Minister Grapperhaus of Justice and Security informs the House of Representatives about the hostage software attack on Security Region North and East Gelderland (VNOG) in September this year. Among other things, the minister reveals that the attackers did not capture any data.
Security regions play a crucial role in crisis management. From my responsibility for this system and also my coordinating role in the field of digital security, I consider it important to inform your Chamber about a recent hostage software attack on the Security Region of North and East Gelderland (VNOG). On September 12, the VNOG board informed me that it had been hit by hostage software. This attack hit internal systems and severely disrupted office processes in particular. Critical processes such as C2000, control room processes and deployment processes for the fire department functioned continuously. The board of VNOG has indicated that the safety of personnel and citizens in the aforementioned security region is not and has not been at issue. This also applies to the role of the Security Region in combating the coronavirus.
In close cooperation with both public and private partners, efforts are underway for early recovery. Systems containing operational information are now working again. Meanwhile, employees have regained access to their work environment. An important condition for this was that security for working from home is in place.
At VNOG's request, the National Cyber Security Center provided initial incident response and helped initiate recovery. With specialists and experts, from national authorities including the police, among others, VNOG investigated whether the attackers gained access to data and what the consequences were. The conclusion is that no data exfiltration took place. The attack was immediately reported to the police and a report was filed.
The boards of security regions are primarily responsible for ensuring the resilience of their own regions' ICT systems. They are accountable for this in their own region. The Security Council views digital resilience as one of its strategic focal points. In this context, among other things, security regions actively participate in peer reviews of information security. Security regions conduct these jointly and they actively follow up on any recommendations arising from them. To this end, they have also organized themselves into an Information Sharing and Analysis Centre (ISAC) in which all regions participate.
Following the hostage software attack at VNOG, the security regions are investing in additional security measures including active security monitoring through an external SOC (Security Operations Center). In addition, there is a lot of focus on the actions and behavior of people.
I believe that the proper functioning of security regions is essential for risk and crisis management. Every effort is therefore being made to prevent the recurrence of such an attack on security regions at large. All relevant parties are and will remain alert and involved.
Ferd Grapperhaus
Minister of Justice and Security
