Internal validation & live display

Multiple badges & continuous verification

Faster underwriting decisions

https://images.rankiteo.com/companyimages/telenor-group.jpeg

Telenor Company CyberSecurity Posture

telenor.com

EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition of empowering societies. Connectivity has been Telenor’s domain for more than 165 years, and our purpose is to connect our customers to what matters most. We have four behaviours that guide the way we work: • Always Explore. We believe growth comes from learning every day. We’re curious and we dare to challenge, test, fail fast and pivot. • Create together. We believe diverse teams find better solutions. We seek different perspectives, share, involve and help each other succeed. • Keep promises. We believe that trust is key in all our relationships. We take ownership and pride in delivering with precision and integrity. • Be respectful. We believe in the unique human ability to understand what matters for people. We meet everyone at eye level, listen and show that we care. Telenor is listed at Oslo Stock Exchange under the ticker TEL. For more information, please visit www.telenor.com.

Telenor A.I CyberSecurity Scoring

Telenor

Company Details

Linkedin ID:

telenor-group

Website:

http://www.telenor.com/

Employees number:

22,408

Number of followers:

493,918

NAICS:

517

Industry Type:

Telecommunications

Homepage:

telenor.com

IP Addresses:

Company ID:

TEL_2710109

Scan Status:

Completed

Telenor Risk Score (AI oriented)

Between 750 and 799

Telenor Telecommunications

Updated: 22/11/2025

Powered by our proprietary A.I cyber incident model
Insurance preferes TPRM score to calculate premium

Telenor Global Score (TPRM)

XXXX

Telenor Telecommunications

—

Instant access to detailed risk factors
Benchmark vs. industry & size peers

Vulnerabilities
Findings

Telenor Company CyberSecurity News & History

Past Incidents

Attack Types

Entity	Type	Severity	Impact	Seen	Blog Details	Incident Details	View
Space Norway (operator of the Svalbard Undersea Cable System)	Cyber Attack	100	6	1/2022		SPA0002100112125
Rankiteo Explanation : Attack threatening the economy of geographical region Description: In January 2022, Space Norway’s Svalbard Undersea Cable System—the world’s northernmost subsea fiber-optic cables connecting mainland Norway to the Svalbard archipelago—suffered deliberate sabotage. The damage occurred in a deep-sea section (980ft to 9,000ft depth) where cables are typically buried six feet below the seabed, yet were severed by suspected Russian hybrid warfare tactics. Norwegian police confirmed 'human impact' as the cause, while open-source investigations revealed Russian trawlers made over a dozen passes over the cable route before the outage. Though redundant systems prevented service disruption for Svalbard’s users (including critical Arctic research stations and satellite ground stations), the attack demonstrated vulnerabilities in NATO’s northern infrastructure. The incident aligned with broader Russian strategies to test allied responses, disrupt communications, and exploit undersea infrastructure as a geopolitical pressure point. No perpetrators were prosecuted due to lack of direct evidence, but the pattern mirrored other Baltic Sea cable sabotage linked to Russia’s shadow fleet, reinforcing concerns over critical infrastructure resilience in the High North.

Space Norway (operator of the Svalbard Undersea Cable System)

Cyber Attack

Severity: 100

Impact: 6

Seen: 1/2022

Blog:

SPA0002100112125

Rankiteo Explanation

Attack threatening the economy of geographical region

Description: In January 2022, Space Norway’s **Svalbard Undersea Cable System**—the world’s northernmost subsea fiber-optic cables connecting mainland Norway to the Svalbard archipelago—suffered deliberate sabotage. The damage occurred in a deep-sea section (980ft to 9,000ft depth) where cables are typically buried six feet below the seabed, yet were severed by suspected **Russian hybrid warfare tactics**. Norwegian police confirmed 'human impact' as the cause, while open-source investigations revealed **Russian trawlers made over a dozen passes** over the cable route before the outage. Though redundant systems prevented service disruption for Svalbard’s users (including critical Arctic research stations and satellite ground stations), the attack demonstrated **vulnerabilities in NATO’s northern infrastructure**. The incident aligned with broader Russian strategies to **test allied responses**, disrupt communications, and exploit undersea infrastructure as a **geopolitical pressure point**. No perpetrators were prosecuted due to lack of direct evidence, but the pattern mirrored other **Baltic Sea cable sabotage** linked to Russia’s shadow fleet, reinforcing concerns over **critical infrastructure resilience** in the High North.

