CSAN 2019: Disruption of society looms ahead

Digital threats to national security are a permanent fixture. Most critical processes and services in the Netherlands are completely dependent on ICT. Fallback options and analogue alternatives are virtually non-existent. Dependence on digitised processes and systems has increased to such an extent that any impairment to these systems and processes can cause socially disruptive damage. The scale of the threat and the fact that resilience is lagging creates risks for national security.

The effects of the substantial investments by public and private organisations, the effects of cybersecurity legislation and the effects of notification obligation (NIS directive) will become apparent over the next few years. This is written in the Cyber  Security Assessment Netherlands (CSAN) 2019 published by the Dutch National Coordinator for Security and Counterterrorism (NCTV).

Nation state-actors constitute a permanent digital threat

The biggest digital threat to national security is posed by countries like China, Iran and Russia, the threat consists of espionage, disruption and sabotage. This is also shown by the annual reports of the Dutch intelligence and security services. China poses the greatest threat of economic espionage by far. For Russia, the Netherlands is also an interesting target for espionage for example relating to MH17. The Netherlands is dependent on an limited number of providers of digital services and platforms from a limited number of countries., this makes our society more vulnerable to the shifting intentions of these providers and countries. The vast majority of hardware and software is either designed or produced in China and the USA. Third countries sometimes have different legislation or rules governing issues such as privacy or data access. The threats from cyber criminals remain an issue. Due to the low level of knowledge required to carry out a cyber attack, it is expected that this will continue to be a problem for years to come.

Analogue alternatives and fallback options are virtually non-existent

Due to the almost complete dependence on digitisation, digital security of processes and underlying systems has become an essential factor for ensuring our society and economy fuctions smoothly. A single incident in an individual network could cause a chain of incidents and in the end lead to failure in the provisioning of gas, water or electricity. As a result of the near total disappearance of analogue alternatives and the absence of fallback options, dependence on digitised processes and systems has increased to such an extent that any impairment to these systems and processes can cause socially disruptive damage. This does not necessarily involve any malicious intent, as breakdowns and unintentional damage can also cause social disruption.

Resilience not in order in all areas

Boosting resilience is the most important tool in reducing risk, affecting the various threats and dependency levels has proven to be a complex challenge. Organizations are being successfully attacked using simple methods and many such incidents could have been prevented or the damage mitigated if basic measures had been implemented. The challenge of the coming years is to keep up resilience in light of increasing (inter)dependence and chanting threat landscape.