Top Dutch cyber official Hans de Vries on cyber defense in times of war

Hans de Vries is the director of the National Cyber Security Center in the Netherlands and is one of the forces behind The Hague’s ONE Conference, one of Europe’s largest cybersecurity events. He recently announced he will be retiring and stepping down from his post at the end of the year. The Record’s Dina Temple-Raston and a small group of reporters sat down with him on the fringes of the conference to talk about how the war in Ukraine is affecting the European cybersecurity landscape.

The discussion was edited and condensed for clarity.

DINA TEMPLE-RASTON: How is the war in Ukraine making itself felt in the Netherlands? Are you seeing an increase in the tempo of attacks?

HANS de VRIES: We are currently, as the Netherlands, not affected, in the sense that we do not see attacks directly on Dutch infrastructure, focusing on Dutch companies. We continually scan for that, but we don't see that.

What you do see is that sometimes the infrastructure from the Netherlands or elsewhere is being misused to do attacks on the other side. But that's not so common for us to see for the simple reason that I'm not really allowed to look into those systems [as director of the NCSC]. I don't have the legal abilities to do that type of work. But sometimes we do get information and say, hey, this is odd.

Sometimes we have questions coming from Ukraine asking, "Can you do this?" Or we do data analysis for them. So we help with that kind of work. We don't normally don't talk about that, of course.

DTR: You recently had a tabletop exercise called Blue Olex with European partners — can you talk about that? What did you learn?

HdV: It was an international exercise run by the European Commission and ENISA, which was really interesting because, of course it's a theoretical exercise, but it brings together how we organize and we react in what we’d call crisis situations. And it was really interesting because you see not only the necessity of having standard operating procedures, how to act, but also how different language and explanations are when there is an incident.

DTR: One of the keynote speakers at the One Conference, Lorena Boix-Alonso from the European Commission, said there were lots of lessons learned from the conflict in Ukraine but didn’t get specific. If you were to talk about lessons learned, what are they?

HdV: I think there are a few. The first is that commercial organizations are more, much more able to adapt very quickly in dealing with incidents like this than governments. Simple decision, shall we help, takes days. A company just decides, we go, which is much, much faster.

Second is that being in the cloud is more safe than being on premise. It's definitely something. And yes, of course, cloud security is definitely something you sometimes have to worry about, but it can’t be bombed.

We've seen that the private sector is much more adaptable than we are. And that's painful to say but that's the truth. And, well the third one is, of course, Starlink has saved the day.

DTR: Even if it might be subject to the whims of one man [Elon Musk]?

HdV: That's true now, but at that time when he said "We're going to provide it ..." it was a life saver. I'm too far away to really understand what's happening. Yeah. I just say if you look at the first phase, it was crucial.

DTR: To bring it closer to home, the International Criminal Court in The Hague was hacked a few weeks ago. Can you talk a little bit about that?

HdV: Um, no.

DTR: Can you make me smarter about that?

HdV: Well, we [NCSC] helped.

DTR: You helped?

HdV: After the fact, of course. Within the Dutch cyber ... We organized. We coordinated. That's what we did, we coordinated. So if I need specific types of information or coordination, we bring that in. So if it is specific police information, etc., we bring that in, we combine people.

We try to organize because you don't want to swarm an organization that is being hacked. That's really off the scale. Seven different organizations each asking a specific question for their means. It really is not helpful. But we try to help. And I think that they've, uh, really appreciated our help.

DTR: Have they recovered from it now?

HdV: I can’t discuss it.

DTR: Can you characterize how serious an attack it was?

HdV: I won’t characterize it as a medium, small or large thing, and I'm not able to comment about that. Hacking the ministry of whatever is bad. Hacking the ANWB or the football association is bad. There's so many bad ones that I cannot say this is worse than the other.

But for any organization, it's not a good thing if things happen in such a case.