At March 2018’s SCTX event, held in London, UK, Government Europa heard Hans de Vries, Head of the National Cyber Security Centre, the Netherlands, talk about the cyber threat to government agencies.
Following publication of 2018’s National Strategic Assessment (NSA) of Serious and Organised Crime by the National Crime Agency (NCA), the scale of cyber-crime in the UK is still reported to be rising, both in terms of scale and complexity. However, under-reporting of data breaches means that such assessments are unable to provide an accurate image as to the true scale of the problem.
NCA Director General Lynne Owens commented on the assessment: ‘This year’s assessment shows that organised crime groups are exploiting digital technology, for instance using encryption to communicate and dark web market places to aid their activities.’ At March 2018’s Security & Counter Terror Expo (SCTX), held in London, UK, Government Europa Quarterly heard Hans de Vries, Head of the National Cyber Security Centre, the Netherlands, talk about the cyber threat to government agencies.
The Netherlands’ National Cyber Security Centre
“Within my organisation, I have numerous Information Sharing and Analysis Centres (ISACs) on different levels, talking with organisations about the threats of today,” de Vries said. Such centres enable the organisations in these sectors to work together and learn from their experiences, enabling better solutions to be found for the benefit of all. The areas covered include:
- Multinationals; and
He added: “Currently, we’re focusing not only on organisations, but mainly on ecosystems because it’s an intricate way of working together to make sure that the harbour in itself is safe. It’s not only to look at specific organisations; it’s the combination of processes that makes the world tick.” De Vries continued by explaining that should one organisation have a problem within an ecosystem, and no one is informed of this issue, then that issue becomes one for all those who make up the ecosystem, something which the National Cyber Security Centre hopes to address. “We are focusing on cyber security in the government and that is a combination of efforts,” De Vries said.
A collaborative effort between nations
Noting the importance of the UK’s National Crime Agency, and their relationship, the head of the National Cyber Security Centre said that by working together they can establish a means to identify cyber criminals and their crimes. This also ensures that interference with research and intelligence is eliminated; when intelligence is shared, it can be used by nations in order to get a better understanding of the situation in nations such as the Netherlands. “I’m the co-ordinator when there is a crisis, but I need the information from other organisations, whether it’s the prosecution or intelligence,” he added.
“There is a group of organisations that work together to find a solution for each and every problem. We have intense, sometimes daily, meetings to make sure that we know what’s going on between, or for, a certain issue, whether it’s a distributed denial of service (DDoS) or [other] type of attack.”
Co-ordinating their work, the NCSC functions to ensure that different organisations work with one another and to ensure that safety levels are increased. Furthermore, the centre works on analysis and responsible disclosure, but also in highlighting the importance of ethical hackers.
De Vries said: “We find it imminently important that ethical hackers can do their thing and make sure that the information flow is correct, to make sure the things that they find they will not get punished because someone else made a mistake. We want to make sure that the ethical hacker can get the information out in time, make sure that the organisation can fix it and, if there’s a problem, that we can talk with the organisation to make sure that they take the information very, very seriously.”
Whether it is the WannaCry attack in the Netherlands, a large-scale DDoS attack or theft of a large amount of personal information, the National Cyber Security Centre of the Netherlands co-ordinate that crisis instantaneously in cases which concern government or critical infrastructure.
He added: “We have national detection as well – it involves about 100 organisations. One of the things that we are also working on is making sure that the information that is around flows around in mostly an automatic way.” As a network for government agencies, the NCSC highlight that the strength of detecting issues in one organisation means that other organisations can also benefit. As a result, the centre utilise technical mechanisms to ensure that there is a continuous flow of information.
The threat of cyber-crime
“The external threat is growing and growing – we all know that. So, we have to find new ways of making sure that the information that’s put in is as new as possible,” De Vries went on. The National Cyber Security Centre works together with research organisations, but also with commercial entities, and as a result it is ensuring that information flow continues. De Vries further revealed that collaboration between intelligence and the centre ensures that international borders work together within the EU, regardless of the effects of Brexit, owing to the borderless nature of cyber-crime.
