third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5 Resilience: measures<br />
This chapter focuses on the measures aspect of vulnerability<br />
and outlines the most important developments<br />
in the area of measures over the recent period designed<br />
to strengthen the digital resilience of individuals, organisations<br />
and society. The descriptions are based on open<br />
sources and information provided by various parties.<br />
5.1 National <strong>Cyber</strong> <strong>Security</strong> Strategy<br />
One important source of measures in the area of the resilience of<br />
the whole of Dutch society against cyber threats is the National <strong>Cyber</strong><br />
<strong>Security</strong> Strategy that will be revised in 2013. The activities described<br />
in the first strategy have largely been implemented. [70]<br />
The government’s ambition with the upcoming National <strong>Cyber</strong><br />
<strong>Security</strong> Strategy, with public and private commitment, is to outline<br />
the vision with respect to growth, security and freedom for the<br />
<strong>Netherlands</strong>. The strategy will also include an action programme<br />
focused on resilience enhancement. An EU strategy and EU directive<br />
for network and information security are being developed in<br />
parallel. These will need to guarantee a high level of cyber security<br />
in the EU. The <strong>Netherlands</strong> is one of the countries in the EU that has<br />
already implemented the proposed EU measures or has them at the<br />
planning stage.<br />
5.2 Awareness<br />
Raising and maintaining awareness of the risks in the digital world<br />
and the perspective for action are crucial for cyber security.<br />
Without awareness at every level (from administrators to employees<br />
and consumers), other measures will quickly become less effective.<br />
Partnership for <strong>Cyber</strong> Resilience<br />
Increased awareness is expressed in the signing of the World<br />
Economic Forum’s principles of international Partnership<br />
for <strong>Cyber</strong> Resilience by a growing number of Dutch companies<br />
[58: WEF 2012]<br />
. In the past year, these included companies such<br />
as TNO, KPN, Alliander, Schiphol Group, Unilever and Port<br />
of Rotterdam.<br />
local authorities, provinces, water boards, ministries and the<br />
organisations that carry out work for them. [75]<br />
»<br />
Core assessment » 5 Resilience: measures<br />
On the one hand, citizens are being given greater responsibility for<br />
security than they can deliver. On the other hand, surveys show that<br />
Dutch citizens have a relatively high level of trust in the security of<br />
the IT infrastructure and the government’s role in this. [76] This trust<br />
is one of the contributing factors to the high use of the internet and<br />
services such as online shopping and banking.<br />
From a European perspective, the Dutch are very savvy frequent<br />
users and an above-average number of them claim to be reasonably<br />
to well informed about the risks of cyber crime (54 per cent). [77] The<br />
relatively limited number, from an international perspective, of<br />
infections confirms the trust that Dutch citizens as end-users have<br />
in their own resilience. [78]<br />
Status of cyber security awareness in the <strong>Netherlands</strong>.<br />
In November 2012, a survey by Motivaction on digital security<br />
awareness among governments, vital sectors, (other) companies<br />
and consumers was published.<br />
[27: Motivaction 2012]<br />
More than 80 per cent of all respondents claimed to know what<br />
information is confidential and around two <strong>third</strong>s said they<br />
know what to do in the case of an incident. However six out<br />
of ten employees admit to having sent sensitive information<br />
through an insecure medium.<br />
The report further concluded that there were noticeable<br />
differences between the different groups. Vital sectors have the<br />
best-embedded cyber security policy, followed by the government,<br />
according to the report. However employees in the<br />
government and local authorities have the greatest sense<br />
of personal responsibility. The digital security policy is least<br />
strongly safeguarded in local authorities. Local authority<br />
officials give the lowest report mark for cyber security to the<br />
organisation, to colleagues and to themselves.<br />
Finally, Dutch consumers have a limited understanding of the<br />
term cyber security, although they are aware of phishing as<br />
a phenomenon, partly thanks to the intensive NVB campaigns.<br />
Consumers believe that the biggest risk is of their personal<br />
information being shared unwantedly through the internet.<br />
»»»»»<br />
Last year saw various international and national campaigns imple -<br />
m ented, including <strong>Cyber</strong> <strong>Security</strong> Month (October 2012, ENISA),<br />
Alert Online [71] (November 2012, coordination NCTV), the secure<br />
banking campaign ‘Bank details and log-in codes. Keep them<br />
secret’ [72] (NVB), Safer Internet Day February 2013 (DigiBewust) [73] ,<br />
protect your company [74] (for SMEs, <strong>Netherlands</strong> IT) and setting up<br />
of the taskforce Administration and Information <strong>Security</strong> in Services<br />
in February 2013. The aim of this taskforce is to increase awareness<br />
of information security and its management by administrators in<br />
70 Letters to the House of Representatives concerning Progress of the National <strong>Cyber</strong> <strong>Security</strong><br />
Strategy, Second Chamber Documents 26 643 (e.g. no. 202, July 2012).<br />
71 http://www.nctv.nl/pp/alertonline/<br />
72 http://www.veiligbankieren.nl/nl/<br />
73 http://www.saferinternetday.nl/<br />
74 http://beschermjebedrijf.nl/<br />
75 Meeting year 2012-2013, Chamber Document 26643, no 269.<br />
76 TNO 2013; Capgemini, Trends in <strong>Security</strong> 2013, based on research by TNS/NIPO. These figures<br />
are from before the series of DDoS attacks in April 2013. The effect of these is not yet known.<br />
77 European Commission, Special Eurobarometer 390 <strong>Cyber</strong> <strong>Security</strong>, 2012.<br />
78 Microsoft <strong>Security</strong> Intelligence Report, Volume 13, 2012.<br />
37