Issuu on Google+

WT-jaarbericht_2008-Engels:omslag

25-04-2008

10:47

Pagina 1

buitenkantomslag jaarbericht Nicc

NICC p/a ICTU Address Wilhelmina van Pruisenweg 104 2595 AN The Hague P.O. Box 84011 2508 AA The Hague The Netherlands

nicc@ictu.nl www.samentegencybercrime.nl

The National Infrastructure against Cybercrime (NICC) is the Dutch approach in fighting cybercrime. The NICC programme is a public-private partnership.

Annual Report 2007 nicc

samen tegen cybercrime

NICC

Let op! @ op voorzijde = stansvorm = aparte film

T +31(0)70 888 79 46


WT-jaarbericht_2008-Engels:omslag

25-04-2008

10:47

Pagina 2

binnenkantomslag jaarbericht Nicc

The NICC programme

Peter Hondebrink (ministerie van EZ) constituent Annemarie Zielstra (ICTU) programme manager Auke Huistra projectmanager Cybercrime Information Exchange But Klaasen project manager, Notice-and-Take-Down Jeroen Walschots programme secretary Manou Ali programme support Cor Ottens communications consultant

The NICC programme has been commissioned by the ICTU. The motto of the ICTU is: help government to perform better with ICT. The ICTU combines knowledge and expertise in the area of ICT and government. ICTU executes various projects with and on behalf of governmental organizations. In this way, policy is translated into concrete projects for government. More information can be found at www.ictu.nl. Published by: The NICC / Editorial: Tekstbureau De Nieuwe Koekoek, Utrecht / Design: Tappan Communicatie, The Hague Printed by: OBT / TDS printmaildata, Schiedam

May 2008


United against cybercrime NICC


Annual Report 2007

United against cybercrime 2007 The results can now be seen

The National Infrastructure to combat cybercrime has been growing steadily. Some of its components are even growing faster than had been expected. The NICC is living up to its role as a catalyst for progress. The NICC initiates and facilitates, brings organizations together and strengthens existing collaborative ventures, to achieve its goal of creating a National Infrastructure in which all initiatives can function independently. In 2007 the NICC focused primarily on those functions of the National Infrastructure that had not yet, or had insufficiently, been established and organized. The Cybercrime Information Exchange has grown from strength to strength. A number of new sectors have joined. The participants are active both on their own initiatives and with the support of the NICC’s cross-sector initiatives. Practical evaluation projects and research have led to creative new security solutions. The activities associated with the Notice and Take Down theme have been further expanded. The NICC Action Research project has demonstrated that it can produce valuable offender profiles and typologies from criminal offences. Other research projects, pilots and trials, into security for schools and municipal authorities for example, are progressing unabated.

The NICC approached organizations with similar goals outside the Netherlands in 2007 in order to collaborate and exchange knowledge. Cybercrime pays no heed to national borders. On the contrary, it makes active use of differences in legislation and enforcement in various countries. International collaboration is indispensable to tackle cybercriminals effectively. The NICC website provides a compilation of initiatives from the public and private sectors. www.samentegencybercrime.nl Where can you report cybercrime? Which organizations can you turn to for advice about security? You can find this and much other useful information on the NICC website. Preparations have been made for a secure section of the site for the exclusive use of collaborating partners. The NICC programme is finite. The NICC is therefore not directly managing any longerterm projects itself. At the end of 2008 the NICC programme will terminate. From then onwards, all the components of the National Infrastructure will be taken over by public or private organizations. This Annual Report describes the activities of the NICC Programme in 2007. In some cases it also describes how these activities will be carried forward, secured or concluded in the last year of the programme.

3


Financial cybercrime: professional criminals

4

The year 2007 is the year in which the trend for cybercriminality to cause actual harm intensified. Cybercrime threats are coming increasingly from professional criminals who buy their software from commercial malware producers. In order to ensure that the harm does not increase, the public and private organizations within the National Infrastructure must form a united front. This collaboration will be further intensified where necessary.

