Dutch Defense Cyber Command Activated

Commander of new Dutch Defense Cyber Command: ‘Netherlands can play prominent cyber role within NATO’

Matthijs R. Koot, cyberwar.nl, October 22, 2014

Colonel Hans Folmer, the Commander of the newly established Dutch Defense Cyber Command (DCC), wrote a short article (.pdf, in Dutch) for “Magazine Nationale veiligheid en crisisbeheersing 2014, nr. 5″. That magazine waspublished online by the Dutch government on October 22nd 2014. Notably, Folmer states that the Netherlands “can play an important role [in cyber] within NATO”. DefCERT already has an existing covenant with NATO Computer Incident Response Capability (NCIRC). One of the three NATO Communications and Information Agencies (NCI Agencies) is located in The Hague, adjacent to the business unit Defence, Safety & Security of knowledge institute TNO. Koen Gijsbers, the General Director of the NCI Agency in the Hague, co-founded theMultinational Cyber Defence Capability Development (MNCD2) program in Brussels in 2013.

The DCC formally resides within the Royal Netherlands Army, the land forces element of the Dutch army (in Dutch: “Commando Landstrijdkrachten” (CLAS)), but involves military personnel from all military domains. It is tasked with defense (primarily), offense and intelligence. There will be cooperation with the Joint Sigint Cyber Unit (JSCU), which is tasked with the collection of data from technical sources, making it accessible and searchable, perform analysis (correlation, data mining), delivering Sigint and Cyber capability in support of the intelligence requirements of the AIVD and MIVD (possibly on-site), and innovation and knowledge development on its own task areas.

Here is a translation of Folmer’s article about the DCC (hyperlinks are mine):

The Defense Cyber Command, a new operational capability

By Colonel Hans Folmer

Commander of the Dutch Defense Cyber Command

On September 25th 2014, the Minister of Defense, Jeanine Hennis-Plasschaert, established the Defense Cyber Command in The Hague. She rightfully called [.pdf, in Dutch] the launch of a new operational unit and the final addition of the cyber weapon to the toolkit of the Dutch armed forces a historic event.

The nature and character of conflicts change. Maximum disruption of societies increasingly is the objective of malicious actors. Increasingly, better use is made of modern, easy to obtain technical digital means.

In military operations, the cyber domain is used effectively by all parties both for command and control, and propaganda. Weapons and sensory systems are digital systems. Attacks can now occur globally and in real time. The enemy does not even have to physically cross a border to attack us. On the other hand, the enemy can be grabbed at large distance, or disruptive activities can be counteracted. It is of crucial importance to recognize, understand and control this, and also to deploy cyber weapons ourselves. The Dutch armed forces draws conclusions from this and wants to play the prominent role that suits our country. To guarantee the ability to deploy the armed forces and to increase its effectiveness, the Ministry of Defense has been working on strengthening its digital defensibility for several years, and will in the coming years be developing the capability to carry out cyber operations.

The establishment of the Defense Cyber Command (DCC) was the final step toward embedding all cyber capabilities within the Ministry of Defense. In June 2012, the Minister of Defense, Hans Hillen, presented the Defense Cyber Strategy. The core of the strategy is that the digital domain, next to land, air, sea and space, has now become the fifth domain for military action. Digital means as weapon or means of intelligence will increasingly be an integral part of military action. However, the dependence on digital means also results in vulnerabilities that require urgent attention.

The strategy includes six priorities that will guide the Ministry of Defense in effectuating hear goals in the digital domain:

the establishment of an integral approach;

the strengthening of the digital defensibility of the Ministry of Defense (“defensive”);

the development of the military capability to carry out cyber operations (“offensive”);

the strengthening of intelligence in the digital domain (“intelligence”);

the strengthening of knowledge position and innovative capability of the Ministry of Defense in the digital domain, including the acquisition and retaining of qualified personnel (“adaptive and innovative”);

the intensification of national and international cooperation (“cooperation”).

