Dozens of Dutch gov't websites not properly secured: report

Dozens of government websites do not comply with the National Cyber Security Center's (NCSC) guidelines on digital security, newspaper Trouw reported based on its own research. This includes the websites of the Tax Authority, health service GGD, the security regions, and the water boards.

The involved websites have an easy-to-find public page on which an administrator can log in. The NCSC strict advice is to separate the public page and the page where administrators log in. Hackers have methods to force their way into the back end of a site by trying usernames and passwords until they get access.

All the involved sites use the Wordpress system - a content management system designed for bloggers. Wordpress is one of the most used systems in the world as it is easy to operate. 165 government websites run on Wordpress, including the site of the information security service IBD, which helps municipalities with cyber incidents.

IBD told Trouw that "it's about recognizing the risks and then taking as many steps as possible to make those risks acceptable." Since 2014, the NCSC has issued warnings about 36 Wordpress security risks.