All these developments are fuelled and accelerated by a ‘black’ economy, in which professional malware developers offer their products for sale to criminals. The developers have therefore not been the actual users for a long time. An underlying competition between malware developers has been reported that is accelerating the development of even more refined and sophisticated malware still further. This is putting even higher demands on the security of systems.

Cybercriminals and those fighting cybercrime are waging a constant battle. A clear shift can be observed towards organized crime.

Tracking down and prosecuting cybercriminals is important, but it does not constitute the solution. The damage has then already been done. The NICC therefore focused strongly on prevention in 2007. For example by connecting still more critical sectors to the Cybercrime Information Exchange, within which businesses, the National Police Services Agency (KLPD), the General Intelligence and Security Service (AIVD), the government’s Computer Emergency Response Team, GOVCERT.NL, and the NICC exchange information about incidents, threats and security measures to combat them. GOVCERT’s Notice-and-Take-Down evaluation project is also important in the context of the prevention and limitation of damage. The Notice-and-Take-Down service represents a fast and efficient way of removing illegal websites from the Internet. These are websites that appear to be the ‘real’ sites of banks, but are in fact not.

The way in which financial phishing is taking place is constantly changing. This has been demonstrated by recent incidents at financial institutions. There are examples of so-called man-in the-middle attacks that have been successful despite the use of two-factor authentication for instance. The unsuspecting consumer is led unwittingly via an e-mail to a completely authentic-looking copy of their bank’s website, which is in fact controlled by criminals. There they fill in their user name, password and a transaction code, which the criminals then use to withdraw money from their account via the genuine bank site. Until now this as not yet led to very serious harm, thanks to a combination of additional security measures and rapid incident response. The exchange of information between the banks about incidents has also helped in this respect.

In the following chapters you will read about what the NICC programme has done during the last year to make cyberspace more secure.


Annual Report 2007

Wim Hafkamp (Rabobank), chair of the FI-ISAC: “The banking sector has said from the beginning that security is not a matter of competition. We have therefore drawn up a collective crisis handbook for example, and agreed that we will make no public statements about incidents that occur within our colleagues’ operations. Only mutual trust can lead to openness of information. The pioneering role of the NICC is vital; the network is bearing fruit. The participants are already sharing information outside the FI-ISAC consultation framework when it concerns something topical that cannot wait until there is another meeting. The experts within the banks are now well acquainted with each other. Their colleagues at other banks serve as a sounding board for them, they ask each other questions about the whys and wherefores of security measures, and compare the differences and risks. Sometimes they develop collective risk analyses that give them better insight into possible measures. They discuss the vulnerabilities of various techniques for detecting cybercrime attacks for instance, and exchange improvements.”

– An estimated six million worms, viruses and trojans are circulating on the Internet. – 95 percent of all e-mails are spam. – The public transport chip card has been discredited, as it is simple to hack. – PIN card frauds plundered the accounts of at least a hundred Praxis customers in Beverwijk and cracked the latest security in Netherlands Railways ticket machines. – A large-scale DDoS attack paralyzed Estonia’s digital infrastructure last year.

5


Trend Report

8

The information exchange between public and private sector organizations has been progressing well. But an excess of information can lead to paralysis. The NICC programme has therefore made a start on the development of a clear and orderly classification of this profusion of data. However patently obvious it is that cybercriminality represents a genuine menace, no single body provides a complete overview. The danger of the substantial flows of information being produced by the various initiatives within the NICC is that the participants risk losing a comprehensive overview of it all. These flows of information are produced by various sources, such as the KLPD, GOVCERT.NL and commercial bodies such as the providers of antivirus software. The NICC Action Research project is also a source of information.