In the establishment of the strategy, the strengthening of our own protection was prioritized (by the establishment of DefCERT, the Computer Emergency Response Team of the Ministry of Defense) and expanding the intelligence capability. In addition, the knowledge position has been worked on energetically, with the establishment of the Defense Cyber Expertise Center [as per May 214], and of course on the cooperation with public, private and international partners. The establishment of an operational capability was originally planned for the end of 2015, but in the memorandum “In het belang van Nederland” the urgency was recognized and the establishment of the DCC accelerated.

The Defense Cyber Command is the central entity within the Ministry of Defense for the development and use of military operational and offensive capability. For that purpose, the DCC, in addition to a small staff, has three departments.

The Operations department consists of a pool of cyber advisers for the support of operational units. These cyber advisers will be used in small teams during actual operational deployment and exercises, and are tasked with advising the operational commander on the use of digital means, dependency, vulnerabilities and capabilities of the enemies and our own troops. They will also advise on the protection of our own means. The cyber advisers are the link between the operational unit in the deployment area and the cyber units in the Netherlands (DCC and DefCERT). These teams will be trained jointly with operational units, as preparation for cooperation during an operational deployment.

The Technology department consists of cyber specialists that have the technical knowledge and skills to act offensively in the cyber domain, both to carry out an effective defense as well as to support operations. Offensive cyber capabilities are capabilities aimed at influences or disrupting enemy actions. This concerns the development of (knowledge about) complex and high-tech means and techniques specifically aimed at increasing our own military capability. A cyber attack on an air defense system, for instance, can increase the effectiveness of an air raid, while limiting the risk to collateral damage.

The Defense Cyber Expertise Centre (DCEC) is the central entity within the Ministry of Defense for strengthening our own knowledge position, and as a result the innovative capability in the cyber domain. The DCIC will supply practically applicable cyber knowledge, concepts/doctrines and Education&Training support to all parts of the Ministry of Defense, and thereby contributes to the strengthening of the three cyber capabilities. The DCEC cooperates with knowledge institutions, universities and other (international) knowledge centers.

The mere establishment of the DCC does not yet achieve our goals. The establishment of this command will take time. In this domain, a new world is still to be discovered and developed. Much is yet unclear, and we are but at the beginning of the development of new capabilities. Existing tactics and methods of acting must be reshaped in the cyber domain. To that end, a cyber doctrine is currently being developed. Learning, experimenting and applying, that is the motto for the coming years.

Summarizing, it must be possible to support military operations with offensive cyber capabilities. For that purpose, the Defense Cyber Command has been established. Offensive cyber capabilities can be a force multiplier, and thereby increase the effectiveness of the armed forces. By developing a robust cyber capability, the Netherlands can play an important role on this area within NATO. It is important that it is not a silver bullet to our all-encompassing vulnerability. It is, however, a crucial addition to our existing conventional capabilities on land, sea and air. Not a substitute, but a very important force multiplier.

It’s mostly unrelated, but: it recently turned out (in Dutch) that 380 email addresses of the Dutch Ministry of Defense are present in Hold Security’s data set. The Minister of Defense states:

(…) Indeed, some addresses of the Ministry of Defense are on that list. It involves some 380 email addresses. Some of them are no longer in use. Some of them are still valid. Those involve employees that, as we say internally, have contact with the outside world, for instance because they register for a conference. They have then accessed a vulnerable website. It is also possible that they registered for a news letter. DefCERT and the Security Authority were informed by the NCSC at a very early stage. The data set has been analyzed. I repeat that it involves some 380 email addresses, most of which are no longer in use. Because Defense employees must regularly change their password anyway, no danger existed of unauthorized access to MULAN. MULAN is the internal departmental confidential network. Remote access is not possible unless you also have other information and a certain smart card. For operational reasons I won’t go into details. Hence, it has not been possible to access the system of the Ministry of Defense. The digital infrastructure of the Ministry of Defense has thus not been affected. I can thus express reassuring words to [MP Schouw]. (…)

A small reminder that Ministry of Defense employees are exposed to the same threats we all are when using the public internet.