third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Appendix » 2 Incidents<br />
Incidents registered with the <strong>NCSC</strong><br />
The <strong>NCSC</strong> supports governments and organisations in vital sectors<br />
in dealing with reported incidents in the area of IT security. The <strong>NCSC</strong><br />
also identifies incidents and vulnerabilities itself, on the basis of<br />
detection, for example.<br />
Furthermore, the <strong>NCSC</strong> acts at the request of international parties,<br />
particularly ISPs, to provide support in combating cyber incidents<br />
abroad that have originated in the <strong>Netherlands</strong> (for example from a<br />
web server or from infected PCs in the <strong>Netherlands</strong>). The <strong>NCSC</strong> does<br />
this under the title ‘international requests for assistance’.<br />
Number of incidents dealt with per target group<br />
The number of incidents dealt with by <strong>NCSC</strong> showed no significant<br />
increase or decrease in the previous quarter. Following a sharp<br />
increase in the second quarter of 2012 ( 27 incidents compared<br />
with the first quarter) the number of incidents increased in the<br />
remaining quarters of 2012 to then fall again in the first quarter<br />
of 2013 (Figure 14).<br />
<strong>NCSC</strong> defines a reported incident as ‘an IT-related security<br />
event discovered to pose an immediate threat or cause<br />
damage to IT systems or electronic information, related to<br />
one or more specific organisations, to which <strong>NCSC</strong> responds<br />
with action on their behalf.<br />
This definition shows that an incident does not always result<br />
in harm, but may still be a risk. More specifically, incidents<br />
fall into three types:<br />
» Attack: a malicious attack has taken place in an attempt<br />
to breach security as a result. Examples include hacks,<br />
malware infections and DDoS attacks.<br />
» Threat: an actor has the malicious intention to carry out<br />
an attack but has not done so yet.<br />
» Vulnerability: an IT environment is vulnerable, for example<br />
because of an error in the software, hardware or system<br />
configuration. A vulnerability means that a threat or attack<br />
has not (yet) taken place but there is opportunity for abuse.<br />
The number of incidents reported by or in relation to the government<br />
during the reporting period of this CSAN remained relatively<br />
stable: between 42 and 48 incidents per quarter. The fluctuation in<br />
incidents is thus primarily caused by incidents relating to the private<br />
sector (28 to 42 per quarter) and the number of international<br />
requests for assistance (3 to 14 per quarter).<br />
Incidents<br />
Incidents dealt with by <strong>NCSC</strong> (10Q4-13Q1)<br />
><br />
120<br />
100<br />
80<br />
60<br />
40<br />
20<br />
0<br />
Quarter > 10Q4 11Q1 11Q2 11Q3 11Q4 12Q1 12Q2 12Q3 12Q4 13Q1<br />
g Incidents at governments g Incidents at private organisations g International requests for assistance<br />
Figure 14. Incidents dealt with by <strong>NCSC</strong> (total)<br />
103