third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Introduction<br />
Information Technology (IT) has penetrated the heart of<br />
our society to the extent that nowadays we could not<br />
function without it. Now more and more electronic,<br />
software-driven devices are connected to the internet,<br />
making them part of the cyber domain. This digitalisation<br />
and connectivity is so advanced that we often don’t even<br />
realise it is there, but our offices, households, factories<br />
and shops are all part of this development. IT is thus an<br />
important driver of innovation, increased productivity,<br />
and economic growth.<br />
Sometimes IT is fallible and vulnerable, while the information it<br />
stores or exchanges is increasingly valuable. Many parties are keen<br />
to exploit vulnerabilities and gain access to information so that they<br />
can manipulate or publish it. <strong>Cyber</strong> security is thus an increasingly<br />
important subject.<br />
Given its crucial importance, a National <strong>Cyber</strong> <strong>Security</strong> Strategy [1] has<br />
been formulated in 2012, in which one of the actions involves<br />
conducting up-to-date analyses of relevant threats and risks. Indeed<br />
cyber security – preventing and combating cyber attacks – requires<br />
an overview of and insight into the developments and incidents that<br />
do occur. This is needed to determine the course of (new) measures.<br />
This <strong>third</strong> <strong>Cyber</strong> <strong>Security</strong> <strong>Assessment</strong> <strong>Netherlands</strong> (CSAN-3) is the<br />
next step in the implementation of this line of action. The following<br />
key questions are derived from the objectives of the assessment:<br />
»»<br />
What Dutch interests are harmed and to what extent by restricting<br />
the availability and reliability of IT, infringement of the confidentiality<br />
of information stored in IT or harm to the integrity<br />
of such information and what developments are happening<br />
here? (interests)<br />
»»<br />
What events and what activities by which actors may harm<br />
IT interests, what tools do they use and what developments<br />
are happening here? (threats)<br />
»»<br />
To what extent can the <strong>Netherlands</strong> defend itself against<br />
vulnerabilities in IT, could these harm IT interests and what<br />
developments are happening here? (resilience)<br />
CSAN-3 delivers insights in response to these questions, continuing<br />
to build on the previous assessments, which means it cannot be<br />
seen as separate. The reporting period is April 2012 to March 2013,<br />
but also includes relevant developments up to May 2013. The focus<br />
is on Dutch national interests but it also includes developments of<br />
interest elsewhere in the world. CSAN-3 presents the facts, describing<br />
developments in qualitative terms and provides, where available<br />
in trustworthy form, quantitative substantiation. Topics that are<br />
unchanged or scarcely changed since the previous editions are not<br />
described or only in brief. Interpretations are based on the valuable<br />
insights and expertise gained from the government and the vital<br />
sectors concerned.<br />
Reading guide<br />
This edition (CSAN-3) for the first time comprises a core assessment<br />
and detailed sections. The aim of the core assessment is to provide<br />
as clear and complete an insight as possible into changes in Dutch<br />
‘Interests’ that could be harmed, the ‘Threats’ which influence<br />
these and the extent to which society is ‘Resilient’ in the area of<br />
cyber security. The core assessment (see figure below) is built on<br />
the basis of the Interests, Threats and Resilience triangle that is in<br />
line with the classification used in other threat assessments such<br />
as for terrorism. [2]<br />
Threats<br />
Actors<br />
Tools<br />
Interests<br />
Manifestation<br />
Resilience<br />
Vulnerabilities<br />
Measures<br />
Interests (Chapter 1) considers the Dutch interests that may be harmed<br />
through encroachments to the availability and reliability of IT,<br />
infringement of the confidentiality of information stored in IT or<br />
1 National <strong>Cyber</strong> <strong>Security</strong> Strategy, a new version of this strategy is in preparation at the time of<br />
writing.<br />
2 Source: National Coordinator for <strong>Security</strong> and Counterterrorism (NCTV).<br />
13