Now that the sharing of information is going well, the time has come to also analyze and channel this data. The goal is to create an integrated picture of trends and developments in the area of cybercrime. A first step is to compile the various reports in the form of a single coordinated Trend Report. The NICC conducted the preparatory work for this in 2007. All the organizations that are active within the National Infrastructure will be involved, and in 2008 it will be seen if such a Trend Report can actually be created.


Annual Report 2007

NICC in an international context

Cybercriminals pay no heed to national borders. On the contrary, they are actually grateful to make use of them, by taking refuge in countries where legislation and enforcement is least restrictive. They operate on the Internet, so from anywhere in the world. This means that international collaboration is essential to tackle cybercrime effectively. The NICC therefore greatly expanded its contacts with partners outside the Netherlands in 2007 to optimize the links between our partners collaborating nationally with international knowledge networks. The NICC made significant investments in 2007 in the strengthening and drawing together of international connections, such as with the Office of Cyber Security and Critical Infrastructure Coordination in the USA, the EastWest Institute, the UK’s Centre for the Protection of National Infrastructure (CPNI), the Swedish Emergency Management Agency (SEMA) and MELANI in Switzerland. The NICC holds regular meetings to exchange knowledge with these international partners about cybercrime and security measures that can be taken against it.

In 2007 the NICC gave presentations during the EuroSCSIE (European Scada and Control Systems Information Exchange) conference in June in Geneva, during the meetings of the London Action Plan and the FBI in October in Washington, and at the Meridian Conference in November in Stockholm. These international contacts and the concrete products the NICC has produced have contributed to the NICC participating since then in the deliberations of the EuroSCSIE.

9


www.samentegencybercrime.nl

10

The NICC programme provides a clear overview of the collaboration between public and private organizations on the www.samentegencybercrime.nl website, which has been online since September 2007. You can find an overview of the NICC programme there. Preparations were also made at the end of 2007 to expand the website further with a separate section that can only be accessed by participants in the National Infrastructure. The number of participants in the National Infrastructure is growing steadily. They come from all segments of Dutch society: the business world, the government, and non-profit organizations such as schools. All these information specialists, security experts, managers, administrators, lawyers, police officers and policymaking officials have a single common concern: a secure cyberspace.

The desire to make the collaborative efforts to counter cybercrime much more visible has been voiced from a number of sectors. For this reason the NICC made preparations in 2007 to establish a ‘United against Cybercrime’ membership scheme. The idea is to enable organizations to associate themselves with the National Infrastructure against Cybercrime. With a ‘United against Cybercrime’ logo on their website or other media, they can demonstrate that they take security measures against cybercrime seriously. Individuals from these organizations will then also be able to have access to the private section of the NICC website. They will be able to participate there in closed discussions and exchange information. Special meetings on combating cybercrime will also be organized for them. Consideration will be given in 2008 to whether and how this idea can make a contribution to the prevention of cybercrime.


The Cybercrime Information Exchange

12

The Cybercrime Information Exchange is also growing steadily. In the sectors that had already connected themselves, the value of the confidential exchange of information had already been demonstrated. These sectors have since independently developed new initiatives. In 2007, new sectors joined or began preparations to do so. There has been a clear inclination to establish thematic, cross-sector discussions. International links to comparable initiatives have also been sought. Financial institutions, drinking water companies, the energy sector and Schiphol Airport had joined the Information Exchange by the end of 2007. Each of these sectors has formed their own separate Information Sharing and Analysis Centre (ISAC), within which they exchange information in strict confidentiality. The range of subjects includes security incidents and vulnerabilities, threats, cybercrime tools and ways of working, good practices to improve defence, and the possibilities for early warning systems. For the time being the emphasis has been placed on information sharing (IS) and not yet on the analysis function (AC). Together with the AIVD, the KLPD and GOVCERT.NL, the NICC is present at each ISAC discussion, so forming the kernel of the Information Exchange. With the consent of the participants, relevant information can be channelled from one ISAC to another via this kernel.

