Sarah Brown about Cyber Security in The Hague

Sarah Brown, Cyber Security Professional at NCIA: ‘’I work in the Chief Information Office of NCIA. NCIA is part of NATO and is focused on cyber security within NATO. We are a service provider that delivers IT and cyber security services. I interface between the customers that found us to do work and our technical teams that deliver those requests.’’ 

What is your main focus as a whole in cyber security in NCIA? 

‘’I have spent lots of time earlier in my career on technical, cyber defence, and system design. When I was working in the agency and the NATO Cyber Security Center, I focused on cyber security maturity assessments in different specific cyber security functions. Currently, my role is about the cyber security strategy and the alignment of the projects that we are working on to our overall goals.’’ 

The Hague is a hub for diplomacy. How do you perceive the digital security of this city?

‘’It is a big hub for international organisations, for example, a lot of IT and tech companies. Think about the Cyber Security Week in The Hague. There are so many different activities organised. The digital security of the city is quite high because there is a lot of investment made and attention going to ensure that this important city has a strong security backbone.’’ 

What do you think are the challenges for the cyber security of The Hague? 

‘’In The Hague, there is so much to protect. There are a lot of smart people and exciting technology companies doing great things. But on the other hand, it is an attractive target for cyber attackers. I think the challenge is to keep up with the evolving threats by evolving best practices.  

There has been a lot of effort by the government to create these information-sharing and analysis cells for different sectors, named the ISACs. It is important to make sure that the people who work in these sectors meet each other and get really good security information, and that there are resources if they need help or have questions. There are lots of challenges, but I see a lot going on to support these communities too.’’ 

How, do you think The Hague can uplift her cyber security as a city specifically?  

‘’We must make sure that we use innovative solutions. This means we can work efficiently and manage the volume of alerts that we get from a security perspective. One thing that has been a good reminder is that NATO is recognising the importance of keeping up with the basics. For example, when you learn about a new vulnerability in a piece of software, the first question you probably have is: ‘Am I running that software in my network?’. The answer can be hard to find in a large organisation or a whole city. Therefore, knowing what assets you are running and how they are configured, and how to quickly clean up and take care of issues in your environment is a difficult task. So, it may not be very ‘fun’ or ‘innovative’ to talk about asset management, but it is essential. We need to put our focus towards having proper organisation and knowledge of the basics.’’ 

What are the challenges in aligning efforts to create a secure digital environment?  

‘’There are so many ways we can invest or work on cyber security. So just having alignment for whatever limited resources: time, money, and people. This can be challenging because there can be differing opinions from stakeholders. Then of course it can be easy to identify a problem; like asset management.’’ 

How can NCIA collaborate with city authorities and other stakeholders to protect The Hague's digital security?  

‘’The events that take place locally offer insights and best practices. We partner with the International Cyber Security Summer School, powered by Security Delta (HSD) to highlight the exciting work that is going on in the area and attract talent. This is good for the agency by bringing cyber security expertise into the Hague. We benefit from the government bringing together international organisations making sure that security counterparts know each other. NCIA can collaborate by sharing and exchanging information. These events are a nice opportunity to keep building our network and hear what others have to say about the opportunities and benefits of working in this area. We are all here together. This is how we create successful partnerships.’’ 

Can you share some examples of successful partnerships between international cyber security organisations and cities? 

"We partner with the International Cyber Security Summer School to highlight the exciting work that is going on in the area and attract talent. It is an annual event, organised by Security Delta (HSD). We participate together with Europol, Leiden University, and other supporting partners. The event is about fostering the next generation of cyber security experts and having them interact with leaders in these different organisations. These students come from a variety of different backgrounds. At the agency, we have around eight members now who were International Summer School participants. So, I can imagine the other organisations have had alumni join their teams as well.’’ 

 Why is it important for cities like The Hague to work collaboratively with expert organisations like NCIA?  

‘’For a city like The Hague that is hosting so much, there is a high level of security that needs to be in place so that these important organisations can operate, and the infrastructure will be resilient. The city has a very important challenge to provide a safe space. These organisations can also assist with the information that they have and the things that they see from their security teams and give that information back to the city. It is so important to collaborate because everybody sees a piece of the cyber security picture. It can only be done together.’’ 

Why is it crucial for cities like The Hague to work together with organisations like the NCIA? 

‘’Individual organisations have their mandates, charters, and focus areas. But at the end of the day, we all use the internet. We all rely on applications that are built with similar underlying code. Therefore, we have this shared challenge to keep the digital space working, running, and secure even though we are working towards different business goals. Making sure that we are all operational is in everybody's best interest.’’ 

What message would you like to convey about the role people can play in collectively building a safe digital environment for The Hague in the present and the future?  

‘’Protecting the digital environment is a shared responsibility. We are all playing a role in shaping this collective safe digital environment. At an individual level, it means that we need to stay informed about digital security and practice digital hygiene. We all make choices every day about what we share and what websites we visit. Just our practices for keeping our own lives secure and safe. Then in a professional context, we are all contributing. I think the role we play is staying educated and informed and being conscious.’’ 

source: Digitaal Veilig Den Haag