if you are major vulnerabilities, such as last week’s, in that the servers, Citrix, there is no central organization that is responsible for further solution. The coordination is distributed among multiple organizations, resulting in miscommunication and delays in the clearing of the leakage results, say the experts at NU.nl.
“the Information is often not sent to the right person,” says Frank Breedijk, head of information security at Schuberg Philis. According to Matthijs Koot, working at Secura, and as a visiting researcher at the University of Amsterdam, it has something to do with the lack of a national co-ordination.
What was it again, the vulnerability in Citrix? Citrix provides software to organizations all over the world, Thus employees are able to from home and logging on to the systems of their employer, Citrix and now ever since last december, a vulnerability, an attacker could result in a complete system to take over as a precaution, and were the networks of the Dutch parliament and ministries are shut down, This week released updates for the vulnerability, and to resolve the ‘NCSC is not the guardian of the whole of the digital Holland”
In the Netherlands we have the National Cyber Security Centre (NCSC). “As the name suggests, is that they are taking over the cyber security of the whole of the Netherlands,” says This. “But that’s not the case at all.”
“The NCSC has lots of useful information available in the public domain, including their contact with Citrix and its value as evidence. However, if they have a list of a number of ‘donuts’, that have nothing of their vulnerable systems and to have done so, then cut that list in half. The most important and rijksoverheidsorganisaties at the top of the list is to be neat, to have their issues brought to the attention of, and in the second part of the saying with the NCSC not to be able to and be allowed to do so.”
Koot recognizes that an annoyance of This. “If I give them a list and send it with the vulnerable servers, and there are only the servers that are in a government agency or a “vital organization,” hear. The NCSC is not the guardian of the whole of the digital in the Netherlands.”
finally, The NCSC is part of the ministry of Security and Justice and has the task of vital service providers and other parts of the Empire,” is to inform and advise you on threats to your network. Other organizations, such as health care and education, are not subject to the statutory duties of the NCSC.
Not all organizations have been alerted to a vulnerability,
, As did the NCSC in december, all of the vulnerabilities have been identified in the Citrix. The most important organisations that were previously active, notified, but not vital to organizations.
as The NCSC allows, to NU.nl know, however, is a general warning about the Citrix solution will be escalated to the so-called CERT, a Computer Emergency Response team. His expertise in the area of cybersecurity, which will focus on a particular sector. The Digital Trust Center (DTC), which focuses on companies operating in the Netherlands, has been informed. The task is then for them to be vulnerable, organisations have to inform them.
However, not all businesses have a CERT. The companies are not required to have a CERT to connect. That is not all. As a result, not all of the vulnerable organizations of the report, says Koot. “Also, staff members of the CERT are to be limited in both time and money. In some cases, the CERT task, in addition to a regular job.”
‘the ultimate Responsibility lies with the organizations themselves” < / p> Koot says that the organizations responsible have been and will continue to protect the security of their own systems. “It’s legal and it should stay as it is. However, it appears from the Citrix and vulnerability, and that there is maatschappijbreed is not sharp, and is fast enough to act as new vulnerabilities become known.”
A spokesman for prime minister Ferd Grapperhaus of Justice and Security, stressed that in the last couple of days of intensive co-operation with “all of the relevant vakdepartementen and organisations. Grapperhaus told me Wednesday, during the oral question time in the house, that allied nations of the Netherlands, complimented the approach of the Citrix problem.