Telenor Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒

A.I. Risk Score Predictions locked

Access Monitoring Plan

Underwriter Stats for Telenor

Incidents vs Telecommunications Industry Average (This Year)

No incidents recorded for Telenor in 2025.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Telenor in 2025.

Incident Types Telenor vs Telecommunications Industry Avg (This Year)

No incidents recorded for Telenor in 2025.

Incident History — Telenor (X = Date, Y = Severity)

Telenor cyber incidents detection timeline including parent company and subsidiaries

Telenor Company Subsidiaries

Telenor Similar Companies

Airtel Africa

airtel.africa

Airtel Africa is a leading provider of telecommunications and mobile money services, with a presence in 14 countries in Africa, primarily in East Africa and Central and West Africa. Airtel Africa offers an integrated suite of telecommunications solutions to its subscribers, including mobile voice a

Security Report → Compare→

Huawei

huawei.com

Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organi

Security Report → Compare→

Vodafone Idea Limited

myvi.in

Vodafone Idea Limited is an Aditya Birla Group and Vodafone Group partnership. It is India’s leading telecom service provider. The Company provides pan India Voice and Data services across 2G, 3G and 4G platform. With the large spectrum portfolio to support the growing demand for data and voice, the

Security Report → Compare→

Rogers Communications

rogers.com

Rogers is Canada’s communications and entertainment company, driven to connect and entertain Canadians. For more information, please visit rogers.com or investors.rogers.com. Déterminée à connecter et à divertir les Canadiens et Canadiennes, Rogers est la référence canadienne en matière de commu

Security Report → Compare→

Telcel

telcel.com

Telcel (Radiomóvil Dipsa) es subsidiaria de América Móvil, uno de los mayores proveedores de comunicaciones celulares de Latinoamérica, grupo líder con inversiones en telecomunicaciones en varios países del continente americano. Telcel es la empresa de telefonía celular líder en México. Nuestra s

Security Report → Compare→

Claro Brasil

claro.com.br

Prazer, somos a Claro! Aqui, temos um grande time que faz tudo acontecer! É com o esforço e a dedicação de cada uma de nossas Pessoas que somos hoje referência no que fazemos, atuando unidos no nosso propósito, que é “Conectar para uma vida mais divertida e produtiva”. Somamos todas as tecnologias

Security Report → Compare→

Ooredoo Group

ooredoo.com

We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob

Security Report → Compare→

vivo

vivo.com

vivo is a technology company that creates great products based on a design-driven value, with smart devices and intelligent services as its core. The company aims to build a bridge between humans and the digital world. Through unique creativity, vivo provides users with an increasingly convenient mo

Security Report → Compare→

EE

ee.co.uk

EE, part of BT Group, is the largest and most advanced mobile communications company in the UK, delivering mobile and fixed communications services to consumers. We run the UK's biggest and fastest mobile network, having pioneered the UK's first superfast 4G mobile service in October 2012 and was

Security Report → Compare→

Telenor CyberSecurity News

November 09, 2025 08:00 AM

Cybersecurity Fears Rise Over Yutong Electric Buses Worldwide

On November 7, 2025, the world of public transportation found itself at the intersection of innovation and vulnerability.

Read Article →

November 09, 2025 08:00 AM

Global Cybersecurity Concerns Rise with Yutong Electric Buses

Global cybersecurity fears rise as Yutong Electric Buses face new challenges. Discover how this impacts the future of electric...

Read Article →

October 31, 2025 06:52 AM

Telenor Warns of Hybrid Threats Targeting Subsea Cables, Networks & Cloud Infrastructure

The report highlights the growing interdependence of critical services such as power and digital infrastructure and calls on governments and...

