The monkey is loose

Image from Pixabay

Despite the fact that they aren’t ducks, I am inclined to call them Huey, Dewey and Louie: the three monkeys that escaped from Apenheul last week. They had only been living in this Apeldoorn zoo for a week, but apparently they were so unhappy with this accommodation that made an escape plan. Tranquilizer darts and a firm jet of water from the fire brigade were needed to get them back into their cage.

Which brings me to the expression: having a monkey on your back. I only know it with a negative connotation, because it means that you have a job to do or a problem to solve that you are not really happy with. The search engine returns this for the search “monkey back”, from an educational institute: “Monkey on your back? Learn the art of giving back.” A competitor is a bit more aggressive: “Watch out! Avoid the monkey on your back.” In short: having a monkey on your back is not a pleasant thing.

In this context too, there are sometimes monkeys that break out and end up in places where they don’t belong. Those monkeys are not sitting on the back of the right keeper. How does it end up there? Sometimes in a very strange way. For example, I once heard this remarkable statement: “Information security starts with an i, so the IT department owns it.” Can you imagine a worse reason to assign a subject to a certain department? I can’t.

By the way, it is not at all unusual – but therefore not necessarily wise – for an IT department to be promoted to the owner of information security. Because, well, information security is about computers, isn’t it? And computers belong to IT. Right?

What does 'ownership' actually mean? In private life, it usually has something positive: you are the proud owner of a beautiful house or a trendy bike. It also means that you have to take good care of it if you want to enjoy it for a long time. In business terms, you can also be proud of things that you own. Perhaps you derive a certain status from it. However, when it comes to maintenance, the story is somewhat different than in your private situation. There you could still decide for yourself whether to do maintenance, but in business terms you bear responsibility towards the organization. You cannot just let things take their course, because that could mean that people elsewhere in the organization will experience problems as a result. Or more definitely, actually: sooner or later someone will suffer from poor ownership.

Fortunately, many people in our organization are aware that information security is not an IT thing. You can see that, for example, from the fact that we have business security officers (BSOs). These are security officers who work for the business departments. And yes, in IT we also have security officers (also called information security officers (ISOs)), but they only deal with the items and services that IT makes available to the organization – and not with whatever the organization (‘the business’) actually does with them.

For many employees, the BSOs are fairly invisible. I know this because we, the ISOs, often receive questions that actually belong to the BSOs. An employee who encounters a security issue or simply has a question, goes looking for someone who can take the monkey on their back. They often knock on my specific door: "You are the only information security officer I know, because of your blog." No problem at all, I am happy to refer them to their own BSO. Many times I prefer this to a question or report remaining unanswered.

Do you know your BSO? If not, go and find them and have a chat. Even if nothing is wrong. They are very nice people.

 

And in the big bad world…

• Signal is really more secure than WhatsApp. [DUTCH]
• Apple faces an impossible choice due to UK legislation requiring a crypto backdoor.
• Of course the Americans are not at all happy with that British law.
• France also wants a backdoor.
• Dutch cloud pessimism is attracting international attention.
• North Korea has stolen $1.5 billion in a digital bank robbery.
• we have a new word: vacancy fraud. [DUTCH]
• AI chatbots gobble up information that was accidentally briefly exposed.
• Many Dutch companies avoid using AI for privacy reasons. [DUTCH]

In the waiting room

 

Image from Pixabay

In the rather crowded train I found myself sitting next to a man who was working on his laptop. A quick glance at the device and the open programs identified him as a colleague.

At one point he was in a phone conversation. I wasn't actively listening, but of course I heard something. And what I heard made me very happy. To start with, he spoke softly, and in short sentences. It was actually mostly listening and occasionally responding briefly. I didn't hear him give any information. Neat, colleague!

How different is the experience of a colleague who was sitting in the dentist's waiting room. Well, it wasn’t really a waiting room; in a corner of the reception there were some chairs. Behind the counter worked two assistants. One, Tasha*, was clicking through computer screens with some despair in her eyes and finally said: "I can't find Mrs. Decker's details in TND." Her colleague Cindy asked for Mrs. Decker's date of birth. "Aha," said Cindy, "she's from 1999 and that's why she's not in TND yet. What's her phone number, I’ll give her a call." Tasha read out the phone number and Cindy made the call.

