U bent hier

dcypher verenigt onderzoekers, docenten, producenten, gebruikers en beleidsmakers in Nederland om kennis en kunde over cyberveiligheid te verbeteren

Impressie National Cyber Security Summmer School NCS32017

Cybersecurity hoogleraren vrezen dat Nederland digitaal onder water komt te staan!


On Tuesday June 5, the third edition of the National Cyber Security Research Agenda (NCSRA-III) was presented in press center Nieuwspoort in The Hague. Earlier that day, Mark Bressers had already received the first copy on behalf of secretary of state Mona Keijzer from the Ministry of Economic Affairs and Climate.The NCSRA has been written as a guideline for public-private partnerships within the national research into cybersecurity. The research is divided over five pillars: design, defence, attacks, governance, and privacy. Each pillar requires contributions from computer science, technology, social sciences and the humanities. The NCSRA-III is an initiative of dcypher, the Dutch platform for higher education and research in the field of cybersecurity.While in other countries the research on digital security has been divided in separate fields with little interaction, the Netherlands has deliberately opted in the NCSRA-III to make connections between the separate disciplines of cybersecurity research, says Michel van Eeten, professor of Governance of Cyber Security, in his introduction on the new research agenda. This integration is also the big difference with the previous agenda, which appeared in 2013. Van Eeten shows in a graph how investments in cybersecurity research have declined in recent years. “We hope that this agenda contributes to reverse that trend”, he concludes.Jan Piet Barthel, director of dcypher, next handed over a copy of the agenda to Patricia Zorko, cybersecurity director at the Ministry of Justice and Security, to Stan Gielen, chairman of the NWO Executive Board and also to Henk-Jan Vink, director of TNO-ICT.“I am proud of the progress that has been made with this new research agenda,” Zorko responds. “We need this to provide the Netherlands with a solid knowledge position in cybersecurity research. We want to reverse the downward trend in research funding by taking a first step forward already in 2018. Five ministries − Defense, Economic Affairs & Climate Policy, Justice & Security, Interior & Kingdom Relations and Foreign Affairs − have already agreed to invest one and a half million euros in cybersecurity research. But we are not satisfied yet. More needs to be done.”Speaking on behalf of research funding agency NWO, Stan Gielen comments: “I am pleased that this agenda brings together various components of the cybersecurity research and also includes the behavioral component. As far as funding is concerned, I can announce a new call for cybersecurity research proposals with a total budget of five million euros, within the framework of the national Top Sector policy.”“The multidisciplinarity of this agenda really appeals to me”, continues Henk-Jan Vink of TNO. “The NCSRA is leading in what we do at TNO. It is important to us that we close the chain that leads from fundamental research to concrete applications. That is why it is good to see that NWO, TNO and the ministries have started to cooperate more closely in recent years. I also see the NCSRA not only as an opportunity for research, but also for education. Good people are scarce and it would be good to have more of them.”The launch of the new research agenda was concluded with a panel discussion involving, in addition to Patricia Zorko and Stan Gielen, D’66 member of parliament Kees Verhoeven, CEO of Riscure Marc Witteman and professor of systems security Herbert Bos.Kees Verhoeven is co-submitter of a parliamentary motion that demands a more ambitious approach to cybersecurity research. Although the motion has been adopted by the House of Representatives, no response has yet been received from the government. “If the answer takes a long time, you have usually asked a good question”, says Verhoeven. “But there must be a reaction soon, because we really have to start accelerating forward.”Marc Witteman, on behalf of the business partners, emphasizes that the task of business is not so much to put money directly into academic research, but to develop new products and services in collaboration with universities. “Moreover, companies can be an important sounding board for the universities. We have a good view of what the pressing questions are.”Professor Herbert Bos examines the number of PhD students required: “Every year about 2500 new jobs are created for cybersecurity professionals. If you assume that about one per cent of this must have been trained at the highest level, so with a PhD-degree, we would have to deliver 25 PhD students per year. But the actual numbers are that we have delivered 25 PhD students in five years, between 2013 and 2018. That is actually five times too little. However, the good thing is that the level of scientific research has increased and that we are better organized as a research community.”Stan Gielen concludes the panel discussion with the comment that the NCSRA-III will form the basis for the cybersecurity research program of the coming years. “We can go forward for another four or five years.”Special thanks to sessionchair Peter Zinn Also see:The NCSRA-IIILaunch of the new research agenda for a safer societyFinal stage of the new digital security research agenda Text: Bennie MolsPhoto's: Sjoerd van der Hucht
