third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

environments often arise from the increasing use of generic IT tools and insufficient awareness and knowledge among staff. Defence and ICS Defence-related arms, communication and sensor systems include both digital networks and SCADA-related control computers. These digital systems are essential for the functioning of the arms, communication or sensor system in question. The vulnerabilities identified in civil systems are in principle also present in defence systems. Because of the specific architecture, the software used and the fact that these systems have no direct connection to the internet, influencing them from outside is more complex and so the risk of disruption is relatively low. Furthermore, many systems have been designed to be redundant. Defence emphatically focuses on protecting arms, communication and sensor systems. Specific roles designed to achieve this have been created in the Ministry of Defence Computer Emergency Response Team (DefCERT). 4.2.4 SSL vulnerable or not securely configured Recently, the NCSC has examined how many websites are secured using Secure Socket Layer (SSL). It appears that in more than 40 per cent of the cases, unsafe encryption algorithms are used, allowing data communication to potentially be eavesdropped on or manipulated. In addition, dated versions of SSL, version 2, continue to be supported in almost 18 per cent of the cases. This vulnerability is intensified by users’ lack of insight into the extent to which their internet activity is protected. Research reveals that half of the users questioned were unable to determine correctly whether their browser session was effectively secured with SSL or not. [64] It again emerged that the SSL protocol is susceptible to attacks due to vulnerabilities in implementation of the protocol or the encryption. For example attacks on SSL were detected with eloquent sounding names such as CRIME [65] and Lucky13 [66] and an attack on RC4 encryption in TLS [67] . Since TLS/SSL is a fundamental element of the security of internet connections, these vulnerabilities represent a risk to the confidentiality of web connections. 64 S. Fahl et al., Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security, Leibniz University of Hannover, 2012. 65 See http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ 66 See http://www.isg.rhul.ac.uk/tls/Lucky13.html 67 See http://www.isg.rhul.ac.uk/tls/ 68 Source: National Vulnerability Database (NVD) from the American National Institute of Standards and Technology (NIST). 69 These are vulnerabilities which score 10 under the Common Vulnerability Scoring System, see http://www.first.org/cvss/cvss-guide 4.2.5 Break-in trend: increase in the number of vulnerabilities in software Based on an analysis of the American National Vulnerability Database (NVD) and the security advisories issued by the Dutch NCSC, the number of vulnerabilities in software has been assessed (see Figure 3). The previous CSAN concluded that the number of recorded vulnerabilities on an annual basis had been declining for a number for years. This downward trend has been broken and the number of vulnerabilities again rose sharply in 2012. The number of recorded vulnerabilities rose to 5,300 compared with around 4,000 one year before (+27 per cent). [68] The cause of this increase cannot be attributed to a specific product or specific supplier. 4.2.6 Number of infections in the Netherlands is below the global average For a number of years, Microsoft has been measuring the number of cleaned computers per thousand executions of anti-malware software (Computers Cleaned per Mille, CCM). This is plotted over time in Figure 4. The Netherlands almost always scores lower here, indicating that the number of infected computers in the Netherlands is lower than the global average. The number of computers cleaned in individual countries can fluctuate significantly per quarter. This is on the one hand because of the number of computers infected and on the other hand due to improved detection methods. In the fourth quarter of 2011, the number of computers cleaned in the Netherlands reached a peak, which can be explained by the additional detection of the EyeStye malware family. Worldwide, South Korea (93.0), Pakistan (26.8), Palestine (26.2), Georgia (24.2) and Egypt (22.3) scored worst. The countries with the best scores are Japan (0.7), Finland (0.8), Denmark (1.5) and the Czech Republic (1.6). The difference between the worst and best country is a factor of more than 100. 4.2.7 Serious vulnerabilities in standard software are increasing as a proportion It is not just the number of vulnerabilities that is important, so too is the impact and the ease with which vulnerabilities can be exploited. An analysis of Common Vulnerabilities and Exposures (CVE) records and NCSC security advisories reveals that 46 to 61 per cent of all vulnerabilities have an average impact. Of note is that the relative proportion of the most serious vulnerabilities [69] has increased since 2011. Between 2007 and 2011, approximately 6 to 8 per cent of all recorded vulnerabilities got the highest score; that changed from 2011 and since 2012 the figure has been 12 per cent. This means that relatively more vulnerabilities are easy to exploit (remotely, not complex and without authentication) and also have a high impact, compromising availability, integrity as well as confidentiality. 34
Core assessment » 4 Resilience: vulnerabilities » »»»»» Number of CVE IDs per annum 8000 7000 6000 5000 4000 3000 2000 1000 Y2000 Y2001 Y2002 Y2003 Y2004 Y2005 Y2006 Y2007 Y2008 Y2009 Y2010 Y2011 Y2012 Number Trend Figure 3. Number of unique vulnerabilities recorded per year (source: NVD) Number of cleaned computers 15 12 9 6 3 0 2009 2010 2011 2012 Q1-Q2 Q3-Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 The Netherlands World [24: MS 2012-1] Figure 4. Relative volume of infections detected per thousand scans in the Netherlands and the rest of the world 4.3 Conclusion On the one hand, the resilience comprises (the absence of ) vulnera bi lity of the interests to be protected and, on the other hand, measures to be used to reduce the vulnerability. The presence of vulnerabilities means that our society remains vulnerable to cyber attacks. The IT sector continues to be highly vulnerable. Following a few years of reduced levels, the openly published vulnerabilities in software are increasing again (+27 per cent) and the number of published vulnerabilities in industrial control systems is also rising. Data has become mobile and loss or theft of mobile devices makes the stored data possibly accessible to the finder. In the case of hyperconnectivity, all types of devices are connected to each other, 35
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 87 and 88:
Detailed section » 7 Vulnerability
Page 89 and 90:
Page 91:
Page 94 and 95:
Leak in the Humannet website belong
Page 96 and 97:
In 2012, ACM received a total of 14
Page 98 and 99:
car park will not open. It is annoy
Page 100 and 101:
9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?