third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

ACM seeks active collaboration with (inter)national public and private parties. Legal judgments from spam investigations in 2012 [38: OPTA 2013] can be found in the ACM annual report 2012. Responsible disclosure introduced Responsible disclosure in the IT world means responsibly, and jointly between the reporter and the organisation, making IT vulnerabilities public on the basis of relevant policy put together by organisations. [32: NCSC 2013-1] Applying responsible disclosure can very much help to increase the security of information systems and (software) products. In 2013, the guideline for arriving at a practice for [32: NCSC 2013-1] responsible disclosure in the Netherlands was published. This is a handout for organisations and reporters as to how vulnerabilities in information systems and (software) products can be reported and dealt with in a responsible manner. It is now down to organisations to implement and publish their own responsible disclosure policy. The NCSC received the first reports at the beginning of 2013 but it is still too early to draw any conclusions. 5.8 Cyber operations in the Defence sector In June 2012, the Minister of Defence issued the Defence Cyber Strategy containing six focal points. The focal points for Defence are a comprehensive approach, strengthening of digital resilience (‘defensive’), the military capacity to carry out cyber operations (‘offensive’), increased cyber intelligence capacity, adaptive and innovative capability and collaboration. [93] The Ministry of Defence (MoD) is expanding its cyber capacities to safeguard deployment of the Dutch armed forces and increase the efficiency of this deployment. The priority is to increase the MoD’s own resilience and strengthen the intelligence position. In 2012, a Cyber Task Force was formed to facilitate this intensification. A start was also made in expanding the capacity of the Defence Computer Emergency Response Team (DefCERT) and the Defence Intelligence and Security Service (MIVD). At the same time, there is closer collaboration with the NCSC and other partners. To increase internal awareness, various learning environments have been introduced and there has been participation in various cyber drills. Furthermore, the taskforce will establish the capability to apply cyber in military operation (including offensive capacity). To achieve this, the Defence Cyber Command and the Defence Cyber Expertise Centre (DCEC) are being set up. DefCERT supervises protection of the defence networks. DefCERT’s current capacity is being expanded with specialists in ICS and Process Control or SCADA systems. This marks an important step in increasing the protection of arms and sensor systems. 93 Defence Cyber Strategy, June 2012. 94 Washington, Beijing in Cyber-war Standoff, Newsline ABC, 12 February 2013. 95 The other four domains are: air, sea, land and space. 96 Cyber Crime and Cyber War Predictions, Cyber Defense Magazine, 25 March 2013. The MIVD investigates all actors who pose a cyber threat to the Dutch armed forces and the defence industry. The MIVD is reinforcing its information position in the cyber domain with the aim of detecting and combating digital attacks from (potential) opponents. In doing this, the MIVD is helping to combat cyber threats with the aim of guaranteeing the Dutch armed force’ readiness for deployment and action. Given its expertise and special legal competences, the MIVD, working with the Defence Cyber Command, plays a crucial role in developing the defence sector’s offensive cyber capacities. In addition, project Symbolon is to be rolled out together with the General Intelligence and Security Service (AIVD), as part of which both intelligence services will bundle their cyber and SIGINT capability into one joint unit. Within the given mandate, offensive cyber capabilities will be used by the Defence Cyber Command under the responsibility of the Chief of Defence (CDS). By 2015, the armed forces must be in a position to deploy offensive cyber capabilities in military operations. Defence is furthermore involved in the National Cyber Security Research Agenda, various NATO and EU programmes and the Cooperative Cyber Defence Centre of Excellence (CCDCoE) in Tallinn. In preparation for the establishment of a professorship in 2014, an Associate Professor of Cyber Operations was appointed to the MoD’s Dutch Defence Academy in 2012. Digital warfare and cyber conflicts States are not only active in cyberspace to defend themselves, they are increasingly developing intelligence and offensive cyber capabilities. Every day, states carry out digital surveillance on computer networks for reconnaissance and/or offensive purposes. The media are firmly instilling fear of a cold war in the digital domain [94] In reality, digital resources are another weapon in the arsenal that a state already has at its disposal. The deployment of digital resources is relatively easy given the degree of anonymity and because developing and deploying digital resources is simpler and cheaper than conventional weapons. Political and military conflicts already take place partially in cyberspace and comprise the same elements as in the physical world, including propaganda, espionage, surveillance and targeted attacks. The Dutch armed forces therefore consider cyberspace to be the fifth domain. [95] Conflicts (partially) fought out in the digital domain may present an additional threat if there is a large-scale spill-over to civil society. After all, offensive cyber capabilities may be deployed through vulnerabilities on private and business computers, and on mobile devices. [96] Furthermore, with a targeted cyber attack it is in theory possible to bring about harm to a country remotely, for example by infecting the SCADA systems. 40