Cyberattacks or disruptions on the cyber domain occur regularly. Sometimes vital sectors are target, such as banking, energy or transport. The attacks can therefore have a considerable impact on society. Cybersecurity is logically part of our national security. This requires that our knowledge remains up-to-date and that we anticipate possible new developments and threats. On June 5, dcypher launched the 3rd edition of the National Cyber Security Research Agenda (NCSRA III).The NCSRA III describes cybersecurity research challenges around five pillars, which together support cybersecurity research and development in the Netherlands. These pillars are: Design, Defense, Attacks, Governance and Privacy. Previous agendas were more disciplinary in design. With the now chosen division into pillars, scientific disciplines come together. They provide direction to the research and enable interdisciplinary collaboration. For example, each pillar requires contributions from computer science, technology, social sciences and the humanities. The goal is to contribute to the cybersecurity of various top sectors and NWA routes with the implementation of a single national cybersecurity research agenda. Hence the motto of the meeting on 5 June: "launch of a new research agenda for a safer society"New broad national call cybersecurityA few hours prior to the public presentation on 5 June, the first copy of the NCSRA III was presented to Mark Bressers director ICT policy, Ministy Economic Affairs & Climate Policy by the Director of dcypher and on behalf of the editorial team. During the public presentation, the NCSRA III was received by Patricia Zorko (Ministry of Justice & Security), Stan Gielen (NWO) and Henk-Jan Vink (TNO), each interested party in the implementation of this agenda. After receiving them, they were briefly given the opportunity to respond. In his response NWO president of the Executive Board Stan Gielen indicated that the NCSRA IIIwill be the framework for cybersecurity research programming in the coming years. NWO has also committed itself to setting up a broad national cybersecurity call through the Knowledge and Innovation Contract ICT 2018 - 2019. This call is currently being developed by NWO in collaboration with dcypher, the Top Sector ICT and the Top Sector Creative Industry. With this call NWO wants to meet the need to facilitate broad (interdisciplinary) research collaboration in the field of cyber security. In addition, NWO, together with various ministries, is investigating the possibility to contribute to cybersecurity knowledge development through the NWA.Establishment NCSRA IIIThe final editing team of the NCSRA III consisted of: Herbert Bos (VU), Michel van Eeten (TUD), Sandro Etalle (TU / e), Frank Fransen (TNO), Jaap-Henk Hoepman (RUN), Erik Poll (RUN) and Jan Piet Barthel (dcypher, NWO). Many have provided text contributions and comments from various disciplines and positions in the knowledge and innovation chain. This was done during the well-attended field consultation on 12 April, and through conversations with representatives of (economic) top sectors and NWA routes for which cybersecurity (research) is relevant. On 23 April, the dcypher Advisory Council approved the text and on 31 May the Cyber Security Council endorsed the agenda.Writers NCSRA III and Mark Bressers, min EZKltr Frank Franssen, Michel van Eeten, Luca Allodi, Herbert Bos, Mark Bressers en Jan Piet Barthel Also seeThe NCSRA-IIIIpoort Reception NCSRA III (Nieuwspoort) Final stage of the new digital security research agenda
On 5 June, the third edition of the National Cyber Security Research Agenda (NCSRA-III) will be presented. On Thursday 12 April, cyber security researchers and experts from universities, government institutions and companies discussed the final refinements to this new research agenda in the area of digital security. Computer viruses, hijacked computers, hacking, DDoS attacks, phishing and digital espionage are all threats to the digital security of citizens, companies and governments, and they reach the news headlines almost every week. As we have become increasingly dependent on digital services in our everyday lives over the past two decades, we have also become more vulnerable to such attacks.Cyber security researchers are developing new security systems to protect the Dutch digital society. The National Cyber Security Research Agenda (NCSRA) is intended as a framework for public-private partnership within national research into digital security. The agenda was published for the first time in 2011 and was followed by a second edition, NCSRA-II, in 2013. Five years after the second edition, considerable effort is being put into the realisation of a third edition, NCSRA-III. On Thursday 12 April, stakeholders discussed the draft texts of the agenda that were written earlier this year. The 90 participants included many academic researchers, but also experts from industry (including Philips, KPN, NXP, Secura and Rabobank) and representatives from government ministries, TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary.The NCSRA-III is subdivided into five pillars: better design, better defense, better organisation, better understanding of attacks, and improved privacy. For each pillar, the agenda clearly states what the relationships with the other pillars are. 