Fighting Cybercrime: The NICC and CPNI.NL
Activities of the NICC and CPNI.NL
In 2006, the Dutch Ministry of Economic Affairs started the National Infrastructure Against Cybercrime (NICC). Its motto was @united against cybercrime. The NICC was hosted by ICTU from 2006 until 2010.
From 2010 until 2012, the NICC was renamed the Centre for Protection of the National Infrastructure (CPNI.NL). CPNI.NL was hosted by TNO Defence, Safety and Security at Waalsdorp. CPNI.NL was the kernel of the Dutch intersectoral and international cooperations and other activities. National participants were the critical information infrastructure sectors, technology manufacturers and service suppliers. The kernel supported the sectoral Information Sharing and Analysis Centres (ISACs).
A wide variety of activities took place, from The Grand International Conferences to thematic workshops on for instance process control security, specific projects (e.g. ), to the development of awareness publications (e.g.  and Good Practice documents (e.g. ). Support was given to the GFCE and other (inter)national cybersecurity activities of the Dutch Government.
A tangible activity of CPNI.NL was the development of a Cyber Challenge Game on true information sharing which was developed in 2011. In cooperation with ENISA and CPNI.UK, the game became part of the “Information Sharing in a box”. That box included several good practice documents as well.
The Cyber Challenge Game
Without revealing all aspects of the cyber challenge game, the following may provide some insight into one of the approaches.
Note: Removed text parts are denoted by […].
Introduction to the Cyber Challenge game
The head of the NICC, Annemarie Zielstra, introduced the game: “In the (international) fight against cybercrime, the terms ‘knowledge sharing’ and ‘information exchange’ are used so often that you might almost think that everyone also does these things automatically.
But how easy is knowledge sharing? Surely it cannot be so difficult. You know something, you tell it to as many people as possible, and in exchange for this, these other people also give you all sorts of pieces of information in return. Does it work that way? We often think so, but in practice, it turns out that many people prefer to keep information to themselves. ‘Knowledge is power’ remains a basic principle for all our dealings with others. And unfortunately enough, this represents an obstacle in the fight against cybercrime.
But are we aware of this attitude? Using this game, you can work on building this awareness in groups of up to 20 people. In less than a half hour, the participants can experience just how fatal it is to keep information to themselves.
The game involves a sailing contest but the underlying principles can be precisely translated into the obstacles that obstruct collaboration in the fight against cybercrime.
Our knowledge is contained in this game, and we are pleased to share it with you. So that together we can take steps forward in the fight against cybercrime.”
The boxed game contains game information for the question master, two informational cards for each team, and five sets of possibly sharable hint cards (there are eight different hints per team; five copies each).
TIPS FOR THE QUESTION MASTER
- Divide those present into five teams. Sit each team around a separate table.
- Ensure that you have all the cards for each team ready.
- First, explain the game and then hand out the cards.
- Every team has cards to hand out; no one therefore needs to take notes.
- The game raises all sorts of questions in the minds of the participants. This is intentional. In real life, you are usually also left with many questions when you have to solve something. As the question master, you should deal with these questions according to your judgment. Don’t be afraid to leave questions unanswered.
- Allow about 20 to 25 minutes for the game to be played. Try to keep the tempo relatively high.
- The way the cards are exchanged on the centre table is usually very chaotic. Just let that happen. The participants themselves are responsible for exchanging information adequately.
The answers to the questions are as follows: [For obvious reasons, we do not provide the five answers to the game questions here]
- Go through the questions and answers in full when the game is finished. Do this by each question in turn.
- It works well to start with all teams standing up. As soon as a team answers a question incorrectly, that team can sit down.
- Everyone thinks that the team that answers the most questions correctly has won. But that is not so.
One single incorrect answer means that your team is out of the race!
- All teams will likely have answered at least one question incorrectly. That is also exactly the intention.
- The hint that ‘Three of the five teams must complete the course’ is the key to the game. The whole idea is that the teams share information. As they do not do this sufficiently or satisfactorily, every team will make one or more mistakes (and everyone will ultimately lose).
- Teams will think that there are 40 hints (5×8) in the game. In reality, there are only [xx] hints. Every team therefore begins the game with about [xx] of all information.
- Distribution of the hints across the five teams [… the technical aspects behind the sets of hints …].
General information for each of the five teams
Your team is allowed to take part in The Cyber Challenge, a major round-the-world yacht race. As you are all passionate about sailing, this means your ultimate dream is about to come true. This will be the first time you have taken part, but you already know that you would also want to take part as a team in this annual competition again in the years to come.
But there is just one problem. Your team has still to build a boat yourselves. This is something that none of you have done before. The competing teams are in the same position and face the same challenge as you. The building of the boat will require speed and trust. You must make decisions about the following questions as quickly as possible:
- What kind of wood will you use to build the boat – beech or oak?
- Will you be using Kevlar sails or not?
- Must the woodwork of the boat be finished off with NT3CH208, or not?
- How long must the boat be?
- Will the boot have a deep keel or not?
Your team has performed the necessary research and has discovered several things. The other groups have also obtained some information. Perhaps they can give you some help. You will have to give them information to receive information from them in return. But bear in mind that your victory in the game depends on not giving away too much information.
Information between teams is exchanged according to a strict protocol
- Choose a negotiator. He or she will shortly go to the central table.
- Your team must discuss the following two points:
a. Which points will you share with all the other groups?
b. Which points will you certainly not share with other groups?
- Choose the points accordingly for the first round.
- The negotiator now goes to the central table. There must be no speaking.
Hints [small cards] are exchanged with the other teams.
- Your team then discusses:
a. Whether you now have enough information, and if not?
b. Which points you will use for sharing in the second round?
- The negotiator goes back to the central table to share more hints.
- Using all the hints you now have, answer the five questions.
A predicted reality?
One of the hit cards provides insight into why a certain type of material would be necessary: “The material prevents attacks by whales which may sink your sailing ship”. Note that CPNI predicted the killer whale attacks on ocean sailing ships already in 2011!
 Process Control Security in the Cybercrime Information Exchange NICC (2009)
 Jaarbericht CPNI.NL 2011 (2012) [Dutch]
 Security of legacy Process Control Systems (2012)
 Weerbaarheid van het Rijk tegen uitval van elektriciteit en telecommunicatie, CPNI.NL (2011) [Dutch]