Spring Report 2010 nicc The National Infrastructure against Cybercrime (NICC) is the Dutch approach in fighting cybercrime. The NICC programme is a public-private partnership. Highlights NICC Programme 2009/2010
lentebericht_2010-UK
Mar 11, 2016
TheNationalInfrastructureagainst Cybercrime(NICC)istheDutchapproach infightingcybercrime.TheNICC programmeisapublic-privatepartnership. NICCProgramme2009/2010 Highlights united against cyber- crime NICC
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Spring Report 2010nicc
The National Infrastructure againstCybercrime (NICC) is the Dutch approachin fighting cybercrime. The NICCprogramme is a public-private partnership.
Highlights
NICC Programme 2009/2010
unitedagainstcyber-crimeNICC
The NICC programme has achieved a lot infour years. In 2006 the NICC programmewas tasked with setting an ‘irreversiblemovement’ in motion that would result in aNational Infrastructure against Cybercrime.The Infrastructure now exists, and is nolonger a subject for discussion. What stillappeared to be impossible in 2006 is nowself-evident and taken for granted.
Society is calling increasingly loudly for a furtherstep: taking a structural and integratedapproach to prevention. It had been hopedthat taking this next step would be madepossible through the amalgamation of the NAVI,GOVCERT.NL and the NICC. These three partiescombining forces in a new organization wouldprovide the connection between personal,physical and digital security. We have sincelearned that this has not been possible. Thefinancing of the new organization could notbe arranged, and so the original plans werethwarted.
Disappointed? Somewhat of course, but perhapsit was necessary in order for us to move forward.‘Learning by doing’ has always been the startingpoint for the further development of collaborationin the NICC programme. Success can only beachieved with such an approach if you are notafraid of things failing.
So what does this mean for the CybercrimeInformation Exchange going forward?The guaranteed future of the Cybercrime
Information Exchange is not in question. For thetime being we are continuing with our activitiesas we have until now. The Ministry of EconomicAffairs has ensured that our work can becontinued in the short term in the familiar andtrusted manner.
For the longer term we will be holdingdiscussions with possible partners for theguaranteed continuance of the CybercrimeInformation Exchange. The requirements thatmust be met in this respect remain those asstated in the PricewaterhouseCoopersevaluation report. That is to say that the specifichallmarks of its way of working must continue tobe adhered to: public/private, demand-driven,flexibility, facilitating character andconfidentiality.
Exactly where the future of the InformationExchange will be secured is only a matter of themeans rather than a goal in itself. What it is allabout of course is creating more security. Betterprevention, in all areas. That is what we havebeen dedicating ourselves to for years.After four years of being ‘united againstcybercrime’, we have gradually moved to being‘united for more security’. Because one thing isimmutable: no one can work on prevention onhis or her own. Collaboration is a proven successfactor. And with that knowledge we are movingforward together.
Annemarie Zielstra (ICTU)Programmamanager NICC
NICC spring report 2010
United together, moving forward together
3
The Cybercrime Information Exchange grewfurther in 2009. The Telecom-ISAC and theISAC for process automation suppliers wereimportant additions. They form further linksin the dialogue between end users, suppliersand the government.
Airport-ISACSchiphol-Telematics joined the Airport-ISAC in2009. The companies in this consultation grouphave had the potential vulnerabilities of theircorporate ICT systems, or those systems thatextend beyond the sector, investigated. Thatproduced inspiration for six improvementprojects. The Airport-ISAC coordinates theexecution of these projects, with support fromthe Schiphol Security and Public SafetyPlatform.
New ISAC for PCS suppliersWe announced the very beginning of an ISAC forprocess automation suppliers in the NICCSummer Report 2009. The suppliers of ProcessControl Systems (PCS) formally constituted anISAC in February 2010.At the beginning of last year the processautomation suppliers discussed how the securitylevel could be raised and what their role couldbe in this respect. In a first session with severalsuppliers, it emerged that they would like tocontribute to the dialogue between suppliers,end users and the government about cyber-security with respect to process automation.Consultations began with representatives of thePCS suppliers ABB, Honeywell, Yokogawa,Emerson, Invensys and Siemens. They now meetonce every two months. During the firstconsultation meeting in November 2009, enduser Shell gave a presentation about the VendorRequirements for process automation, and this
The Cybercrime Information Exchange
4
JULY 2
NICC summer drinks - Finley het Witte Huisin Loosdrecht
august
Start of CAET project on the defence of criticalsectors against serious electricity andtelecom/ICT disruption
august
Incident registration at GOVCERT.NL started
BANKs
EuropeanFI-ISAC
pro
ces
sa
uto
ma
tio
nsu
ppli
ers
foodsector
EuroSCSIE
SCADA/PCS
MU
LTI-
NAT
ION
ALS
HA
rb
ou
rSE
CTO
R
PRO
RAIL
/
NS
TELECOM SECTOR
teaching
hospitals
NUCLEar
SECTOR
SCH
IPHO
LEN
ERG
y
SECTO
R
DRINKing
WATER
companies
AIVDKLPDGOVCERTNICC
MPCSIE
prompted a discussion that was experiencedpositively. Clarity in standardization andcertification were soon to become the mostimportant subjects of the meetings of the newISAC.
Telecom-ISACIn 2009 the Telecom-ISAC was established fortelecom providers that are members of theNational Continuity Forum Telecommunications(NCO-T). Together with several governmentalorganizations, they exchanged informationabout incidents, threats, vulnerabilities andgood practices. Possibilities have since beeninvestigated to extend this consultation groupto a number of other parties, such as SIDN.
Cybercrime consultation groupThere was a further expansion in 2009 in thenumber of participants in the Cybercrimeconsultation group, consisting of organizationsproviding surveillance, enforcement, inspectionand investigation services (under thechairmanship of OPTA). The number and lengthof the consultation meetings also grew duringthe year. This group employs the same way ofworking and rules as the other ISACs in theInformation Exchange. Although onlygovernmental organizations can participate,private sector organizations are regularly invitedto give presentations. In comparison with theISACs of critical infrastructure sectors (whichcan become victims of cybercrime), the focus
within this consultation group is on the informalinterchange of operational cases fromenforcement practice. This enables theparticipants to learn from each other about newphenomena and the modus operandi ofcybercriminals.
