CPB notes in his “Risk Reporting Cybersecurity Economy ‘on the increasing risk of cyber crime aimed at financial gain. The government should take in the field of encryption and authentication to mitigate this risk a leading role.
The report of the Central Planning was drafted jointly with the NCSC and provides insight into economic problems internet crime and the consequences for Dutch businesses and consumers. One of the findings of the report is that increases the risk of this type of crime, because the probability of detection is low and the returns are high.
The CPB discusses encryption and authentication, in which it establishes that this techniques in many cases not be used because there is coordination failure: “Encryption can only be used effectively for communication as a large group of users uses the same method,” the report says. In addition, as an example, referring to WhatsApp in that for all users end-to-end encryption deployment. The government should act according to the CPB as lead user of encryption and authentication by itself to provide public infrastructure and to require standards. This would coordinate failure must be avoided.
The CPB refers to as an example of such infrastructure to Idensys. Moreover, governments would improve the security of communication via e-mail by themselves using safe standards such as TLS, dkim, DMARC and spf. A recent survey showed that the vast majority of Dutch municipalities protect their email poor. In response, announced Minister Plasterk recently that municipalities until the end of 2017 have the time to turn on DNSSEC and TLS on their e-mail servers.
Also apparent from previous figures that the number of reports of cyber crime remains low, despite the fact that eleven percent of the Dutch victim thereof. This CPB recommends making declarations via internet, for example, phishing and ransomware, currently citizens would namely still have to go to the police station. There are often present intake workers who have little knowledge on these subjects. Better training could contribute their knowledge, something the police have already started with. In addition, encourages the Agency to use a central desk where reports of Internet crime can be compared with each other.
Another problem area is the fragmented market of security services. Providers of such services often only within their own borders or regions are active. One of the solutions of the CPB is the creation of a Dutch or European certificate for these companies, allowing small and medium enterprises gain a reputation and more easily across national borders may be active. A similar initiative this week was proposed by the European Commission.
The problem of vulnerabilities in software also plays a role in the report. This CPB carries the possibility to hold developers responsible for vulnerabilities, as they have taken enough precautions.
The report was presented Wednesday to Secretary of State Klaas Dijkhoff.
No comments:
Post a Comment