third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Core assessment » 6 Manifestations<br />
»<br />
»»»»»<br />
Incidents<br />
Incidents dealt with by <strong>NCSC</strong> (10Q4-13Q1)<br />
><br />
120<br />
100<br />
80<br />
60<br />
40<br />
20<br />
0<br />
Quarter > 10Q4 11Q1 11Q2 11Q3 11Q4 12Q1 12Q2 12Q3 12Q4 13Q1<br />
g Incidents at governments g Incidents at private organisations g International requests for assistance<br />
The number of incidents dealt with by <strong>NCSC</strong> showed no significant<br />
increase or decrease in the previous quarter. Following a sharp<br />
increase in the second quarter of 2012 (Þ 27 incidents compared<br />
with the first quarter) the number of incidents increased in the<br />
remaining quarters of 2012 to then fall again in the first quarter<br />
of 2013. The number of incidents reported by or in relation to the<br />
government during the reporting period of this CSAN remained<br />
relatively stable: between 42 and 48 incidents per quarter. The<br />
fluctuation in incidents is thus primarily caused by incidents<br />
relating to the private sector (28 to 42 per quarter) and the number<br />
of international requests for assistance (3 to 14 per quarter).<br />
With respect to incidents, the <strong>NCSC</strong> differentiates between threats,<br />
attacks and vulnerabilities. Looking at the government incidents,<br />
it is clear that attacks make up approximately 75 per cent of the<br />
incidents. Of the remaining threats, there is a decrease in the<br />
proportion of threats (from 17 to 5 per cent) and an increase in the<br />
proportion of vulnerabilities (from 14 to 20 per cent).<br />
Decrease in number of security incidents with SURFcert<br />
SURFcert is seeing a decrease of approximately 16 per cent<br />
in the number of recorded incidents in connected educational<br />
institutions compared with 2011. This cannot be attributed to<br />
any specific cause, but SURFcert is seeing that the institutions<br />
are able to respond increasingly appropriately and are applying<br />
more preventive measures. Media attention on this type of<br />
incident plays a role but so does knowledge exchange, for<br />
example through the SURFnet Community of Incident<br />
Response Teams (SCIRT). There has been an increase in DDoS<br />
attacks on connected institutions, primarily RoC schools, and<br />
occasionally also secondary schools and universities.<br />
6.5 Conclusion<br />
Table 4 provides an overview of the threat posed by the various<br />
actors in attacking the targets of ‘governments’, ‘private organisations’<br />
and ‘citizens’.<br />
Key causes behind the level of threats are the growing dependence<br />
on IT and the progressive innovation of tools that enable actors<br />
to become more capable, including relatively powerful tools that<br />
are giving even less competent actors the opportunity to carry out<br />
a successful cyber attack. States are able to develop and deploy<br />
advanced tools, while the cyber criminals continue to develop<br />
particularly the existing tools. <strong>Cyber</strong> crime is becoming increasingly<br />
professional in offering services for hiring tools for cyber attacks<br />
and siphoning off money (‘cybercrime-as-a-service’). Old wellknown<br />
weaknesses continue to be a means of abuse for cyber<br />
criminals. This applies equally to hacktivists, who trust primarily in<br />
49