Water-ISAC convinces VEWIN of thenecessity for emergency exercise scenariosProcess automation is indispensable in thedrinking water sector in order to guarantee thequality and quantity of our drinking water. Afailure in process automation leads to processbreakdowns or service and monitoringdisruptions in the collection, purification anddistribution processes. Manual operations andextra manpower can counter some of theconsequences for a short time. But drinkingwater companies also have to be prepared for aprotracted breakdown of the processautomation systems.During a Water-ISAC consultation in the secondhalf of 2009 it became clear that while practiceexercises were being undertaken with theregular crisis organizations, but they seldom ornever included emergency scenarios for processautomation. The participants brought this to theattention of VEWIN, the Association of DutchWater Companies. The directors of all the Dutchdrinking water companies all have seats on theVEWIN management board. The Water-ISACshared their insight into cybercrimevulnerabilities with them, and explained the risk
NICC spring report 2010
5
september 1
First police/OM session on their approach tocybercrime (facilitated by the PAC and the NICC)
september 3
First joint session of the Water-ISAC andEnergy-ISAC
september 16
First PCS Vendors-ISAC session innarrower context
Danyel MolenaarHead of Internet security andcommunications at OPTA and chairmanof the Cybercrime consultation group
The Cybercrime consultation group sounds likean ISAC, acts like an ISAC, and yet it is not.The NICC facilitates the meetings, and the well-known traffic light model guarantees aconfidential interchange of information aboutcybercrime. But only governmental organizationssuch as the KLPD, the AIVD, GOVCERT.NL andthe NCTB sit around the table at this consultationgroup; none from the private sector. DanyelMolenaar, head of Internet security andcommunications at OPTA, is currently chairmanof the Cybercrime consultation group.
How did the Cybercrime consultation groupget started?“Within OPTA we had come to the conclusionthat we were far more ready to collaborateinternationally than nationally. Within theNetherlands there had been scarcely any consul-tation with other organizations, and we neededthat in order to combat cybercrime. So we decidedto invite them here to our office. We started fouryears ago with the organizations with which wehad already had some experience: GOVCERT.NL,the KLPD, FIOD-ECD and the Supra-regionalNorth and East Netherlands Investigation Service,which has a special Telecom and ICT fraud depart-ment. They were later joined by the AmstellandPolice Force, the AIVD, the NIVD, the ConsumerAuthority, the NCTB, the Netherlands Bank andthe Netherlands Authority for the FinancialMarkets. The consultation group is intended forpeople who are involved in investigations them-selves, so are focused on operational matters.”
How is the new collaboration progressing?“Our view was: if you want to collaborateeffectively, you have to get to know one another.Everything that the investigation and intelligenceservices do is confidential. In order to share that
kind of information, you must first trust and haveconfidence in the people with whom you aretalking. We realized that that had to grow. In thebeginning it was really awkward. So we just madea start with information sharing ourselves. It waseasier for us as OPTA, as telecoms legislation ismore flexible. In this way we were in turn able toawaken that confidence and trust amongst theothers. So in the beginning it was us who didmost of the talking, but that quickly changed.”
The Cybercrime consultation group looks a lotlike an ISAC, yet it isn’t. Why is that?“Two years ago the NICC offered to take over theorganization. We were very grateful for that. Iam now only the chairman of the group, and therest is organized by the NICC. We are not a partof the Information Exchange, but we do workwith the traffic light model. The Cybercrimeconsultation group is really only for govern-mental organizations. And the KLPD, the AIVDand GOVCERT.NL also sit in the other ISACs, sowith the agreement of the sectors they can passon information from them. For that matter, OPTAis also not present in the Telecom-ISAC, as theprivate sector parties have indicated that theyare not yet ready for that.”
How do you all work together in practice?“We all meet together every two months, andthere is also a lot of bilateral consultation. Theinterchange of information is at the heart ofthe collaboration. That can be about generalsubjects such as risks and the methods used totackle them. We don’t talk about divisions oftasks and policy plans; it’s purely about theexchange of practical information: how do youconduct an investigation, have you come acrossthis problem, how do you deal with this, who’sbusy with what? If we are dealing with a cyber-
NICC spring report 2010
“Our view was: if you want to collaborate effectively,you have to get to know one another”
7
criminal who can’t be found for example, and hismoney has disappeared abroad, we would invitethe Inland Revenue to come and talk to us. Theyhave contacts in other countries. In this way,you can help each other.”
Have your consultations already produced someconcrete results?“OPTA has fined a spammer who the police werealso interested in. Then we passed on the infor-mation, so that the police could prosecute him.We have also had a number of consultationswith another organization, so that they candemonstrate what they can do. A presentationwas given at the Netherlands Forensic Instituteabout a new type of automated image analysis;a computer program that can rapidly recognizecertain kinds of images. That is useful wheninvestigating child pornography, because thenyou don’t have to look at each and every image.And for our next consultation we’ve been invitedby the Cybercrime Policy Project Office, whoprepare policy for the police and the Ministry ofthe Interior and Kingdom Relations.”
Do you also sometimes work together withprivate sector organizations?“A professor came to tell us about techniques forprotecting privacy. Once we also invited represen-tatives from a company that produces anti-virussoftware. They explained to us how they collectdata for their reports, and how that could be usefulfor us. Sometimes the matters to be dealt withare also really concrete; for example if there isan ISP from which a great deal of trouble andnuisance has been generated. You then investi-gate that sort of matter together. There are manysmall hosting providers in the Netherlands, andnot all of them are 100 percent bona fide. On the
other hand, the major ISPs have significantbotnet problems to deal with, and they give usinformation about these.”
How does OPTA itself involve the collaborationwith hosting providers and data centres?“OPTA will never use the Cybercrime consultationgroup as a source for dealing with private sectororganizations. What is discussed within thegroup stays there. But the information does helpus in focusing our investigations. Sometimes wecall on the ISPs to come together to talk. It isjust a problem that they are not organized as agroup themselves. We sometimes also organizethat via the Economic Commerce Platform ECP-EPN, or the Internet Security Platform that wasset up last December. Fortunately the governmentis trying to further streamline consultations withinthe sector. The fact that the ISPs have no sectororganization of their own originates from thenature of the Internet pioneers. From their begin-ning they have been easy-going young peoplewho believe in the anarchy of the Internet. Wehave noticed that they are becoming more open,however. When OPTA tried to make contact withthe ISPs six years ago, the reaction was extremelychilly. A Telecoms Exchange has taken years toestablish, but at least it’s here now. The botnetagreements to close down zombie computersweren’t successful three years ago. There is lessaversion for the government nowadays. TheISPs are also now more prepared to take actionthemselves to improve mutual trust andconfidence. They understand that there are alsoa lot of bad people who are walking around in afree world, and they suffer from them too. Thezeitgeist is changing, and the sector is becomingmore mature.”
