Critical Information Infrastructure Protection (2002 – current)
TNO has played a major role in policy preparation for the Dutch government on Critical Infrastructure Protection or CIP and Critical Information Infrastructure Protection or CIIP. In addition, much groundbreaking research in the CIP/CIIP domains has been carried out for the European Union. On the related CIP web page, you will find the start of our CIP and CIIP research from the mid-nineties.
Below, our CIIP research (often with partners) and our knowledge transfer to other countries since 2005 will be discussed in more detail:
- In the wake of the digital police in 2002, the discussion about establishing a Hacking Emergency Response Team (HERT).
- Organising and reporting on the NATO workshop ‘Inforensics and Incident Response’ and research on the topic ‘Intrusion Detection and Prevention Systems’ in 2004 (AC/323(IST-024)TP/25).
- The EU FP6 project Critical Information Infrastructure Research COordination (CI2RCO) for March 2005 until March 2007. CI2RCO developed a widely supported medium-term research agenda in the area of CIIP for the EU. Not only technology but also the human factor and organisational aspects could be found in the agenda. The main conclusions covered that R&D and its financing in the European member states are too fragmented, that SMEs are excluded by the R&D funding mechanisms, and that new ‘terra nova’ topics are not covered because programs are only built as an extrapolation of well-established paths in R&D and policy needs.
- Research TNO/KEMA into the possible role of the government in the security of Supervisory Control and Data Acquisition (SCADA) systems (2005).
- On behalf of the Netherlands Infrastructure Against Cybercrime (NICC), research was carried out into the cybersecurity of process control systems in the Dutch drinking water sector (April 2007-March 2008). A benchmark was developed. The same benchmark was used for assessing other process control-based critical infrastructures as well. On the basis of the results, good practices were developed that were published in Dutch, English, Italian and Japanese. In addition, awareness-raising booklets on cybersecurity in process control systems were developed by TNO for the NICC: Process Control Security in the Cybercrime Information Exchange (2009) and about legacy and SCADA (2012).
- The Netherlands Centre for the Protection of National Infrastructure (CPNI.NL) became the successor of NICC in 2010. Amongst many other activities, CPNI.NL provided good practices such as the securing legacy process control systems (2012).
- FP7 Integrated Risk Reduction of Information-based Infrastructure Systems (IRRIIS) from 2006 till 2009. In this project, several simulators of critical infrastructures were linked using middleware. The infrastructures in the scenario reflected those present in the city of Rome. The information infrastructure (telecom, SCADA) was implicitly part of this modelling and scenario.
- reducing the risk of cascading failures,
- improving the situational awareness between network control centres of different critical infrastructures and anticipating known threats, e.g. disruptions due to flooding as result of a weather bomb,
- demonstrating the simulation of critical infrastructures, known failure causes and critical infrastructure dependencies.
- Leading the thematic working group SCADA security in the European Reference Network for Critical Infrastructure Protection (ERNCIP) – period 2011 – 2013.
- The development of CIIP-related scenarios for the National Risk Assessment: cyber conflict (2010), satellite loss (2011), cyber espionage (2011) and hacktivism (2012).
- Research in national cybersecurity strategies as background information for the development process of the Netherlands Cyber Security Strategy 2 (2012). The research was carried on and has been published as Luiijf, H.A.M, Besseling, K., De Graaf, P., Nineteen National Cyber Security Strategies, International Journal on Critical Infrastructures (IJCIS), V9 N1/2, 2013, pp.3-31.
- Leading a NATO exploratory team on Future Cyber Defence Concepts and Tools (IST Panel Exploratory Team 066).
- The development of GFCE/GFCE-Meridian Global Good Practice documents for the Global Conference on Cyberspace (GCCS).
- GCCS 2015
- GCCS 2017
- Coordinated Vulnerability Disclosure (CVD),
- Critical Information Infrastructure Protection (CIIP) and its Spanish translation “La Guía de Buenas Prácticas GFCE-MERIDIAN en Protección de Infraestructuras Críticas de Información para desarrolladores de políticas gubernamentales“,
- Companion document on CIIP for governmental policy-makers,
- National Computer Security Incident Response Teams, and
- Internet Infrastructure Initiative.
- The development of the Global Agenda for Cyber Capacity Building (GACCB) which was internationally endorsed at the GCCS 2017 conference in New Delhi.