Researcher
Lars Gjesvik
Contactinfo and files
Summary
Lars Gjesvik is a senior researcher in the Research Group for Security and Defence at NUPI, where he also serves as the co-leader of the research center for digitization and cyber security. His research focuses on the intersection of private enterprise and state interests, security challenges, and power politics related to digitalization and emerging technologies.
He recently obtained his doctorate from the University of Oslo (in 2023), where he studied the interaction between private companies and state interests in the digital space, and the role of technology companies in shaping international politics. Gjesvik's expertise also includes issues related to the global surveillance industry, digital infrastructure such as submarine internet cables and cloud services, cyber security, and technology dependency.
In his previous work, Gjesvik has addressed national approaches to cyber security and public-private cooperation, as well as disinformation and influence campaigns
Expertise
Aktivitet
Filter
Clear all filtersResearch group for Security and defence
Research group for Security and defence
Norwegian cybersecurity: a small-state approach to building international cyber cooperation
As a small, open and highly digitalized country, cyber security is an issue of growing policy importance in Norway. Yet, like other highly digitalized states, Norway has faced difficulties in squaring national cyber security with private business interests and the multitude of actors. Recent years has seen efforts aimed at uniting disparate institutions and organizations into a coherent framework that works.
Managing a digital revolution: cyber security capacity building in Myanmar
Digitalization is exposing developing countries to a growing number of risks as well as opportunities associated with connecting to the Internet. Myanmar stands out as a critical case of both the pitfalls and the benefits Internet connection can bring. Amidst a political transition from military rule to a functioning democracy Myanmar is adding ICT to key areas like banking and e-government. Having been one of the least connected countries in the world only five years ago the country is now connecting to the Internet at an unprecedented pace, with few institutions in place to ensure the transition goes smoothly. The rapid expansion of Internet connectivity is connecting ever more people to an international world of business, discourse, and entertainment, but also crime, subterfuge, and discord. A crucial aspect for development in the years to come will be the harnessing of the benefits, as well as mitigating the downsides that inherently follow in the wake of Internet access (Schia, 2018). In this chapter, we examine the risks and potential benefits of Myanmar’s embracement of digital technologies.
Hacking democracy: managing influence campaigns and disinformation in the digital age
How are states responding to the threat of using digital technologies to subvert democratic processes? Protecting political and democratic processes from interference via digital technologies is a new and complicated security threat. In recent years the issue has been most prominent in terms of election security, yet the widespread usage of digital technologies allows for the subversion of democratic processes in multifaceted ways. From disrupting the political discourse with false information to inflaming and stoking political divisions digital technologies allows for a variety of ways for malicious actors to target democracies. This article compares different state experiences with interference in sovereign and contested political decisions. More specifically the article compares the Norwegian approach and experience in managing these challenges with those of Finland and the UK. Mapping both how the problem is understood, and the role of previous experiences in shaping public policy.
Avskrekke hvem? Betydningen av strategisk kultur for cybersikkerhet
There is an ongoing debate in academia about if and how deterrence theory may be used in cyberspace. Deterrence was originally a theory developed for avoiding conventional and nuclear war. In the current discussion on cyber security, there has been pointed out a range of technical problems of transferring a theory about the physical world to cyberspace. We recognize these challenges of deterrence in cyberspace, but in this article we want to shed light on a different aspect of deterrence. That is the interplay between social and technical factors of deterrence in cyberspace. In this article we will discuss how deterrence as a strategy in cyberspace is influenced by the specific strategic culture of a country. We will use China as a case study to showcase our argument. Contrasts between Chinese and “Western” strategic culture results in concrete differences in how Chinese and Western countries act in cyberspace. By utilizing four components of deterrence theory (denial, punishment, entanglement and norms), we will show how an in-depth knowledge of a state’s security policy and strategic culture may be used to tailor a more effective deterrence and enforce the capacity of hindering unwanted activity.
