Norway spy agency urges IT firms to be cautious when outsourcing operations abroad

Broadnet NorwayThe Norwegian National Security Authority (NSM) has warned the country’s information technology firms to prioritize national security over cutting costs when outsourcing their operations abroad. The warning follows what has come to be known as the “Broadnet affair”, which, according to the Norwegian government, highlighted the dangers of extreme cost-cutting measures by Norway’s heavily privatized IT industry. The incident is named after Broadnet, Norway’s leading supplier of fiber-optic communications to the country’s industry and state sectors. Among Broadnet’s customers is Nødnett, an extensive digital network used by agencies and organizations that engage in rescue and emergency operations, including police and fire departments, as well as medical response agencies. Although 60% of the Nødnett network is owned by the Norwegian government, Broadnet is a member of the Nødnett consortium, and is thus supervised by Norway’s Ministry of Transport and Communications.

In September of 2015, Broadnet fired 120 of its Norway-based employees and outsourced their jobs to India, in search of cost-cutting measures. The company signed a multimillion dollar contract with Tech Mahindra, an outsourcing firm based in Mumbai. But an audit by the Norwegian government soon discovered several instances of security breaches by Tech Mahindra staff. The latter were reportedly able to access Nødnett without authorization through Broadnet’s core IT network, which was supposed to be off-limits to outsourced staff without Norwegian security clearances. Soon after the breaches were discovered, Broadnet began to bring its outsourced operations back to Norway. By the end of 2017, all security-related IT tasks had been returned to Norway. In the meantime, however, Broadnet had come under heavy criticism from the Norwegian government, opposition politicians, and the NSM —the government agency responsible for protecting Norway’s IT infrastructure from cyber threats, including espionage and sabotage.

The NSM warning —published earlier this month in the form of a 20-page report— makes extensive mention of the Broadnet affair. It recognizes the right of Norwegian IT firms to outsource some or all of their operational tasks as a cost-cutting measure. But it also stresses that the country’s IT firms are required by law to abide to national security protocols when outsourcing part of their IT portfolios to foreign companies. There have been numerous instances in recent years, where “risk management obligations relative to outsourcing decisions by Norwegian [IT] companies have fallen short”, the NSM report states. It adds that IT firms must abide to strict protocols of risk management when making outsourcing decisions. It also states that the firms’ Norway-based senior managers must regain complete overview of outsourced projects at every step of the way.

Author: Joseph Fitsanakis | Date: 27 June 2018 | Permalink

Advertisements

Swiss reject contract bid by UK-owned internet firm over spy fears

UPC CablecomThe Swiss federal government has rejected a multi-million dollar contract bid by one of the world’s largest broadband Internet service providers, saying it is foreign-owned and could serve as “a gateway for foreign spies”. The company, UPC Cablecom, is headquartered in Zurich, is subject to Swiss law, and is currently the largest broadband cable operator in Switzerland. However, in 2005 it became a subsidiary of the UPC Broadband division of Liberty Global Europe, an international telecommunications and television company based in London, England. It is therefore technically considered a foreign company according to Swiss law. In 2013, UPC Cablecom submitted a bid for a competitive contract to provide broadband Internet services to Swiss government agencies. But in January 2014, the company was informed by Swiss officials that such a contract could not be awarded to a foreign-owned telecommunications service provider such as UPC Cablecom.

Until last week, it had been generally assumed that the decision to exclude UPC Cablecom’s bid on the basis of the company’s foreign ownership had been taken by the officials in charge of evaluating the contract. However, on Friday of last week, the Swiss daily Berner Zeitung reported that the decision to drop UPC Cablecom’s bid had been taken by no other than the Swiss Federal Council. Consisting of seven members representing various cantons and political parties, the Federal Council serves as Switzerland’s collective head of government and effectively operates as the country’s head of state. It was the Federal Council, said Berner Zeitung, that intervened in the contract evaluation proceedings and instructed the Swiss Federal Department of Finance to exclude bids by foreign-owned companies. The argument was that such companies could serve as “potential gateways for foreign intelligence constituencies”, said the paper. It added that the decision had been taken in light of information revealed by American former intelligence operative Edward Snowden, who is currently living in Russia.

The ruling by the Federal Council meant that Swisscom became the sole bidder for the government contract, which is worth 230 million Swiss francs (US $378 million). Meanwhile, UPC Cablecom has filed a complaint with Switzerland’s Federal Administrative Court, claiming that the Federal Council abused its power by intervening in the service contract. The Court’s decision is not expected for several months.

Author: Joseph Fitsanakis | Date: 9 June 2015 | Permalink: https://intelnews.org/2015/06/09/01-1711/

Brazil builds direct Internet cable to Europe to avoid US spying

Proposed transatlantic cableBy JOSEPH FITSANAKIS | intelNews.org
The government of Brazil is to construct a transatlantic cable across the Atlantic Ocean in order to avoid having its Internet traffic to and from Europe intercepted by American intelligence agencies. According to reports, the fiber-optic cable will stretch for 3,500 miles from the northeastern Brazilian city of Fortaleza to the Portuguese capital Lisbon. It will cost the Brazilian government in excess of US$185 million, but it will allow the country’s existing Internet traffic to and from Europe to travel without going through cables owned by American service providers. According to Brazilian officials, the construction of the cable is among several steps announced by the Brazilian government aimed at disassociating its communications infrastructure from American companies. The move follows revelations made last year by American defector Edward Snowden that the US National Security Agency specifically targeted Brazilian President Dilma Rousseff’s personal communications as part of its intelligence-collection efforts targeting Brazil. In response to the revelations, Rousseff cancelled a planned official state visit to Washington and accused the US of having committed “a breach of international law and an affront” against Brazil’s sovereignty. The planned fiber-optic cable connection to Europe will be overseen by Telecomunicacoes Brasileiras SA, Brazil’s state-owned telecommunications conglomerate, known commonly as TeleBras. The company’s president, Francisco Ziober Filho, said in an interview last week that none of the $185 million that will be spent on the project will end up in the pockets of American companies. For over a year, experts have been warning that the Snowden revelations about the extent of the NSA’s global communications-interception activities might undermine the American telecommunications sector, insomuch as it could undercut America’s role and influence in global Internet governance. Many countries, Brazil included, are beginning to actively reconsider their dependence on US-managed Internet networks that host the content of social media sites, cloud computing databases, or telecommunications exchanges. Read more of this post