Peter Zinn, Policy Officer with the High Tech Crime Team of the KLPD: “By participating in the Information Exchange we have been able to gain a better insight into the threats being presented in critical sectors and their seriousness. They are extremely varied. The main problem facing banks is phishing, while one of those faced by multinationals is industrial espionage. There have been cases of energy companies in the US that have involved extortion. This has not occurred here as yet, but should this happen it would some come to the surface through the ISAC discussions. Having got to know each other personally, companies are now reporting suspected incidents to us more quickly – also outside the consultation process. This information helps us to prioritize our activities better. As the KLPD, we identify and recognize trends and developments in the area of cybercrime on the basis of our own research and data from domestic and international police sources. These are then communicated to the ISACs. Whenever cybercriminals change their approach for instance, we inform the ISACs so that they can take appropriate measures.”


Annual Report 2007

Douwe Leguit, Projects and Pilots Team Leader with GOVCERT.NL, the Dutch government’s Computer Emergency Response Team: "Thanks to the efforts of the Cybercrime Information Exchange, as GOVCERT.NL we are able to share our knowledge and experience in the area of ICT and information security more effectively and efficiently within and with the critical sectors. It helps us to fulfil our tasks of prevention and raising awareness. The appropriate organizations are brought around the table in the Cybercrime Information Exchange to tackle the identified problems as a group. The collaboration provides insight into the information needs of the critical sectors and ensures that the activities involved in the sharing of knowledge are tuned accordingly. GOVCERT.NL uses the information together with the KLPD and the AIVD to determine the direction we should take with our own knowledge development. We can also link our response better to the needs of the participating organizations. The NICC has an important role as facilitator for the ISACs, and ensures an atmosphere of confidence and action. We also pass on the knowledge and experience that we have received via our national and international partners via the ISACs. The information that we receive back as GOVCERT.NL from the ISACs helps us to advise the policy departments and is input for our annual trend report. It connects with the ongoing initiatives and consultation structures in national and international contexts. That puts the Netherlands on the map in terms of publicprivate partnerships in the area of cybercrime."

The NICC and GOVCERT.NL offer the ISAC participants the possibility of being associated with the GOVCERT.NL monitoring service. Half of the drinking water companies are already making use of it, and companies from other sectors are considering doing so. During last year the NICC held preparatory discussions for the participation of the railway sector (including Netherlands Railways (NS) and ProRail) and the Port of Rotterdam sector. These transport sectors will both begin their own sector deliberations in 2008. An interesting cross-sector development in 2007 was that ten multinationals with headquarters in the Netherlands expressed their interest in establishing their own ISAC. Although the companies serve very different markets, they face issues in common, making the exchange of information between them an interesting proposition. Large, well-known organizations such as these are targets for industrial espionage. Furthermore, through their international activities they have to deal with a wide range of various laws and regulations. They expect to find a lot of common ground in the area of ICT security. The NICC has contributed financially to the establishment of an Information Threat Monitor for the FI-ISAC, the banking sector’s consultation organization. This must map out the most important threats to the further development of financial services with the help of ICT. The Netherlands Bankers’ Association launched a joint advertising campaign in November 2007 entitled ‘Knock three times’ to inform their

13


14

customers about secure online banking and to make them aware of their own responsibility in reducing the risk of fraud. The banks, Internet service providers (ISPs), security software providers and some governmental organizations (including GOVCERT.NL, the ‘eNederland platform’ ECP.NL and the NICC) are collaborating on Internet Banking Security. This must lead to the exchange of relevant information and the coordination of activities to continue to guarantee the security of Internet banking in 2008. The Water ISAC has commissioned the production of a SCADA security benchmark, in which the security of the SCADA and Control Systems of the participating drinking water companies is mapped out. As a result of this, a guide has been drawn up with 39 confidential good practices, which will be developed in depth and supplemented in 2008 with concrete examples from the participating companies. A version of the good practices guide with no reference to company names will be published so that it can be made available to other sectors. This version will also be translated into English and presented during the EuroSCSIE conference.

