third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

on governmental organisations and businesses that use these services. It is not clear who is behind the DDoS attacks. 9. As yet, a broad group of organisations is unable to implement important basic (technical) measures, such as patch and update management or a password policy. Where individual organisations do have their basic security well organised, it appears that shared services and infrastructure are still vulnerable, which in turn leads to a risk for interests that transcend particular organisations. 10. The inherent dynamics of cyber security demand a new approach. Static information security measures are no longer sufficient; organisations need greater insight into threats (detection) and need the capacity to deal with the threats (response). In conclusion, a) dependence on IT by individuals, organisations, chains and society as a whole has grown; b) the number of threats aimed at governments and private organisations has risen, mainly originating from states and professional criminals; and c) digital resilience has remained more or less at the same level. Although more initiatives and measures are being taken, they are not always in step with the vulnerabilities, and basic security measures have not always been put in place. Table 1 gives insight into the threats that various actors use to launch attacks on governments, private organisations, and citizens. Please see the Core Assessment (Chapter 6) for more information about the changes in comparison with CSAN-2. Interests The scope of cyber security contains different levels of interests: personal interests, the interests of organisations, chain interests and social interests. Cyber security demands the protection of all these interests. As in previous years, dependence on IT continues to increase, resul ting in more interests being affected, or having greater conse quences when IT fails to function or there is a break in confidentiality and integrity. This increasing dependence also applies to the vital sectors. In addition, the electricity, telecom, and IT services sectors are considered essential in terms of cyber security. Increased dependence certainly applies to shared online services, such as DigiD and iDeal. Current developments, such as cloud computing, social media and hyperconnectivity, have led to increasing use of the internet as a platform for business transactions, for processing confidential information and using IT to run socially important processes. The ease of using the internet supports these developments, but it also carries risks, which are not always taken properly into account. Because the Netherlands has invested heavily in the electronic provision of services, cyber security incidents can have a large impact. Threats: actors and their intentions The largest threat at the moment concerns states and professional criminals and, to a lesser extent, cyber vandals, script kiddies and hacktivists. It is not always possible to discover which actor is behind a cyber attack: the attribution issue. States form a threat particularly in the terms of information theft (digital espionage), aimed at confidential or competition-sensitive information belonging to governments and businesses. The General Intelligence and Security Service (AIVD) confirmed attacks in the past year on Dutch civil organisations, using Dutch IT infrastructure, originating from China, Russia, Iran, and Syria. The Defence Intelli gence and Security Service (MIVD) established that the defence industry is a desirable target for cyber espionage and has seen indications that the cyber espionage threat is also aimed at parties with whom the defence industry collaborates. Information gained through espionage in this industry serves the interest of states. The MIVD also detected malicious phishing activities aimed at Dutch military representatives abroad. Professional criminals continue to pose a large threat. This was shown recently in financial fraud and theft, with criminals changing online transactions often after the theft, and misusing financial (log-in) data (fraud with internet banking). Furthermore, criminals are guilty of digital break-ins to steal information or to sell the data to the criminal underworld. Finally, an IT takeover, for example through malware infections, remains a worrying subject (see the Pobelka botnet), as does the increasing incidents of ransomware, in which end-users are blackmailed. Botnets, like the Pobelka incident, that are aimed at financial transactions can steal a great deal of other sensitive information, which can pose a significant threat. In the Pobelka case, sensitive data was stolen from businesses and governmental departments in the vital sectors, as well as large quantities of personal data. Criminals are becoming increasingly daring in their dealings to acquire large amounts of money, for example, automatically downloading and showing child pornography in ransomware to force victims to pay money. The police note that the world of cyber crime has become more intertwined with the usual hardened crimininality. Recent surveys show that Dutch citizens are almost as often the victim of hacking as they are of bicycle theft. Cyber vandals, script kiddies, and hacktivists were recently in the news due to disruption of the online services of governmental bodies and businesses and the publication of confidential information. Generally speaking, script kiddies and cyber vandals do not gain from their activities, other than excitement. The technical tools used by script kiddies are becoming better and easier to use. This means that they can cause greater damage. Meanwhile, the cyber vandal has a great deal of knowledge and can use that to cause substantial damage. It is not always possible to find out how large a share hacktivists hold in the intentional disruption of IT services. 8
Targets Actors (threats) Governments Private organisations Citizens States Digital espionage Digital espionage Digital espionage Disruption of IT (use of offensive capabilities) « Disruption of IT (use of offensive capabilities) « Terrorists Disruption of IT Disruption of IT Theft and sale of information« Theft and sale of information« Theft and sale of information« (Professional) criminals Manipulation of information« Manipulation of information« Manipulation of information« Disruption of IT Disruption of IT ñ IT takeover IT takeover IT takeover Cyber vandals and Script kiddies Theft and publication of information « Theft and publication of information « Theft and publication of information « Disruption of IT Disruption of IT IT takeover « Theft and publication of information ò Theft and publication of information ò Theft and publication of information ò Hacktivists Disruption of IT Disruption of IT Disruption of IT ò IT takeover « Defacement « Defacement « Internal actors Theft and publication or sale of received information Theft and publication or sale of received information (blackmail) Disruption of IT « Disruption of IT « Cyber researchers Receiving and publishing information Receiving and publishing information Private organisations Theft of information (business espionage) ñ No actor IT failure ò IT failure ò IT failure ò Table 1. Summary of threats and targets Key to relevance Low Moderate High No new trends or phenomena identified which result in a threat. OR There are (sufficient) measures available to eliminate the threat. OR There have been no notable incidents because of the threat during the reporting period. New trends or phenomena identified which result in a threat. OR There are (limited) measures available to eliminate the threat. OR There have been incidents outside of the Netherlands, and a few minor incidents in the Netherlands. There are clear developments which make the threat applicable. OR Measures have a limited effect, so that the threat remains considerable. OR There have been incidents in the Netherlands. Key to changes: ñ threat has increased ò threat has decreased « threat is new or has not been reported previously 9
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63:
magnitude of digital espionage inci
Page 65 and 66:
Detailed section » 3 Botnets 3 Bot
Page 67 and 68:
Detailed section » 3 Botnets » Do
Page 69 and 70:
Detailed section » 4 DDoS 4 DDoS
Page 71:
Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75:
An attacker can abuse devices linke
Page 77 and 78:
Detailed section » 6 Grip on infor
Page 79 and 80:
Detailed section » 6 Grip on infor
Page 81 and 82:
Detailed section » 7 Vulnerability
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91:
Page 94 and 95:
Leak in the Humannet website belong
Page 96 and 97:
In 2012, ACM received a total of 14
Page 98 and 99:
car park will not open. It is annoy
Page 100 and 101:
9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?