How we work with preparedness and security
Last updated: 29.05.2026, 16:03
Your bus is part of Norway’s emergency preparedness
Imagine that you live in a city at war. Where do you go when the sirens sound? How do you know where the shelter is?
When CEO Bernt Reitan Jenssen recently met the former digitalization adviser to the mayor of Kyiv, he was given this answer: the public transport systems were used to show the way to the nearest shelters and to coordinate evacuations, because they were best suited to reach as many people as possible in the shortest possible time. It was a brutal reminder of what we must be prepared for.
Over one million journeys are made in Oslo and Akershus every day. In a crisis situation, the same system you use to get to work, school and training can be used to help you get home, out of the city, or to a safe place.
Safety on the buses
Did you catch that in 2025 we tested two electric buses inside a mountain? The project was named Lion Cage, and the purpose was to uncover digital vulnerabilities in the buses.
What we discovered was not about which bus is the most dangerous or where the buses are made, but about the technology that connects modern buses to the internet. The test revealed that connected buses can be vulnerable to unauthorized access via software updates.
We are now using the findings to set stricter requirements in new tenders and to develop better security for the bus fleet. In 2026, we will carry out new tests on more vehicles.
What did we find in the test?
Main findings from the Lion Cage test
We tested two buses: a new Chinese Yutong bus and a three-year-old Dutch VDL bus. They were chosen because they represent the breadth of our bus fleet.
The cameras on the buses transmit images over the internet, but the system is retrofitted and the images are only sent to the operators.
The Yutong bus can be updated remotely via the mobile network, a so-called over-the-air update. This gives the manufacturer digital access to the bus and, in theory, the bus can be influenced from the outside. We have now introduced mechanisms that allow us to monitor and delay such signals before they reach the bus.
The experts who carried out the test are clear that Norway is in a time window where it is still possible to introduce requirements and regulations that reduce the risk, before the next generation of buses becomes even more connected and harder to secure. Ruter has met with the Ministry of Transport about this, and they will solve it together with us.
How we will proceed
The testing gave us concrete insights, and we have already started taking action:
We are imposing stricter security requirements in new tenders, developing firewalls that ensure local control and protect against hacking, and working with authorities on clear cybersecurity requirements. We are also taking advantage of a time window we have now, before the next generation of buses becomes more connected and harder to secure.
How does Ruter take responsibility for safety and emergency preparedness?
We don’t just do analyses and planning. We train, we test, and we build systems that will keep public transport running even if the worst should happen.
In 2025, we made our emergency preparedness work more systematic than before. We updated our threat assessments based on reports from the Intelligence Service, PST and NSM, carried out new risk and vulnerability analyses, and strengthened the emergency preparedness organization.
An alternative physical location is being established to ensure that we can manage operations even if the head office is unavailable, improve the physical and digital security of charging facilities, and a new operational emergency unit has been set up to strengthen our ability to perform in demanding situations.
Ruter has been brought in as a participant in the overall emergency preparedness in the capital region and is in dialogue with the authorities about evacuation, energy preparedness, and socially critical mobility.
We must be able to analyze all relevant risks that may affect our delivery capability, in peace, crisis, and war, and implement measures that ensure our customers have a mobility service that is safe and predictable.
Digital threats
Cyberattacks are a real threat to public transport, and digital security has been a specially prioritized area in 2025, in light of increasing threat activity nationally and internationally.
Tet Digital identified and closed over 100,000 vulnerabilities in our systems in 2025. Each product team now has its own procedures for vulnerability management and risk assessments. The contingency plans include frameworks for cyber incident handling, and an on-call emergency duty has been established.
In 2026, we will continue working to strengthen information security, including by conducting a review against a globally recognized information security standard, the ISO 27001 standard.
The Board is concerned that in 2026 Ruter should maintain its active role in safety and emergency preparedness and continue its efforts to build resilience in demanding times.
National and international cooperation
Ruter does not work alone. We are part of cross-disciplinary emergency preparedness networks, including “Preparedness for a Renewable Transport Sector,” in which the Armed Forces, Posten, and other key societal stakeholders participate.
We also participate in European industry networks such as EMTA and UITP, where public transport companies share experiences on safety across national borders.
“We share what we learn with other public transport companies and with the authorities, so that we are all better prepared,” says Cato Holter, Head of Safety and Emergency Preparedness at Ruter.