CSAN 2020: Cyber incidents can paralyse our society

Cyber incidents can strike at the very heart of our society and paralyse it for shorter or longer periods of time. During the past year there have been various incidents that illustrate the potential impact of a technical failure or digital attack. These include the vulnerabilities in Citrix products, the temporary unavailability of emergency number 112 due to a technical issue at KPN, and various ransomware attacks, such as the one that targeted Maastricht University. 

Oosterscheldekering
©Nationale Beeldbank

Our society is highly dependent on digital processes, and analog fall-back options are not always available. As a result, the chance of a cyber incident with repercussions for the physical world and the potential impact of such an incident are both on the rise. Due to the situation created by the COVID-19 pandemic, we have only become more dependent on digital technology. These are some of the key conclusions of the annual Cybersecurity Assessment for the Netherlands (CSBN), which is released by the National Coordinator for Security and Counterterrorism (NCTV) and produced in collaboration with the National Cyber Security Centre (NCSC).

Cyber risks have not diminished and remain fundamentally the same

The digital threat posed by state actors, in the form of espionage and sabotage, is a permanent threat to our national security. In addition, there is an undiminished risk of a large-scale failure of critical processes. The NCTV also concludes that the effects of certain types of crime, such as ransomware attacks, could have society-wide effects. Although the Netherlands has so far been spared socially disruptive cyber incidents, such incidents cannot be ruled out in the future.

Cyber risks are intertwined with other risks

Due to the far-reaching digitalisation of our society, cyber risks have an impact that extends beyond the digital domain. Cyber risks are intertwined with other risks. The 2008 financial crisis and the current pandemic show how great the impact of a crisis can be, in both social and economic terms. A combination of a large-scale cyber incident and, for example, the COVID-19 pandemic would have major consequences. Thanks to widespread digitalisation, it has been possible for companies, educational institutions and other parts of society to continue to function to some extent during this pandemic. The downside of this is that the digital domain is under unprecedented pressure; a large-scale technical failure could cause major damage.

Boosting resilience is key

In the face of a permanent cyber threat and potentially paralysing effects, we must remain focused on our cyber resilience. The NCTV notes that, in spite of this, many companies and organisations (including government bodies) are not adequately resilient and are therefore extra vulnerable. We also lack a complete, accurate overview of the cyber resilience of critical processes in the Netherlands. Some parties have things sufficiently under control; others do not. The digital resilience of ministries and some central government organisations also remains a matter of ongoing concern.