Wim Breugom, process automation adviser in the Strategy & Development department of Duinwaterbedrijf Zuid-Holland: “Cybercrime is a relatively new phenomenon for the SCADA world, so we found gaps in our knowledge about cybercrime and information security. Unexpected connections have not only become evident between us as drinking water companies, but also between sectors. These work as catalysts, enabling us to fill in these gaps in our knowledge and information quickly.”

The Energy ISAC was launched in September 2007. In 2008 it will commission the production of the same SCADA security benchmark as the Water ISAC.


SCADA and Control Systems

16

During the course of 2007 it became increasingly clear that SCADA and Control Systems merit particular attention, since they represent a recurrent and connecting theme that runs through diverse industry sectors. A separate SCADA ISAC should therefore be a solution. Various critical sectors and multinationals depend strongly on process automation: companies in the nuclear energy sector, energy and drinking water companies, the oil and chemical industries and the transport sector (Schiphol Airport, Netherlands Railways and the Port of Rotterdam). These sectors have decided to discuss whether they should collectively establish a separate cross-sector SCADA forum in 2008 within the Information Exchange. The SCADA ISAC would pay particular attention to awareness raising and training, and further would organize an activity three times per year for participants from various sectors of the Information Exchange who are concerned with process automation. In this context, the NICC has agreed to collaborate with CIO Platform Nederland, a private group of individuals in the Netherlands who are ultimately responsible for ICT in their organizations. The objective of the collaboration is to create awareness at Management Board level about security measures to counter cybercrime threats. Together with some other organizations, the NICC and CIO Platform will organize SCADA security days and establish further SCADA security training courses in 2008. Attention will also be paid to phishing and industrial espionage.

A SCADA ISAC represents an ideal forum for international collaboration. The NICC participated in EuroSCSIE, the pan-European SCADA platform, in 2007. The NICC will host the EuroSCSIE deliberations in 2008. Together with the CPNI and the SEMA, the NICC began preparing in 2007 for the EuroSCSIE conference that will be held in 2008.

Foppe Vogd, programme director of CIO Platform Nederland: “Collaboration between the NICC and CIO Platform is imperative, because information security is of critical importance for business in the Netherlands. It makes sense for us to bring our collective strengths together. By exchanging knowledge between CIO Platform and the NICC, and collaborating where possible, the application of our combined knowledge and experience can be optimized for the mutual benefit of both organizations. Rather than duplicating our activities, we are strengthening each other. That is what we need to ensure our separate and combined success.�


Annual Report 2007

17

SIE

Ban

DA

M nat ultiion als

SCA

ks

por

ts

nu en cle se erg ar ct y or

Telecomsector

f to Por erdam t Rot

ele gas/ ctr ici ty

AIVD KLPD GOVCERT NICC

air

E

SC uro

ng nki dri ater w

rai

l

The Cybercrime Information Exchange is the heart of the National Infrastructure. Organized by the NICC, each critical sector consults informally in the Information Exchange. It has been established following the ‘flower petal model’, which is based on the information exchange model originally developed by the CPNI. Each petal consists of representatives of a certain sector, which together share information about threats in strict confidence. A number of rules have been established to guarantee secrecy. Those who provide the information determine the level of confidentiality.


Annual Report 2007

The NICC Action Research project

Which ways of working and offender profiles are most appropriate for specific forms of Internet-related cybercrime? How should they be utilized in order to identify illegal activities and track down those responsible for them? The NICC Action Research project is designed to answer these questions. Knowledge about the diverse forms of cybercrime and their perpetrators is spread throughout diverse organizations. The Action Research project brings together this knowledge and uses it to develop hypotheses. About three hundred research dossiers concerning spyware, spam, fraud in stocks and shares, intellectual property fraud and swindles were analysed in 2007. The dossiers were provided by OPTA, the national telecommunications regulator, the supra-regional criminal investigation police organization and the Public Prosecution Service. On the basis of this and other data, offender profiles and typologies of criminal offences were formulated. Agreements were also made in this context with the Research and Documentation Centre (WODC) of the Ministry of Justice. A further four hundred cybercrime dossiers from the Amsterdam-Amstelland police region will also be analysed in 2008, together with an as yet unknown number of dossiers concerning research in which the National Police Services Agency has been involved. Discussions are also ongoing about potential collaboration with the Fiscal Information and Investigation Service/ Economic Investigation Service (FIOD-ECD) of the Ministry of Finance. The hypotheses will be tested in practice during the course of 2008, and this could lead to interventions.

