third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Core assessment » 2 Threats: actors and their intentions<br />
»<br />
»»»»»<br />
2 Threats: actors and their intentions<br />
This chapter examines the first aspect of threats, i.e.<br />
the actors, their intentions, and developments in<br />
this area. An ‘actor’ is the party playing a role in the<br />
area of cyber security. Parties can take on several roles<br />
and thus mani fest themselves as various actors.<br />
Actors may also intentionally or unintentionally use<br />
one another’s capacity.<br />
Following the description of the actors there is a summary of these<br />
actors, their intentions, skills, and primary targets.<br />
It is not always possible to determine with certainty what type of<br />
actor is behind a specific cyber attack - this is the issue of attribution.<br />
Examples of this include the DDoS attacks on various Dutch banks,<br />
KLM and DigiD where we cannot (yet) say with certainty which<br />
actor was responsible. Even where an actor claims responsibility<br />
for an attack, there is still the issue as to whether the claim is true.<br />
2.1 States<br />
‘State actors’ are defined as actors who form part of a country’s<br />
government. The threat from states is their intention to improve<br />
their geopolitical position (for example diplomatic, military, or<br />
economic) or, for example, to influence dissidents or opposition<br />
groups who are resisting the current regime. Governments globally<br />
are aware of the strategic significance of the cyber domain.<br />
This is why various states are building on their digital skills and<br />
developing or investing in digital tools (cyber capacity).<br />
States or state-related actors may disrupt IT services by deploying<br />
offensive cyber capacity (in varying degrees). Other actors may also<br />
be used, perhaps to avoid attribution to a state.<br />
Digital espionage by states, supported by states, permitted by states<br />
or with the state as the ultimate beneficiary, forms a major threat<br />
to the Dutch economy and to national security. Research carried out<br />
by the Dutch intelligence services indicates that in the <strong>Netherlands</strong>,<br />
these espionage activities are directed primarily at public authorities,<br />
non-governmental organisations, the business community,<br />
academia, dissidents, and opposition groups. Activities of this<br />
type are known as an Advanced Persistent Threat (APT). The biggest<br />
cyber espionage threat against Dutch interests at the moment is<br />
from actors that are related to China, Russia, and Iran and to a lesser<br />
degree Syria. [14]<br />
For example there are indications that in China, there are various<br />
actors such as intelligence services, the army, hacker groups, and<br />
universities that have links to digital intelligence activities. Global<br />
large-scale attacks originating from Chinese actors have been<br />
detected directed for example at the petrochemical, automotive,<br />
pharmaceutical, defence, maritime and aerospace industries.<br />
The aim of these attacks is to obtain relevant military and economic<br />
information.<br />
The digital intelligence activities on the part of actors linked to<br />
Russia/Russian digital intelligence activities are directed at public<br />
authorities (in particular the ministries of Defence and Foreign<br />
Affairs), international organisations (in particular NATO), the<br />
defence industry, banking, the energy sector and Russian dissidents.<br />
Digital intelligence activities from Syria are directed primarily at<br />
intimidating Syrian dissidents and disrupting their communication.<br />
State actors who invest in offensive cyber capacity can deploy this<br />
capacity during conflicts with other states or opposition groups.<br />
A conflict of this nature in the cyber domain would generally<br />
involve the same elements as in the physical world, i.e. propaganda,<br />
espionage, observation, manipulation, sabotage or (temporary)<br />
disruption, reconnaissance, intimidation by opposition parties and<br />
targeted attacks. This is allegedly how the Shamoon malware (see<br />
section 2.10 ) was spread by a state actor in retaliation for Stuxnet.<br />
The most extreme use of offensive cyber capacity is when it is used<br />
in warfare. Digital warfare is defined as “using digital means to carry<br />
out military operations designed to disrupt, mislead, change or destroy an<br />
opponent’s computer systems or networks”. [15] To be classified as warfare,<br />
the terms of warfare must be met: an act of violence that is<br />
instrumental to a political aim (of a state), i.e. to impose its will<br />
on an opponent. [44: Rid 2012] Conflicts that are (in part) fought out<br />
in the digital domain can harm parties not directly involved in the<br />
conflict. For example, state actors may exploit vulnerabilities in<br />
private and business computers.<br />
2.2 Terrorists<br />
‘Terrorists’ act from ideological motives. Their aim is to bring about<br />
social change, to incite serious fear among the population or<br />
to influence political decision-making. In doing what they do, they<br />
have no qualms about using whatever means they deem fit and they<br />
use targeted violence against people or cause disruption to harm<br />
companies. [16] Terrorists may launch cyber attacks against the<br />
infrastructure of the internet (internet as a target), physical targets<br />
14 AIVD annual report 2012.<br />
15 Advisory Council on International issues (Adviesraad Internationale Vraagstukken), Advisory<br />
Committee on International Law Issues (Commissie van Advies Inzake Volkenrechtelijke<br />
Vraagstukken), Digital Warfare, No 77, AIV/No 22, CAVV December 2011.<br />
16 The official definition of terrorism is from ideological motives threatening, preparing, or<br />
carrying out serious violence against people of acts directed at causing material damage to<br />
society with the aim of bringing about social change, inciting serious fear among the<br />
population, or influencing political decision-making.<br />
21