NCTV: Cyber Attacks Impair Society’s Central Nervous System

The digital and physical worlds are no longer distinguishable from each other and digital processes have become society’s central nervous system; society cannot function smoothly without them. We rely on a digital infrastructure to be able to live, work, travel and pay. So, just like air, water, road and rail, it is vital for this digital infrastructure to be operational at all times. The impact on society can be huge if it is not, as clear from this year’s Cyber Security Assessment Netherlands (CSBN) by the National Coordinator for Counterterrorism and Security (NCTV), which was drawn up in collaboration with the National Cyber Security Centre (NCSC).

Without the digital infrastructure, organisations grind to a halt, personal data are leaked and services may be lost. Examples include the hacking of systems at a cheese packaging company, a data leak at an ICT service provider for car companies and an IT failure in hospitals, which forces them to cancel appointments.
We have seen major differences in the resilience of companies and organisations in the past year. Experts are very concerned that this gap will widen even further in the future. The coronavirus pandemic has prompted the digitalisation of even more processes too, because of which the importance of digital security has increased more as well. The threat itself has developed too, and the threat from state actors is increasingly merging with the threat posed by cybercriminals.

Digital risks remain high

The digital risks that threaten national security are still as great as ever. Espionage and acts in preparation of sabotage by other countries are putting our national security at risk, as also described in the State Actors Threat Assessment published earlier this year. The use of ransomware by criminals can disrupt society too, while the failure of digital processes due to natural or technical causes poses a risk as well.

The digital threat is continuing to grow

The NCTV and NCSC have seen that both state actors and cybercriminals have seized the opportunity created by the coronavirus pandemic to carry out digital attacks. With even more of our lives taking place online now, it has also become more attractive for malicious parties to launch digital attacks. These attacks can be so disruptive that they affect organisations and chains in the long term. Cybercriminals can also play havoc with society by disrupting vital processes, among other things. They are often just as capable as state actors and are frequently closely connected with them.

Resilience still needs to be improved

The permanent threat from both state actors and cybercriminals makes it important to constantly consider our digital resilience. Some steps to improve resilience have already been taken in recent years. However, given the growing threat outlined above, more needs to be done now, including corrective action. Currently, even basic measures - like the use of strong passwords and the prompt repair of vulnerabilities - are not always in place.

Cyber security policy needs to be put in order

The NCSC has written the Guide to Security Measures to improve the digital resilience of companies and organisations. It describes eight measures that organisations ought to put in place to counter cyber attacks. These include logging, password policy, backups and information encryption. Even recent digital incidents show that companies and organisations are vulnerable if these measures are not in place.

Stopping attacks by state actors

Today's AIVD publication describes seven points at which an attack by a state actor could be stopped.