In order to track down cybercriminals, it is necessary that organizations exchange offender information, such as surfing behaviour or Internet shopping site fraud. In this respect, privacy must not become an issue. Data must therefore only be shared in a way that ensures privacy, without revealing the names of the offenders. In parallel with the Action Research project, work was done during last year on the development of a method for exchanging data that ensures the maintenance of privacy. Hypotheses about offenders and their behaviour are to be tested at the various information sources. If overlaps are revealed, this can be a reason to share the actual offender data. The administrators of the information sources decide on this in each case individually. This method was tested on two fictional offender files in the autumn of 2007.

19


Notice and Take Down expanded

20

A varied range of NICC experimental trials and research projects are carried out under the banner of Notice and Take Down. More is therefore involved than the actual removal of phishing sites from the Internet alone. The banking sector set up an experimental Notice and Take Down trial together with the NICC in 2006 in connection with a specific form of cybercrime: phishing. GOVCERT.NL plays a central role in this trial. The first results are encouraging. It appears that in collaboration with GOVCERT.NL the banks are in a good position to disconnect phishing sites quickly and effectively. GOVCERT.NL removed more than a hundred sites, most of which were based outside the Netherlands, from the Internet during the course of the trial. The banks themselves also disconnected sites using commercial agencies. The trial is being evaluated at the beginning of 2008. When this has been completed it will be decided what form further activities in area of Notice and Take Down will take. At the request of the Internet and Terrorism Steering Group of the National Coordinator for Counterterrorism (NCTb), the NICC began a legal research project examining the possibilities offered by the Public Prosecutor’s ‘Art. 54a Sr’ to remove sites from the Internet in 2007. This legislative clause regulates the responsibilities of ISPs and their liability to prosecution. A number of issues with respect to the applicability of this clause were raised in 2007 by the University of Tilburg’s Institute for Law, Technology and Society and the Centre for Cybercrime Studies (CyCriS). The report about this was provided to the Minister of Justice in

December 2007, and will be made public in the spring of 2008. In the context of a broader ‘Streamlining and Convergence of Notice and Take Down systems’ NICC project, whether an ISP hosts the punishable content itself or only acts as an intermediary is a crucial question for the tackling of sites with punishable, illegal or undesirable content. A hosting provider offers storage space on the Internet to its clients, and can therefore often take action on its own account to take illegal information off-line. In so-called 'mere conduit' situations, the data traffic flows via the ISP, but the illegal files are stored elsewhere. Custom design is then sometimes impossible. Whether or not the information is stored on a server in the Netherlands or elsewhere is then also an important issue. Many Internet companies wish to contribute to efforts to combat illegal activities of websites, such as child pornography, inciting hatred, the sale of counterfeit products, duplicated software or stolen goods. They lack sufficient expertise to determine what is in fact illegal however. These issues were discussed in December 2007 during a meeting ISPs and the complaints departments of various public and private organizations. They concluded that combating illegality on the Internet should be the joint responsibility of the private sector and the government.


Annual Report 2007

In the second phase of the project it is planned to bring together legal and technical expertise to make the Notice-and-Take-Down procedure more efficient for the government and private sector. The Internet business community is a young, relatively little-regulated sector. The players within it are therefore largely dependent on jurisprudence and their own initiatives with enough consensus within the sector. The intention is to examine together with the Internet business community in 2008 what improvements may be possible with respect to the application of NTD.