8
NICC spring report 2010
9
september 17
‘Get Secure!’ presentation at KPN intern event
october 8
Presentation to Board of Vewin in Nieuwegein
of a (protracted) breakdown in some or all of theprocess automation systems. The objective wasto convince the directors of the fact that therewas little or no account being taken in thecurrent delivery plans of the possibility of anindustrial automation breakdown.The Water-ISAC suggested that joint realisticand uniform emergency exercise scenariosshould be developed and practised. The VEWINmanagement board agreed to the developmentof a generic exercise scenario for the Dutchdrinking water sector for breakdowns in processautomation. All the drinking water companiesare contributing to the funding of itsdevelopment. The scenarios are to be tested in apilot at the Drenthe Water Supply Company(WMD) and Vitens.
Joint consultation between the Water-ISACand the Energy-ISACThe Water-ISAC and the Energy-ISAC cametogether for the first time on September 3, 2009in a joint consultation. One of the items on theagenda was a presentation of the benchmarksthat had been developed by both ISACs. It wasdecided to research these once more. This so-called 1-measurement is currently beingundertaken. The participants also agreed toshare the agendas of the two consultationgroups, so that everyone would be updatedabout each other’s topics.Following the success of the meeting, it wasdecided that there would be more in 2010. Thewater and energy sectors will from now on havejoint consultation meetings twice a year. Thechairperson’s role will be taken by a
representative of the Water and Energy-ISACalternately, and the meeting agendas will beprepared jointly.
Ria DoedelDirector of the Limburg Water SupplyCompany and chair of the VEWIN securityand crisis management steering group.
Ria Doedel, Director of the Limburg WaterSupply Company and chair of the VEWINsecurity and crisis management steering group,is very satisfied with the collaboration that hasbeen created and stimulated within theCybercrime Information Exchange. Informationis not only finally being exchanged aboutprocess automation security within the sectoritself, but also with public sector organizations.Furthermore, joint consultations are now beingplanned with the energy sector. Doedel: “It’sgood that there is now also a suppliers-ISAC.This offers more possibilities to get informationabout how you can best secure yourselves.”
What does the Water-ISAC mean for thedrinking water sector?“The Water-ISAC is a valuable platform for theconfidential exchange of information, experienceand best practices about process automationand cybercrime. If this ISAC had not been setup, every water supply company would still beoperating on their own. Then we would stillknow much too little about what was going well,what was not, or perhaps what was almostfailing. Now we’re learning from each other.”
Has the collaboration in the Water-ISACprovided solutions for threats?“A concrete threat is perhaps putting it toostrongly. We do know the practical examples ofhackers who have managed to penetratesystems. And we know that terrorist groupshave shown an interest in SCADA systems,including those used in the drinking watersector. That has been identified by the AIVD,
and this information has been shared with thedrinking water companies. The criminal interestin SCADA has led to a very active security policyfor office automation in the drinking watersector, and increasingly also for processautomation systems. This varies from an activepassword policy and the security of connectionsto the possibility of taking over process controlsystems manually, and everything in between.”
Has having your own ISAC improved contactswithin the drinking water sector?“The chairman of the Water-ISAC is a memberof the VEWIN security and crisis managementsteering group. This ensures that they receive avery active contribution from the ISAC. He hasmade sure that the 2007 TNO report about theSCADA security benchmark was presented tothe VEWIN management board and in thesteering group, for example. That was animportant step in gaining insight into thevulnerabilities, and in creating awareness.It works the other way around too. When we arefaced with specific issues, he can take those tothe ISAC consultation, so that they can jointlylook at whether there really is a danger, and ifthere are solutions for it. One issue that we areall facing is the maintenance of production sites.How do you deal with the security, supervisionand inspection if this means allowing access tothird parties at these sites? We exchangepractical experience of these situations witheach other. And when some drinking watercompanies were working hard with mysteryguests to test whether their security policy wasreally working in practice, they exchanged their
NICC spring report 2010
“As drinking water companies we have become muchmore dependent on process automation than we hadrealized”
11
experiences of that. This avoids everyone havingto experience known pitfalls for themselves.”
How are contacts with other sectors going?“The TNO research in the drinking water sectorthat served as the basis for the SCADA securitybenchmark is being repeated this year. Theenergy sector is also carrying out similarresearch. We are going to compare the results ofthese research projects on a cross-sector basis,so that we will be able to learn from each other.That is also a concrete result from theInformation Exchange. Before the Water-ISACexisted, there was absolutely no interchange ofinformation between these sectors.”
The Water-ISAC has initiated a pilot project fora generic exercise scenario in the area ofpotential industrial automation disruptions.What do you think the conclusions will be?“Once the pilots have been completed, we willuse the findings from them to raise ourpreparation levels. I would need a crystal ball atthe moment to know what those findings willbe, of course. But one thing that I think willresult from them is that we will find that asdrinking water companies we have becomemuch more dependent on process automationthan we had realized. An important aspect ofthat exercise scenario is the ability to take overthe control of the installations manually, shouldthe process automation come to a standstillthrough external intervention. The ‘old guard’can still do that, as they come from the timewhen all processes used to be undertaken byhand. But the younger generation only know
automated systems. If we want to solve abreakdown manually, we will therefore have towork actively on knowledge transfer. We stillhave to do better in that area.”
How does the Limburg Water Supply Companyhandle process automation security?“In our case, it is an integrated part of ouroverall security activity. In the first round, thatconcerns physical measures, such as entrancegates, reinforcement of doors and electronicentry systems. Then we make it as difficult aspossible for intruders to penetrate our systemsby using firewalls and high levels of security. Wehave also tackled personal security issues. A riskprofile is associated with every function, with anappropriate screening level that can go all theway up to a heavy, externally executedprocedure. Everyone who joins the organizationor changes his or her existing function mustundergo such a screening process. We alsoregularly run security awareness trainingcourses to keep security fresh and up to date.Small things that you can step over quickly canbe an indication that there is something wrong.”
What do you expect in terms of developments inthe ICT security area in the years ahead?“It goes without saying that one importantdevelopment is the fact that a number ofdrinking water companies are on the brink ofmajor replacements of their process automationsystems. With what we know now, the securityrequirements that you establish as a companyfor their design are much stronger than theywere in the past. The unpleasant side is only
12
that developments in the area of cybercrime arealso going on continuously. Much more ispossible technologically, and malicious partiesare becoming smarter. This is therefore a race inwhich we must try to stay a step ahead all thetime. I would think that this will remain a majorpoint of focus for us for decades to come.”
The Cybercrime Information Exchange is goingto get a permanent location in the future. Willthat be good for the drinking water sector?“In theory definitely, because in this way theadministrative pressure should be reducedcompared to how it was when there were moreorganizations dealing with cybercrime. Bycombining this expertise and information, youalso get a better overview. I’m very glad that theInformation Exchange is staying in place. Afterall, when it comes to drinking water, it’s allabout public health. If you want to prevent theactivities of people with a malicious intent, youhave to share information, collect signals andpass them on, so that an alert action can beundertaken quickly. This information did existearlier, but it was never shared.It is also important that we keep each otherupdated about technological possibilities thatcan keep us a step ahead of the cybercriminals.We don’t all have this knowledge in-house.That’s why it’s good that there is now also anISAC for suppliers. I understand very well thatthey are not able to share all their businesssecrets with us, but it still offers morepossibilities to get information about how youcan best secure yourself.”
