NCSRA exposure at NCSC One Conference

14 april 2015

The National Cyber Security Centre (NCSC) contributes to increasing resilience of the digital domain in Dutch society in collaboration with the private sector, the government, and academia. The NCSC has a vital supportive function in society, providing central government and critical infrastructure with expertise and advice, responding to cyber threats and acting to strengthen crisis management. At the annual NCSC One Conference special interest for research, development and innovation is shown. In this area several official national organisations, like the Netherlands Organisation for Scientific Research (NWO) and the Netherlands Enterprise Agency (RvO) respect the National Cyber Security Research Agenda (NCSRA) in funding Dutch cybersecurity research. At the NCSC One Conference results of innovation and research presentations were shown.

Information market shows 8 prototypes of innovative cybersecurity products
In 2012 the Dutch Government invited companies to write proposals for the development of innovative cybersecurity products. As a result of winning the Small Business Innovation Research (SBIR) public procurement tender, and after having delivered a convincing feasibility study, eight companies are ready to demonstrate their product prototypes to NCSC One attendants. An SBIR tender like this is referred to as short term R&D.

Winning companies are: Infosecure/BeOne, Sightes, Compumatica Secure Networks, Software Improvement Group, Coblue cyber security, BusinessForensics, Atos and Thales.

Demonstrations are centered around the research themes ‘detection of threats’ and ‘resilience of organizations’. These themes are a subset of research themes introduced in the NCSRA. This research agenda was the framework for a first cybersecurity tender for short term R&D and long term more fundamental research, jointly executed by RvO and NWO, funded by four Ministries and NWO.


NWO Long Term Research presentations

In the 2012 - 2014 timeframe the Netherlands Organization for Scientific Research (NWO) funded and organized two calls for proposals on long term cybersecurity research. These NWO calls were combined with SBIR calls into two national tenders for short term R&D and long term cybersecurity research.

TU Delft – Maciej Korczynski (PI Michel van Eeten): Reputation Metrics Design to Improve Intermediary Incentives for Security, NWO project from the first cyber security tender

Maciej Korczynski: “In this presentation, we describe a collaboration between Delft University of Technology, the Dutch National Police, the Authority for Consumers and Markets and the Public Prosecutor. This collaboration aims to enable law enforcement to engage with hosting providers and determine which factors influence internet abuse in the Dutch hosting provider market, based on robust metrics. As such, this project intertwines large data sets on Internet abuse with robust metrics and the criminological concepts of problem-oriented policing and positive criminology. We present an approach to develop reputation metrics for the security of hosting providers. Next, we present how several law enforcement agencies will use the proposed metrics to engage the hosting provider community.”

The Reputation Metrics project, originally proposed by Prof. van Eeten in the 2012 tender, could be categorized under the research themes: Malware, Cybercrime, Risk Management, Economics and Regulation.

Universiteit van Tilburg – Karine e Silva (PI Bert-Jaap Koops): Public-private actions against botnets: establishing the legal boundaries, NWO project from the second cybersecurity tender

The Botnets project, originally proposed by Prof. Koops in the 2013-2014 tender, could be categorized under the research themes: Attack Detection, Attack Prevention and Monitoring, Risk Management, Economics and Regulation.

The BotLeg project is a common effort led by TiU, Abuse Information Exchange, NHTCU, SIDN, SURFnet and LeaseWeb. Under this project, TiU is investigating the legal issues surrounding public-private partnerships against botnets in The Netherlands and abroad. Anti-botnet public private partnerships are on the growth, but fundamental legal questions are left open, and operations seem to walk on a grey zone. In the BotLeg project, we address three fundamental legal questions that will advance our understanding of the problem:

  1. Are there legitimate grounds enabling public-private partnerships to exchange infection data about botnets?
  2. What are the legal limits applicable to mitigation tools and techniques?
  3. How far can PPPs contribute to the fight against botnet without arrogating the competence of public authorities?

Moreover, TiU will look at end-user disinfection and alerts, legal limits of intelligence gathering, use of private sector data by law enforcement, jurisdictional issues on criminal investigation and soft-law initiatives. In this presentation, Karine will expose the main legal questions faced by private and public sector and shed a light on how public-private partnerships against botnets can succeed. She will discuss legal perspectives on privacy and criminal law/criminal procedure, with broad implications for the International and Dutch cybersecurity communities.


The themes, mentioned above, together with other research themes covering the research area, are introduced in the Dutch National Cyber Security Research Agenda (NCSRA).This research agenda served as the framework for cybersecurity tenders held so far.

NWO-DHS Long Term joint Research presentations

In 2013 the Netherlands Organization for Scientific Research (NWO), together with the US Department of Homeland Security (DHS) organized a call for proposals on long term joint cybersecurity research. This call was funded by DHS, NWO and NCSC.

VU Amsterdam
Herbert Bos: Malware on smartphones: collection, analysis and defensive measures, NWO-DHS project

Herbert Bos: “In a joint project between UCSB and VU University Amsterdam, we work towards analyzing complex malware on smartphones. While the US side focuses mostly on static analysis and the Dutch side on dynamic analysis, both partners find themselves in an analysis platform to which they both contribute functionality. In this presentation, we will focus on the dynamic analysis provided by our TraceDroid solution and show how we can trace existing malware such as Zitmo. However analysis can only do so much. In the second half of this talk, we will explain some of the major challenges that we are facing. First,  we  explain why even the most advanced static and dynamic analysis is not able to detect all malware in the App/Play Store. Next, we explain that the current trend toward seamless platform integration ("anywhere computing") may have serious security consequences by means of a demo exploit.”

The Malware on Smartphones project, jointly proposed by Prof. Bos (VU) and Prof. Kruegel (UCSB), could be categorized under the research theme: Malware and Malicious infrastructures.

This theme, together with other research themes covering the research area, are introduced in the Dutch National Cyber Security Research Agenda (NCSRA).This research agenda served as the framework  for cybersecurity tenders held so far.