Attack 2025 is Norway’s leading cybersecurity conference, gathering authorities, research institutions, and industry experts to discuss threats, vulnerabilities, and new regulatory requirements.

What was the key message from the conference?

That the threat landscape is more serious than it has been in decades, and future attacks will increasingly target operational disruption rather than just data theft.

Why is Norway becoming more digitally vulnerable?

Digitalisation in industry and critical infrastructure connects IT and OT in new ways, creating larger attack surfaces and increasing the potential impact of cyber incidents.

What threats do national security authorities warn about?

Destructive attacks, sabotage, influence operations, advanced online fraud, ransomware, criminal targeting of infrastructure, and intelligence operations using insiders.

What major trends were highlighted?

Social engineering, cross-channel fraud, AI-powered attack tools, vulnerable supply chains, commercialised attack kits, QR-code exploitation and phishing, and automated reconnaissance.

Why can IT and OT no longer be treated separately?

Because industrial systems that were once isolated are now integrated with IT platforms. A small IT incident can escalate into severe operational consequences.

What is Sicra’s security triangle?

A methodology combining security leadership (CISO), deep technical expertise, and operational monitoring (NOC/SOC) to create holistic protection across strategic, operational, technical, and industrial layers.

How does the Sicra–Bluetree merger support today’s security needs?

By combining OT expertise, cybersecurity leadership, monitoring capabilities and engineering talent into one integrated security organisation.

What must organisations do to stay secure moving forward?

Establish shared situational awareness between IT and OT, adopt holistic risk management, implement operational monitoring, and ensure competence that bridges the two domains.

Sicra strengthens organisations with holistic security leadership, expert IT- and OT-level engineering, and continuous monitoring services that reduce risk across complex digital ecosystems. Read more about "Security strategy" here > Read more about "Zero Trust architecture" here > Read more about "Monitoring, troubleshooting, and logging" here > Read more about "Security testing" here >

Attack Conference 2025: Real threats and new regulations require action

Digitalization and Public Governance Minister Karianne Oldernes Tung opened Attack 2025. She emphasized that Norway is in the most severe geopolitical situation since World War II. This increases the likelihood of destructive attacks against critical digital infrastructure. At the same time, the probability of profit-driven cyberattacks on businesses is also rising.

Attack 2025 brought together central security actors such as the Norwegian National Security Authority (NSM), the Directorate for Civil Protection (DSB), the Police Security Service (PST), Kripos, the Norwegian Cyber Security Center (NCSC), the Norwegian Defence Research Establishment (FFI), Cyber Defence, and the leading technology environments in cybersecurity.

A key theme was that Norway’s digital vulnerability is increasing in step with the digitalization of industry and critical infrastructure. The convergence between IT (information technology) and OT (operational technology) makes the threat landscape more complex than ever. At the same time, threat actors have become more skilled, have stronger tools such as artificial intelligence (AI), and there are more nation-state actors. This places greater demands on both public and private organizations, regardless of size.

Today’s digital threats

Because of the geopolitical situation, PST, NSM, Kripos, and other security authorities are warning about different cyberattacks targeting Norwegian organizations.

Authorities believe there is a high likelihood of:

Destructive cyberattacks.
Sabotage of digital or physical infrastructure.
Influence operations.
Organized crime becoming more professional and more targeted toward infrastructure — both OT (for example production systems) and IT through digital attacks for profit, such as ransomware.
Technically advanced online fraud aimed at individuals or organizations through their employees.
Intelligence operations, including mapping of physical and digital infrastructure and the placement of insiders.

The conference highlighted the following risk factors and trends:

Mobile phones: an underestimated risk
Information thieves: collecting as much information as possible without leaving traces
Access through login credentials
ClickFix and FakeUpdates: new forms of social engineering
QR codes, voice-phishing and cross-platform attacks
Attack-as-a-service: ready-made attack packages
Vulnerable supply chains and embedded malware
AI agents and automated fraud
Further personalization of attacks

IT and OT introduce new risks

The digitalization of industry, energy, water, healthcare, and transport brings major benefits — and new vulnerabilities. Systems originally developed to be isolated, such as controllers, sensors and control systems, are today connected to IT platforms. When IT and OT become more closely linked, a seemingly small incident in the IT environment can develop into a critical OT situation. Threat actors attempt to exploit weaknesses in these connections.

This creates two major challenges:

A larger attack surface: OT systems become an entry point into an organization’s most critical systems.
Greater consequences: A successful attack is no longer only about data. It can stop production, harm the environment, weaken national infrastructure, or put lives and health at risk.

Holistic security through leadership, monitoring, and expertise

Attack 2025 underlined what we at Sicra experience — that digital risk is increasing not only in IT systems but also in production environments, industrial systems and society-critical processes. With the merger of Sicra and Bluetree, we took a strategic step to address this development. We combine leadership, technology, monitoring and OT expertise to give organizations the security they need today. Many organizations have come far in IT security but lack the same level of maturity in OT.

To increase security, organizations must acknowledge that:

IT and OT can no longer be treated as two separate worlds.
The risk arises in the intersection between IT and OT.

Sicra’s security triangle is our method for building holistic security, from the boardroom to the server room and all the way out to industrial control systems. To create real digital security, organizations must handle security at several levels: strategic, operational, technical and industrial.

Sicra’s security triangle consists of three areas:

1. Security management/ CISO

Strategic security leadership supported by a full team of technical consultants and advisors. Sicra acts as an advisor and partner to the organization’s leadership.

2. Consultants with deep expertise in security, OT and infrastructure

This is Sicra’s professional foundation: advisors, architects and specialists in infrastructure, networking, cybersecurity and a strong, specialized OT security environment.

3. Operations Center – Network | Security Operations Center (NOC/SOC)

Sicra’s operational muscle: our operations center includes both the Network Operations Center (NOC) and the Security Operations Center (SOC).

NOC monitors and operates critical network services, infrastructure and platforms to ensure stability, performance and high availability.
SOC combines monitoring, response capability and forensic expertise to provide continuous protection, 24/7, where Sicra is the local security partner for Arctic Wolf. Our SOC is independent from the teams operating the infrastructure, avoiding conflicts of interest.

Attack 2025 made it clear that cybersecurity is about more than technology and isolated measures.

We need: