Netherlands conducts large-scale cyber attack drill involving key infrastructure sectors

Organizations and agencies in the Netherlands, among others, organized an exercise to prepare for a large-scale cyber attack, as reported by NOS on Friday. Participants included government agencies, municipalities and safety regions, and employees from key infrastructure sectors.

While Russia's involvement in the exercise scenario was not explicitly stated, participants understood its implication. Hester Somsen, the director of cybersecurity at the National Coordinator for Counterterrorism and Security, acknowledged that a Russian cyber attack is "not a fictional, unthinkable scenario."

The exercise scenario featured commonly used software with a security flaw being actively exploited by a foreign government. Sam Berkhout, an ethical hacker at security company Fox-IT, developed specialized software for the exercise, which was installed on participants' computers. Included in the exercise was a backdoor in computer systems that, upon activation, would erase system data to hide the attackers' tracks. The participating cybersecurity experts were tasked with neutralizing this backdoor.

The exercise was not limited to cybersecurity experts; it also aimed to equip other government bodies and critical organizations to handle such a crisis effectively. It featured simulated parliamentary inquiries, requests for information from journalists, and citizen involvement.

The goal was to evaluate the government's readiness for a major cyber attack. "New European regulations also require us to think about this,” explained Somsen. She emphasized the unique challenge of a digital crisis: unlike physical disasters like a broken dam where the problem is immediately evident, the cause of a digital crisis can remain unclear for a long time, potentially causing widespread public unrest.

A key conclusion from the exercise was the need for the government to clearly define which organizations and agencies should receive priority assistance in a real crisis. "There are not enough cybersecurity experts in the Netherlands to help everyone," stated Somsen.

Therefore, establishing a priority list of organizations that need immediate help is crucial, particularly those critical to sectors like electricity, telecommunications, and the distribution of oil and gas. "Deciding who should be helped first is ultimately a political decision,” Somsen concluded.

The findings from the cyber exercise will be presented next year to the Tweede Kamer, the lower house of the Dutch parliament.