Norway’s utilities sector sits at the heart of national resilience. Power generation, grid operations, and critical infrastructure are increasingly digital, interconnected, and exposed to both cyber and geopolitical risk. In this environment, cybersecurity leadership is not just about IT protection, but about safeguarding public trust, operational continuity, and national stability. The following CISOs are shaping how Norwegian utilities manage these challenges at scale.
Jøran Nilssen — Chief Information Security Officer, NTE
Jøran Nilssen brings decades of leadership experience spanning industrial IT and critical infrastructure. As CISO at NTE, he has been responsible for information security for many years, helping guide the organization through major technological shifts in the energy sector. His background as an IT leader in heavy industry, combined with formal training in knowledge management and leadership, gives him a long-term, systems-level view of security that emphasizes governance, collaboration across the power sector, and resilience over time.
Bjørn Høiås — Chief Information Security Officer, Elvia
Bjørn Høiås leads information security for one of Norway’s largest grid operators, with responsibility covering strategy, compliance, risk management, and incident response across critical infrastructure. His role spans everything from regulatory alignment and security culture to hands-on coordination of major incidents and emergency preparedness. With deep experience in risk assessments, audits, and continuity planning, Bjørn operates at the intersection of operational technology, IT security, and public-sector oversight, where clarity, structure, and trust are essential.
Tommy Haugan — Chief Information Security Officer, Haugaland Kraft AS
Tommy Haugan has built a career around securing complex, operationally critical environments. As CISO at Haugaland Kraft, he focuses on protecting energy operations while balancing business needs and regulatory requirements. His background includes information security process management in the healthcare sector and senior IT roles in shipping and industrial services, giving him broad exposure to environments where downtime and security failures carry real-world consequences.
Magnus Felde — Chief Information Security Officer, Eidsiva
Magnus Felde approaches cybersecurity through the lens of risk prioritization and resilience. At Eidsiva, his focus is on ensuring that limited security resources are invested where they deliver the greatest impact against both external and internal threats. His perspective reflects the realities of modern utilities: increasing digitalization, expanding attack surfaces, and the need to align cybersecurity investments directly with business and societal resilience rather than treating security as a purely technical function.
Securing Norway’s Critical Infrastructure
Cybersecurity in the utilities sector is fundamentally about keeping society running. The leaders featured here demonstrate how Norwegian utilities are moving beyond checkbox compliance toward mature, risk-driven security programs that integrate IT, OT, governance, and crisis management. Their work highlights the growing role of the CISO as a strategic leader, responsible not only for defending systems, but for enabling trust, continuity, and long-term resilience in some of the country’s most critical services.