NICC spring report 2010
13
NICC spring report 2010
15
october 9
MPCSIE meeting at De Zilveren Toren inAmsterdam
october 15
Second joint session of the police/OM andbanks, facilitated by the PAC and the NICC
october 22
NEISAS meeting in London
How well can companies operating in the vitalinfrastructure and critical sectors resist andcombat large-scale disruptions in powersupplies or ICT services? The cabinet hasstarted a project to answer this questionunder the title Capacity Advice Electricity andTelecom/ICT (CAET). The NICC and the NAVIare jointly facilitating a part of the project:‘defence of the critical sectors against large-scale disruptions of electricity andtelecom/ICT’. The new organization will soontake over this role.
The vital sectors are dependent on electricityand telecom/ICT. Unless adequate measures aretaken, the telecommunications sector can onlykeep going for a short period without electricity.The dependence of the electricity sector ontelecommunications is just as great.Telecommunications and ICT is of criticalimportance in the event of a large-scaledisruption of the electricity supply in order torestore the electricity network. The financialsector is heavily dependent on both electricityand telecommunications/ICT, for example toensure the continuity of the transfer ofpayments. The Energy (gas and electricity),Telecom/ICT and Finance sectors thereforemapped out what their vital core processes wereand which continuity measures had already beentaken via the CAET project in 2009. Followingthis, the NAVI and the NICC determinedseparately with each sector which concrete
supplementary measures were necessary inorder to reduce the chance of a disturbanceoccurring or to be able to cushion and limit theconsequences of a disturbance. In the spring of2010 the conclusions will be reported to thesectors and ministerial departments involved.Ultimately they will decide in consultation whichmeasures will definitively be taken.
The other critical sectors will run a similarproject in 2010 in order to make an inventory oftheir own vital core processes and measuresthey have already taken. It will then becomeclear which extra measures still need to betaken. An example of such a measure is thestimulation of cross-sector collaboration. Inorder to be prepared for a large-scale disruptionof the electricity supply or telecom/ICT services,it is necessary for the various sectors to knowhow to find each other, to be able ask each otherquestions directly and to exchange knowledge.But the greatest added value of the research isthat a process will be set in motion in order toincrease the awareness of these mutualdependencies in the critical sectors.
CAET: defence against electricityand ICT disruptions
The message of the third Process ControlSecurity Event (PCSE) ‘Control IT!’ was: helpto open the managers’ eyes and ensure thatthey begin to feel less secure. The NICCelaborated on that in the fourth PCSE inDecember. This meeting, under the title of‘Manage IT!’, was focused on using know-ledge in the right manner when providinginternal advice to senior management.The challenge to the participants was: howdo you convince management of the needfor a significant investment in security?
The NICC and Process Control SecurityProcess control systems manage and monitorcritical processes in many of our vital sectors.The unauthorized manipulation of thesesystems can lead to a serious disruption of thecritical infrastructure. That can in turn havemajor consequences for the economy, theenvironment and society. Since 2008 the NICChas tackled process control security as aseparate subject, both nationally andinternationally. We do this together with theusers, the suppliers, the government, educationand research institutes.
The event’s chairman, Philippe Raets, made itclear that knowledge alone is not enough inorder to convince top managers. He usedprovocative film fragments for the introductionof a few strategies that can be used to convinceand persuade: passion, temptation and
manipulation. Jos Weyers of TenneT presentedthe lessons learned by the participants in theIdaho training course (see interview and box) asthe basis for the workshop exercise. In smallgroups, the participants prepared a strategy toconvince the senior manager of the necessity totake security measures. After some practice, andfull of confidence, two of the teams began theiradvice discussion with a ‘top manager’.
Team 1 decided to take the ‘fear’ approach: “Itcan go wrong at any moment, and it’s extremelylikely that it will happen!” But the director toldthem he wanted to see an integrated riskanalysis. According to his executive advisor, thiswould take a month to prepare. The team itselfmaintained at first that it would take threemonths, but the external advisor contended alittle later that a week would be more thanenough time.Team 2 had the risk analysis ready: “Patching isthe solution!” The director promised nothingand first wanted the whole story written outwith diverse scenarios so that he would then beable discuss it with his board colleagues.
After this role-playing, the effectiveness of theadvice discussions was talked through. It wasapparent that convincing a top manager was nosimple matter. You have to present him or herwith a sturdy story. The ‘security people’employed all sorts of substantiveconsiderations, while senior managers just want
Process Control Security: Manage IT!
16
october 27-29
Meridian 2009 in Washington DC
november 9-10
European FI-ISAC in Berne
november 12
Conference on cybercrime organized by PublicProsecutor in Heemskerk
a reasonable decision-making process and anumber of elaborated scenarios with riskanalyses. The findings from the Idaho trainingcourse are indeed clear, but that is not to saythat everyone can follow up on therecommendations. The Idaho training course iscaptured in a short film that you can downloadat www.samentegencybercrime.nl.
Lessons learned from the Idaho trainingcourseImprovements that the experts can implement
Knowledge management• Security training for personnel• Assessment (legal hack/vulnerabilities)• Share knowledge with external parties, such assuppliers and advisors
Applications• Written with an eye to security (what can gowrong?)• Follow the secure programming manual• Accounts with as few privileges as possible• Own user accounts with password policy• Prevent SQL injection
Security• Intrusion Detection System is vital for theidentification of deviant network traffic• Static environment
System logging/monitoring• Forensic researchVendors• 100 Assessments by Homeland Security asgood practice• Procurement language (US-CERT)• Ensure that the vulnerabilities are known
Improvements that management canimplementManagement/Organization• Define the security policy• Organize processes securely• Take care of procedures, handbooks andstandards• Communication PA/IT• Calamity / incident response organization(IRT, incident reporting)• Confidential information
Collaboration• With external organizations• Between PA and IT departments• Bundle security knowledge in the organization
Creating awareness• US-CERT WEB training• Cybersecurity advanced training• Conferences
Risk analysis• Risk Reduction/Analysis Products: CyberSecurity Evaluation Tool (CSET)• Balanced measures
NICC spring report 2010
17
november 9-13
Red Team / Blue Team training in Idaho
november 16
Guest lecture at NHL in Leeuwarden
november 26-27
EuroSCSIE meeting in London
18
december 1
PCS Event & NICC winter drinks – KasteelDe Hooge Vuursche in Baarn
december 1
Publication of ‘Process Control Security in theCybercrime Information Exchange’
december 3
Presentation during the Egemin SecurityAfternoon in Belgium
International research has shown that theinformation security of process controlsystems is a ‘changeling’ in the vital sectors.A cross-sector initiative for the informationsecurity of process control systems mustreduce vulnerability. This National Roadmapfor secure process control systems is now indevelopment.
