The Digital Trust Center (DTC), part of the Ministry of the Interior and Kingdom Relations, has proactively warned companies of a serious business-specific digital threat or vulnerability more than 35,000 times since June 2021. In the summer of 2022, the counter stood at more than 1,700 notifications.
The DTC receives information from collaborations with switching organizations and cyber researchers and does not investigate itself. If, after a number of checks, the received information is assessed as a serious cyber threat to a (non-vital) Dutch company, the DTC proceeds to notify this specific company.
By 2023, there were already 58 different cyber incidents prompting companies to notify. These cyber incidents mostly consist of vulnerabilities (for example, a security breach, configuration error or stolen login credentials) detected in Internet-connected devices or software. A recent example is the vulnerability in Progress MOVEit Transfer, a file-sharing application. This vulnerability was actively abused on a large scale and the DTC was able to quickly notify affected companies.
What many notifications are also about is the presence of a publicly accessible service (e.g., SNMP or Remote Desktop Protocol (RDP)) that may allow attacks on third parties. Therefore, the DTC reports the threat as soon as possible to the affected companies with an explanation of what actions can be taken to eliminate the threatening situation.
In 12 months, the number of companies receiving relevant company-specific alerts has increased significantly. Project leader Kim van der Veen says, "This is because we have been able to connect more sources to our data processing systems. Previously, sometimes we could not find a company name with a vulnerability found, but we could find data from network owners, for example an Internet service provider (ISP) or managed service provider (MSP). We see that network owners play an important role as a link between the DTC and the system owner. For this reason, we now also notify these network owners directly and count on them to take responsibility and either resolve this cyber threat or pass it on to the relevant company to whom the vulnerability applies." To avoid overloading network owners with notification emails, notifications about the same vulnerability are delivered in a bundle to the affected network owner.
Notified companies can contact the DTC if there are questions about the notification or advisories. The response is mostly positive; the threat information and advice received is mostly classified as useful and clear according to anonymous feedback the DTC receives from alerted companies.