Cyber security is sitting right at the top of the agenda for almost all governments and businesses across the world. As more aspects of people’s lives move online, it follows that threats will head there as well.
Securing the cyber world is a huge task, one that businesses and even governments cannot do on their own. That is why governments across Europe are doing something about it: launching a co-ordinated approach that aims to educate businesses and individuals, and raise awareness about cyber threats.
Dutch cyber security
Authorities in the Netherlands have launched one such project. The Dutch Cyber Security Council (DCSC) was founded back in 2011 as part of the National Cyber Security Strategy, developed by the National Cyber Security Centre (NCSC). Its founding principals were to set the agenda for dealing with new and emerging IT threats, and to assess future requirements for further research and development.
It is made up of representatives from both the private and public sector, and from industries including science. Although backed by the government, it is an independent body and will offer advice to the government and private businesses about cyber threats and cyber defences.
To ensure all parties are represented and that the advice it hands out is truly independent, the council is made up of seven representatives from private and public parties, and representatives of four scientific institutes. The council has two co-chairs and the government and private sector alternate this role every meeting.
This initiative is designed to safeguard the country’s position in digital culture. According to the DCSC, the Netherlands has one of the highest percentage of internet users in the world and 80% of its citizens use online banking. The council also claims that 20% of the country’s growth involves IT services and software, and that 62% of the nation’s retailers are connected to the internet. With stats like that, it is understandable that the government is prioritising cyber defences.
Read more about cyber security
- Collaboration between governments and with the private sector key to improving global cyber security, says US homeland security chief
- C-level executives need to increase literacy in cyber security and its associated risks, a study has revealed
- The UK aims to become a global leader in cyber security insurance through a set of joint initiatives between the government and the insurance sector
“The Netherlands aims at being an open, secure and economically promising digital society. A society that is innovative and entrepreneurial, but which is also strong enough to face the risks that go hand-in-hand with our great dependency on IT,” the council says in its 2015 briefing document. “The cyber world is a world full of unknown possibilities and opportunities, but there is also a darker side to it.
“Our lives are becoming more comfortable and less tied to times and places, but our privacy is also coming under increasing pressure and cyber crime is on the increase as well. To continue to stimulate our prosperity and economy, cyber security is therefore of crucial importance,” the document says.
Clearly, government bodies cannot take on the responsibility themselves to actually protect businesses from cyber threats. Instead, the DCSC will look to “strengthen the current capabilities in the area of investigation and prosecution”, and look to update legislation that will protect the nation’s cyber defences. Research will also play a big part on what the council will do – advising which areas to focus research on, as well as directly contributing research.
The NCSC says that proof of the requirements for a co-ordinated approach to cyber security can be seen in the “disruptions that occurred last year by way of distributed denial-of-service attacks on Dutch banks and government departments such as DigiD.”
According to the council, privacy will be one of its main focuses in 2015 and going forward. It says privacy is “coming under increasing pressure”, due in part to revelations – such as leaks by National Security Agency whistleblower Edward Snowden – which revealed huge worldwide government surveillance of citizens. Meanwhile, headlines about many major consumer products being exploited to monitor online activity and communications have virtually destroyed any notion of privacy online.
The idea of privacy and data protection is behind one of the council’s most recent appointments. Law firm Morrison & Foerster’s global privacy and data security senior counsel, Lokke Moerel, was appointed to the council in April 2015.
“My role wil be to contribute my academic knowledge on data protection and global ICT, and my experience as a practitioner advising and assisting multinationals on global cyber crime attacks and data breaches,” says Moerel.
Those skills will come in handy as new regulations come in across Europe governing the use of personal data. There is in fact a similar law being introduced in the Netherlands that should come into effect before the European-wide General Data Protection Regulation (GDPR), according to Moerel.
“The new General Data Protection Regulation will introduce mandatory data breach notification requirements, which will, like they did in the US, change the awareness of the scale of data breaches and the increase in cyber crime,” she says. “In the Netherlands a national data breach notification law is on the verge of coming into force, so the effects of that will be felt in the Netherlands well before the GDPR comes into force.
“In a way this will help the NCSC in its work, as an improvement in the defence against cyber crime is the awareness of the vulnerabilities,” she adds.
The key to a successful approach to tackling cyber crime across Europe is collaboration, according to Quocirca analyst Bob Tarzey. The knowledge of an entire community will always be better than that of a single entity, and the industry is rapidly improving its collaboration.
“There is a huge benefit to pooling knowledge about threats, and the industry itself is realising that,” he tells Computer Weekly. “There is a lot more co-operation between different vendors and bodies within the industry. It’s impractical to act alone and it’s unrealistic to expect a relatively small market like the Dutch market to be the first to see threats. By co-ordinating you will see a lot more.”
The NCSC will drive home the idea of collaboration when the Netherlands takes over the presidency of the European Union in 2016. Cyber crime and cyber security have been earmarked as top priorities. “Cyber security is a complex matter that demands a global approach," admits the NCSC. "By collaborating with similar councils in other countries, the National Cyber Security Council is aiming to strengthen its international orientation.”