DTC will share threat intelligence with more companies
Starting today, the Digital Trust Center (DTC) will proactively share relevant threat information with industry on a limited scale. Companies and organizations that are not part of the critical infrastructure will receive information about acute vulnerabilities and digital threats from today. The government is looking at whether it can make businesses more resilient to hackers in this way.
The high-quality internet infrastructure makes our country attractive for international companies and investors. The downside, however, is that hackers misuse our facilities to carry out ransomware, DDoS or other cyber attacks, or to host child pornographic material. National Coordinator for Counterterrorism and Security (NCTV) Pieter-Jaap Aalbersberg speaks of ‘a risk to our national security and ‘a plague for SMEs’.
Bodies such as the DTC and the National Cyber Security Center (NCSC) play an important role in the fight against hackers and cybercriminals. They provide solicited and unsolicited advice on cybersecurity issues to the government. In addition, they pass on relevant threat information to political authorities, companies and other organizations in the so-called critical sector, such as telecom companies, utility suppliers and financial institutions.
The fact that only companies and other organizations from the critical infrastructure receive up-to-date threat information is a result of the Network and Information Systems Security Act (Wbni). Companies and organizations that do not belong to this category are excluded.
A leak in Pulse Secure’s VPN software proves that this can have major consequences. Due to this vulnerability, the login details of more than 900 Dutch companies were exposed to hackers last year. The National Cyber Security Center (NCSC) was not allowed to warn these companies about this for legal reasons.
In a letter addressed to outgoing Minister of Justice and Security Ferd Grapperhaus, the Cyber Security Council (CSR) advised earlier this year to share threat information with businesses and citizens. To achieve this, Grapperhaus is working on a National Coverage System (LDS). His colleague Stef Blok, Minister of Economic Affairs and Climate Policy is currently working on a bill to make it easier to share threat information with non-vital authorities.
The DTC will also play a prominent role in this. A new initiative for this will be launched today: the DTC Information Service. In their own words, it is an important first step to warn the business community about digital threats that can have a major impact on business operations. “Companies informed in time can take immediate measures to limit the damage caused by the vulnerabilities,” according to the DTC.
The DTC, part of the Ministry of Economic Affairs and Climate, is today launching the DTC Information Service. In the short term, this will be done on a small scale and only in the event of serious threats. In the longer term, the service wants a system that can link current threat information to larger groups. The DTC was recently designated by the minister as an Objective Knowable Tot Task (OKTT). These are linking organizations that act as intermediaries and are allowed to share threat information with their supporters.
Mona Keijzer, outgoing State Secretary for Economic Affairs and Climate emphasizes how important it is to make the business community more resilient to hackers and cybercriminals. “Every year, one in five companies is the victim of a cyber attack. That is one too many and sometimes has major consequences for our society. Just making the Dutch more aware and pointing out companies to their own responsibility to take measures is not enough. It is of great importance that we also share threat information available from the government as well and as quickly as possible with the companies concerned. The DTC now has more options for this. And in doing so, the central government directly helps to make the business community more digitally resilient.”
Michel Verhagen, manager at the DTC, confirms the State Secretary’s concerns. “As DTC, we are committed to sharing the threat information available to the government in time with the companies that need to get started. It also remains of great importance that companies take sufficient preventive measures, the DTC also advises on this. Digital resilience is and remains the company’s own responsibility, but the government wants to help with this.”
To chart the effectiveness of the DTC Information Service, the DTC will launch a pilot in the fourth quarter. Participants not only increase the cyber resilience of their own company but also increase the security of the entire chain. During the trial, the DTC checks the data of the participating parties that are linked to current threat information. “If these are found, the relevant companies will be approached about this,” the advisory body promises.
The DTC pilot will start in the fourth quarter of this year and is expected to last a year. Parties wishing to register for this have until Friday 17 September.
Catch up on more articles here
Follow us on Twitter here