Kripos and DXC: When the supplier becomes the backdoor for cyber attacks

‍

For Torbjørn Remmen at DXC, this is the start of one of the most demanding periods of his career. He is the first to be alerted to what would later become known as the Hydro hack of 2019. Over the hours, days and months that follow, work goes on around the clock to stop the attack, secure critical operations and understand what has actually happened.

Cyber attacks are often experienced as abstract by those on the outside. In this episode, you get the story as it actually unfolded — with real decisions made under extreme time pressure, difficult trade-offs between security and operations, and a threat picture that is constantly changing.

At the same time, the episode gives a rare insight into how Kripos (the Norwegian National Criminal Investigation Service) has built up expertise in cybercrime. Espen Skogstad explains how the transition from narcotics crime to cyber investigation may not be as great as many believe. Structures, roles and methods in organised crime recur — including in the digital domain.

A central theme of the conversation is third-party risk. Today, businesses are closely connected to suppliers, partners and sub-contractors through systems, networks and access. For cyber criminals, this has become an attractive point of attack. It is of little help to invest heavily in your own security if the attacker finds the way in via a third party.

The episode also sheds light on the interplay between business, technical supplier and police when a serious incident occurs. Who does what? When should the police be notified? And what do businesses actually get back by involving the authorities early?

This is not a theoretical walkthrough of frameworks and guidelines. It is an honest story from reality, about how cyber attacks are handled when it really matters — and what leaders and businesses should take away.

If you want to understand why suppliers often become the backdoor for cyber attacks, how organised criminal networks operate, and what lessons the Hydro incident gives for Norwegian businesses today, you should listen to the entire episode. The podcast is hosted by Jens Christian Bang.

‍


From the left: Espen Skogstad, Kripos and Torbjørn Remmen, DXC

Espen Skogstad

‍Espen Skogstad works at Kripos and has broad experience in investigating organised crime, both from traditional crime areas and cybercrime. He has been involved in building up Kripos’ expertise in digital threats and works at the intersection of technology, intelligence and classic police work.

‍

Torbjørn Remmen

‍Torbjørn Remmen works at DXC Technology and is responsible for ServiceNow at DXC. He has long experience handling serious cyber incidents and complex security situations at large businesses, including the Hydro hack of 2019, and works closely with operational security, incident response and recovery of critical IT operations.

‍

Listen to the podcast on Spotify, Apple Podcasts or wherever you listen to podcasts.

‍