An increasing number of incidents demonstratethat process control systems are vulnerable tounauthorized manipulation. And not only in thecritical sectors. Process control systems are alsoused in the production processes of manycompanies in other sectors. They are often acomponent of building management and accesssecurity systems. The National Roadmap isindeed focused on the companies that are a partof the critical infrastructure, but it will certainlyprovide a spin-off for all other sectors.
Roadmap given the number one spotAlmost fifty projects take part in the race for asubsidy for the sub-arena ‘Security of ICT andnetworks for critical applications and sectors’.The NAVI and the Ministry of the Interior andKingdom Relations, which had initiated thesubsidy procedure, gave the Roadmap projectthe number one spot. During the NAVI networkmeeting on December 10, 2009, Michiel van derDuin announced on behalf of the Ministry of theInterior and Kingdom Relations that theRoadmap project had received the highest score
and had been awarded the subsidy. The NICCgave a presentation about the NationalRoadmap.
Collective visionThe National Roadmap was initiated lastsummer during the NICC’s third Process ControlSecurity Event, ‘Control IT!’, in a workshop inwhich all parties were present. Suppliers ofhardware, software and services,representatives from the education sector,scientists and interest groups (WIB, the CIOPlatform Nederland) worked together on theformulation of the National Roadmap on thebasis of a collective vision: ‘Within ten years, thesecurity layers of process control systems thatare used to control critical processes will bedesigned, implemented and maintained. Thiswill be done in conformity with the identifiedrisk. The objective set in this respect is thatthere should be no loss of critical functionsduring and after a cyberincident.’ This objectivewill be elaborated in an action-oriented mannerin the National Roadmap at strategic andtactical levels as milestones for the short term(up to 1 year), medium term (1 to 3 years) andlong term (3 to 10 years).
The National Roadmap covers organizationaland technical aspects on the one hand andhuman behaviour on the other. The securitymeasures to be developed therefore cover boththe whole area of ICT solutions and physical,
National Roadmap for secureprocess control systems
personal and organizational measures. Theyencompass the entire security cycle, fromarchitecture and procurement to operations andclosedown. The products developed will bemade widely available. The objectives andapproach of the Roadmap are described in ashort film you can watch atwww.samentegencybercrime.nl.
Publication makes managers aware aboutPCS vulnerabilitiesManagers are far too little aware of the risksresulting from a lack of attention to theinformation security of process control systems.During the Process Control Security Event‘Manage IT!’, the NICC therefore presented apublication for the management of companiesthat use process control systems: ProcessControl Security in the NICC CybercrimeInformation Exchange. Its goal is to heightenthe awareness of management of thevulnerability of and the risk to theirorganization. The publication provides anoverview of sectors in which process controlsystems are used, and includes a number ofconcrete security incidents. The risk factors andan overview of the vulnerabilities are alsodescribed. Furthermore, the publication alsoprovides a first look at the National Roadmap.The publication can be downloaded fromwww.samentegencybercrime.nl.
NICC spring report 2010
19
december 9
ISAC chairpersons meeting in Amsterdam
december 10
Presentation of the PCS Roadmap during theNAVI drinks in Scheveningen
From left to right:Jos WeyersIT security and continuity officer, TenneT
Renny ter VeerIB coordinator, Drenthe Water Supply Companyand Groningen Water Company
Sytze BakkerManager, Electro & Instrumentationand Process Control, Gasunie
Industrial Control Systems Cyber Security Advanced TrainingThe NICC and the United States Department of Homeland Security organized a five-day security trainingcourse in November. Twenty-nine Dutch control systems engineers and operators, IT employees and securitymanagers from diverse critical infrastructures participated in this Industrial Control Systems Cyber SecurityAdvanced Training at the Idaho National Laboratory. Three of the 29 participants at the Idaho training coursepresented their experiences during the NICC PCS event ‘Manage IT!’ in December 2009.
Over four days, from early in the morning to latein the evening, you absorb information aboutPCS security intensely. And then, within fifteenminutes in the practical test on the fifth day, youfind out that you have forgotten all the vitalinformation, and the ‘enemy’…However alert you think you are, it is definitelyno simple matter to protect your critical systemsagainst an attack. Three of the participants atthe Control Systems Cyber Security AdvancedTraining in Idaho describe their experiences:Renny ter Veer (IB coordinator, Drenthe WaterSupply Company and Groningen WaterCompany), Sytze Bakker (Manager, Electro &Instrumentation and Process Control, Gasunie)and Jos Weyers (IT security and continuityofficer, TenneT).
What did you think of the training course?Renny ter Veer: “Fantastic! I thought the live Redteam/Blue team training was best. We weredivided into two teams. Our team had to defendthe systems while the other team attacked us.You could never practice that in your ownenvironment. All the aspects were covered: notonly technical, but also organizational. How doesmanagement react, do you have an incidentmanager who organizes everything, and how doyou handle negative reports in the press? Andthen the physical security. The ‘enemy’ just walksin, sniffs around, takes photos of our whiteboardthrough the venetian blinds, turns out therubbish bins…” Jos Weyers: “After a quarter of anhour, someone had already lost a folder thatcontained all our information. You know that it’sa test, that the ‘enemy’ is somewhere nearby andwatching you – and then you’re still not able to
keep your data secure! In a normal situation itmust therefore be a lot easier for them. That wasa useful eye opener. We knew a lot of thingsalready, but even someone who is as paranoid asme had to be made to face the facts.” SytzeBakker: “It was first and foremost a practicalcourse. No woolly stories or intimidation; thepeople on the shop floor can immediately makeuse of what we learned.”
What have you learned from it?Weyers: “Especially that you have to be up todate with the patches on your system. You knowthat it’s vital, but not that it’s so easy to get intoa system if you don’t keep it up to date.” Patchmanagement had to be improved at Gasunie aswell, confirms Bakker: “If a vulnerability isfound, you have to install the correct patches asquickly as possible. We waited before doing thismuch too long, because we didn’t want todisrupt the availability and the reliability of thesystems in connection with the security of thedelivery. But if the thing breaks down as a result,we have a much bigger problem. I’ve now alsoseen that the real necessity is to have a specificintrusion detection system for processautomation. Now the budgets for that just haveto be freed up...” “But we’ve also learnt howimportant it is to know your systems well,” addsTer Veer. “Otherwise you won’t be aware that anintrusion is taking place.”