Margaret Verhulst, Public Affairs Strategy and Regulation at ISP XS4ALL: “We have an NTD procedure ourselves that works. We would like to discuss the possibility with others of an NTD standard for all ISPs when it comes to matters that conflict with the law. Where undesirable or offensive matters are concerned, a single place to go to with complaints could perhaps be better. But we must be able to determine for ourselves as a company whether we take any action with a report. That must not be compulsory. It is definitely a good thing that we are now discussing these matters together.�

21


Municipal authorities: working towards awareness

24

The Cabinet encourages municipal authorities to exchange electronic data. Citizens and companies are served electronically and must also themselves provide data electronically. But how secure is the digital information that is managed by the municipal authorities? A research study was performed in 2007 at eleven municipal authorities of various sizes into the risks and requirements presented by this increasing use of ICT and the Internet. This meta-analysis is naturally not representative of the whole sector, but it does give pointers to possible further steps. There appears to be a lack of compulsory legislation and regulation, control, knowledge and tools to protect against cybercrime. Incidents are not measured and ICT budgets are insufficient. Information security is not given a high priority by the administrators and managers who would have to set aside funds to pay for it. In order to create budgets for tools such as Internet warning systems, it is therefore necessary to increase the awareness of administrators. Preparations were therefore made in 2007 for a controlled ethical hack and social engineering in ten municipal authorities. In an ethical hack, an external agency tries to penetrate an authority’s systems. Social engineering involves a mystery guest using a flimsy excuse to gain access to an authority’s administrative headquarters to find as much sensitive information as possible, for instance in filing cabinets, USB sticks that have been left lying around, from archives or a safe. Having removed all references to actual names, during the course of 2008 the NICC will bring the results to the attention of the Ministry of the

Interior and Kingdom Relations, the Association of Netherlands Municipalities, the ICTU, EGEM (the knowledge platform dealing with ICT issues faced by municipal authorities), authority secretaries and mayors. The project is managed by a sounding-board group including representatives from EGEM, the ICT Coordination Point (CP-ICT), the Association of Information Provision and Automation Coordinators in Municipal Authorities (VIAG), the inter-authority social service (Optimisd), Centric and Getronics PinkRoccade.


Annual Report 2007

Three WARP projects for schools

Improvements in the provision of ICT facilities in the education sector have been made at a great pace in recent years. Many schools used high-speed Internet connections for educational purposes. That demands that greater attention is paid to security risks. Together with the Kennisnet Foundation, a public ICT support organization, and education network provider SURFnet, the NICC and GOVCERT.NL have taken the initiative to introduce WARPs (Warning, Advice and Reporting Points) in the Netherlands. A WARP is a community that consists of members from the same sector, in the same region or with a comparable ICT infrastructure. The community members receive reliable ICT security information, advice from experts and warnings relevant for them via the WARP. The community members of the schools use the WARP to exchange information and expertise. In this way, security matters can be addressed more efficiently and in a practical, applicable manner, a pool of experts in specific areas is made available for everyone to make use of, and the general level of awareness in the area of ICT security is enhanced.

A pilot project has been started in the education sector, the objective of which is to try out the WARP concept in Dutch schools and to examine whether the WARP concept can be used and has added value for the education sector. GOVCERT.NL is providing security information to the WARP during the pilot. GOVCERT.NL gave a presentation on this WARP project in the spring of 2007 at an international WARP conference in the UK. The kick-off with the participating Dutch schools also took place at about this time. By the end of 2008 the pilot will have produced sufficient information to be able to conclude whether WARP can have added value for the education sector.

