third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

Increased IT dependency in electricity supply The introduction of smart grid and smart meters are making IT even more important in terms of our electricity supply. Smart grid is the term used when IT is applied to align fluctuating electricity supply and demand and prevent the network from becoming overloaded. Smart meters are already being rolled out to households in the Netherlands. These are digital electricity meters that the network manager can read and operate remotely. Gas and water meters are also awaiting digitalisation. This digitalisation entails a considerable data component. Details regarding use and generation by citizens and companies and about generation by power stations etc. will be sent, processed and stored in greater detail than is currently the case. The availability and integrity of this data are crucial if the grid is to function effectively. So too is confidentiality given the privacy risks attached to users’ data. Hyperconnectivity: everything is linked to everything all the time Two trends demonstrate people’s need to have access to online services at all times, wherever, and using different means. On the one hand there is the trend towards using ever more mobile devices (such as smartphones and tablets) to remain permanently connected to the internet; on the other hand there is the trend to equip more and more (consumer) products such as cars, coffee machines and fridges with computing power and network possibilities. These trends are known collectively as hyperconnectivity. 1.4 Conclusion There are different levels in the interests within the scope of cyber security: personal interests, the interests of organisations, chain interests and social interests. Cyber security demands protection of all those interests. Just as in previous years, dependence on IT continues to increase and this results in more interests being affected or having greater consequences when IT fails to function or there is a break in the confidentiality and integrity. This increasing dependence also applies to the vital sectors. In addition, the electricity, telecom, and IT services sectors are considered to be basic services in terms of cyber security. The increased dependence certainly applies to shared online services, such as DigiD and iDeal. Current developments, such as cloud computing, social media and hyperconnectivity lead to increasing use of the internet as a platform for business transactions, the processing of confidential information and the use of IT for running socially important processes. The ease of using the internet supports this development, but it also carries risks that are not always sufficiently taken into account. Because the Netherlands has invested heavily in the electronic provision of services, cyber security incidents can have a large impact. « 20
Core assessment » 2 Threats: actors and their intentions » »»»»» 2 Threats: actors and their intentions This chapter examines the first aspect of threats, i.e. the actors, their intentions, and developments in this area. An ‘actor’ is the party playing a role in the area of cyber security. Parties can take on several roles and thus mani fest themselves as various actors. Actors may also intentionally or unintentionally use one another’s capacity. Following the description of the actors there is a summary of these actors, their intentions, skills, and primary targets. It is not always possible to determine with certainty what type of actor is behind a specific cyber attack - this is the issue of attribution. Examples of this include the DDoS attacks on various Dutch banks, KLM and DigiD where we cannot (yet) say with certainty which actor was responsible. Even where an actor claims responsibility for an attack, there is still the issue as to whether the claim is true. 2.1 States ‘State actors’ are defined as actors who form part of a country’s government. The threat from states is their intention to improve their geopolitical position (for example diplomatic, military, or economic) or, for example, to influence dissidents or opposition groups who are resisting the current regime. Governments globally are aware of the strategic significance of the cyber domain. This is why various states are building on their digital skills and developing or investing in digital tools (cyber capacity). States or state-related actors may disrupt IT services by deploying offensive cyber capacity (in varying degrees). Other actors may also be used, perhaps to avoid attribution to a state. Digital espionage by states, supported by states, permitted by states or with the state as the ultimate beneficiary, forms a major threat to the Dutch economy and to national security. Research carried out by the Dutch intelligence services indicates that in the Netherlands, these espionage activities are directed primarily at public authorities, non-governmental organisations, the business community, academia, dissidents, and opposition groups. Activities of this type are known as an Advanced Persistent Threat (APT). The biggest cyber espionage threat against Dutch interests at the moment is from actors that are related to China, Russia, and Iran and to a lesser degree Syria. [14] For example there are indications that in China, there are various actors such as intelligence services, the army, hacker groups, and universities that have links to digital intelligence activities. Global large-scale attacks originating from Chinese actors have been detected directed for example at the petrochemical, automotive, pharmaceutical, defence, maritime and aerospace industries. The aim of these attacks is to obtain relevant military and economic information. The digital intelligence activities on the part of actors linked to Russia/Russian digital intelligence activities are directed at public authorities (in particular the ministries of Defence and Foreign Affairs), international organisations (in particular NATO), the defence industry, banking, the energy sector and Russian dissidents. Digital intelligence activities from Syria are directed primarily at intimidating Syrian dissidents and disrupting their communication. State actors who invest in offensive cyber capacity can deploy this capacity during conflicts with other states or opposition groups. A conflict of this nature in the cyber domain would generally involve the same elements as in the physical world, i.e. propaganda, espionage, observation, manipulation, sabotage or (temporary) disruption, reconnaissance, intimidation by opposition parties and targeted attacks. This is allegedly how the Shamoon malware (see section 2.10 ) was spread by a state actor in retaliation for Stuxnet. The most extreme use of offensive cyber capacity is when it is used in warfare. Digital warfare is defined as “using digital means to carry out military operations designed to disrupt, mislead, change or destroy an opponent’s computer systems or networks”. [15] To be classified as warfare, the terms of warfare must be met: an act of violence that is instrumental to a political aim (of a state), i.e. to impose its will on an opponent. [44: Rid 2012] Conflicts that are (in part) fought out in the digital domain can harm parties not directly involved in the conflict. For example, state actors may exploit vulnerabilities in private and business computers. 2.2 Terrorists ‘Terrorists’ act from ideological motives. Their aim is to bring about social change, to incite serious fear among the population or to influence political decision-making. In doing what they do, they have no qualms about using whatever means they deem fit and they use targeted violence against people or cause disruption to harm companies. [16] Terrorists may launch cyber attacks against the infrastructure of the internet (internet as a target), physical targets 14 AIVD annual report 2012. 15 Advisory Council on International issues (Adviesraad Internationale Vraagstukken), Advisory Committee on International Law Issues (Commissie van Advies Inzake Volkenrechtelijke Vraagstukken), Digital Warfare, No 77, AIV/No 22, CAVV December 2011. 16 The official definition of terrorism is from ideological motives threatening, preparing, or carrying out serious violence against people of acts directed at causing material damage to society with the aim of bringing about social change, inciting serious fear among the population, or influencing political decision-making. 21
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75:
An attacker can abuse devices linke
Page 77 and 78:
Detailed section » 6 Grip on infor
Page 79 and 80:
Detailed section » 6 Grip on infor
Page 81 and 82:
Detailed section » 7 Vulnerability
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91:
Page 94 and 95:
Leak in the Humannet website belong
Page 96 and 97:
In 2012, ACM received a total of 14
Page 98 and 99:
car park will not open. It is annoy
Page 100 and 101:
9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

Create successful ePaper yourself

Delete template?

Save as template?