Has the training already produced somethingconcrete in your companies?“Immediately after the training I was asked togive presentations to all the departments aboutthe way hackers work,” says Ter Veer. “It soon
NICC spring report 2010
Idaho training: ‘united against cybercrime’ in practice
21
got around: ‘Renny has been to America to dosome hacking!’ That really helped to boostawareness, also amongst senior management.The manager who is responsible for securityinvited me to join discussions.” TenneT wasalready busy setting up a campaign about theimportance of security awareness, explainsWeyers. “We’re now implementing this morestrongly. The training has also given me moreammunition for this.” Bakker is particularlyhappy with the gold mine of information thatthe course provided. “I didn’t know about theUS CERT website before,” he says. “Now we canfind a lot of practical information there aboutcybersecurity, standards and guidelines aboutprocess automation. The Defence in DepthStrategy is also really handy; it’s a referencesystem architecture for process automation thatyou can use to design an installation. If youfollow these guidelines, you’re already a longway towards having a secure installation.”
Should we have similar training facilities in theNetherlands or Europe?Bakker: “Yes, it would be a very good idea.Security is still really a little behind the timesin process automation, because managementhasn’t focused enough on it. Engineers have toolittle knowledge too.” Jos Weyers explains thathe asked straight away if such a training coursecould be brought to the Netherlands. “Theadded value of the training would have beengreater for us if we had had more TenneT peopleparticipating in the course at the same time,”he says. “Some boffins who are concerned withthe workings of the system, but preferably alsosome managers. But such a training centre
should certainly come to Europe as soon aspossible. Someone just has to make a pot ofmoney available for it! We can only hope thatthis happens. It would also benefit the networksas a whole, because in a training course like thiseveryone is soon on the same wavelength.It would also be great if it could include apermanent place where you could bring aSCADA set-up from your own company, to runexercises with it.” “I’d really be pleased to seethat too,” agrees Ter Veer. “You don’t fly acouple of managers to Idaho for five days justlike that. It would be easier if it was in Europe.”
Did you all learn something from the workshopduring the PCS event in December?Ter Veer: “I found it really interesting: how do Itell my manager how things have to beimproved? If you want to get something done,you have to have a good story that you cansupport with thorough research.” Sytze Bakkerfound it particularly useful to be able to talkwith people from the same professional field.“You can get a lot of knowledge from that,”he says. “Everyone does their best, but there’sreally no collaboration on a national or inter-national level.” “I found it quite difficult todirectly apply the themes from the workshop,”says Jos Weyers. “I think you really have to dothese exercises on a smaller scale; it doesn’twork in a large group.”
You all presented the lessons learned from theIdaho training course during the PCS event.What else is each of you doing with them?“I’m giving some lectures about them for thetechnicians who monitor the SCADA systems,”
22
says Weyers, “to see which of the lessonslearned apply to TenneT.” Ter Veer: “We’vemade a kind of checklist from them. We alreadycomplied with very many things, but that alsohelps you see what still has to be done. If youbuild something new in process automation,security has often not been taken into conside-ration in the specifications. In new projects,we’re taking security requirements and policyinto account from the beginning from now on.”Bakker: “Security is only seen as an expense,and that slows up the process. As you don’t earnanything from it, it’s difficult to make a businesscase for it. I’m therefore using the lessonslearned to convince management that we arenot there yet, and for project proposals.I think that this will work well. If you have agood, realistic story about what you can lose interms of reputation and certainty about supply,and if you can clearly explain the risks and whatyou can solve with the measures, managementis definitely ready to listen.”
Has a new network been created through thetraining?“Absolutely,” says Weyers. “Only this week Imet some of the participants at a congress andwas pleased to talk with them again straightaway. And people who need this informationknow how to find each other directly.” Ter Veerhas also already made use of it: “I’m the onlyone in our company who is specialized insecurity. A network like this has the advantagethat when I have things that I can’t work outmyself, I can ask others. That barrier hasbecome lower.” Bakker has also experiencedthat collaboration has improved: “Four of us
from Gasunie participated in the training course.Amongst us were people from office automation,with whom we’d almost never talked about thissubject before. Now we keep in contact witheach other within Gasunie. We’re tacklingsecurity issues together and have written a jointsecurity policy.”
Do you have any more tips?Bakker: “What we’re definitely missing here issomething like the Idaho National Laboratory:a practical organization that produces concretedocuments and makes assessments of controlsystems. With all due respect to the NICC,that still remains stuck at a higher level ofabstraction. Couldn’t we have something likethat here too?” Ter Veer: “Change happensslowly, so ensure in any case that security istaken into consideration in new projects. Don’tonly involve process automation people insecurity, but management as well. These peoplehave to see what can happen and know howthey can deal with stress situations.” Weyersfeels that awareness is the most importantthing: “You can fix everything up beautifullyfrom a technical point of view, but that won’thelp much if people don’t work with it, if theyleave their USB sticks lying around, or if theypost confidential information about their workon their LinkedIn page. The whole organizationmust be convinced of this.” Ter Veer: “That’sright; handling people is often the weak point.ICT and process automation need each other todeal with these weak points. Join forces,combine strengths, and make use of eachother’s knowledge!”
NICC spring report 2010
23
The Meridian Process Control SecurityInformation Exchange (MPCSIE) is anexcellent example of internationalcollaboration on a cross-sector theme. Overthe last six months within the MPCSIE,government officials from eleven countrieshave experienced that trust can also lead toresults internationally. After a number ofmeetings, the sharing of knowledge and theexchange of information is going very well.
In October 2009 we held a MPCSIE meeting inAmsterdam under Dutch chairmanship, followedby a meeting in Tokyo in February 2010. We haveselected a few example activities in order to givean idea of the essence of the MPCSIE.
The MPCSIE is a working group of the Meridian,a global initiative to jointly meet the challengeof realizing and maintaining a secureinformation infrastructure. An important area offocus within the Meridian is raising awareness.A great deal is invested in this in theparticipating countries. Each country has its ownmethods for working on raising awareness. ASCADA Self Assessment Tool has beendeveloped in the UK, for example. In theNetherlands, GOVCERT.NL has set up a nationalAlerting Service. All these examples areexchanged with each other, and every countrycan benefit from them. The best example isdefinitely the National Cybersecurity AwarenessMonth in the USA, which had ‘Our Shared
Responsibility’ as its theme in 2009. Theobjective was to emphasize that all computerusers – so not only the government and thebusiness world – are responsible for maintaininggood ‘cyber-hygiene’. Everyone must protectthemselves and those around them, whether athome, at school or at work. By taking a fewsimple steps, you can ensure you are secureonline. At www.samentegencybercrime.nl youcan find a link to the website of the NationalCybersecurity Awareness Month.
