The espionage case involving Chinese nationals in Andøya, Otta, Singapore and Oslo is being kept in the dark by everyone who may be affected by it.
As Document recently revealed, a key supplier to, among others, the new 5G-based emergency communications network and the Coastal Radio Service (Kystradioen) is exposed to a potential security breach in connection with the espionage case in Andøya.
The company in question is the multinational group Frequentis AG, which has a long history as a supplier of mission-critical communications solutions to state enterprises in Norway.
In 2023, Frequentis hired a Chinese woman now in her forties who had previously been employed by the Chinese national suspected of espionage, Wei “William” Qiu, and his Norwegian business partner Oliver Horvei.
The woman holds a degree in telecommunications engineering from a Chinese university with close ties to the Chinese state apparatus.
Here the Chinese woman is pictured together with her manager, Oliver Ossege, at Frequentis Norway following a meeting with representatives of a newly acquired Norwegian company that supplies software for audio recording of communications between control towers and air traffic. (Photo: Private)
She was hired by Huawei in Norway in 2009 and most likely worked at Telenor’s premises in Fornebu during the major upgrade of the mobile network from early 2010 onwards. Telenor selected Huawei and Starent Networks/Cisco as the principal suppliers for its 4G network.
Read also:
Kvinne med bånd til spionsiktet kineser jobber for Andøya Spaceports systemleverandør
In 2014, the contract with Telenor was nearing its end and many Huawei employees lost their jobs. From 2014 to 2017, the woman worked as “procurement manager for equipment and services” for Telia’s 4G network.
Many warned against Huawei
US authorities began issuing serious warnings about Huawei in 2017. The Trump and Biden administrations imposed strict sanctions on the company.
The FBI, CIA and NSA warned against using Huawei mobile phones in 2018. The following year, Donald Trump prohibited US companies from doing business with the company by executive order.
That same year, PST warned against giving the company a role in the development of Norway’s 5G network.
That did not prevent the Chinese woman, whose background includes Huawei, the company of espionage suspect Wei Qiu, and the Chinese cryptocurrency company Bitmain, from becoming involved in Norwegian security-critical infrastructure projects through her employment with Frequentis AG.
PST will not comment on whether it has informed Frequentis customers in Norway.
– This case remains under investigation by PST. Beyond that, we have no further comments at this time, senior adviser Eirik Veum replies.
Silence from the politicians
Among other things, Frequentis supplies technology for the new 5G-based emergency communications network, which is to be operational by 2031. The contracting authorities are the Ministry of Digitalisation and Public Governance (DFD) and the Norwegian Communications Authority (Nkom), with the National Police Directorate also being a key stakeholder.
Document has submitted similar questions to all agencies and companies that may be affected through contact with the woman or Frequentis.
We have also approached the Standing Committee on Foreign Affairs and Defence and the Standing Committee on Justice in the Storting, as well as their chairs. None of them has replied.
Frequentis closes ranks
Frequentis AG initially responded quickly to Document’s enquiries and asked for time “beyond today” to coordinate internally and review the questions.
But the company has now tightly sealed off the matter without responding. It has not replied to follow-up enquiries.
From the Directorate for Civil Protection (DSB), which is a customer of Frequentis, we learn a little more:
– DSB maintains ongoing and close dialogue with our technical suppliers for the emergency communications network, including Frequentis AG. As a result of this case, they have informed us that they are conducting further investigations and assessing whether measures are required.
This is stated by Bjørn Morten Skudsveen, Head of Emergency and Preparedness Communications at DSB.
DSB has an ongoing contract with Frequentis for support and maintenance of control rooms associated with the old emergency communications network, including equipment used in operational control centres.
– The matter is under investigation by PST, and it would therefore be inappropriate for us to provide detailed information at this time. DSB and our suppliers have strict security procedures; access to information and systems is granted only to authorised personnel with an operational need, says Skudsveen.
In a procurement notice on Doffin, DSB states that replacing the supplier is, in practice, impossible:
It […] is neither technically nor operationally possible without enormous additional costs and significant operational risk. The control rooms handle emergency calls for the police, health services, fire services, rescue services, etc., which in turn are essential for effective and life-saving operations, crime prevention, management of terrorist attacks, major accidents and natural disasters. […] the criticality of the system makes it necessary to continue with uniform solutions for the agencies that use Nødnett. It is therefore necessary, given the purpose of the procurement, to acquire original products from Frequentis […].