Read Article →

October 30, 2025 04:27 PM

Telenor Reports Strong Nordic Growth Amid Cybersecurity Challenges & Asia Headwinds

Telenor Reports Strong Nordic Growth Amid Cybersecurity Challenges & Asia Headwinds · 2–3% organic growth in Nordic service revenues (changed...

Read Article →

October 28, 2025 07:00 AM

PAFLA, Innovista Launch AI & Cybersecurity Courses in Balochistan

PAFLA in collaboration with Innovista and NAVTTC has launched a comprehensive training initiative for science graduates in AI.

Read Article →

October 07, 2025 07:00 AM

Telenor may be sued over sharing of customer data with Myanmar junta

Myanmar civil society groups Defend Myanmar Democracy and the Myanmar Internet Project have announced plans to sue the Norwegian telecoms...

Read Article →

October 02, 2025 07:00 AM

Telenor marks 25 years in Thailand with focus on digital future

Norwegian telecom group Telenor has celebrated its 25th anniversary in Thailand, underlining its long-term commitment to the country's...

Read Article →

October 01, 2025 07:00 AM

CCP approves PTCL acquisition of Telenor Pakistan

The Competition Commission of Pakistan (CCP) has finally cleared Pakistan Telecommunication Company Limited's (PTCL) acquisition of rival...

Read Article →

August 15, 2025 07:00 AM

Telenor Pakistan Secures No. 1 position in Cybersecurity Excellence for the Second Consecutive Year at PTA Awards 2025

Telenor Pakistan Secures No. 1 position in Cybersecurity Excellence for the Second Consecutive Year at PTA Awards 2025 ... Islamabad, August 13,...

Read Article →

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Telenor CyberSecurity History Information

Official Website of Telenor

The official website of Telenor is http://www.telenor.com/.

Telenor’s AI-Generated Cybersecurity Score

According to Rankiteo, Telenor’s AI-generated cybersecurity score is 794, reflecting their Fair security posture.

How many security badges does Telenor’ have ?

According to Rankiteo, Telenor currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Telenor have SOC 2 Type 1 certification ?

According to Rankiteo, Telenor is not certified under SOC 2 Type 1.

Does Telenor have SOC 2 Type 2 certification ?

According to Rankiteo, Telenor does not hold a SOC 2 Type 2 certification.

Does Telenor comply with GDPR ?

According to Rankiteo, Telenor is not listed as GDPR compliant.

Does Telenor have PCI DSS certification ?

According to Rankiteo, Telenor does not currently maintain PCI DSS compliance.

Does Telenor comply with HIPAA ?

According to Rankiteo, Telenor is not compliant with HIPAA regulations.

Does Telenor have ISO 27001 certification ?

According to Rankiteo,Telenor is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Telenor

Telenor operates primarily in the Telecommunications industry.

Number of Employees at Telenor

Telenor employs approximately 22,408 people worldwide.

Subsidiaries Owned by Telenor

Telenor presently has no subsidiaries across any sectors.

Telenor’s LinkedIn Followers

Telenor’s official LinkedIn profile has approximately 493,918 followers.

NAICS Classification of Telenor

Telenor is classified under the NAICS code 517, which corresponds to Telecommunications.

Telenor’s Presence on Crunchbase

No, Telenor does not have a profile on Crunchbase.

Telenor’s Presence on LinkedIn

Yes, Telenor maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/telenor-group.

Cybersecurity Incidents Involving Telenor

As of November 27, 2025, Rankiteo reports that Telenor has experienced 1 cybersecurity incidents.

Number of Peer and Competitor Companies

Telenor has an estimated 9,535 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Telenor ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

How does Telenor detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with nato operation baltic sentry (2024), incident response plan activated with finnish national bureau of investigation (estlink 2 case), incident response plan activated with norwegian police (svalbard cable investigation), and third party assistance with marinetraffic (ship tracking data), third party assistance with open-source intelligence (osint) for trawler movements, and and containment measures with detention of *eagle s* vessel (later released), containment measures with increased maritime patrols (nato assets), and remediation measures with cable repairs (status unspecified), remediation measures with nato-industry collaboration for infrastructure resilience, and recovery measures with swedish military exercises (counter-sabotage drills), recovery measures with enhanced surveillance of undersea cables, and communication strategy with public statements by nato secretary general mark rutte, communication strategy with media interviews with lithuanian fm gabrielius landsbergis, communication strategy with cbs news investigative reports, and enhanced monitoring with nato naval drones and aircraft patrols, enhanced monitoring with national surveillance assets (unspecified)..

