third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

In 2012, ACM received a total of 143 reports in the context [38: OPTA 2013] of the duty to report. »» In 60 per cent of the reports, the incident had no effect on customers’ privacy. For example there was a stolen laptop on which customer data was stored in such a way that it could not be read. »» Seven of the reports concerned a computer virus or a hacker who had gained access to a company’s computers. »» Regarding 39 of the reports, the company had informed its customers. If customers are informed, they are able to prevent or limit possible consequential damage. Following reports, OPTA in 2012 actively checked that malware was spread through legitimate websites and then helped with the mitigation In addition, the ACM is responsible for protecting end-users again data from their peripherals being posted or read without consent. Both malware and cookies fall in this legal stipulation as set out in article 11.7a of the Telecommunications Act (Tw). Where possible, the ACM responds to indications of (large-scale) malware spreading in the Netherlands, as happened multiple times in 2012 with the advertising networks of popular Dutch websites. The ACM then tries to detect the source as quickly as possible and help to stop the spread. The ACM does not actively monitor the spreading of malware, instead its approach depends on indications from public and private partners and it is continually seeking opportunities to reinforce its information position. This will enable infected computers to be identified more quickly and customers to be better and more quickly informed. In accordance with the duty to report under the Telecoms Act, ISPs will also actively inform customers (and end-users) of the risks of using the internet. This will happen by sending out newsletters through a webpage with information about secure internet use or through a Twitter account/Facebook page allowing end-users to contact the service desk with any questions. 8.5.3 (Software) providers The role of providers is principally restricted to making updates of products and software available. A primary role for providers is to develop and bring out products and software that better protect the end-user (Security by design). 8.5.4 Banks Banks provide extensive explanation on their websites about how criminals carry out attacks, what security measures the banks have implemented and how customers can secure their devices as effectively as possible. [216] Banks inform their customers when they have become infected with banking malware that has allowed criminals to take money. In addition, the Dutch Association of Banks (NVB) has set up an awareness-raising website [217] that makes active reference to the risks of (spear) phishing in messages on television and radio. Banks are implementing mechanisms to restrict the effects of abuse. Geo-blocking, for example, ensures that a skimmed bank card cannot be used outside the user’s usual geographical area. « As well as carrying out investigations, the ACM seeks active collaboration with (inter)national public and private parties. In 2012, this collaboration resulted in approximately 100 indications, the majority of which were properly followed up. 8.5.2 Internet service and hosting providers As best practice, the internet service and hosting providers in the Netherlands have set up abuse desks where information concerning infections at customers can be reported. The providers subsequently consider for themselves whether and how end-users are informed. To address the botnet problem jointly, several providers in the Netherlands, together with SIDN and the ECP-NL Platform for Internet Security (PIV) have launched an Abuse Information Exchange initiative. The Abuse Information Exchange [215] will become operational in 2013 and will collate and process all information concerning botnet infections in one central point. 215 http://www.rijksoverheid.nl/nieuws/2012/10/24/internetproviders-strijden-tegencomputervirussen.html 216 www.ing.nl/de-ing/veilig-bankieren/index.aspx, www.abnamro.nl/nl/prive/abnamro/ veiligheid/index.html, www.rabobank.nl/particulieren/servicemenu/veilig_bankieren/, www. snsbank.nl/particulier/over-sns-bank/veilig-bankieren.html 217 http://www.veiligbankieren.nl/nl/ 94
Detailed section » 9 Industrial Control Systems 9 Industrial Control Systems Security of ICS continues to be a major problem because industrial systems are vulnerable and there is still too little being done to effectively resolve this. Fortunately, the known actors still lack both motives and capacity, but will that continue to be the case? So the warning is repeated, because things will go wrong one day. 9.1 Introduction During the reporting period of the second Cyber Security Assessment, a number of vulnerabilities in ICS ( including SCADA) reached the media. Not only was there an increase in the number of vulnerabilities, the threat of a targeted disruption to these systems became more real. During this reporting period, a number of new vulnerabilities in ICSs became known. Although there were no major incidents, the threat continues to be high. The current security status of ICS is getting worse but only gradually, so there is a lack of awareness of the increasing seriousness of the situation, and many organisations are taking insufficient action. It should be noted here that in particular large operators of vital infrastructures and some (large) providers of ICS/SCADA applications do thoroughly comprehend the seriousness of the situation and act accordingly. 