third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
By 2017 companies and citizens will be able to handle affairs with<br />
the government – such as applying for a permit – digitally.<br />
[45: Central government 2012]<br />
What is important here is that citizens and<br />
companies need to provide their details only once. [162]<br />
6.3 The risk of far-reaching digitalisation<br />
It is expected that in the future, there will be greater investment in<br />
gaining insight into the available large volumes of data than in<br />
obtaining this data. [16: IDC 2013] The most important developments and<br />
associated risks are summarised below.<br />
Internet of Things<br />
Devices are increasingly connected to the internet and communicate<br />
with one another to make the user’s life easier. Within one year,<br />
billions of devices will exchange enormous volumes of information.<br />
[6: Cisco 2011]<br />
The Internet of Things has legal consequences. For<br />
example, how will users’ privacy be handled? Who actually owns<br />
all this information and who is liable if things go wrong? Important<br />
questions arising from this are: Is it still possible to trace precisely<br />
which device is generating what information? In addition, which<br />
other device is using this information? Who is responsible for and<br />
who manages this information?<br />
Mobile devices<br />
Smartphones or tablets often hold many users’ personal details,<br />
such as e-mail, contacts, diaries, location details, credit card details,<br />
photos, videos and log-in details. There are risks associated with<br />
processing this data which threaten companies and users’ personal<br />
privacy if the privacy legislation is not complied with. [163]<br />
Privacy risks include an app, without the user knowing or having<br />
consented, gaining access to personal details, saving information<br />
on smartphones or tablets, sharing information regarding use with<br />
<strong>third</strong> parties or sending unencrypted information over the internet.<br />
There is also the risk that apps use a lot more data than they need to<br />
operate to operate the app.<br />
Users and the responsible people in organisations often have<br />
virtually no idea of the risks. A game that in the background uploads<br />
the contacts database? Follow the competitor’s sales staff thanks to<br />
a free parking app? It is all possible. Shockingly easily, even. [164]<br />
Big<br />
The consumer-driven use of IT (consumerisation) also entails security<br />
[30: <strong>NCSC</strong> 2012-1]<br />
risks to which many organisations still have no answer.<br />
162 http://ibestuur.nl/magazine/stef-blok-rijksoverheid-in-2017-volledig-digitaal<br />
163 http://www.cbpweb.nl/Pages/pb_20130314-wp29-opinie-mobiele-apps.aspx<br />
164 http://www.automatiseringgids.nl/achtergrond/2012/20/<br />
apps-maken-bedrijfsspionage-gevaarlijk-simpel<br />
165 http://venturebeat.com/2012/06/11/autonomy-big-data-infographic/<br />
166 IBM: Understandig Big Data, http://www-01.ibm.com/software/data/bigdata/<br />
167 http://www.emc.com/about/news/press/2013/20130226-02.htm<br />
168 http://www.automatiseringgids.nl/nieuws/2013/08/big-data-helpt-criminaliteit-opsporen<br />
data<br />
Companies and governments are recording and collating increasing<br />
volumes of data in systems for logging, data mining, marketing and<br />
other purposes. This data is highly diverse and is both structured<br />
and unstructured (for example e-mails, tweets and Facebook posts)<br />
and there is often a huge volume of smaller datasets.<br />
»»<br />
To form a picture of our ‘compulsive hoarding’ below are some<br />
[17: IDC 2012][165][166]<br />
relevant figures with respect to big data.<br />
»»<br />
Between 2005 and 2020, the digital universe will grow by a factor<br />
of 300, from 130 exabytes (1 exabyte = 1018 bytes) to 40,000<br />
exabytes, equating to more than 5,200 gigabytes for every man,<br />
woman and child in 2020.<br />
»»<br />
90 per cent of the data worldwide was produced in the past two<br />
years and every day 2.2 million terabytes (1 terabyte = 1012 bytes)<br />
of data are created.<br />
»»<br />
Between 10 and 20 per cent of the data worldwide is structured<br />
data and between 80 and 90 per cent is unstructured data<br />
(for example e-mails, tweets, Facebook posts, music and mobile<br />
telephone conversations).<br />
»»<br />
The volume of unstructured data is growing at 15 times the rate<br />
of structured data.<br />
This unrestrained collation, storage and processing of data also<br />
brings technical and social security challenges with it, while often<br />
no effective security measures are integrated.<br />
Big data is more than a question of storing a lot of data. It is a chance<br />
to gain insight into this data, so that companies and governments<br />
can respond more flexibly to new and relevant developments, and it<br />
provides the opportunity to answer questions that previously could<br />
not be answered. Using big data, criminal networks can be charted,<br />
the reaction of these networks to various intervention strategies<br />
can be recorded and potential cyber attacks can be predicted and<br />
prevented. [167] In fact this is true not just of cyber crime but of<br />
‘regular’ crime too. [168] However malicious attackers are also collating<br />
more data to better get to know their (potential) victims and make<br />
their attacks more effective.<br />
Cloud<br />
Cloud computing is a development that connects IT services through<br />
the public internet and increasingly stores data and (possibly) is<br />
used to process data in locations away from the organisation and the<br />
owners’ influence.<br />
Many organisations are investigating the opportunities to accommodate<br />
their IT in the cloud, or are already doing it. Cloud is also<br />
simple for individual employees to use. For example at work, data<br />
can be put in the cloud and shared with colleagues or easily<br />
accessed at home.<br />
Cloud computing entails risks, including that access often has<br />
restricted security and cloud providers retain all sorts of rights with<br />
respect to use of the data [31: <strong>NCSC</strong> 2011] and cover this (semi) legally in<br />
agreements. Housing information with a cloud provider also means<br />
that public authorities and security services are able to call up this<br />
76