Critical communication infrastructures and Huawei
Recently, there have been growing cyber-safety concerns over telecom equipment made by the Chinese vendor Huawei. This has led many countries to ban Huawei from supplying equipment for building the next generation of mobile networks, 5G. Responses from mobile operators and the telecom community in general have been mixed. For instance, many European mobile operators have stated that these concerns are overblown and that such a ban would delay 5G rollout by two to three years in the best case. Moreover, some operators have directly questioned the ability of the other vendors to timely deliver a complete 5G network. However, these claims have mostly not been grounded in empirical data. This paper takes a multi-perspective approach to investigating this problem empirically. We start by categorizing responses from different countries to using Huawei equipment in 5G. We then analyze the importance and readiness of Huawei for supplying 5G equipment. This analysis is based on contributions to standards and patents. We also present a conceptual risk analysis framework to qualitatively evaluate the ability of a single vendor to cause considerable damage to critical communication infrastructures. This model aims at exploring a set of relevant axis. More specifically, we look at potential for harm in different political climates that is peace, crisis and war. Another axis is whether banning a particular vendor from supplying equipment for the upcoming mobile networks generation is useful without having a backward compatible ban. A third axis is the ability of a vendor to cause harm as a function of the type of supplied equipment, for example radio towers vs network management systems. Combining the analysis of readiness for supplying 5G and potential for causing harm allows us to roughly estimate the likely impact that a complete ban would have on 5G rollout in different parts of the world. We find that such a ban can possibly delay 5G by two years or more for operators with high dependence on Huawei. Consequently, we explore potential approaches that would both reduce vendor-related risk and do not significantly delay the rollout of 5G. These include heterogeneous multi-vendor deployments, equipment verification and testing, international collaboration as well as signing non-aggression treaties. Unfortunately, there is no technological solution that fully remedy this problem. Combining technical solutions with efforts to build trust between countries, enforce existing alignments or create new ones seems a promising way forward.
The Nordics and the International
Why is there not more Nordic cooperation on the international arena, when Nordic politicians so often express a willingness to develop cooperation in this field further? This project aims to build new...
Comparing Cyber Security. Critical Infrastructure protection in Norway, the UK and Finland.
Cyber security and protecting critical infrastructures from digital harm are of increasing importance for governments around the globe. Tackling this issue is challenged by two distinct features of cyber security in Western states: Firstly, the transnational nature of digital risks and threats necessitates cooperation and engagements beyond the state, through international and regional organizations and institutions. Secondly, the considerable extent of private ownership forces states to rely on and engage with private companies, through regulation or public–private partnerships (PPP). Through comparative analysis of the approaches taken to PPP and European cooperation for energy and telecommunication in Finland, Norway and the UK, this report examines how states engage with these issues. The greatest difference is found to lie between the two Nordic states and the UK. This is not the result of divergent national perceptions and understandings, but of the more centralized and intelligence-centred approach taken by the UK in contrast to the whole-of-society trust-based approach of the Nordic states. Both approaches entail distinct benefits and drawbacks. The major concern in the Nordic states is the lack of public resources and capacity, as well as the fragmentation of responsibility and capabilities. Realizing the importance of culture, context and history in shaping how public authorities respond to cyber-security concerns is of vital importance for enabling better policies. This report concludes by presenting a set of best practices identified in the three case countries.
Ten Years On: Reassessing the Stoltenberg Report on Nordic Cooperation
Ten years ago, the report ‘Nordic cooperation on foreign and security policy’ was presented to the Nordic foreign ministers at an extraordinary meeting in Oslo, Norway. Penned and fronted by Norway’s former foreign minister Thorvald Stoltenberg, the report proposed thirteen ways in which Nordic cooperation in the foreign and security domain could be formalized and strengthened. Generally well-received in the Nordic capitals, today, the report is regularly referred to in assessments of Nordic foreign and security cooperation, or when Nordic heads of government meet in public to discuss past and future accomplishments.