Dutch Dept. of Defence CIO speaks on Cyber Warfare

Major General Koen Gijsbers(Apologies for my tardiness regarding the posting of this information, I was too engrossed in work to post this sooner. I had planned to see this talk of Major General Gijsbers myself, but I was denied access at the door due to too many people already being in the room. Therefore the information below is gleaned from an article on security.nl (in Dutch) and the (Dutch) slides he used during his presentation.)

Maj. General Koen Gijsbers spoke at the InfoSecurity convention in Utrecht on november 4th this year, and his take on Cyber Warfare confirms a lot of what I previously posted. Regardless of budget cuts, the Dutch Department of Defence still wants to invest in the development of cyber warfare capabilities. “Our citizens expect that if everything stops working in the Netherlands, the army will come in and help out. For that to be possible, our networks need to remain operational.” he said during his presentation. “However, we are not just investing in defence. If you only defend yourself, you’ll eventually lose the war too.”

Gijsbers went on to say that the most gain can be had in cyber defence, even though the Defence network is already heavily secured. Another major point they will be focusing on is Awareness. “The main point is that people need to be aware that there are consequences to their actions”.  For instance, USB sticks are strictly off-limits around confidential systems. In those rare cases where they are allowed, they use encrypted USB sticks. Gijsbers goes on to note that it doesn’t even matter what is on the sticks. “Whether there is useful information on the sticks is irrelevant. If someone finds a DoD USB stick they can read, even if it’s useless information, your image is damaged severely.”

When asked if the Netherlands possessed offensive cyber capabilities, the General noted that there are several countries that are being suspected of having offensive capabilities. None of them ever publicly admitted it, and he wasn’t about to be the first. He did add that you need knowledge of offensive capabilities to defend yourself properly, so we can safely assume that there will be some research on offensive capabilities going on.

Unlike some other countries, the Netherlands doesn’t have a specific battalion for cyber warfare. This may change in the future. Its one of the things currently being considered by the ministry, Gijsbers said. “In this day and age you have to compete with other capabilities, and the budget is getting cut. We may develop special cyber warfare units in the future.”.

When asked how the General felt about privacy and control issues currently being debated, he stated that the army has no intention to control the internet. “We’re not in charge of the Internet. Its just another theatre we operate in, and we have to accept that as it is.” He went on to say that the government shouldn’t try to solve every problem. “There’s a line between the government, citizens and corporate entities. We all have to chip in.”

He wasn’t opposed to cyber reservists; volunteers that help in securing systems. Estonia created such an organization of reservists after the cyber attacks in 2007, and the US also has a large core of such reservists. “I think its a great idea. Its a great idea because there are a large number of reservists that were actually trained by the army at some point, and have the capabilities to help us. The question is how to organize something like this? ” He added that military knowledge probably wouldn’t become a requirement to help out, if such an organization ever came into existence.