25


The NICC programme is finite, but the National Infrastructure will continue

26

It is planned that the NICC programme will be concluded at the end of 2008. The National Infrastructure itself must be so advanced by that time that it will be able to continue independently. The NICC programme will be evaluated in 2008. The key questions will be how and under what conditions components of the NICC programme can be terminated, and what further steps will be needed to guarantee the continued existence and growth of the National Infrastructure. The NICC will give particular attention in 2008 to guaranteeing the continuance of successful trial projects such as the Information Exchange and Notice and Take Down, for example by transferring their management to other organizations.

In addition, the NICC will naturally continue unabated to support and facilitate the components of the National Infrastructure. In 2008 the NICC will further strengthen the commitment of public and private organizations to the National Infrastructure, for example by making the ‘United against Cybercrime’ logo available to them for use on websites, and by establishing a closed section on the website for the exclusive use of participants. Although the NICC programme is finite, the National Infrastructure will be able to continue to build on a solid foundation towards a secure cyberspace.


The NICC programme

28

The National Platform for Crime Control (NPC) is a public-private partnership that concerns itself with tackling the criminality confronting the business community in the Netherlands. In the context of the Action Plan for Safe Entrepreneurship (AVO II), the NPC has provided the initial impetus for a programme to combat cybercrime. The goal of the NICC programme is to create a National Infrastructure to combat CyberCrime. Meanwhile the programme has become a component of the ‘ICT Security Agenda’. The current structure and organization of the efforts to combat cybercrime in the Netherlands is fragmented. Functions of the national infrastructure are being fulfilled in several locations. There is an insufficiently integrated approach and a lack of a structured public-private partnership however. This means that there is not always an adequate response to cybercrime in the Netherlands. Against the background of our increasingly digital world and lifestyle, Dutch society as a whole is therefore vulnerable to this form of criminality. The keywords of the NICC programme are: – public-private partnership; – addressing the specific needs of the parties in the market; – both prevention and combat.

The NICC initiates, develops and carries out trials, but it is not its objective to become the new national infrastructure itself. The NICC brings parties together, such as representatives of the business sector, universities, research institutes, central and local government, GOVCERT.NL, the KLPD, the AIVD and the Cybercrime Reporting Point. The NICC is first and foremost a development environment that develops components of the national infrastructure by means of trial projects, while at the same time accumulating knowledge and expertise. From fully developed products, what is desired and possible becomes real progress, and it can be decided to transfer what has been learnt to a control environment.


WT-jaarbericht_2008-Engels:omslag

25-04-2008

10:47

Pagina 2

binnenkantomslag jaarbericht Nicc

The NICC programme

Peter Hondebrink (ministerie van EZ) constituent Annemarie Zielstra (ICTU) programme manager Auke Huistra projectmanager Cybercrime Information Exchange But Klaasen project manager, Notice-and-Take-Down Jeroen Walschots programme secretary Manou Ali programme support Cor Ottens communications consultant

The NICC programme has been commissioned by the ICTU. The motto of the ICTU is: help government to perform better with ICT. The ICTU combines knowledge and expertise in the area of ICT and government. ICTU executes various projects with and on behalf of governmental organizations. In this way, policy is translated into concrete projects for government. More information can be found at www.ictu.nl. Published by: The NICC / Editorial: Tekstbureau De Nieuwe Koekoek, Utrecht / Design: Tappan Communicatie, The Hague Printed by: OBT / TDS printmaildata, Schiedam

May 2008


WT-jaarbericht_2008-Engels:omslag

25-04-2008

10:47

Pagina 1

buitenkantomslag jaarbericht Nicc

NICC p/a ICTU Address Wilhelmina van Pruisenweg 104 2595 AN The Hague P.O. Box 84011 2508 AA The Hague The Netherlands

nicc@ictu.nl www.samentegencybercrime.nl

The National Infrastructure against Cybercrime (NICC) is the Dutch approach in fighting cybercrime. The NICC programme is a public-private partnership.

Annual Report 2007 nicc

samen tegen cybercrime

NICC

Let op! @ op voorzijde = stansvorm = aparte film

T +31(0)70 888 79 46


Annual_report_2007