“Good morning Mrs. Decker, this is Cindy, assistant to dentist Crown. I need some information from you to enter your treatment in our system. What are your initials? ABG? Great. And your social security number? Yes of course, I'll wait a moment. (...) Ah, there you are again. Yes, I'll write along. 1-1-2-7 5-5 9-5-0? Thank you. And finally, I need your address. 5 Brace Road? Great, then I have everything complete. Shall we make the first appointment for your root canal treatment right away? Can you come in on Friday at 9 o'clock? Fine. If I can also have your e-mail address, I'll send you a confirmation. marly@decker.com? Fine, then we'll see you the day after tomorrow. Have a nice day!”

Our colleague could hardly believe his ears. He now had a complete set of personal details of someone and he knew when Mrs. Decker would not be home. Thanks to the information about her treatment, he also knew that she would be away for a while.

“Great, with this information I can commit identity fraud.” Or: “Great, I’ll get my burglary tools ready.” I admit that the chance that the unintentionally shared information accidentally ends up in the ears of a cyber or physical criminal is not that great. But still: everyone feels in their bones that this never should have happened. If you hear all this, then you know that they are handling your data in the same way. You wouldn’t feel comfortable with that, would you? And imagine that our waiting colleague was an acquaintance of Mrs. Decker. He runs into her a week later: “Hey Marly, how is your tooth?” That would be strange, wouldn’t it?

Of course there is also a legal problem. The unsuspecting, well-meaning dental assistants have not only leaked personal data, but even medical data. Under the GDPR (the European General Data Protection Regulation) these have the status of special personal data, for which even stricter rules apply than for regular personal data.

Tasha and Cindy were just doing their job. They can't help it that dentist Crown thought a separate waiting room was a waste of money. They couldn't make the phone call elsewhere either, because then Cindy couldn't enter the data into the system. Data leaks are pre-programmed in this situation. Especially when people are not aware of what is happening. A data leak is just around the corner.

I also want to look at what happened on the other end of the line. What if it wasn't the dental assistant who called Mrs. Decker at all, but someone who was out to collect personal data? Of course, the chance that they would call when you’re actually suffering from an aching tooth is small. But if you leave that circumstance out, it's a different story. If someone you don't know asks for data, tell them you'll call back. Then call the general number of the company and ask for the person who just called you. If that's not possible, ask whether they actually needed data. That way, you prevent yourself from leaking your own data.

*) Of course, all personal and system data are the product of my imagination.

 

And in the big bad world…

• Of course you can also just buy medical information at the flea market. [DUTCH]
• healthcare has to deal with cyber threats. What these are, is stated in their threat assessment. [DUTCH]
• Securing medical data is also problematic elsewhere in the world.
• 'hybrid warfare' is a euphemism.
• Europol warns of child abuse via online communities.
• Smart traffic lights turn green thanks to your phone. [DUTCH]
• Signal users are being attacked via fake QR codes.
• the Dutch government is increasingly hesitant when it comes to the public cloud. [DUTCH]

From Asia with love

Image from Unsplash

They didn't mention it in the eight o'clock news, but the fact that the report was broadcast on the eve of Valentine's Day could hardly be a coincidence. It was about a man who got in touch with a certain Julia on this dating app. Could this finally be the one for him?

They chatted for a while, and after a few days Julia wrote: “Guess what I was just doing!” And she sent a screenshot of an impressive graph, showing that she had just made a lot of money trading cryptocurrencies. And she was quite willing to explain to our anonymous love seeker how that worked. So he received a link to a trading app. But he didn’t realize that he had fallen into the hand of scammers. Nothing was traded via that app. His entire investment – first a thousand euros, then ten thousand, a total of one hundred fifty thousand – disappeared straight into criminal pockets. When the thugs realized that there was nothing left to be gained, Julia abruptly ended the budding romance. Our Romeo found himself in a difficult time, in which he lost confidence in everyone – including himself.

