Digital resilience affected by NCSC withholding information
Digital resilience affected by NCSC withholding information
Tuesday 18 August 2020 In response to the article in the Financieele Dagblad of last August 17th with the title "The government knew who was vulnerable, but still allowed companies to be hacked. The government throws away information about hacks from companies", CIO Platform Nederland is calling on the government today to never let this happen again. And to take up its role for the digital resilience of Dutch society.
According to the FD, a cybercriminal has recently hacked several Dutch companies and put passwords online. The Ministry of Justice and Security had been explicitly warned in advance that many of these organizations were at risk but did nothing with the information received. The companies would be 'not vital'.*
The article continues that the NCSC (National Cyber Security Center, ed.) has done everything to inform organizations within the “legal possibilities”. Unfortunately, “organizations outside the legal mandate cannot be informed by the NCSC.
Ronald Verbeek, general director of CIO Platform Nederland, states that the government could have prevented a lot of damage to parties if it had shared the information and had not withheld it. It should not be the case that, because the government has imposed too many restrictions on itself in legally establishing and adhering too tightly to the scope of the NCSC, other companies and organizations will suffer.
The Ministry of Justice and Security could solve this problem by either broadening the scope of the NCSC** for such cases, as they wrote this law themselves, or by sending such information to parties outside its scope via the DTC*** (Digital Trust Center). The center was created precisely for that.
CIO Platform Nederland calls on the Ministry of Justice and Security to prevent further damage to the business community by never letting this happen again. And to take its responsibility by coming up with a targeted solution immediately (rather in weeks than in months). The Minister of Justice and Security is always happy to point the business community to cyber security responsibilities, and rightly so, but this is a situation where he can quickly take steps to make Dutch companies cyber safer.
CIO Platform Nederland
Ronald Verbeek, Algemeen Directeur
Footnotes
* The FD article (in Dutch): https://fd.nl/ondernemen/1353350/overheid-wist-wie-kwetsbaar-was-maar-liet-bedrijven-toch-gehackt-worden
** The legal task of NCSC (in Dutch): https://www.ncsc.nl/over-ncsc/wettelijke-taak
*** The scope of DTC: https://www.digitaltrustcenter.nl/over-het-digital-trust-center
More news
Quite some attention for VMware letter
Friday 05 April 2024 The four CIO associations' joint letter to the European Commission regarding the impact of Broadcom's acquisition of VMware on our members, has generated a lot of interest. full storyICT experts, entrepreneurs and scientists shared their insights with State Secretary Alexandra van Huffelen.
Thursday 28 March 2024 27th of March, ICT experts, entrepreneurs and scientists shared their insights with State Secretary Alexandra van Huffelen and us on how to be less dependent on non-European countries for cloud services and to become stronger in this technology ourselves. full storyBusiness IT users condemn Broadcom's market behaviour and call on European Commission for appropriate action
Thursday 28 March 2024 Today, CIO Platform Netherlands and its three European sister associations sent a joint letter to the European Commission following possible market-distorting behaviour by Broadcom since its acquisition of VMware. full storyArjen Boersma and Edward Cox join the board
Thursday 28 March 2024 We would like to welcome Arjen Boersma, CIO ProRail and Edward Cox, CIO Louwman Group, to the board of CIO Platform Nederland. full story