'The agenda that was published five years ago was more compartmentalised', says chair of the event Wim Hafkamp, chief information security officer at Rabobank (and chair of the dcypher advisory council). At the time, we had nine themes that were largely studied independently. The world has changed since, and we are trying to respond to that by clearly considering the relationships between the five pillars. One example of the difference between the new agenda and the previous edition is that we now pay more attention to the psychological aspects of cyber security, for example the change of behaviour; we no longer examine just the technical aspects.'Jaap-Henk Hoepman, principal scientist of the Privacy & Identity Lab, states two ways in which the playing field for digital security has changed over the past five years: 'First of all, our society has become far more dependent on ICT than it was five years ago.'Second, it is better if we now assume that there is no such thing as an entirely secure digital infrastructure. Instead, we should assume that systems have been attacked and that the attacker has access. If this is the case, how can we best protect ourselves?After a plenary session in which the five research pillars were each briefly introduced by a university researcher, the rest of the afternoon was used for discussions. Two successive discussion rounds were organised for each pillar, so that each participant could comment on two of the pillars. At the end of the afternoon, the discussion leaders reported on the most important comments and remarks.The Pillar "Better design" assumes the idea that many security problems can be prevented by designing systems and services where security is one of the priorities from the outset: this is called security by design. When he presented this pillar, Erik Poll from Radboud University noted that, in recent years, everybody has been talking about security by design, but that far too little has been done about it in practice. An important point that emerged from the discussion round is that the end-user, in particular, should not be forgotten. The pillar "Better defense" is about preventing and detecting attacks, but also about responding to and recovering from attacks. The main challenge here is to efficiently and effectively increase the strength of all defensive resources, says Luca Allodi from Eindhoven University of Technology. "Better governance" is the third pillar. This pillar focuses on the owners of systems and services, namely citizens, companies and government bodies. How do they deal with the available technical possibilities to improve digital security? This pillar attracted the most discussion participants by far, including participants from TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary. Several comments concerned the concept of "security". Security has a subjective component, which is not objectively measurable by definition. But in addition, relatively few hard facts and data are available about the measurable component of security.  Kees Neggers, former director of Surfnet and one of the four Dutch people who have been included in the Internet Hall of Fame, expressed his concern that the deeper underlying causes of digital threats are not sufficiently tackled. For example, the current design of the Internet contains leaks that should be sealed according to him. That is technically feasible, but the investments required are scarcely being made. Representatives from industry expressed the concern that it is particularly difficult to get SMEs involved, even though they jointly constitute 95% of Dutch industry; there is an awareness of digital security among them, but also a lack of concrete action. Finally, Theo Jochoms, adviser on science and education at the Dutch police, noted that a lot of attention is devoted to defending against cyber attacks but relatively little attention to detecting these.The fourth pillar, "Better understanding of attacks", studies vulnerabilities in designs, protocols, systems, defense measures, etc. Without an understanding of vulnerabilities, we cannot defend ourselves. The human factor will be given attention as well. Exposing the psychology of the attacker also makes it possible to improve the defense. Botnets could be knocked out before becoming active, for example. The fifth and final pillar, "Improved privacy", ties in with the fact that privacy is a fundamental right within the EU – one that is protected by law. And just like the efforts to achieve security by design, efforts should also be