The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.
Cyberespionage and sabotage attacks, and also ransomware attacks against critical infrastructure and government offices will trigger the response of the Dutch authorities, explained Ben Knapen, Dutch Minister of Foreign Affairs.
The Dutch Minister added that the response to severe cyber attacks could be escalated, an attack against a critical response will require the rapid reply of the cyber defense, a response that disregards diplomatic relations between the countries involved.
Knapen highlighted the difficulty of attributing a ransomware operation to a specific threat actor, it explained that it is very complex to demonstrate that a non-state actor carries out the operation on the explicit instruction of or under the control of a state. As a result, the legal attribution of an act of a non-state actor to a state is usually not easy.
“For several years, the threat of ransomware attacks has been increasing around the world. A broad explanation of this threat is included in the Cyber Security Assessment Netherlands (CSBN) 2021, which was shared with the Chamber in June by the Minister of Justice and Security. One of the conclusions of CSAN 2021 is that cybercrime can affect national security if an attack causes massive damage, for example by disrupting vital processes. In a number of cases, cybercriminals enjoy the protection of the state from which they operate or there is cooperation.” Knapen wrote in a letter to the Dutch Parliament. “Due care principle In situations where attribution appears not to be possible in a legal sense, it may be desirable to look into a possible violation of the due care principle in the context of state liability law. The principle of due care means that states are expected to take into account the rights of other states when exercising their sovereignty. States have a duty to act when they have knowledge of the use of their territory in a way that harms the rights of a third state. Failure to comply with this obligation is a violation of an international law obligation.”
Knaped explained that severe ransomware attacks that threaten national security will be addressed with urgent and using any resource the government has at its disposal.
This process would involve investigating the attack, attributing it to a specific threat actor, and taking action against the aggressor.
An attack against a critical infrastructure will irge the response of the intelligence service and the Defense Cyber Command, both bodies have the cyber capabilities to carry out a counter-attack to disrupt the threat actors and to protect the state.
Knapen highlighted that the response to ransomware attacks by the Netherlands is different from the ones to other malicious cyber events that could request the adoption of diplomatic or legal channels first.
“In addition to the diplomatic measures described above, the cabinet is in a general sense to increase the digital resilience of the Netherlands. To increase the cybersecurity of the Netherlands and to combat cybercrime, the cabinet is taking various measures in the context of the National Cyber Security Security Agenda (NCSA) and the integrated approach to cybercrime.” continues the letter. “Examples of measures that are taken are to promote safe hard and software, awareness activities and enhancing capabilities for the detection. The Minister of Justice and Security recently informed you informed about the status of these measures in the progress report from the NCSA and the progress report from the integrated tackling cybercrime.”
The good news is that the Netherlands has yet to face a massive ransomware attack against its infrastructure, such kind of offensive only targeted private businesses.
The approach announced by the Dutch government is the same proposed by other states, such as the US and the UK, both governments announced that will use any means, including cyber offensive capabilities, to destroy ransomware operations that threaten national security.
(SecurityAffairs – hacking, cyber security)