| dc.description.abstract | The Norwegian power sector is currently experiencing an increasingly complex
supply chain, affected by digitalization. This case study examines how
digitalization has changed the procurement of third-party suppliers of Information
Technology (IT) and Operational Technology (OT), focusing on cyber security, in
the Norwegian power sector. The thesis investigates why cyber security in current
procurements of third-party suppliers is challenging, in addition to how it is
possible to make better decisions with the procurement of third-party suppliers.
Literature findings originating from our Systematic Literature Review (SLR)
identifies the need for conducting an exploration of procurement challenges,
related to cyber security, in the Norwegian power sector. Qualitative research by
utilizing Semi-Structured Interviews (SSI) was applied to acquire an in-depth
understanding of participants' experiences concerning procurement. Our study
includes a total of ten interviewees which was divided into four segments of the
Norwegian power sector: Production, Support System, Distribution System
Operator (DSO) and Transmission System Operator (TSO). By analyzing of our
empirical findings and literature findings we demonstrated that there is a variety
of cyber security challenges in the procurement of third-party suppliers. Most
centrally, a lack of cyber security competence and low capacity of in-house
expertise within the Norwegian power sector. Additionally, there is a lack of
standardized requirements regarding cyber security in procurements of third-party
suppliers. Certain Norwegian power companies are too small to make demands
towards larger third-party suppliers making it challenging to apply desired cyber
security requirements. On this basis, it is recommended that the Norwegian power
sector apply competence and capacity enhancing measures. | |