made to design ICT applications in which privacy is a priority from the outset: privacy by design. One of the points raised during the discussion round was that privacy is also a part of identity management: proving that somebody is who he or she claims to be. A second interesting discussion point, submitted by Professor of Cyber Security Governance at Leiden University, Bibi van den Berg, is that privacy should not only be examined in the narrow sense of the term at the level of the individual but also in the broader sense of a community or organisation. People are very keen to share certain things, whereas they do not wish to share other things at all or just with a few people. And ideas about privacy have also changed over the course of time, but this aspect has barely been studied to date.All comments and remarks made during the discussion afternoon will be carefully considered, concludes Jan Piet Barthel, director of dcypher (the Dutch Cybersecurity Platform Higher Education and Research), the organiser of the discussion afternoon. Proposals for amendments can still be submitted until 23 April. Where necessary, the draft texts of the NCSRA-III will be modified. On 5 June, the third edition of the National Cyber Security Research Agenda will be presented at press centre Nieuwspoort in The Hague.Text: Bennie Mols, sciencejournalistTranslation: NST SciencePhoto's: Thijs ter Hart


Nederland als de digitale koploper van Europa. Om die doelstelling waar te maken, moeten bedrijven, consumenten en overheden sneller en innovatiever inspelen op het hoge tempo waarmee maatschappij en economie digitaliseren, aldus het kabinet. Daarom heeft Kabinet-Rutte III een Nederlandse Digitaliseringsstrategie met 24 bijbehorende ambities vastgesteld.Met die strategie wil de huidige regering bijvoorbeeld de Nederlandse economie versterken, zorgen voor betere digitale vaardigheden en cyberveiligheid in de maatschappij.De strategie ‘Nederland Digitaal’ is bekend gemaakt door staatssecretaris Mona Keijzer (Economische Zaken en Klimaat), minister Ferd Grapperhaus (Justitie en Veiligheid) en staatssecretaris Raymond Knops (Binnenlandse Zaken en Koninkrijksrelaties). Het is volgens hen voor het eerst dat het kabinet met een gezamenlijke strategie komt die goed inspeelt op de snelheid van de digitalisering en de impact hiervan op de samenleving.Zij zeggen op een verantwoorde manier de maatschappelijke en economische kansen van digitalisering optimaal te willen benutten met Nederland als pionier en proeftuin op dit gebied. Of het nu gaat om mondiale uitdagingen als betere en betaalbare zorg, CO2-reductie, een duurzame voedselvoorziening, hoogstaande logistiek of betere bereikbaarheid: digitale technologieën spelen bijna overal een sleutelrol om deze doorbraken te realiseren.AmbitiesDe 24 ambities en de daaraan gekoppelde acties richten zich op de maatschappij en economie. Bijvoorbeeld op een digitaal vaardig mkb op Nederland als wereldwijde testlocatie voor slimme mobiliteit. Aan Nederland Digitaal moet iedereen kunnen meedoen. Daarom richt de strategie zich op het vergroten van ict-vaardigheden van alle scholieren én de beroepsbevolking, maar ook op bescherming van persoonsgegevens en veilige technologie. Tot slot is er ook aandacht voor een eerlijke concurrentie op online markten en wil het kabinet dat de overheid zelf het goede voorbeeld gaat geven op het gebied van toegankelijke en transparante informatie, voorzieningen en technieken.Nederland behoort met haar infrastructuur voor vaste en mobiele communicatie al jarenlang tot de wereldtop. Online markten en digitale innovaties bieden extra groeikansen voor Nederlandse ondernemers. Investeringen in ict zijn inmiddels goed voor twintig procent van onze economische groei, beweert staatssecretaris Keijzer (EZK): 'Nederland Digitaal gaat onze economie en maatschappij sterker maken. Het bedrijfsleven heeft dankzij onze kennis en infrastructuur een goede uitgangspositie om kansen te verzilveren. Bijvoorbeeld in het mkb, waar online verkoop en omzet nu nog onder het EU-gemiddelde liggen. Met diverse programma’s ondersteunen we ondernemers gericht om door digitale technologieën te groeien. Voor het kabinet is het uitgangspunt dat iedereen moet kunnen deelnemen aan de digitale samenleving. Dat betekent meer inzet op veiligheid, privacybescherming, zelfbeschikking en digitale vaardigheden.'Eind april presenteerde minister van Justitie en Veiligheid, Ferd Grapperhaus, namens het kabinet de nieuwe Nederlandse Cybersecurity Agenda (NCSA). Minister Ferd Grapperhaus (JenV): “Gezamenlijk met het bedrijfsleven en de wetenschap zet dit kabinet de noodzakelijke stap om onze digitale veiligheid te versterken en de vitale belangen van Nederland beter te beschermen. De economische en maatschappelijke kansen kunnen we alleen verzilveren als Nederland digitaal veilig is. De impact en snelheid waarmee technologie zich ontwikkelt vragen om een dynamische aanpak die aangepast kan worden aan veranderende dreigingen. Veel van de maatregelen vragen om een sterkere inzet van de overheid, andere kunnen alleen met of door marktpartijen worden ontwikkeld.”Zoals aangekondigd