Netherlands bundles knowledge about cyber crime

RNW archive

This article is part of the RNW archive. RNW is the former Radio Netherlands Worldwide or Wereldomroep, which was founded as the Dutch international public broadcaster in 1947. In 2011, the Dutch government decided to cut funding and shift RNW from the ministry of Education, Culture and Science to the ministry of Foreign Affairs. More information about RNW Media’s current activities can be found at

The Dutch government has set up a new National Cyber Security Centre (NCSC) to deal with with the growing problem of online crime. The NCSC, which is a public-private partnership, commenced operations on 1 January 2012. Its ambition is to grow, in a phased manner, into the cooperation platform for cyber security in the Netherlands.

Cyber crime is a growing problem for governments, businesses and citizens alike. That became clear in 2011 when an Iranian hacker managed to break into the files of the company DigiNotar that provides security certificates for Dutch government websites. This gave the digital intruder access to sensitive information from and about citizens. And in December 123,000 Dutch domains were infected with a virus, which appears to have been a targeted attack.

In the Netherlands several government departments are involved in the fight against cyber crime - and that's precisely the problem. The NCSC should improve coordination between them. The centre will bundle together a lot of knowledge and expertise. The NCSC is composed of over sixty people and will deal especially with the major issues.

Wouter Stol is cyber safety expert at the NHL University of Applied Sciences in Leeuwarden. He sees the NCSC as a good start:

"It's a clear move to streamline the approach to cybercrime. But it's not just about coordination. There's far too little knowledge in the public sector. How do you handle the problems with cyber crime? How do you organize it? Much remains to be done."

The fight against cybercrime is still in its infancy, according Mr Stol. First you have to map properly how cybercrime - nationally and internationally - actually works. Cyber criminals are a difficult group because they often don't operate from a fixed location. An efficient response is only possible through international cooperation that is fast and smooth.

To keep up with the technical know-how of the cyber criminals, the government has suggested turning to "ethical" hackers. This is the group that detect various leaks and weak spots. They hack the sites of companies and governments to identify the problems, not for criminal reasons. Wouter Stol thinks that these hackers will soon be needed.

"Developments in the digital world are rapid. Training a few internet producers isn't enough. Before you know it you'll be left behind. It's a good strategy to gain the latest knowledge in a flexible manner. So you also need the hackers."
But there's much criticism of the NCSC from the hacker community. Based on past experiences with the government, they have little confidence. Brenno de Winter is an investigative journalist and internet expert. He showed last year how easy it is to crack the Dutch public transport card - the OV-chip card. The Public Prosecutor's office initially wanted to sue him for fraud, but finally decided to dismiss the case.

Brenno de Winter sees little merit in working with the new centre:

"At the moment, if hackers report a security incident it's expected that they'll keep quiet about it and solve it confidentially. And yet at the same time, other companies may be experiencing the same issue. In addition you must be a friend of the NCSC in order to make use of their knowledge."

The Dutch hackers are working on their own platform called 'Hackersleaks'. The platform offers the possibility of reporting leaks in the security of websites anonymously to businesses and governments. Most hackers are afraid that otherwise they would be in trouble with the law. Since 1993, hacking has been punishable in the Netherlands. And at the moment that law doesn't take good intentions into account.