9.2 The potential impact of cyber incidents involving ICSs ICSs are used in vital and (other) industrial sectors to control physical processes. This means that if these systems are not operating as they should, things can also go wrong in the physical world. It is this physical impact of digital incidents that make it important for that ICSs’ security to be in order. Because ICSs are used in different ways and in different sectors, the type and size of the impact per incident varies. An incident could cause serious harm to the economy, the environment and/or the lives of people and animals. To better explain the seriousness of incidents involving ICSs, a distinction is made between the three following levels at which these systems are used. SOHO and individual applications (for example climate control systems, access control) Digital incidents at the Small Office/Home Office (SOHO) level are irritating for those concerned but the damage is limited and primarily practical and financial in nature. An example is a situation where a company’s heating system is paralysed or the barriers to the » What are ICS? Terms such as computers, digitalisation and the internet often bring to mind the traditional IT environment: desktop computers and laptops for home and office use. Information security and cyber security soon bring the same ideas to mind. Within the vital and (other) industrial sectors, however, a different type of system is used for digitalisation: process control systems or industrial control systems. These systems not only have a different function and effect from traditional IT systems, there are also different risks associated with them. ICS are used in vital and (other) industrial sectors to automatically monitor and control physical processes. ICS are used for production, transport and distribution in the supply of energy and drinking water. Production processes in refineries, the chemical, pharmaceutical and food industry are also (largely) controlled by ICS. Furthermore, ICS are increasingly being used in the traffic infrastructure (traffic control, bridges, locks, tunnels) in building management systems (climate control, fire alarms, lighting) and for access control (barriers, electronic fencing). In the past ICS communicated directly with one another in a closed network, and the systems were not connected to the internet or other networks. Nowadays, however, ICS are often connected to the company’s office computers and also accessible on the internet. This brings along certain risks, which are not always taken into account. The media frequently equates SCADA (Supervisory Control And Data Acquisition) with ICS. For example, the news talks about ‘security issues with SCADA software’ or about ‘SCADA leaks’. However ICS is a general term that covers different types of control systems, including SCADA. This Cyber Security Assessment discusses the umbrella term ICS. SCADA systems (computers with SCADA software on them) are used to operate and visualise (industrial) processes. Monitoring can take place from a single location (for example the control room). Using the process data collated and saved, reports can be generated which in turn can be analysed and used to optimise the process. Other important sub-groups of ICSs are DCSs (Distributed Control Systems) and PLCs (Programmable Logic Controllers). 95
Page 1:
Cyber Security Assessment Netherlan
Page 4 and 5:
National Cyber Security Centre The
Page 7:
Contents Foreword 3 Summary 7 Intro
Page 10 and 11:
on governmental organisations and b
Page 12 and 13:
However, it is assumed that they ar
Page 15 and 16:
Introduction Information Technology
Page 17:
Core assessment 1 Interests 17 2 Th
Page 20 and 21:
1.2 Dependency IT dependency contin
Page 22 and 23:
Increased IT dependency in electric
Page 24 and 25:
on the internet such as an electric
Page 26 and 27:
approached or incited by states for
Page 28 and 29:
Actor Intentions Skills Targets Sta
Page 30 and 31:
get the script kiddies started. One
Page 32 and 33:
location’, there is no one single
Page 34 and 35:
Furthermore, business information c
Page 36 and 37:
environments often arise from the i
Page 38 and 39:
not only smart phones, tablets or c
Page 40 and 41:
5.3 Technology Norms, guidelines an
Page 42 and 43:
ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 91: Detailed section » 7 Vulnerability
Page 94 and 95: Leak in the Humannet website belong
Page 98 and 99: car park will not open. It is annoy
Page 100 and 101: 9.6 The resilience of ICS Security
Page 102 and 103: 100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105: 102
Page 106 and 107: Incidents Types of government incid
Page 108 and 109: Classification Classified data Clou
Page 110 and 111: Information Information security In
Page 112 and 113: Spoofing/IP spoofing SQL injection
Page 114: 112
show all

third Cyber Security Assessment Netherlands - NCSC

Create successful ePaper yourself

Delete template?

Save as template?