Our research did not include the chance of a cyber attack on the Netherlands. It is clear though that is is a possibility. The technology to carry out the attacks in the following example already exists.
Imagine that the employees of the Dutch Tax and Customs Administration arrive in the office on Monday morning and find the following message written in bold on their screens:
‘YOUR COMPUTER HAS BEEN HACKED BY THE MOTHERLAND WARRIORS’
Their computers have been hacked and the hackers appear to have gained access to sensitive tax data. And it is not only the Tax Administration that has been hit: the ‘Motherland Warriors’ have also attacked numerous other sectors in society. Banks’ online services have crashed under the strain of heavy cyber attacks. Telecom companies have also been infiltrated. The Dutch oil and gas exploration and production company NAM is unable access its supply data. To cap it all, the online environment of hospitals has been hijacked. The threat is always the same: unless economic sanctions against Russia are lifted immediately, essential information will be deleted from the computer systems and private information will be disclosed. Although nothing can be proved with certainty, there are strong indications that the attacks were launched from Russia.
This is not a fanciful scenario. It is more realistic than ever since the technology exists to carry out all of the attacks in the example. In point of fact, these types of attack have all been carried out at one time or another:
In 2012, Saudi Aramco, one of the world’s largest oil companies, took all of its services offline for five months after it had been attacked by a group calling itself Cutting Sword of Justice. The attack was attributed to Iran.
From 2011 until 2013, the Belgian telecom company Belgacom (now called Proximus) was hacked. Hackers reportedly gained access to communication within NATO, the European Council, the European Commission and the European Parliament. The Belgian public prosecutor pointed to the British intelligence service GCHQ as the culprit.
In 2015, the data of more than 700,000 citizens were stolen when the federal tax administration in the United States, the Internal Revenue Service, was hacked (Crawford 2016). The identity of the perpetrators is not known.
In the summer of 2017, hospitals throughout Europe, and particularly in the United Kingdom, were infected by the Wannacry malware, which hijacked valuable data.The attack was attributed to North Korea.
And at the beginning of 2018, the networks of the ING and ABN Amro banks were disrupted by a nasty Distributed Denial of Service (DDoS) attack, which was probably carried out by Jelle S., an 18-year-old youth.
There are three types of cyber attack:
Cyber espionage is the clandestine gathering of intelligence using digital technology.
Zero day exploits
Cyber sabotage is consciously causing damage to persons, objects or data sets using digital technology.
Disinformation refers to the spreading of untrue, inaccurate or misleading information that is consciously created and disseminated for economic gain or to harm a person, social group, organisation or country.
These three instruments can harm a society to varying extents and are therefore described in this report as cyber weapons. They can also be combined to achieve particular strategic effects. At election time, for example, a malicious party can cause the website of a political organisation to crash (cyber sabotage), steal sensitive secrets (cyber espionage) and spread false reports (disinformation). The entire assortment of cyber weapons at an actor’s disposal is referred to as a cyber arsenal.
In this study, we describe the capacity to launch cyber attacks as offensivecyber capability. By this we mean not only access to the technology, but also aspects such as having at one’s disposal expert hackers who can carry out attacks, and having a strategic policy on the use of these capabilities. A cyber operation is a series of actions using digital technology, by an intelligence service for example, such as a cyber espionage operation.
The Rathenau Instituut's task is to support the public debate and political decision making on the subject of the impact of technology on society. This also includes cyber attacks. This report is linked to earlier research, such as our report 'Een nooit gelopen race'. What we hope to achieve is that, besides experts and administrators, citizens also understand what is going on in cyberspace, and join the debate.
The emergence of offensive cyber capabilities has altered the international environment in which the Netherlands finds itself. The central research question in this report is therefore:
How can the Netherlands, in light of the emergence of offensive cyber capabilities, contribute to de-escalation of the information conflict?
To answer that question, in this report we outline the international situation with regard to offensive cyber capacities in three steps.
First, we explain the nature of offensive cyber capabilities: What are offensive cyber capabilities? We answer that question by reviewing various aspects of cyber operations and what they imply for the relationship between attackers and defenders and compare them with conventional espionage, propaganda and military capabilities.
We then examine the build-up of capacity by a number of global players: What offensive cyber capabilities are being developed in the United States, Russia, China, the Netherlands and European countries?
Finally, we examine the ways in which countries collaborate with one another and with partners in civil society at international level in designing measures to regulate offensive cyber capabilities and so could contribute to lasting cyber peace: What joint steps are being taken by the international community to guarantee a safe and free digital world?
We answer the main question on the basis of a description of the international situation.