Espionage and cyber crime the greatest digital threat
Digital espionage and digital crime continue to be the greatest digital threats confronting the Netherlands. The government, business community and citizens remain vulnerable because they are popular targets. In view of the seriousness, the degree of attention paid to these threats must therefore not be changed. This is the message of the second Dutch Cyber Security Survey [Cybersecuritybeeld Nederland] (CSBN) that Minister Opstelten of Security and Justice submitted today to the Lower House of Parliament.
In general terms no major shifts in threat are evident in comparison to the first Dutch Cyber Security Survey. The greatest threat is still the (covert) activities of states and professional criminals. However, the activities of the hacktivists, professional criminals and cyber researchers have recently become more visible.
Subversives are learning more and more quickly how to exploit weaknesses, while lengthy periods of time sometimes pass before suppliers issue patches and users implement these patches. Despite improvement initiatives the defensive measures, methods and initiatives are unable to keep up with the motivation, perseverance and resources of states and cyber criminals.
The value of information is often still underestimated. Identity details, company information or software vulnerabilities are of great value to a variety of actors, and are traded for huge amounts of money. For example, a number of incidents which occurred during the review period were attributable to simple vulnerabilities which could have been avoided if the right security measures had been taken, such as the timely updating of outdated software, or the use of less vulnerable passwords.
Dutch society and the Dutch economy are vulnerable due to the growing dependence on ICT systems. The expansion of internet services, the boom in mobile internet and the fact that personal IT is permitted on company networks (consumerization) is also generating an exceptional increase in the number of devices connected to the internet. This will result in increased social dependence, more (software) vulnerabilities and an increase in the complexity of control issues.
For that reason it remains essential that the resilience of Dutch ICT infrastructures is increased. In 2011, this realisation and the need for an integral approach led to the formulation of the National Cyber Security Strategy. The National Cyber Security Centre (NCSC) is contributing actively to the level of awareness of the public, the government and the business community. The setting up of the NCSC is a reflection of the government's focus on central coordination via a single front office for the exchange of cyber security information.
The Dutch Cyber Security Survey was the result of a public-private partnership. The following parties contributed: the ministries, the Military Intelligence and Security Service [Militaire Inlichtingen en Veiligheidsdienst Service] (MIVD), General Intelligence and Security Service [Algemene Inlichtingen en Veiligheidsdienst] (AIVD), the police, the Public Prosecution Service [Openbare Ministerie] (OM), KPN, the Independent Post and Telecommunications Authority of the Netherlands [Onafhankelijke Post en Telecommunicatie Autoriteit] (OPTA), the Netherlands Forensic Institute [Nederlands Forensisch Instituut] (NFI), Statistics Netherlands [Centraal Bureau for the Statistiek] (CBS), the Dutch Banking Association [Nederlandse Vereniging van Banken] (NVB), Isacs, Bits of Freedom (BoF) and the National Coordinator for Counterterrorism and Security [Nationaal Coördinator Terrorismebestrijding en Veiligheid] (NCTV). Scientific institutes and universities also made information available to the NCSC and also contributed to the Dutch Cyber Security Survey.