In many presentations I give, there is this folk wisdom: if something seems too good to be true, it usually is. It once started with that Nigerian prince, who sent you of all people an email, promising you mountains of gold if you helped him free up a large sum of money. Lawyers from faraway countries, who told you that a large inheritance was waiting for you, were a variation on that. The only occasion when I believe a statement like that is when it is on a chance card in Monopoly. But the scams are becoming increasingly shrewd and the criminals are putting more time and effort into getting the loot. Where that prince used to target a large group in one go, hoping that a few people might fall for it, they are now investing in a good relationship with the individual victim.

The news also showed where all that misery is coming from. No longer mainly from Nigeria and the surrounding area, but from Southeast Asia. From there, some thirty scam centers operate: apartment buildings full of Julias, who together have already earned some 75 billion dollars from people who were too gullible. Many of those approximately three hundred thousand Julias do that work involuntarily. They have been lured there by human traffickers under false pretenses. They live in captivity and if they don’t perform well, they receive corporal punishment.

Last week’s blog included a link to an article saying that Thailand had cut off internet and power to the border region with Myanmar in an attempt to cripple the scam centers. That shows how powerless you really are in the fight against criminals operating from a country that doesn’t put the slightest obstacle in their way. The article didn’t say anything about the extent to which the scam centers were dependent on Thai services, but by now they will have found a way to continue operating. That probably doesn’t apply to innocent citizens and businesses in the border region, who have also been affected by this well-intentioned measure.

Cybercrime in this form is only possible thanks to technology that was never conceived with this purpose in mind. With the help of translation services such as Google Translate, Julia was able to chat with her victim in perfect Dutch. Artificial intelligence is also increasingly being used for evil. I will once again make the comparison with dynamite: when Alfred Nobel invented it in the 19th century , he did not foresee that it would be used to blow up bank vaults and soldiers. And dating apps were also not set up as a platform for crime with a romantic prelude.

If the crime is not tackled, then its potential victims must be made resilient. Unlike a street robbery, you do have a chance to escape from those fraudulent practices. It is actually quite simple: if a new contact suddenly brings up money as a topic, you have to be careful. Take off your rose-colored glasses and look at what is happening through a magnifying glass. Discuss your doubts with someone you have trusted for years; not with Julia, because she knows all sorts of ways to reassure you. Just say firmly that you are not interested. You are using that dating app to find love, not to get rich.

If necessary, print out that piece of folk wisdom and hang it above your screen.

 

And in the big bad world…

• The British want a backdoor in the encryption of iCloud backups.
• the Dutch government has published the Information Set quantum-safe cryptography. [DUTCH]
• North Korean IT workers infiltrated American companies through laptop farms.
• Governments like to distribute spyware.
• many AI buddies and therapists are detrimental to the well-being of the unsuspecting user. [DUTCH]
• AI chatbots need to learn better how to say 'no'.
• Non-human users also have a life cycle.
• US cybersecurity is suffering under the new administration's bureaucratic purge.

 

Artificially stupid

Image from Pixabay

Are you a good artist? Great. Then draw me a picture with two flags, each on a short pole, that make a 45 degree angle with each other.

Not that difficult, right, this assignment? However, ask ChatGPT for this and there is no way you can get that angle in there. You do get two sticks next to each other, which in the best case are intertwined. On one side there is a flag that waves to the left, on the other side one that waves to the right. If you ask specifically for that angle again, the flags are extended and folded, indeed at an angle of 45 degrees. But those sticks, they remain stoically parallel to each other.

What about this so-called artificial intelligence? Admittedly, I could never draw those flags that neatly and quickly myself. For the rest, after such a disappointment, I rather think that the thing is artificially stupid. I don’t easily stick labels on something, but if you brag about your intelligence and then don’t understand what every freshman with a set square does understand, then you’re done for.

A much smarter – but also reprehensible – application of AI is scamming people. I had barely started writing this blog when a radio conversation started about gullible people who had been scammed by criminals posing as René Froger, Max Verstappen, Mark Rutte or André Rieu on a dating site (René Froger is a well-known Dutch singer, and you know the others, I presume). Each and every one of them people who were well off. And yet, after some flirting back and forth, they begged for money, supposedly because theirs was temporarily unavailable, for example due to problems with their manager. One victim had even transferred thirty thousand euros (well over 31k USD) to “René Froger”.

