National cyber resilience and the human factor

Cyber security: technological lead crucial

Cyber criminals are using techniques to penetrate and undermine the digitalised society. We continuously monitor the latest techniques and develop technological responses to stay ahead of cyber attacks. We use, for instance, quantitative modelling and algorithms to test our systems. Armed with that knowledge and experience, we will ensure that organisations can rely on secure and robust ICT networks and services both now and in the future. We work intensively with partners such as universities, other knowledge institutions, service providers and product suppliers. Both in the Netherlands and abroad.

Advanced technology

We develop technology for the detection of advanced cyber attacks. This reduces the time to detection, thereby limiting any damage. Our professionals conduct research on the application of advanced cryptographic technology. For example, the security aspects of blockchain and the advent of the quantum computer are subjects of research. These advanced technologies will have a major impact on transaction security and encryption methods.

Proof-of-concept

We make technology applicable to a specific context or client. We develop a 'proof-of-concept' for this purpose. This is a basic implementation with which we demonstrate that our proposed solution is able to be used in practice. The number of cyber attacks is increasing and they are becoming more sophisticated. This is happening at a time when qualified cyber security analysts are in short supply. That is why we develop solutions for semi and fully automated security processes.

Integral vision of cyber resilience

Our experts use a combination of security expertise and mathematics for research-driven technology development and anomaly detection (deviations from the rule). The key to our approach is the integral vision of cyber resilience. In the case of digital threats, we look at all the factors that are important, namely:

• technology
• the human factor
• processes
• chains
• data exchange

Clients and the commissioning parties

We serve various types of clients:

• managed security service providers (MSSPs)
• large companies with their own cyber security environment
• suppliers of cyber security services and products

Commissioning parties include:

• Ministry of Defence
• financial institutions
• telecoms service providers
• parties in the mobility and logistics sector

People as links in cyber security

Technology alone can never prevent all errors. People are also an important link. Within TNO, we have identified two areas of interest:

1.People as the source of cyber security problems

We study how people react to cyber attacks. Their reaction depends on many factors, and is therefore hard to predict.

2.People as developers of cyber security solutions

We're developing support tools to overcome and manage the lack of knowledge and staff in cyber security. We also make it clear how we can solve this.

Effective cyber policy for companies

Human behaviour is unconsciously caught in a web of habits. The social context also plays a role. We analyse how decisions are made, and why people do what they do or fail to do. This is how we support organisations in making policy. Human behaviour is riddled with fallacies and blind spots. Interventions that increase cyber security by targeting it are an important part of effective cyber policy.

Training employees in cyber security

Educating employees about cyber threats and security is an essential starting point. Training in the skills required to apply this knowledge is also essential. Training employees in cyber security also increases the resilience of the organisation as a whole. Some examples are:

• dealing with phishing mail
• increasing alertness to suspicious situations
• optimising knowledge of cyber threats and vulnerabilities within the company's own ICT organisation

Improving behaviour and collaboration

We develop and optimise strategies to steer human behaviour in a cyber-safe direction. What interventions ensure that people do what is necessary to guarantee cyber security? How do we reduce the risk of unsafe actions? How do we measure and interpret the effects of interventions? We work on processes that improve the collaboration between businesses, governments and citizens. How is cooperation and decision-making achieved? How does networked collaboration work best? We're researching these and other issues.

Cyber security employees versus resources

Cyber security experts are in great demand and the shortage will simply increase in years to come. Could the use of automated tools be a solution to this problem? Yes, but these will be of limited use for as long as there are not enough employees to develop and implement the tools. Organisations benefit from having the right mix and deployment of cyber security employees. That is why we communicate scientific information regarding optimal role fulfilment to companies and organisations.

Sharing or training cyber security employees

We also look at sharing employees with similar companies or training our own staff. Ensuring that there are fewer cyber security problems within a company is very important. It allows cyber security professionals to focus on improving the cyber security of computer networks.