Incident Details

Can you provide details on each incident ?

Incident : Physical Sabotage

Exposure

Impact

Title: Alleged Russian Sabotage of Undersea Cables in the Baltic Sea (2022–2024)

Description: A series of suspected sabotage incidents targeting undersea fiber optic cables in the Baltic Sea, allegedly linked to Russian hybrid warfare tactics. The cables, critical for global internet traffic, financial transactions, and military communications, were damaged in multiple instances, including drag marks from anchors and loitering vessels. Finland, Estonia, Norway (Svalbard), and other Baltic NATO members reported disruptions, with Russia denying involvement. The incidents are part of broader hybrid warfare tactics, including cyberattacks, infrastructure sabotage, and espionage, aimed at testing NATO resolve and intimidating regional populations. NATO launched 'Baltic Sentry' in 2024 to counter these threats.

Date Detected: 2022-01-07

Date Publicly Disclosed: 2022-02-00

Type: Physical Sabotage

Attack Vector: Anchor Dragging (Ships/Trawlers)Underwater Sabotage (Unconfirmed Explosives)Loitering Near Cable RoutesPlausible Deniability via 'Shadow Fleet' Vessels

Vulnerability Exploited: Shallow Depth of Baltic Sea (Ease of Anchor Damage)Unburied or Lightly Buried Cables in Steep TerrainLack of Real-Time Monitoring for Undersea InfrastructureGeopolitical Tensions (NATO Expansion, Ukraine War)

Threat Actor: Primary: Russian State-Affiliated Actors (Alleged)Secondary: ["Russian 'Shadow Fleet' Vessels (e.g., *Eagle S*)", 'Russian Fishing Trawlers (Svalbard Incident)', 'Ukrainian Citizens Linked to Russian Intelligence (Poland Rail Sabotage)']Denial: Russia denies all allegations, labeling them 'Russophobia'

Motivation: Intimidation of Baltic States and NATO AlliesTesting NATO Unity and Response CapabilitiesDisruption of Critical Infrastructure as Hybrid Warfare TacticRetaliation for Western Support of UkrainePotential Prelude to Larger Military Escalation

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Anchor Drag Marks (Physical Damage)Vessel Loitering Near Cable Routes (Reconnaissance).

Impact of the Incidents

What was the impact of each incident ?

Incident : Physical Sabotage SPA0002100112125

Systems Affected: Estlink 2 (Finland-Estonia Power/Telecom Cable)Svalbard Undersea Cable System (Norway)Unspecified Telecom Cables in Gulf of Finland

Downtime: [{'system': 'Estlink 2', 'duration': 'Partial outage (Christmas 2024)', 'restoration': 'Unknown'}, {'system': 'Svalbard Cable', 'duration': 'Jan 7, 2022 (Redundant cable prevented service loss)', 'restoration': 'Investigation closed (no evidence)'}]

Operational Impact: Reduced Interconnectivity Between Finland and EstoniaIncreased NATO Maritime Patrols (Operation Baltic Sentry)Swedish Military Exercises for Counter-Sabotage

Brand Reputation Impact: Erosion of Trust in Undersea Infrastructure ResiliencePerception of NATO Vulnerability to Hybrid Threats

Legal Liabilities: Finnish Criminal Charges Against *Eagle S* Crew (Dismissed on Appeal)

Which entities were affected by each incident ?