in het regeerakkoord komt de staatssecretaris van Binnenlandse Zaken en Koninkrijksrelaties met een ambitieuze agenda voor digitalisering van de overheid. Recent heeft het kabinet ingstemd me een wetsvoorstel hiervoor.Digitale topDe strategie Nederland Digitaal wordt verder uitgewerkt in aparte agenda’s, zoals in de Nederlandse Cybersecurity Agenda die onlangs is verschenen, de Agenda Digitale Overheid, het Actieplan Digitale Connectiviteit en de beleidsagenda Smart Mobility. Het kabinet realiseert zich dat de wereldwijde ontwikkelingen rond digitalisering steeds sneller gaan. Nederland Digitaal wordt elk jaar geactualiseerd. Het kabinet organiseert daarom jaarlijks, voor het eerst begin 2019, een Digitale Top met ondernemers, wetenschappers, medeoverheden en maatschappelijke organisaties om de strategie te blijven vernieuwen. https://www.computable.nl/artikel/nieuws/digital-transformation/6383777/250449/kabinet-wil-nederland-digitale-koploper-europa-maken.html
GraMSec 2018 The Fifth International Workshop on Graphical Models for Security Oxford, UK - July 8, 2018 ABOUT GraMSec The use of graphical security models to represent and analyse the security of systems has gained an increasing research attention over the last two decades. Formal methods and computer security researchers, as well as security professionals from the industry and government, have proposed various graphical security models, metrics, and measurements.Graphical models are used to capture different security facets and address a range of challenges including security assessment, automated defence, secure services composition, security policy validation, and verification. The objective of GraMSec is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies and tools for their practical usage.http://gramsec.uni.lu/ Co-located with CSF 2018 (https://www.cs.ox.ac.uk/conferences/csf2018/) In conjunction with FLoC 2018 (http://www.floc2018.org/)PROGRAM of GraMSec 201809:00    Opening by Barbara Kordy09:10    Invited talk of Mike Fisk, Chief Information Officer at Los Alamos National Laboratory, NM, USA Intrusion Tolerance in Complex Cyber Systems10:10    Marlon Dumas, Luciano García-Bañuelos and Peeter Laud Disclosure Analysis of SQL Workflows10:30-11:00    Coffee Break11:00     Haozhe Zhang, Ioannis Agrafiotis, Arnau Erola, Sadie Creese and Michael Goldsmith A state machine system for insider threat detection11:45    Sabarathinam Chockalingam, Wolter Pieters, Andre Teixeira, Nima Khakzad and Pieter van Gelder Combining Bayesian Networks and Fishbone Diagrams to Distinguish between Intentional Attacks and Accidental Technical Failures12:30-14:00    Lunch Break14:00     Ilia Shumailov, Mansoor Ahmed and Ross Anderson Tendrils of Crime: Visualizing the Diffusion of Stolen Bitcoins14:45     Maxime Audinot, Sophie Pinchinat, François Schwarzentruber and Florence Wacheux Deciding the Emptiness of Attack trees15:30-16:00    Coffee Break16:00     Ross Horne, Sjouke Mauw and Alwen Tiu The Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement16:45    Harley Eades Iii, Jiaming Jiang and Aubrey Bryant On Linear Logic, Functional Programming, and Attack Trees17:30    Closing by George Cybenko and David J. Pym REGISTRATIONRegistration to GraMSec 2018 is handled via the website of FLoC https://www.floc2018.org/register/The early registration deadline is on June 6 If you need a support letter for a visa, please check https://www.floc2018.org/faqs/ PROGRAM COMMITTEE CO-CHAIRSGeorge Cybenko, Dartmouth College, NH, USA David J. Pym, UCL, UK GENERAL CHAIRBarbara Kordy, INSA Rennes, IRISA, FR
presenteert ethische principes voor AIGoogle heeft zijn “beginselen voor AI” gepresenteerd. De technologie moet, volgens deze principes, maatschappelijk voordeel opleveren, oneerlijke vooroordelen vermijden, veilig zijn, verantwoordingsplichtig en transparant zijn, bijdragen aan de wetenschap en niet schadelijk worden gebruikt (voor wapens of toezicht “dat verder gaat dan internationale normen”). Het is niet duidelijk hoe Google de principes gaat implementeren.Blogpost GoogleResponsible AI Practices 
Grote energiestoringen en overstroomde straten en wegen maken duidelijk hoe kwetsbaar onze infrastructuur is. Om het onderzoek op dit gebied te versterken, hebben de vier Nederlandse technische universiteiten het 4TU Resilience Engineering Centrum opgericht. Het centrum heeft al een intentieverklaring getekend met de gemeenten Rotterdam en Den Haag over de toepassing van ‘veerkrachttechnologie’.Nieuwsbericht 4TUNieuwsbericht UT 
Brainport Eindhoven krijgt als eerste in Nederland een Cyber Weerbaarheid Centrum. Dit gaat bedrijven weerbaar maken tegen digitale spionage en sabotage. Naar verwachting is het centrum eind 2018 operationeel. Het idee is om uiteindelijk in heel Nederland weerbaarheidscentra voor de kennisintensieve maakindustrie in te richten. Voor tips en informatie over digitale veiligheid kunnen ondernemers nu al terecht bij het nieuwe Digital Trust Center, een initiatief van het ministerie van EZK.Nieuwsbericht Smart IndustryNieuwsbericht RijksoverheidWebsite Digital Trust Center
Bekijk het volledige nieuwsoverzicht >