First National Trend Report Cybercrime and Digital Security: safe internet crucial to society and economy

The first National Trend Report on Cybercrime and Digital Security has been published today. For the first time, the AIVD (General Intelligence and Security Service), GOVCERT.NL, KLPD (National Police Services Agency), MIVD (Military Intelligence and Security Service), NCTb (National Coordinator for Counter-Terrorism) and OPTA (Independent Post and Telecommunications Authority) have painted a joint, strategic picture of cybercrime and digital safety. Experts from the science and business communities have also been involved in drawing up the report.

The coalition agreement of the new government gives priority to a comprehensive approach to cybercrime. The first National Trend Report is one of the cornerstones of this comprehensive approach. The Trend Report concludes that it is time for extensive cooperation between public and private parties to increase digital security and to tackle cybercrime.

The drafting of the first National Trend Report was supervised by Govcert.nl, the Computer Emergency Response Team of the Dutch Government. The Trend Report was commissioned by the Ministers of the Interior and Kingdom Relations, Security and Justice and Economic Affairs, Agriculture and Innovation.

All trends together indicate that cybercrime in all its manifestations has become a fact of life in our information society. After all, the Internet and digital traffic are of vital importance to our society: we are becoming more and more dependent on it. A secure Internet and a reliable ICT environment are therefore becoming increasingly important, especially for a knowledge-based economy such as the Netherlands.

Recent incidents in the field of cybercrime are Stuxnet and Bredolab. Stuxnet is highly advanced malware, specifically aimed at process automation. Bredolab is a notorious botnet that was successfully brought down recently. Since 2009 Bredolab infected millions of computers in 227 countries. These incidents clearly demonstrate the importance of a joint approach to cybercrime.

Ten main trends can be distinguished, three of which are discussed below:

Trend 1

Citizens, the government and the business community find the Internet and ICT safe; however, they remain vulnerable to digital abuse

As in previous years, in 2009 a large number of vulnerabilities in software were discovered, about 5,500, or some fifteen leaks a day. Compared to previous years, their growth has stabilised. Software flaws make citizens, the government and the business community easy targets for attacks by cyber criminals. Via these security holes cyber criminals break into the computers of private individuals and companies.

Smartphones and other mobile devices are vulnerable to abuse, while this type of equipment is becoming increasingly popular.

Citizens consider themselves sufficiently informed and capable of surfing the web safely. More than 80% of the citizens believe that their computer is sufficiently secure. More than 60% think that they are aware of the risks of Internet usage.

Both at home and in the workplace people remain a weak link in the protection of information, for instance because they use infected USB sticks or forget to download software updates to their computers.

Citizens and companies mistakenly find ICT and the Internet safe. They are insufficiently aware of the risks. This increases the chances of the growing cyber crime.

Trend 2

Cybercrime is becoming increasingly professional and focused

With simple tools cybercriminals can make a lot of money in a short period of time, whereas the chances of being caught are slight. Therefore, criminals try to seize the opportunity as long as possible, without being discovered. To achieve this, they may infect for instance groups of computers, without the users knowing it. They then engage in criminal activities. Such groups of computers are called botnets. Botnets can be considered the backbone of cybercrime. Until now these botnets were managed centrally, from one computer. Nowadays their control is being increasingly decentralised – from computer to computer – making it harder to bring down a botnet. Tracking the criminals themselves is also becoming more difficult.

Cyber criminals misuse infected computers to trace credit card numbers and other personal or company details, which they can then sell or exploit.

Trend 3

The threat of digital espionage is increasing

Digital espionage is a real threat in the Netherlands. This form of espionage is used to obtain sensitive economic, political and military information. The Internet has made it easier for intelligence services and competing companies to obtain sensitive data from a distance. The risk awareness of espionage is low, which makes it easier to steal secret information.

These three trends illustrate the general picture painted by this first National Trend Report: our dependence on ICT and the Internet is strong, and a secure Internet is therefore of paramount importance to our economy and society. This will only become more important in the years to come. If we underestimate the threats posed to our digital society, chances are that we are insufficiently protected. Understanding these threats is therefore essential and this first National Trend Report on Cybercrime and Digital Security is a first step to improve awareness.

The full version of the Trend Report can be read on www.govcert.nl