Information security and travel
This page provides specific travel advice from the NTNU Digital Security Section. The advice includes an introduction to actions that should be considered or carried out ahead of and throughout any trip, but also travel advice for those travelling to countries Norwegian security authorities have flagged as high-risk countries.
Risk reduction while travelling #
When travelling, attempts at information extraction should be anticipated. The Digital Security Section recommends that dedicated equipment be used when travelling to high-risk areas. This equipment should not be linked to the NTNU Windows domain (cfr Specific advice for travels to high-risk countries)
Travel preparations #
- Evaluate the need to carry information outside Norway and minimize the amount. Local authorities may demand access to encrypted information.
- Install anti-virus and security software ahead of departure.
- Make sure the firewall is activated.
- Update both your operating system and security software ahead of departure.
- Activate encryption on cellphone, iPad and laptop ahead of departure. This will prevent others from reading content on the units.
When travelling #
- Deactivate WiFi and Bluetooth when not in use.
- If offered a USB storage device, e.g. a memory stick, say no. Also avoid lending others your own memory sticks or other USB storage devices. In general, one should be very careful with any unfamiliar USB device. This also applies to pointing devices and mouse units.
- When accessing the Internet, always make sure there is a padlock icon in the browser’s top left-hand corner before entering your user name and password, and look out for possible security alerts and error messages.
- If accessing the Internet, we recommend that you connect through NTNU’s VPN. This will prevent scanning of traffic. Keep in mind that several high-risk countries have powerful surveillance resources with regards to digital communications and will attempt to access your flow of data.
Please note: Use of external VPN providers may be illegal, but so far there have been no cases of someone being confronted with accessing their own organisation through a VPN.
- Make sure that remote wiping is activated on all units.
- Do not disclose your NTNU username and password.
- Use your own cellphone charger.
High-risk countries #
Both the PST and the National Security Authority have issued warnings against intelligence activity from several high-risk countries targeting Norway. In particular, Russia, China and Iran are flagged as high-risk territories.
Based mainly on industrial espionage and technological motives, we know that these countries in particular have intentions of gathering information and compromising data systems to achieve economic and research goals. The high-risk countries have several military units working systematically in acquiring confidential and state-of-the-art technology through industrial espionage. These units are capable of quite sophisticated operations.
Because NTNU provides state-of-the-art research and technology within several of the high-risk countries’ fields of interest, we are an obvious target. We have already seen attempts to compromise NTNU personnel while travelling, so the risk is quite real.
Specific advice for travels to high-risk countries #
In addition to the advice above, we recommend the following when travelling in high-risk countries:
- The Digital Security Section recommends that you bring a cellphone/tablet/laptop not ordinarily in use (iPhone and iPad are recommended, as these are especially hard to break into).
- Avoid installing updates while abroad.
- Avoid leaving information units (cellphone, tablet and laptop) where you cannot see them. This includes hotel rooms and hotel safes. If going on a trip, bring all your information units with you.
- Avoid bringing managed clients to high-risk countries (i.e. computers linked to the NTNU domain). Contact NTNU IT firstname.lastname@example.org ahead of departure if it cannot be avoided.
- Use 6-digit PIN or password on cellphone and tablet. Deactivate fingerprint and facial recognition on your cellphone. These security mechanisms are considered too weak against a digital intruder.
Reporting an incident or suspected incident #
If you suspect that information has been accessed, or any other digital security incident, contact email@example.com (+47 90 66 43 50) so that we can assist you in solving possible problems.
Further information #
NTNU has a topic page about travel.
We recommend that you acquaint yourself with NTNU’s guidelines for storing files and documents (only in Norwegian).