensitive and secure data from the Norwegian DoD, as well as from Norwegian multinationals and oil companies.

I say: Duh - time to wake up. If you think your members are NOT evaluating risk, and taking the propper precautions when communicting over the Internet, I think you have in the wrong place.

One of the examples was that  Sweden (one of two potential suppliers of new Jet-Fighters to the Norwegian Airforce) are now able to surveille and read all communications the Norwegian DoD have with the competitor Jet Fighter supplier - just by reading the emails.

HELLO!!! Do you REALLY think that the Norwegian DoD would email such information JUST LIKE THAT? Do you REALLY think that the DoD have NO CLUE WHAT SO EVER about the e-mail communication protocol? And that they have made NO precautions? The DoD in the US MADE the Internet back in the days. Norway was one of the very first countries OUTSIDE of the US to join the Internet in 1972.

What planet are you on, really?

Another example was the Oil company Statoil Hydro in Norway, and how the Swedish now may tap into all the e-mail communication they send and use.

I happen to know a fair bit of how such organizations think about security. Some think they are a bit too paranoid. Companies like this one is successful due to their ability to measure and counter risks. Further, they are technology driven, and have a very clear understanding of both their core business and values, and ICT - both from a maintenance and developement point of view, AND from a security/Risk point of view.

These companies would not use Internet to send and recieve ANY (valuable) information unless they previously weighted the risks involved, and put in place counter measurements (alternative communication tools like SatPhone, encryption, snail mail and personal delivery).

These companies ARE NOT STUPID.

The third example is about surveillance of the Norwegian Governments communication with the EC. I am the first to admit that I do not know much about professional politicians. But I do find it hard to believe that there are no training; or common security awareness in the government. Yes, we do see that they post their traveling itineraries on public websites from time to time, but I am pretty sure that not even politicians would be using e-mail and other non-secure communication channels when they are discussing matter of national security. I may be wrong, of course - they are politicians after all.

The only good thing about the action taken from IKT-Norge is the fact that now more people know that:

1. Sweden has a legal manner to tap into ALL communication on the Internet (that passes through their network), thus they no longer need to hide their surveillance (the way most other countries does it),

2. regular people may (or may not) have gotten a better idea of how EASY it is to use the Internet to gather information.

Still, somehow I've got the gutfeeling that the regular users do not see the relevancy of this. After all, most act like "I have nothing to hide!", and thus allow the legal AND the illegal surveillance teams to gather extremely attractive profiles.

For companies - yes, people in Norway are naïve (in a good way, always thinking the best of people), but most companies and business people do realize that the world is smaller, and that precautions are needed.

We may be naïve - but we are not stupid.