Core assessment » 5 Resilience: measures » »»»»» Digital resources may also be deployed in combination with sophisticated technical attacks on military installations. For example at the end of 2011, the American Air Force’s drone programme became infected by a virus. Although the virus did not endanger the operational element of the mission, it did cause some nuisance. [97][98] A further example is the hacking of American drones by insurgents in Iraq, who intercepted live video images so that they could evade and monitor American military operations. [99] Furthermore, an American general has admitted that the American army has used cyber capabilities in Afghanistan. Carrying out these cyber operations allowed the United States to infect opponents’ command & control. [100] In practice, digital resources are being deployed more frequently (and certainly more visibly) on the ‘soft’ side of psychological warfare, such as Twitter and other social media. This was for example evident throughout the Israeli operations against the Gaza Strip [101] and ISAF operations in Afghanistan, where the Taliban and ISAF tried to get the better of each other on Twitter. [102] Other good examples include the multiple break-ins in August 2012 to the Reuters press agency’s Twitter account and Wordpress blog environment. 22 false tweets appeared on these media along with several blog posts, supposedly from Reuters journalists about developments in the conflict in Syria after unknown individuals has hacked the account and the blog environment. [103] pay more attention than previously to measures and this is also happening more often in collaboration. Noticeable examples of this are the campaigns for raising awareness, such as ‘Alert Online’, ‘Banking details and log-in codes. Keep them secret’ and ‘Protect your company’. In addition to this, closer collaboration in the area of exchange of information and the agreements reached between banks and the government in connection with the DDoS attacks are good examples. In the area of research and innovation there have been various research programmes set up for the purpose of tackling the issues in connection with cyber security in collaboration between the government, the business community and the academic community. A guideline has also been published for setting up a policy of responsible disclosure, which involves pointing out IT vulnerabilities in a responsible manner. This is a handout for organisations and reporters as to how vulnerabilities in information systems and (software) products can be reported and dealt with in a responsible manner. The increased awareness has also recently led to new initiatives and supplementary measures at a national level and in certain organisations. They thus anticipate on the ever-increasing dependence on IT and changing threats. The effectiveness of this can only be measured in the long term. « 5.9 Education and investigation Good education and investigation are important in terms of sustained resilience. In recent years, education has seen several secondary schools, universities and companies set up or strengthen cyber security training courses. The question arises as to whether these (semi) public and private initiatives supplement each other sufficiently. As part of the National Cyber Security Research Agenda (NCSRA) there have been two calls for research proposals, for which €6.3 million is available. With the help of the SBIR regulation [104] initially short-term development projects were put out to tender, resulting in 17 feasibility studies being carried out. These will be reviewed by mid-2013 to see which projects tenderers can successfully develop further. Secondly, the Dutch Organisation for Scientific Research (NWO) has been allocated a sum of 3.2 million for nine joint long-term research projects. [105] 5.10 Conclusion Many initiatives involving resilience that were cited in the previous edition of the CSAN either have been started or are now in full swing. During the past year - partly because of major incidents - the public and political attention towards cyber security has noticeably increased. The need has also reached the boardroom, meaning that the subject of cyber security or information security is often given great importance. The government and the business community 97 Computer Virus Hits U.S. Drone Fleet, www.wired.com, 7 October 2011. 98 Air Force says drone computer virus poses ‘no threat’, Los Angeles Times, 13 October 2011. 99 Insurgents Hack U.S. Drones, The Wall Street Journal, 17 December 2009. 100 Afghanistan Cyber Attack: Lt. Gen. Richard P. Mills claims to have hacked the enemy, Huffington Post, 24 August 2012. 101 Editorial: Cyber and military capacity, Militaire Spectator 12-2012. 102 Jan van der Meulen and René Moelker, Digital duels in the global public sphere, in: P. Ducheine, F. Osinga, J. Soeters (ed), Cyber Warfare – Critical Perspectives, 2012. 103 http://www.reuters.com/article/2012/08/03/net-us-reuters-syria-hackingidUSBRE8721B420120803, http://www.reuters.com/article/2012/08/06/net-us-reuters-syria-hackingidUSBRE8721B420120806, http://www.theregister.co.uk/2012/08/17/reuters_blogs_hacked_again/, http://blogs.wsj.com/ cio/2012/08/05/hacked-reuters-wordpress-platform-had-known-security-issue/ 104 Small Business Innovation Research programme, http://www.agentschapnl.nl/nl/node/460958 105 http://www.nwo.nl/actueel/nieuws/2013/ew/negen-projecten-in-cyber-security-onderzoekvan-start.html 41
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 91: Detailed section » 7 Vulnerability
Page 94 and 95:
Leak in the Humannet website belong
Page 96 and 97:
In 2012, ACM received a total of 14
Page 98 and 99:
car park will not open. It is annoy
Page 100 and 101:
9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

Create successful ePaper yourself

Delete template?

Save as template?