Norway is considered one of the world's most digitized countries — but the same digitalization that drives welfare and competitiveness also makes the country an attractive target for state and non-state actors who increasingly use artificial intelligence as a means of attack. This is the core of a growing professional debate that is now scrutinizing Norwegian preparedness.
The threat landscape has become more complex
According to forskning.no and the research communities commenting on the matter, the threat to Norwegian critical infrastructure is described as “persistent and serious” by the Norwegian Intelligence Service. Russia and China are said to have actively mapped Norwegian sea-based industrial and digital infrastructure, and are increasingly using AI-enhanced methods — including zero-day vulnerabilities and sophisticated social engineering — to penetrate Norwegian systems.
Many of the operational systems that control trains, dams, power plants, and oil installations are built on outdated and insecure software. As these are connected to the internet, new attack surfaces are opened that were not planned for when the systems were built.
– We are more vulnerable than we think. There is a dangerously false sense of security in many Norwegian businesses.
Arve Johan Kalleklev, Operations Director at DNV Cyber, recently warned against precisely this complacency among Norwegian leaders — an underestimation of risk that could have serious consequences.
The Bremanger dam incident sounded the alarm
A concrete incident from 2025 clearly illustrates the vulnerability: A pro-Russian group hijacked remote access to a screen at a dam facility in Bremanger by exploiting weak, internet-exposed login details. The incident underscored that security cannot stop at the network layer — detection and verification are also needed at the physical process level.
Norway's response: Offensive AI strategy for the defense sector
Norway has not been idle. In October 2023, the government presented its own strategy for artificial intelligence in the defense sector — the first in Scandinavia. The strategy outlines three main goals: identify needs and opportunities for AI use, prioritize applications with the greatest operational effect, and build niche expertise that makes Norway an attractive allied partner.
Defense Minister Bjørn Arild Gram emphasized at the launch that the defense sector “must identify, develop, implement, and use artificial intelligence responsibly,” and highlighted AI's ability to compile and analyze large amounts of information as particularly valuable in an age of information overload.
Infrastructure secured in layers
On the technical side, several parallel initiatives are underway. Telenor's “sovereign AI Factory” project treats data as critical national infrastructure and seeks to give Norway control over its own data streams. NSM is expanding a national warning sensor platform where AI and machine learning automate the analysis of malicious code. And the Kongsberg Discovery company Seatex is developing what they themselves describe as “world-leading drone detectors” based on radar and AI.
Norway is also in the process of implementing the EU's AI Act, adapted to national conditions, which adds further regulatory frameworks around responsible AI use.
Still a gap between strategy and practice
Despite the official commitment, experts believe there remains a significant gap — especially in the private sector and in municipal infrastructure management — between the ambitious strategies and the actual robustness of systems in daily operation. Many operational technology systems are not being upgraded in line with the evolving threat landscape, and expertise on AI-related security threats is unevenly distributed.
The goal for Norway to become “the world's most securely digitized country,” set by the NORCICS center at NTNU and SINTEF, requires, according to researchers, much closer cooperation between academia, business, and authorities — and a more honest conversation about how vulnerable we actually are.