Incident : Physical Sabotage SPA0002100112125

Entity Name: Finland

Entity Type: Government

Industry: Critical Infrastructure (Energy/Telecom)

Location: Baltic Sea (Gulf of Finland)

Size: National

Customers Affected: Partial outage for Finland-Estonia connectivity

Incident : Physical Sabotage SPA0002100112125

Entity Name: Estonia

Entity Type: Government

Industry: Critical Infrastructure (Energy/Telecom)

Location: Baltic Sea (Gulf of Finland)

Size: National

Customers Affected: Partial outage for Finland-Estonia connectivity

Incident : Physical Sabotage SPA0002100112125

Entity Name: Norway (Space Norway)

Entity Type: State-Owned Enterprise

Industry: Telecommunications

Location: Greenland Sea (Svalbard Cable)

Size: National

Customers Affected: No service loss (redundant cable)

Incident : Physical Sabotage SPA0002100112125

Entity Name: NATO

Entity Type: Military Alliance

Industry: Defense/Critical Infrastructure Protection

Location: Baltic Sea Region

Size: Multinational

Customers Affected: Increased operational burden (Baltic Sentry)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Physical Sabotage SPA0002100112125

Incident Response Plan Activated: ['NATO Operation Baltic Sentry (2024)', 'Finnish National Bureau of Investigation (Estlink 2 Case)', 'Norwegian Police (Svalbard Cable Investigation)']

Third Party Assistance: Marinetraffic (Ship Tracking Data), Open-Source Intelligence (Osint) For Trawler Movements.

Containment Measures: Detention of *Eagle S* Vessel (Later Released)Increased Maritime Patrols (NATO Assets)

Remediation Measures: Cable Repairs (Status Unspecified)NATO-Industry Collaboration for Infrastructure Resilience

Recovery Measures: Swedish Military Exercises (Counter-Sabotage Drills)Enhanced Surveillance of Undersea Cables

Communication Strategy: Public Statements by NATO Secretary General Mark RutteMedia Interviews with Lithuanian FM Gabrielius LandsbergisCBS News Investigative Reports

Enhanced Monitoring: NATO Naval Drones and Aircraft PatrolsNational Surveillance Assets (Unspecified)

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as NATO Operation Baltic Sentry (2024), Finnish National Bureau of Investigation (Estlink 2 Case), Norwegian Police (Svalbard Cable Investigation), .

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through MarineTraffic (Ship Tracking Data), Open-Source Intelligence (OSINT) for Trawler Movements, .

Data Breach Information

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Cable Repairs (Status Unspecified), NATO-Industry Collaboration for Infrastructure Resilience, .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by detention of *eagle s* vessel (later released), increased maritime patrols (nato assets) and .

Ransomware Information

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Swedish Military Exercises (Counter-Sabotage Drills), Enhanced Surveillance of Undersea Cables, .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Physical Sabotage SPA0002100112125

Legal Actions: Finnish Criminal Case Against *Eagle S* Crew (Dismissed),

Regulatory Notifications: NATO Coordination Under Article 5 (Potential Future Trigger)

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Finnish Criminal Case Against *Eagle S* Crew (Dismissed), .

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Physical Sabotage SPA0002100112125

Lessons Learned: Undersea Cables Are Vulnerable to Physical Sabotage in Shallow Waters, Hybrid Warfare Blurs Lines Between Cyber, Physical, and Psychological Attacks, Plausible Deniability via 'Shadow Fleet' Complicates Attribution, NATO Unity Is Critical to Deterring Further Escalation, Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables)

What recommendations were made to prevent future incidents ?

Incident : Physical Sabotage SPA0002100112125

Recommendations: Increase Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage Incidents

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are Undersea Cables Are Vulnerable to Physical Sabotage in Shallow Waters,Hybrid Warfare Blurs Lines Between Cyber, Physical, and Psychological Attacks,Plausible Deniability via 'Shadow Fleet' Complicates Attribution,NATO Unity Is Critical to Deterring Further Escalation,Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables).

References

Where can I find more information about each incident ?

