third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Core assessment » 5 Resilience: measures<br />
»<br />
»»»»»<br />
Digital resources may also be deployed in combination with<br />
sophisticated technical attacks on military installations. For<br />
example at the end of 2011, the American Air Force’s drone<br />
programme became infected by a virus. Although the virus did<br />
not endanger the operational element of the mission, it did<br />
cause some nuisance. [97][98] A further example is the hacking<br />
of American drones by insurgents in Iraq, who intercepted live<br />
video images so that they could evade and monitor American<br />
military operations. [99] Furthermore, an American general has<br />
admitted that the American army has used cyber capabilities<br />
in Afghanistan. Carrying out these cyber operations allowed<br />
the United States to infect opponents’ command & control. [100]<br />
In practice, digital resources are being deployed more frequently<br />
(and certainly more visibly) on the ‘soft’ side of<br />
psychological warfare, such as Twitter and other social media.<br />
This was for example evident throughout the Israeli operations<br />
against the Gaza Strip [101] and ISAF operations in Afghanistan,<br />
where the Taliban and ISAF tried to get the better of each other<br />
on Twitter. [102] Other good examples include the multiple<br />
break-ins in August 2012 to the Reuters press agency’s Twitter<br />
account and Wordpress blog environment. 22 false tweets<br />
appeared on these media along with several blog posts,<br />
supposedly from Reuters journalists about developments in<br />
the conflict in Syria after unknown individuals has hacked the<br />
account and the blog environment. [103]<br />
pay more attention than previously to measures and this is also<br />
happening more often in collaboration.<br />
Noticeable examples of this are the campaigns for raising awareness,<br />
such as ‘Alert Online’, ‘Banking details and log-in codes.<br />
Keep them secret’ and ‘Protect your company’. In addition to this,<br />
closer collaboration in the area of exchange of information and the<br />
agreements reached between banks and the government in<br />
connection with the DDoS attacks are good examples. In the area of<br />
research and innovation there have been various research programmes<br />
set up for the purpose of tackling the issues in connection<br />
with cyber security in collaboration between the government, the<br />
business community and the academic community. A guideline has<br />
also been published for setting up a policy of responsible disclosure,<br />
which involves pointing out IT vulnerabilities in a responsible<br />
manner. This is a handout for organisations and reporters as to how<br />
vulnerabilities in information systems and (software) products can<br />
be reported and dealt with in a responsible manner.<br />
The increased awareness has also recently led to new initiatives and<br />
supplementary measures at a national level and in certain organisations.<br />
They thus anticipate on the ever-increasing dependence on IT<br />
and changing threats. The effectiveness of this can only be measured<br />
in the long term. «<br />
5.9 Education and investigation<br />
Good education and investigation are important in terms of<br />
sustained resilience. In recent years, education has seen several<br />
secondary schools, universities and companies set up or<br />
strengthen cyber security training courses. The question arises as<br />
to whether these (semi) public and private initiatives supplement<br />
each other sufficiently.<br />
As part of the National <strong>Cyber</strong> <strong>Security</strong> Research Agenda (NCSRA)<br />
there have been two calls for research proposals, for which<br />
€6.3 million is available. With the help of the SBIR regulation [104]<br />
initially short-term development projects were put out to tender,<br />
resulting in 17 feasibility studies being carried out. These will be<br />
reviewed by mid-2013 to see which projects tenderers can successfully<br />
develop further. Secondly, the Dutch Organisation for<br />
Scientific Research (NWO) has been allocated a sum of 3.2 million<br />
for nine joint long-term research projects. [105]<br />
5.10 Conclusion<br />
Many initiatives involving resilience that were cited in the previous<br />
edition of the CSAN either have been started or are now in full<br />
swing. During the past year - partly because of major incidents - the<br />
public and political attention towards cyber security has noticeably<br />
increased. The need has also reached the boardroom, meaning that<br />
the subject of cyber security or information security is often given<br />
great importance. The government and the business community<br />
97 Computer Virus Hits U.S. Drone Fleet, www.wired.com, 7 October 2011.<br />
98 Air Force says drone computer virus poses ‘no threat’, Los Angeles Times, 13 October 2011.<br />
99 Insurgents Hack U.S. Drones, The Wall Street Journal, 17 December 2009.<br />
100 Afghanistan <strong>Cyber</strong> Attack: Lt. Gen. Richard P. Mills claims to have hacked the enemy,<br />
Huffington Post, 24 August 2012.<br />
101 Editorial: <strong>Cyber</strong> and military capacity, Militaire Spectator 12-2012.<br />
102 Jan van der Meulen and René Moelker, Digital duels in the global public sphere, in: P.<br />
Ducheine, F. Osinga, J. Soeters (ed), <strong>Cyber</strong> Warfare – Critical Perspectives, 2012.<br />
103 http://www.reuters.com/article/2012/08/03/net-us-reuters-syria-hackingidUSBRE8721B420120803,<br />
http://www.reuters.com/article/2012/08/06/net-us-reuters-syria-hackingidUSBRE8721B420120806,<br />
http://www.theregister.co.uk/2012/08/17/reuters_blogs_hacked_again/, http://blogs.wsj.com/<br />
cio/2012/08/05/hacked-reuters-wordpress-platform-had-known-security-issue/<br />
104 Small Business Innovation Research programme, http://www.agentschapnl.nl/nl/node/460958<br />
105 http://www.nwo.nl/actueel/nieuws/2013/ew/negen-projecten-in-cyber-security-onderzoekvan-start.html<br />
41