Dutch companies and organizations can call on the Dutch Security Hotline starting today. This is a new cyber threat alert system developed by the business community. With the hotline, the initiators want to reduce the vulnerability of Dutch companies and strengthen cybersecurity.
So write the six initiators in a joint press release. They are the Dutch Institute for Vulnerability Disclosure (DIVD), Connect2Trust, Nationale Beheersorganisatie Internet Providers (NBIP), SURFcert, Ams-IX and AbuseIO.
Not being allowed to share threat information with Dutch companies and organizations has long been a thorn in the side of both politicians and businesses. The Network and Information Systems Security Act (Wbni) is a major obstacle. Namely, this law stipulates that the National Cyber Security Center (NCSC) and the Digital Trust Center (DTC) may only share such information with companies that are part of the vital infrastructure. These include energy suppliers, utility providers, Internet providers, telecom companies and financial institutions such as banks. The rest of the business community is missing out.
Instead of sitting idly by, people are working hard to change this undesirable situation. Last year, the Ministry of Economic Affairs and Climate worked on a bill to share information about cyber attacks and other digital threats with nonvital companies and organizations as well. Then-Minister of Justice and Security Ferd Grapperhaus took the lead in setting up a National Coverage System (LDS) to simplify information exchange between government, business and vital sector. And the DTC launched a pilot to share threat information on a broad scale.
There are also a variety of initiatives underway from the business community to share information about digital attacks more broadly and boost cybersecurity. For example, there are plans to create a kind of cybersecurity test-the official name is IT declaration. A company that wants to borrow money must meet certain minimum security requirements. In this way, the company demonstrates that it is doing its best to guard against hostage software, DDoS attacks and other cyber threats.
In September 2021, the six initiators of the Dutch Security Meldpunt announced that they were working on their own alarm system to warn others about hackers. It's not that the creators didn't trust politicians to solve the problem. However, they felt it was taking too long. In addition, they feared legal obstacles. "The government will always have legal constraints that a private initiative does not have. And it is also understandable that there is information that the government wants to keep to itself. So you will always end up with two systems," the initiators said.
As of today, the Dutch Security Hotline is official. All companies and organizations in the Netherlands that wish to receive threat information through the new alert system can sign up starting today. Chris van 't Hof, director at DIVD, is pleased with the initiative. "With most of the member organizations we already share lists of IP addresses and vulnerabilities found, each for their own constituencies to pass on our reports. With the Security Hotline, it becomes clear who can serve which constituencies and we can better help organizations in the Netherlands fix their vulnerabilities. Such private-public cooperation is, I think, unique in the world," he says.
Raymond Bierens of switching organization Connect2Trust concurs. "Cooperation between government and business is crucial to share information quickly and unambiguously. To prevent companies from not knowing where to get information from only to receive it twice or not at all, central distribution within and outside the National Coverage System is necessary."
The hotline uses NBIP's Cleannetworks platform and Connect2Trust's ThreatMatcher Intelligence platform for information sharing. The initiators have ambitions to grow further in the near future. Parties such as CyberVeilig Nederland, FERM (Rotterdam Port) and the DTC should then also share threat information with their constituents.
Frank Breedijk of the DIVD emphasizes that the Dutch Security Hotline has had national coverage from day one. "We provide information about actually vulnerable systems not only to parties that actively register, but also unsolicited to organizations that have not yet done so." He therefore urges organizations to register with the hotline as soon as possible.