Responsibility for the security of the new 5G emergency communications network, for which Frequentis AG is the principal supplier, lies with Nkom.
Director Espen Slette refers further enquiries to PST, the Norwegian Intelligence Service and the Norwegian National Security Authority (NSM). He does not wish to comment on any dialogue between Nkom and the security authorities concerning Frequentis.
– Nkom requires providers to assess risk and secure their own solutions in a responsible manner. The companies themselves bear that responsibility, says Slette.
NSM has not responded to Document’s questions.
TV 2 warned of a possible security issue
As recently as March this year, it was revealed that Frequentis had been exposed to a potential security breach that was investigated internally.
TV 2 revealed that the Russian national Konstantin Chudinov, who has ties to Vladimir Putin, shared the same business address and entered into a lease agreement on the same floor and in the same office community as Frequentis’ Norwegian division.
According to TV 2, PST had received tips concerning Chudinov for many years.
– We take such suspicions seriously. That is why we conducted both physical and digital investigations to eliminate risk, managing director Oliver Ossege told TV 2.
– In this case there was suspicion, but we could not find anything.
The Russian’s activities have much in common with the espionage case in Andøya and Gudbrandsdalen. In a documentary series, TV 2 refers to how Norwegian security authorities have long warned against so-called grey-zone activities and how several of those warnings resemble Chudinov’s methods.
These include the use of complex corporate structures, local proxies and concealed ownership, an interest in property acquisitions, and a strong interest in Norway’s northern regions.
Rocket manufacturer remains silent
A likely target of the Chinese intelligence operation is Andøya Spaceport, the launch base for the NATO-funded “Spectrum” launch vehicle.
The rocket can carry satellites and other payloads of up to 1,000 kilograms into space. The German manufacturer Isar Aerospace makes no secret of the rocket’s “dual-use” capability, meaning both civilian and military applications.
Isar has a contract with Andøya Spaceport for permanent use of the launch pad at Andøya. Frequentis AG supplies the communications system used during Isar launches. Document has been unable to obtain comment from the company.
Thirteen kilometres in a straight line from the launch pad lies the house searched by PST on 7 May before it arrested another, younger Chinese woman, who has now been charged and remanded in custody.
The house belongs to espionage suspect Wei Qiu through Karmøy Health Norway AS.
PST believes a 22-tonne satellite receiver from China was destined for this property. It was seized at the Port of Oslo in April.
– Not involved
Andøya Space is the public-private company that owns the two rocket bases at Andøya. The Norwegian state controls 90 per cent, while Kongsberg Defence Systems owns 10 per cent.
Jørgen Bratting, Director of Quality, Safety and Security, rejects any suggestion that Andøya Space is involved. He writes that the organisation is aware of the case through media reports.
– Naturally, we cannot discuss the specific measures we are taking. In general, we can say that we take security very seriously and work closely with the relevant authorities. Security assessments are conducted regularly as part of normal operations, Bratting writes in an email. He otherwise refers enquiries to PST.
– Can you say whether this issue may affect the progress of the planned new launch from 11 June?
No reply is ever received.
The date is taken from Isar Aerospace’s application to the authorities for a launch permit.
Encourages investigative journalism
The National Police Directorate is the purchaser of Frequentis technology for the 5G emergency communications network. Marianne Haahjem, Director of Procurement at the Police Shared Services, does not wish to comment on individual cases but responds on a general basis.
– Under the contract, the supplier is obliged to notify the contracting authority of any activities or security breaches within its own organisation or solutions. We must also be informed of changes in company management, acquisitions, changes of subcontractors and the like, she writes in an email.
– The police maintain ongoing contact with other relevant bodies regarding security issues. It is important that the issue highlighted here receives attention in security work in both the public and private sectors, and that active investigative journalism is carried out in this area. Both contribute to greater awareness, help uncover security challenges, and strengthen security.
According to Haahjem, a so-called value assessment is conducted for new procurements. This forms the basis for determining the required level of security.
– The value assessment determines whether a security agreement must be entered into with the supplier or whether personnel security clearance requirements must be imposed.