EuroSCSIEInformation is also shared within Europe in thearea of Process Control Security. Within theEuroSCSIE, government officials are joined byrepresentatives of major private sectororganizations, such as Shell, EFD Gaz de France,CERN, Electrabel and Laborolec. The focus is onthe interchange of good practices, incidents andvulnerabilities. The security of smart meters andsmart grids is a subject that is emphatically onthe agenda.
SuppliersAn important subject that is discussed withinboth the MPCSIE and the EuroSCSIE is the roleof suppliers. They represent a vital link in thecreation of secure environments. The awarenessof this has permeated both organizations.Diverse initiatives in the area of the procure-ment of secure process control systems arediscussed within the MPCSIE and the
International collaboration
24
februari 3
Suppliers meeting in a broader setting
9-10 februari
MPCSIE meeting in Tokyo
februari 18-19
CNPIC first International Forum CIIP in Madrid
EuroSCSIE. Examples of these are the CyberSecurity Procurement Language for ControlSystems that the Americans have developed,and the Process Control Domain – securityrequirements for vendors document. Thisdocument was developed by Shell, and has sincebeen utilized by other organizations, includingmembers of WIB, the International InstrumentUsers’ Association. The EuroSCSIE acts as aninternational flywheel within this.
European FI-ISACA European FI-ISAC has been established inwhich financial institutions, police organizationsand CERTs sit around the table to activelyexchange information about the protection ofthe financial sector. The engine driving thisconsultation group is represented by APACSfrom the UK, Melani from Switzerland, theHungary-CERT and the Dutch FI-ISAC. Theinitiative is supported by the European Networkand Information Security Agency (ENISA).During meetings in Budapest, Amsterdam andBern, not only are good practices discussed, butalso information about very recent and topicalthreats and incidents is exchanged. ENISA hasstarted a mailing list through which theparticipants of the European FI-ISAC can alsoshare information with each other between themeetings.
Information Exchange in a BoxThe NICC and the CPNI took the initiative in2009 to disseminate a handy box containingdiverse products focused on raising awarenessamongst their partner organizations and otherinterested parties. ENISA has adopted that idea.The Information Exchange in a Box is nowsupplemented with material from ENISA and sohas become an even more valuable source ofinformation. The box is used internationally andhas become an excellent stimulant for goodinternational collaboration and the exchange ofknowledge.
Information Sharing WorkshopThe exchange of information gives policy makersinput for their strategies and is an essentialelement of improving security to combatcybercrime. ENISA and the NICC thereforeorganized an Information Sharing Workshop onMarch 16 and 17, 2010. International experts inthis area, both from within and outside the EU,shared their knowledge, experience andstrategies. This was followed by a debate aboutthemes such as the collection and analysis ofdata. The workshop was concluded with aninventory of the possibilities for arriving atinternational collaboration.
NICC spring report 2010
25
MARCH 1
Start of new-style platform: expanding fromdigital to physical and personal security
MARCH 11-12
EuroSCSIE meeting in Berne
MARCH 16-17
ENISA / NICC Information Sharing Workshop,De Zilveren Toren, Amsterdam
NICC partners in the (inter)nationalinfrastructure
26 A • ABB BV
• ABN Amro Bank
• Academisch Medisch Centrum
• Academisch Ziekenhuis
Maastricht
• Achmea
• Applied Control Solutions USA
• Accenture
• Actemium
• AFM
• Agentschap Telecom
• Ahold / Albert Heijn
• AID (Algemene Inspectie
Dienst)
• Air Cargo Nederland (ANC)
• Aircraft Fuel Supply BV
• AkzoNobel
• Alares
• Alliander
• American Water Works
Association USA
• Amsterdam Airport Schiphol
• Aircraft Fuel Supply BV
• AIVD
• AMS-IX
• APACS UK
• ATOS Consulting
• Australian Government
B • Bank Nederlandse Gemeenten
• Barclays London UK
• BBNed
• Belastingdienst
• Beveiliging en Publieke
Veiligheid Schiphol
• Booz & Compagny
• Bovenregionale Recherche
Noord- en Oost Nederland
• BP Nederland BV
• Brabant Water
• BT Nederland NV
• Bundesamt fur Sicherheit in der
Informationstechnik Germany
• Bundesministerium des Innern
Germany
C • CAIW
• Capgemini
• Cargonaut
• CBP
• Centric IT Solutions
• Cern Switzerland
• CIO Platform Nederland
• City University LondonUK
• Connexion
• Consumentenautoriteit
• Consumentenbond
• CP-ICT
• Centre for the Protection of
National Infrastructure (CPNI)
UK
• CERT Hungary
• Currence
• Cyber Security UK
• CyberSecurity Malaysia
• Cycris
D • DAF Truck NV
• David Lacey Consulting UK
• De Kinderconsument
• De Nederlandsche Bank
• Delft TopTech
• DELTA
• DELTA Netwerkbedrijf
• Deltalinqs
• Department of Homeland
Security USA
• Digibewust
• Douane / Belastingdienst
• Dow Benelux BV
• Dow Chemical USA
• Dröge en Van Drimmelen
• DSM
• Duinwaterbedrijf Zuid-Holland
• Dusecon
• Dutch Hosting and Provider
Association
• Duthler Associates
E • E.ON Benelux NV
• Ebay / Marktplaats
• ECP-EPN Platform voor de
InformatieSamenleving
• ECT
• Edridge Fotografie
• Egemin
• Electrabel
• Emerson
• Eneco
• Energiened
• Enexis
• ENISA Greece
• EPZ
• EQUENS
• Erasmus Medisch Centrum
• Erasmus Universiteit
Rotterdam
• Essent
• Evides
F • Faber organisatievernieuwing
• F. van Lanschot Bankiers NV
• Federal Bureau of
Investigation USA
• Federal Department of Finance
USA
• FHI
• FIOD-ECD
• Fleishman
• Fortis Bank
• FOX-IT
• Friesland Bank NV
• Fugro
NICC spring report 2010
27G • Gasunie
