Protects the county municipality against cyberattacks during the exam period

For half a year, Sicra has protected the county municipality’s official websites with AppFirewalling.

It works. Since we got this up and running in production, we haven’t been down, says Lars Bakke, head of servers and applications at the IT department of Akershus County Municipality.

DDoS stands for Distributed Denial-of-Service. Large amounts of login attempts are made to overwhelm the capacity. Access is hindered, and sensitive information can be stolen.

Cyberattacks of this type have affected, among others, DNB, PST, the Government’s web portal, media houses, municipalities, a number of companies, and other large public and private entities.

Subject Leader Lars Bakke sees a correlation between the start of the exam period at the 34 high schools in Akershus and attempts to sabotage electronic services.

We can’t prove it, but we believe there is a connection. It’s symptomatic that something like this happens every time there are exams.

Solution architect and partner at Sicra, Kai Thorsrud, reports that there is a tremendous increase in the frequency of cyberattacks in Norway. There are continuous widespread attacks on public and private websites.

60-70 percent of all email on the Internet is spam. This means traffic that should not enter, whether it is advertising or malicious traffic. The same applies to web traffic. Increasingly larger amounts of traffic are attacks. This was not so common before. But now the number of attacks has exploded, says Thorsrud.

DDoS attacks are a new type of crime that is becoming increasingly complex. There are more and more actors who want to make money from this, destroy and cripple services, or acquire information that can be sold or used. In recent years, the growth rate has been enormous. This is something we will see more and more of. It is increasingly important to protect against attacks.

The firewall technology AppFirewalling protects web applications against a range of attacks, including specifically injection attacks and application layer denial of service (DoS). The service also protects the actors’ customers and users from having their information fall into unwanted hands.

For Lars Bakke and the county municipality to see if the traffic is relevant or not, Citrix NetScaler is used. The service is now used continuously – the type of attack is constantly changing and the ‘defense’ must be adapted:

Everything that happens in the entire IT industry is encrypted. What happens online should be anonymous so that people cannot access the information. To address this, we have also encrypted pages towards the county municipality. But a downside for us who are concerned with IT security is that we also cannot see what is happening in this encrypted traffic.

To be able to protect ourselves, we must decrypt the traffic. Then we can see if the incoming traffic is legitimate; if it is something that should enter here or if someone is trying to enter for other reasons. A large influx of many clients can cause downtime. To address this, we use Citrix NetScaler.

Kai Thorsrud and Sicra have 20 years of experience in the field and tackle the problem and implement the service in a way that maximizes security.

We know how an attacker thinks when he targets a web application. And we hide the information the attacker is after. The implementation itself is also crucial for how secure the firewall becomes, says Thorsrud.

Lars Bakke is very satisfied with the service that now protects both the user and the entire County Municipality. He says he expected a successful result.

We know the reputation Sicra has. The guys who work there are considered some of the best in the industry. We wanted someone with solid experience, someone who knows where to start and has worked with large companies. They are very focused on analysis and what they needed to solve here. And they are thorough, ensuring they solve what they need to solve. This is something Sicra and Kai excel at, says Bakke.