In the last few months, The Netherlands has seen an increase in the number of DDoS attacks on banks and governmental institutions. Everybody agrees: we have to do something about it. So the latest call for a ‘DDoS Radar’ and the forming of the Digital Trust Center are for many a logical step. But why keep re-inventing the wheel, when there are already services that do the things the new initiatives want to do?
The call for a DDoS Radar was done after the latest rounds of attacks on banks. This ‘radar’ should take a ‘pro-active’ stance in preventing and defeating a DDoS attack. No one can disagree with this, but there are already measures in place that prevent and deflect attacks. The National Cyber Security Centre (NCSC) is not just protecting vital infrastructure, it is also actively preventing attacks, by investigating attacks around the world, and warn about threats.
Should an attack happen, there is the ‘Internet Carwash’, otherwise known as NaWas (Nationale Wasstraat). This service can be activated when your network is under attack. It reroutes the incoming traffic, filters it, and then redirects the clean traffic over a separate VLAN from AMS-IX or NL-IX back to you. The service has been around for quite a while and has a proven effectiveness. Many Dutch ISPs are already using this service. So why the call for a system that will help against DDoS attacks if such a system is already there? Why invest a lot of money in something new, when you already have a functioning system?
Digital Trust Centre
The government also feels the need to do more about cybersecurity. That’s why the NCSC was formed. But they are relatively small and only focus on so-called ‘vital infrastructure’. Enterprises are not seen as vital – they are on their own. To help the enterprises, in 2017 the former minister of Justice called for the forming of the Digital Trust Centre: a knowledge centre for SME’s that informs them about cybersecurity. What that entails, isn’t really clear to me.
Look at what’s already there
I will be the last one to say that we shouldn’t look at new ways to secure our digital infrastructure. But I do feel that a lot of the new initiatives that are being presented, are (in part) already in place. Maybe we should focus more developing those services, rather than spending a lot of time and money on something that looks an awful lot like existing measures. The government taking an active role in help protecting SMEs, is definitively a good step. Just a tip: When you search for the Digital Trust Center, you won’t find a website at the moment. I would start with that.