Red Teaming will Become Standard at Dutch Government in 2025
Red teaming (having ethical hackers test the security of systems) is becoming a standard at the Dutch government. The ambition is to fully embed this type of testing in the Dutch government way of working by 2025 at the latest. Red-teaming tests will then be incorporated into the test planning and budget cycle.
State Secretary Alexandra van Huffelen (Digitilatisatiion) has announced the ambition in this letter to the House of Representatives. Her aim is to make a framework of standard available for security testing by 2025, which will also include the supply chains.
Incidentally, various parts of the government are already applying red-teaming tests. Van Huffelen cites the Tiber-NL programme of De Nederlandsche Bank (DNB) as an example of testing. Tiber stands for ‘Threat Intelligence Based Ethical Red-teaming’. Within this programme, financial institutions test how resilient they are to advanced cyber-attacks. This is done with test attacks that are based on realistic threats. A small team from DNB coordinates, but the institutions themselves carry out the tests.
Van Huffelen notes that testing is not an end in itself. It is about sharing the lessons learned and following up on the vulnerabilities and risks found.
Chief Information Officer
The Governental Chief Information Officer (CIO Rijk) has investigated whether the results of this type of testing can be shared more widely. This is possible if a familiar environment (physical, digital and social) is available. Furthermore, the results and findings must be formulated in such a way that they can be used by other governmental services. Information about specific vulnerabilities remains confidential in principle.
Source: Computable (in Dutch)