Makers of encryption technology may face stricter standards and government oversight in Norway under new guidance aimed at meeting the code-breaking threat posed by next-generation super computers.
Norway’s Defense and Justice and Public Security ministries released a joint document Nov. 19 outlining their data encryption strategy. The document will serve as guidance for companies that produce encryption technology for the government, but its provisions may fold into law or regulations in the future.
Data encryption technology related to national security needs official monitoring because quantum computing will develop in the coming years, according to the document. That will bring additional costs to both government and businesses, the ministries said.
Norway’s National Security Authority (NSM) already must approve any encryption technology that protects information seen as vital to national security. The government typically requires the approvals for pubic entities, but they can apply to private companies providing high-grade services to public entities, such as communications, defense systems, or electrical infrastructure.
The new strategy builds on the approval requirement by recommending constant monitoring and, when necessary, updating of encryption technology. So far, the requirement hasn’t presented significant problems for the private sector, attorney Uros Tosinovic of the Thommessen legal firm said.
“Most large companies operating in Norway have invested substantial amounts in cybersecurity measures and resources, including encryption technology,” Tosinovic said.
Cybersecurity incidents still occur, but Norway’s Data Protection Authority has never fined a private business for related violations of European Union’s General Data Protection Regulation, he said.
The new strategy also describes best practices in a number of areas, including stating that companies can only use electronic signatures in connection with a user’s unique information.