Digital resilience affected by NCSC withholding information
Digital resilience affected by NCSC withholding information
In response to the article in the Financieele Dagblad of last August 17th with the title "The government knew who was vulnerable, but still allowed companies to be hacked. The government throws away information about hacks from companies", CIO Platform Nederland is calling on the government today to never let this happen again. And to take up its role for the digital resilience of Dutch society.
According to the FD, a cybercriminal has recently hacked several Dutch companies and put passwords online. The Ministry of Justice and Security had been explicitly warned in advance that many of these organizations were at risk but did nothing with the information received. The companies would be 'not vital'.*
The article continues that the NCSC (National Cyber Security Center, ed.) has done everything to inform organizations within the “legal possibilities”. Unfortunately, “organizations outside the legal mandate cannot be informed by the NCSC.
Ronald Verbeek, general director of CIO Platform Nederland, states that the government could have prevented a lot of damage to parties if it had shared the information and had not withheld it. It should not be the case that, because the government has imposed too many restrictions on itself in legally establishing and adhering too tightly to the scope of the NCSC, other companies and organizations will suffer.
The Ministry of Justice and Security could solve this problem by either broadening the scope of the NCSC** for such cases, as they wrote this law themselves, or by sending such information to parties outside its scope via the DTC*** (Digital Trust Center). The center was created precisely for that.
CIO Platform Nederland calls on the Ministry of Justice and Security to prevent further damage to the business community by never letting this happen again. And to take its responsibility by coming up with a targeted solution immediately (rather in weeks than in months). The Minister of Justice and Security is always happy to point the business community to cyber security responsibilities, and rightly so, but this is a situation where he can quickly take steps to make Dutch companies cyber safer.
CIO Platform Nederland
Ronald Verbeek, Algemeen Directeur
Footnotes
* The FD article (in Dutch): https://fd.nl/ondernemen/1353350/overheid-wist-wie-kwetsbaar-was-maar-liet-bedrijven-toch-gehackt-worden
** The legal task of NCSC (in Dutch): https://www.ncsc.nl/over-ncsc/wettelijke-taak
*** The scope of DTC: https://www.digitaltrustcenter.nl/over-het-digital-trust-center