• GBO. Overheid
• Getronics PinkRoccade
• GOVCERT.NL
• GVB
H • Haagse Hogeschool
• HBD Total Security
• Heineken
• Het Expertise Centrum (HEC)
• HIMA
• Hogeschool Utrecht
• Holland Casino
• Honeywell
• HCSS The Hague Centre
for Strategic Studies
• HTM
• HungaryCERT
I • IBM Nederland BV
• ICT Media BV
• ICT Recht
• ICT Regie
• ICT-Office
• Idaho National Laboratory USA
• Infocomm Development
Authority of Singapore
• Information Security Forum UK
• ING-Postbank
• Inspectie voor de
gezondheidszorg
• Inspectie voor Werk & Inkomen
• Internet Watch Foundation UK
• ISOC
• ISP Connect
• IT-sec
J • JPCERT
• Johns Hopkins University
Washington USA
• Joint Research Centre EU - Italy
K • Kahuna
• Kaspersky
• KEMA
• Kennisnet/ICT op school
• KLM
• KLPD
• Koninklijke Marechaussee
• KPN
• KTH Electrical Engineering
Sweden
L • Laborelec
• Leaseweb BV
• Liander (voorheen Continuon)
• Lucht Verkeersleiding
Nederland (LVNL)
• LUMC (Leids Universitair
Medisch Centrum)
M • Mactwin
• Madison Gurka
• Marcel Rozenberg Photography
Design
• McAfee International BV
• Melani Switzerland
• Meldpunt Kinderporno
• Meldpunt Discriminatie Internet
• Meldpunt Kinderporno
• Metropolitan Water District of
Southern California USA
• Ministerie van Binnenlandse
Zaken en Koninkrijksrelaties
• Ministerie van Economische
Zaken
• Ministerie van Justitie
• Ministerie van Verkeer en
Waterstaat
• Ministerie van VROM
• MKB-Nederland
• Motion Picture Associates
• MSB Swedish Civil
Contingencies Agency
N • NAVI
• National IT and Telecom
Agency Denmark
• NBC Universal
• NCTb
• Nedap
• Nederland BreedbandLand
• Nederland Digitaal in
Verbinding
• Nederlands Politie Instituut
• Nederlandse Thuiswinkel
Organisatie
• Nederlandse Vereniging van
Banken
• NICTIZ
• NISA Israel
• NISC Japan
• NLKabel
• NLnetLabs
• Noordelijke Hogeschool
Leeuwarden – Lectoraat
Cybersafety
• NS
• Nuon
• NXP
O • Oake Communications
• Oasen
• OBT / TDS printmaildata
• Océ
• Office of Cyber Security -
Cabinet Office UK
• Office of Cyber Security and
Critical Infrastructure
Coordination NY USA
• Online
• Openbaar Ministerie
• Optimeamise
• OPTA
• Österreichisches Institut für
Internationale Politik (OIIP)
• Osage
28 P • Philips
• Platform voor
Informatiebeveiliging (PvIB)
• Politie
• Politieacademie
• Port of Rotterdam (Gemeente-
lijk Havenbedrijf Rotterdam)
• Programma Aanpak
Cybercrime (Politie)
• Programma Cybercrime (OM)
• Programma Veiligheid begint
bij Voorkomen (Justitie)
• ProRail
• PWC Consulting
• PWN Waterleidingbedrijf
Noord-Holland
R • Rabobank Nederland
• Radboud Universiteit Nijmegen
- Dept. of Computer Science
• RET
• Rijkswaterstaat
S • Santa Clara Valley Water
District USA
• Secrétariat Général de la
Défense et de la Sécurité
Nationale France
• Schiphol Group
• Schiphol Telematics
• School of Computing &
Information Systems
University of Tasmania
• Secretariat general for national
defence France
• SERN
• Shell
• Shell/NAM
• SIDN
• SOVI (Strategisch Overleg
Vitale Infrastructuur)
• SNBReact
• SNS Bank NV
• SRI International USA
• Stedin
• Stichting BREIN
• Stichting Kennisnet ICT op
school
• Stichting M
• Stichting Magenta
• Stichting Mijn Kind Online
• Stork BV
• Surfnet.nl
• Symantec
• Syntens
T • T-Mobile
• Tappan
• Tekstbureau De Nieuwe
Koekoek
• Tele2
• TenneT
• TNO
• TNT Post
• Translink
• TU Delft
U • UMC St.Radboud Nijmegen
• Uneto-VNI
• Unilever
• Universitair Medisch Centrum
Utrecht
• Universitair Medisch Centrum
Twente
• Universitair Medisch Centrum
Groningen
• Universiteit Twente – Faculteit
EWI
• Universiteit van Maastricht
• Universiteit van Tilburg –
Faculteit der Rechtsgeleerdheid
• UPC
• Urenco Nederland BV
• US Department of Homeland
Security
V • Vattenfall Sweden
• Vereniging van Nederlandse
Gemeenten (VNG)
• VEWIN
• Veiligheidsmonitor bureau
• Veola Transport
• Verbund Austria
• Verdonck Klooster &
Associates (VKA)
• Verizon Business
• VIAG
• Vitens
• VNO-NCW
• Vodafone
• VU Medisch Centrum (VUmc)
W • Warner Bross
• Water Supply (Network)
Department Singapore
• Waterbedrijf Groningen
• Waterleidingsmaatschappij
Drenthe (WMD)
• Waterleidingsmaatschappij
Limburg (WML)
• Waternet
• Wetenschappelijk Bureau OM
• WIB
• Wintershall Noordzee BV
• Witteveen & Bos
• WODC
X • XS4ALL
Y • Yokogawa
Z • Zeehavenpolitie / Port Security
• Zeelandnet
• Ziggo
Peter Hondebrink (Ministry of Economic Affairs)programme commissioner
Annemarie Zielstra (ICTU)programme manager
Auke Huistraproject manager
Wynsen Faberproject leader NICC Action Research Project
Roeland Reijersproject leader
Saskia Kroon (ICTU)programme secretary
Manou Ali, Tjarda Hersman, Nicole de Ridder, Christiaan Colenprogramme support
Cor Ottenscommunications adviser
Eric LuiijfNICC expert pool (SCADA/PCS)
NICC programme
Published by: NICC / Original Dutch text: Tekstbureau De Nieuwe Koekoek, Utrecht / Photography: Marcel Rozenberg Design &
Photography, Schiedam / English text: Oake Communications, Amsterdam / Design: OSAGE, Utrecht / Printed by: OBT / TDS
printmaildata, Schiedam
June 2010
The NICC programme is an ICTU-programme, commissioned by the Ministry of Economic Affairs. The motto of the ICTU is:
helping governmental organizations to perform better with ICT. ICTU combines knowledge and expertise in the areas of ICT
and government. The ICTU executes a wide range of projects for and with governmental organizations. In this way, policy is
translated into concrete projects for the government. More information can be found at www.ictu.nl.
NICC | ictu
Visiting address
Wilhelmina van Pruisenweg 104
2595 AN The Hague
Postal address
P.O. Box 84011
2508 AA The Hague
The Netherlands
T +31 70 888 7946 / [email protected]
www.samentegencybercrime.nl
NICCunited against cybercrime
Related Documents