Information flow is essential, but this can be complicated by two factors, de Vries said. “As a company, you’d like to have as little regulation as possible and you want to hide your caveats and problems because otherwise your competition can use that in a commercial way, or the stock market will have an influence, so you have a tendency not to talk about the issues you had in your organisation.” However, in addition to this, for those companies wanting to use IT, it is inevitable that they will face problems created by the same technology. He furthered: “If you have a problem updating because you’re using old systems and you cannot update, you’re bound to find problems, so you have to have some regulations.”
The head of the National Cyber Security Centre also used the General Data Protection Regulation (GDPR) to articulate that such regulation may be of an inconvenience for some, but it is of a benefit to all. “It might be a pain for your organisation but, in essence, it is of benefit for you as a person because you want [to] make sure that your personal life, your personal data and your organisational data, is handled in the right way.”
Finding the balance
De Vries discussed how, in the Netherlands, finding the right balance has become a challenge, and that as a result of this the NCSC has initiated work to establish strategies to identify their next steps, such as enforcing a national domain name system.
“The second issue is cross-sectoral information flow between, for instance, the chemical sector, which uses a lot of IoT type devices,” he continued. “They tend to not talk about that with other sectors that probably use the same techniques and we are, as an organisation, focusing on cross-sectoral information sharing; but that’s sometimes difficult because lawyers and organisations say they are not allowed to share that information across the borders of entities or sectors.”
The National Cyber Security Centre also takes on the role of ensuring that information flows between the differing sectors, which de Vries admits is not an easy task. But, another challenge which they face on a national scale, is that of chain dependencies.
Complicating the process: chain dependencies and a knock-on effect
The role of René de Vries, harbour master of the Port of Rotterdam, is double-facing – it is simultaneously concerned with the physical and digital domain. As a result, when one cargo organisation’s digital system crashes, Hans de Vries explained, there is a knock-on effect, seeing not only ships unable to enter the port and unload, but trucks unable to unload in the same area.
In the example of Maersk, 15% of all harbour mechanisms within the harbour of Rotterdam fell silent. He added: “We noticed there were a lot of ships waiting outside Rotterdam; when they’re not able to unload the ship, you have a humungous stack of both ships outside on sea, but also trucks not able to unload their stuff to the same area. The unloading on both sides is then not working and, within hours, a 40km traffic jam in the harbour blocked it for some time. The digital issue became a very big physical problem within hours of that moment.”
Co-ordination for cure of cyber-crime on the dark web
In May, law enforcement services from 28 international countries met at the headquarters of Europol in The Hague, the Netherlands, in efforts to share information and expertise in order to initiate a co-ordinated approach to cyber-crime committed via the dark web.
The dark web is responsible for hosting many of the vital marketplaces which facilitate several criminal organisations and illegal activities committed throughout not only Europe, but the world. Subsequently, the dark web allows users to both buy and sell anonymously and, as a result, has become an environment which is populated with criminals.
In 2017, a joint operation between the FBI in the USA and Dutch National Police – supported by Europol and other law enforcement members – saw Alphabay and Hansa shut down. As two of the largest marketplaces on the web, Alphabay and Hans were responsible for the trade of over 350,000 illicit goods, including:
- Firearms; and
- Cyber-crime implements, such as malware.
As a direct result, the number of transactions has decreased whilst some traders have left such platforms due to the uncertainty and risks of being uncovered in such operations.
Through a co-ordinated law enforcement approach, under one of Europol’s initiatives, Europol aims to tackle cyber-crime alongside enforcement agencies from across member states, operational third parties and other partners, including Eurojust. Europol has established a team dedicated to working in response to dark web-related issues. The approach of the team will be to:
- Share information;
- Provide operation support and expertise;
- Deliver tools, tactics and techniques; and
- Conduct investigations and identify top threats and targets.
Most organisations are unaware that they have certain dependencies, but the chain dependencies within an ecosystem could also be exploited within a conflict scenario. De Vries raised one important question which centres around some key fears: Is assessment going to be enforced in a judiciary way, making sure that there are all kinds of rules and regulations? However, if this is enforced in a contractual way, there is a danger that the chain will not function in an instance where issues arise, owing to the lack of reporting. He added: “You have to make sure it’s a lenient system and not a fixed judicial system concerning chain dependencies, and that’s what we’re working on at the moment.”