– Cannot share dialogue
On 1 January 2026, responsibility for the maritime infrastructure of the Coastal Radio Service (Kystradioen) was transferred to the Norwegian Coastal Administration (Kystverket). Previously, the service formed part of Telenor Maritime. Frequentis is the supplier of the upgraded infrastructure.
– The Norwegian Coastal Administration takes security in critical public services seriously and maintains close dialogue with the security authorities regarding this work, says Communications Director Anette Bonnevie Wollebæk.
For security reasons, she does not wish to share details of the Administration’s dialogue or work in the security field.
Avinor has purchased Frequentis’ integrated solution for managing air traffic at 14 Norwegian airports, including Oslo Airport Gardermoen.
Monica Iren Fasting, Head of Communications and Public Affairs, does not wish to comment on specific assessments but says she is aware of the case through media reports.
– Nor do we comment on any dialogue with PST or other authorities in such matters, beyond noting that we naturally maintain close cooperation with Norwegian security authorities. In general, Avinor imposes strict security requirements throughout the supply chain, in accordance with applicable regulations and recommendations from Norwegian authorities.
These are Document’s questions
The questions we sent to the committees of the Storting and prominent public-sector customers of Frequentis AG are, with minor variations, largely identical. As an example, we use the questions submitted to Avinor.
- Has PST informed Avinor of a possible risk of exposure to Chinese intelligence through systems supplied by Frequentis AG?
- Has Frequentis itself notified Avinor of this possible security risk?
- Has Avinor conducted its own investigations and assessments concerning software and communications solutions supplied by Frequentis?
- Have other bodies, such as NSM, Nkom, supervisory authorities or ministries, made contact regarding similar matters?
- For several years, the intelligence services have warned that Chinese intelligence uses business actors and intermediaries to gain access to sensitive infrastructure. What procedures does Avinor have for assessing the security profile of tenderers and the security clearance of their employees? Do these procedures identify individuals from businesses in countries outside Norway’s security cooperation framework who move from a technology company, via a company suspected of espionage, into a position with a supplier of security-critical systems?
- Does Avinor have any cooperation with Andøya Space and/or Isar Aerospace, which are two likely targets of Chinese activity at Andøya (cf. the house raided by PST, which is owned by the former employer of the Chinese Frequentis employee)?
- Does Avinor consider the authorities’ focus on this type of downstream supply-chain security risk in public-private contractual relationships to be adequate?
- Frequentis has a contract with Avinor for a communications platform serving 14 airports. If a single employee at this supplier poses a security risk, how extensive is the potential damage in Avinor’s view?
We also asked the parliamentary committees whether sufficiently stringent requirements are imposed regarding the security clearance of employees of foreign suppliers of critical infrastructure to Norwegian authorities and public-private companies such as Andøya Space AS.
- Is there currently sufficient legislation requiring suppliers such as Frequentis to notify Norwegian authorities when they hire individuals with security-sensitive backgrounds from companies, countries or environments identified by PST as risks, for example Huawei or China?
- Does the committee believe that current legislation is sufficient to identify cases in which Chinese intelligence actors use business intermediaries to gain access to sensitive infrastructure?
- Isar Aerospace is partly financed through NATO’s innovation fund and uses Andøya Spaceport for launches involving rockets of military relevance. Where does responsibility lie for assessing the security of the supply chain in such a civil-military hybrid arrangement, and is that responsibility being adequately discharged?
- PST seized a 22-tonne satellite receiver destined for an address 13 kilometres from Andøya Spaceport. In the committee’s view, are ordinary import controls and border controls sufficient for this type of equipment today, or should regulations governing equipment that may be used by intelligence organisations be tightened?
- The Security Act provides mechanisms for intervening in company acquisitions, but does it adequately cover the acquisition of properties near sensitive installations, as seen in this case?
- PST has repeatedly warned that China recruits individuals with connections to Norway through studies, employment or family ties. Does the committee consider current instruments sufficient to address this type of complex threat environment?
- What specific measures will the committee initiate to ensure that suppliers of security-critical infrastructure to Norwegian authorities are subject to stricter requirements concerning personnel security, ownership transparency and ongoing security oversight?
- Is the matter likely to be raised at a forthcoming committee meeting?