Incident : Physical Sabotage SPA0002100112125

Source: CBS News

URL: https://www.cbsnews.com

Date Accessed: 2024-11-00

Incident : Physical Sabotage SPA0002100112125

Source: Royal United Services Institute (RUSI)

URL: https://rusi.org

Date Accessed: 2024-11-00

Incident : Physical Sabotage SPA0002100112125

Source: Finnish National Bureau of Investigation

URL: https://poliisi.fi

Date Accessed: 2024-10-00

Incident : Physical Sabotage SPA0002100112125

Source: Space Norway (Svalbard Cable Operator)

URL: https://spacenorway.no

Date Accessed: 2022-01-00

Incident : Physical Sabotage SPA0002100112125

Source: NATO Press Release (Operation Baltic Sentry)

URL: https://www.nato.int

Date Accessed: 2024-01-00

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CBS NewsUrl: https://www.cbsnews.comDate Accessed: 2024-11-00, and Source: Royal United Services Institute (RUSI)Url: https://rusi.orgDate Accessed: 2024-11-00, and Source: Finnish National Bureau of InvestigationUrl: https://poliisi.fiDate Accessed: 2024-10-00, and Source: Space Norway (Svalbard Cable Operator)Url: https://spacenorway.noDate Accessed: 2022-01-00, and Source: NATO Press Release (Operation Baltic Sentry)Url: https://www.nato.intDate Accessed: 2024-01-00.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Physical Sabotage SPA0002100112125

Investigation Status: [{'case': 'Estlink 2 (Finland-Estonia)', 'status': 'Criminal Charges Dismissed (Prosecutors Appealing)'}, {'case': 'Svalbard Cable (Norway)', 'status': 'Closed (Lack of Evidence)'}, {'case': 'Polish Rail Sabotage', 'status': 'Ongoing (Suspects Identified)'}]

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Nato Secretary General Mark Rutte, Media Interviews With Lithuanian Fm Gabrielius Landsbergis and Cbs News Investigative Reports.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Physical Sabotage SPA0002100112125

Stakeholder Advisories: Nato Members Urged To Enhance Critical Infrastructure Protection, Baltic States Advised To Diversify Connectivity Routes, Energy And Telecom Sectors Warned Of Hybrid Threats.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Nato Members Urged To Enhance Critical Infrastructure Protection, Baltic States Advised To Diversify Connectivity Routes and Energy And Telecom Sectors Warned Of Hybrid Threats.

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Physical Sabotage SPA0002100112125

Entry Point: Anchor Drag Marks (Physical Damage), Vessel Loitering Near Cable Routes (Reconnaissance),

Reconnaissance Period: ['Svalbard Incident: >12 Trawler Passes Before Damage', 'Eagle S: Departed Ust-Luga on Day of Outage']

High Value Targets: Estlink 2 (Finland-Estonia Interconnect), Svalbard Cable (Northernmost Subsea System), Baltic Nato Members' Limited Redundancy,

Data Sold on Dark Web: Estlink 2 (Finland-Estonia Interconnect), Svalbard Cable (Northernmost Subsea System), Baltic Nato Members' Limited Redundancy,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Physical Sabotage SPA0002100112125

Root Causes: Geopolitical Tensions (Russia-Nato, Ukraine War), Physical Vulnerability Of Undersea Cables In Shallow Waters, Lack Of Unified Deterrence Against Hybrid Tactics, Plausible Deniability Via Non-State Proxy Vessels,

Corrective Actions: Nato Operation Baltic Sentry (Maritime Patrols), Finnish Appeal Of Dismissed Charges Against *Eagle S* Crew, Swedish Counter-Sabotage Military Exercises, Proposed Nato Article 5 Clarifications For Hybrid Attacks,

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Marinetraffic (Ship Tracking Data), Open-Source Intelligence (Osint) For Trawler Movements, , Nato Naval Drones And Aircraft Patrols, National Surveillance Assets (Unspecified), .

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Nato Operation Baltic Sentry (Maritime Patrols), Finnish Appeal Of Dismissed Charges Against *Eagle S* Crew, Swedish Counter-Sabotage Military Exercises, Proposed Nato Article 5 Clarifications For Hybrid Attacks, .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident were an Primary: Russian State-Affiliated Actors (Alleged)Secondary: ["Russian 'Shadow Fleet' Vessels (e.g., *Eagle S*)", 'Russian Fishing Trawlers (Svalbard Incident)', 'Ukrainian Citizens Linked to Russian Intelligence (Poland Rail Sabotage)']Denial: Russia denies all allegations and labeling them 'Russophobia'.