Dienst van SURF
© 2025 SURF
In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
In our increasingly global society, organizations face many opportunities in innovation, improved productivity and easy access to talent. At the same time, one of the greatest challenges, businesses experience nowadays, is the importance of social and/or human capital for their effectiveness and success (Backhaus and Tikoo, 2004; Mosley, 2007; Theurer et al., 2018; Tumasjan et al., 2020). High-quality employees are crucial to the competitive strength of an organization in the global economy, as these employees have a major influence on organizational reputation (Dowling at al., 2012). An important question is how, under these global circumstances, organizations and companies in the Netherlands can best be stimulated to attract and preserve social capital.Several studies have suggested the scarcity of talent and the crucial importance of gaining competitive advantage with recruitment communication to find the fit between personal and fundamental organizational characteristics and values for employees (Cable and Edwards, 2004; Bhatnagar and Srivastava, 2008; ManPower Group, 2014; European Communication Monitor (ECM), 2018). In order to become an employer of choice, organizations have to not only stand out from the crowd during the recruitment process but work on developing loyalty and a culture of trust in their relationship with employees (ECM, 2018). Employer Branding focuses on the process of promoting an organization, as the “employer of choice” to a desired target group, which an organization aims to attract and retain. This process encompasses building an identifiable and unique employer identity or, more specifically, “the promotion of a unique and attractive image” as an employer (Backhaus 2004, p. 117; Backhaus and Tikoo 2004, p. 502).One of the biggest challenges in the North of the Netherlands at the moment is the urgent need for qualified labor in the IT, energy and healthcare sectors and the excess supply of international graduates who are able to find a job in the North of the Netherlands (AWVN, 2019). Talent development, as part of the regional labor market and education policy, has been an important part of government programs and strategies in the region (VNO-NCW Noord, 2018). For instance, North Netherlands Alliance (SNN) signed a Northern Innovation Agenda for the 2014-2020 period. SNN encourages, facilitates and connects ambitions focused on the development of the Northern Netherlands. Also, the Social Economic council North Netherlands issued an advice on the labour market in the North Netherlands (SER Noord Nederland, 2017). Knowledge institutions also contribute through employability programs. Another example is the Regional Talent Agreement (Talent Akkoord) framework issued by the Groningen educational institutions, employers and employees’ organizations and regional authorities in which they jointly commit to recruiting, training, retaining and developing talent for the Northern labor market. Most of the hires with a maximum of five year of experience at companies are represented by millennials. To learn what values make an attractive brand for employees in the of the North of the Netherlands, we conducted a first study. When ranking the most important values of corporate culture which matter to young employees, they mention creative freedom, purposeful work, flexibility, work-life balance as well as personal development. Whereas attractive workplace and job security do not matter to such a degree. A positive work environment and a good relationship with colleagues are valued highly (Hein, 2019).To date, as far as we know, no other employer branding studies have been carried out for the North of the Netherlands. Further insight is needed into the role of employer branding as a powerful tool to retain talent in Northern industry in particular.The goal of this study is to provide a detailed analysis of the regional industry in the Northern Netherlands and contribute to: 1) the scientific body of knowledge about whether and how employer branding can strengthen the attractiveness of a regional industry in the labor market; 2) the application of this knowledge and insights by companies and governments in local policy development in the North of the Netherlands.
Since the 1970s, Caribbean reefs have transitioned from coral-dominated to algal-dominated ecosystems. The prevalence of algae reduces coral recruitment, rendering the reefs unable to recover from additional disturbances and jeopardizing crucial ecosystem services, including coastal protection, fisheries, and tourism. One of the main factors to the proliferation of algae is the scarcity of grazers, which is a result of overfishing and disease outbreaks. While fishing supports livelihoods, enhances local food security, and is an integral part of the Caribbean communities' culture, it remains a significant threat to coral reefs. Consequently, the Nature and Environmental Policy Plan (NEPP) 2020-2030, outlining conservation and restoration priorities in the Caribbean Netherlands, underscores the necessity of an integrated approach to tackle the complex challenges of coral reef restoration and fisheries development. The Saba government, and nature management organizations of Bonaire, St. Eustatius, and Saba are implementing the NEPP. Together with University of Applied Sciences Van Hall Larenstein, Wageningen University and WWF, they aim to identify novel species of native invertebrate grazers with the dual purpose of reef restoration and fisheries diversification. The Caribbean king crab (Maguimithrax spinosissimus), the West Indian sea egg (Tripneustes ventricosus), and the West Indian top shell (Cittarium pica) have been identified as potential candidates. Despite their preference to graze on macroalgae, their current densities are inadequate. Population enhancement of these species holds promise for reducing algae, promoting biodiversity, and simultaneously supporting small-scale fisheries. However, there is limited knowledge regarding the ecological effects and socio-economic potential of these grazers. The ReefGrazers project aims to assess the current densities of these herbivores around the BES islands, analyze their impacts on the reef, and evaluate their retention post-restocking. Socio-economic research will quantify current small-scale fishing practices, while market analysis will help assess the potential for the development of these novel resources as sustainable fisheries.