Eindhoven Cyber Security Group - ECSG
The Cyber Resilience Center Brainport continues to build on the foundation laid by the Eindhoven Cyber Security Group (ECSG). This Information Security & Analysis Center (ISAC) was founded in January 2014 by 20 larger companies in the Brainport Eindhoven region. Almost all members are part of the highly knowledge-intensive industry.
The shared challenge is protecting Intellectual Property (IP) and the fact that many of the suppliers cannot (yet) protect themselves. The ECSG has worked on this by exchanging information about vulnerabilities, incidents and best practices on an informal but private basis. Via the affiliated members, work has been done on an unstructured basis (and often at a tactical level) to increase the cyber resilience of suppliers.
Practice has shown that this formula works, but is not sufficient: the information is fragmented and often focuses on individual organizations instead of supply chains. This was the starting point for the development of the Cyber Resilience Center Brainport, an organization specialized for the high-tech industry in which larger and smaller companies work together on cyber resilience.
Digital Trust Center - DTC
For the sake of SMEs, especially in the knowledge-intensive industry, the Ministry of Economic Affairs and Climate already called in May 2017 to set up a cybersecurity information exchange for and by companies, which had to be linked to the available confidential government information. It was the basis for the creation of a Digital Trust Center (DTC).
The main functions are:
- information hub: providing relevant and clear information about current cyber threats, intelligence and action perspectives;
- digital shelter for consultation, advice and victim support; center of expertise;
- certification, quality mark and labeling;
- boost function to build an ISAC (Information Security & Analysis Center) function in various sectors;
- coordination and funnel for the really important themes and drawing up a roadmap;
- innovator and sounding board for the cyber industry;
- coffee corner: get to know each other and dare to call and trust each other.
The Cyber Resilience Center Brainport has been identified as a front runner and has been embraced by the DTC.
Nationaal Cyber Security Center - NCSC
The National Cyber Security Center (NCSC) is subject to the Ministry of Justice and Security. This warning service is also a consultative institution and focuses primarily on vital sectors in the Netherlands, namely: Port, Airport, Financial Institutions, Multinationals, Telecom, Nuclear, Healthcare, Energy, Water, Managed Service Provider, Insurance, Government and Pensions.
The government has not established a comparable institution for organizations that fall outside the critical infrastructure, such as their suppliers. Because the Dutch high-tech industry is not covered by vital infrastructure, this means that they are often warned later (or sometimes not at all) when the public sector has become aware of a threat or a vulnerability.
Only when the information is classified as “public information” it is shared with the high-tech industry. It can therefore happen that a threat is known to the vital sectors so that they can arm themselves in time, while at that moment the threat becomes manifest for a company in the high-tech industry.
In order to strengthen the digital resilience of the Netherlands, the NCSC has the legal option to share information with organizations whose objectively recognizable task is to inform other organizations or the public about threats or vulnerabilities. This applies to Cyber Resilience Center Brainport and will be finalized in the spring of 2020.