But Norwegians implemented a national cybersecurity strategy in 2003 and they revisit and update it every year to meet current threats. Norwegian companies that provide “basic national functions”—financial services, electricity, health services, food supply, transportation, heating, media platforms, and communications—are required to have a “reasonable” level of security. The government penalizes companies that do not perform penetration testing, threat monitoring, or adhere to other best security practices. Government employees are required to use electronic IDs, multifactor authentication,
...more