According to the guest on the radio show, slightly more women than men fall for these kinds of tricks, and especially those of slightly older age – people who don't necessarily know what normal online behavior is. And if one of them receives a personal voice message from their idol, via a dating site, they must be in seventh heaven, right?

Now you might wonder what these people are doing on a dating site (well, maybe apart from Mark Rutte, who is single). Unmasking this kind of scam works with flags; the more flags, the more likely it is bad business. Celebrity on a dating site: big red flag. Celebrity who starts chatting with you? Huge red flag. Famous or not famous person who asks for money after a few nice chats: enormous red flag. Three red flags in a row? Sound the alarm!

But yes, that voice message, right? That sounds really convincing. And if you don't know anything about deepfakes, that is, artificial intelligence is used to make a voice say anything you want, then I can hardly accuse you of natural stupidity. Let's agree that from now on you think of those red flags when you come across something improbable. Maybe it will help you not to fall for it.

Back to those crossed flags (because that whole story about flirting celebrities just happened to creep in because I was listening to the radio with half an ear). That picture I wanted was for private use. For my work as a Dutch civil servant, I should not have used such an AI tool. In official terms: the use of non-contracted AI is not permitted, in principle. I prefer to turn this rule around: for your work, you may only use AI that we have purchased. Why is that better? Because then there is a contract in which the rights and obligations of both parties are described. This ensures that our data cannot simply be included in a large artificial brain and that the owner of that brain cannot use it for his own purposes. You might see the contract as a green flag.

 

And in the big bad world…

• We are not allowed to use DeepSeek at all. [DUTCH]
• DeepSeek brings with it quite a few security and privacy issues.
• Meta trains its AI with illegally obtained books.
• it is high time for our own Dutch cloud (under the name Cloud Kootwijk). [DUTCH]
• Banks want to be able to check with telecom providers whether you are making phone calls while transferring money.  [DUTCH]
• Some banks do this in a roundabout way (because the above is not yet allowed). [DUTCH]
• You can silence criminals by turning off their power and internet.
• Elon Musk’s office combs through federal databases as if there were no security and privacy regulations.

 

Internet-free days

Photo by author

Our solar panels have the structure of potato gratin on this cold morning. I don't know what nature intends with this, but it looks like the work of an ice artist. Meanwhile, the sun is stretching; it woke up ten minutes ago, I see its red glow reflecting in the windows of houses a street away. Soon its rays will melt the solar panels (well, the ice on them) and then production can begin.

Recently I fitted the smart meter with a box that sends the current measurements to an app on my phone. This allows me to see (almost) in real time how much electricity is being used in our home. We are already practicing hard to use as much of our own solar power as possible: “Can the washing machine be turned on yet?”, is a question that rings through the house often. We then look at the current yield, but also at the short-term sun forecast. Because if the washing machine is turned on now and a thick dark cloud moves in front of the sun in five minutes, you still pay the bill. You do have to keep in mind that appliances like that do not use a lot of power continuously, but mainly when heating the water. With a bit of luck, I can break even on a sunny winter day. That bodes well for the summer.

So, for the energy management of our house, things look rosy. However, if you zoom out to the level of the nation, there’s a much more pessimistic picture: we are in a real energy crisis. There are reports of companies that cannot be connected to the electricity grid. Not because insufficient electricity is being generated, but because the network is congested. Strangely enough, this phenomenon has two contradictory causes: on the one hand, the high demand for electricity, for example because companies are switching from natural gas to electricity, and on the other hand, the high supply due to all those solar panels and wind farms. Think of it as an overcrowded highway: if there is a traffic jam on it, you cannot get on or off.

Our data center has a sturdy emergency power supply. If the mains power fails, batteries seamlessly take over, long enough for the diesel generator to get up to speed. As long as there is diesel, the data center will continue to operate. Grid operators predict that the power will fail more often in the future. So we are lucky to have our own energy building. But of course this facility is not intended as a remedy for grid congestion. In the trinity of information security – confidentiality, integrity, availability – this is a measure to ensure the availability of the service, but it was never intended as a power plant for permanent use.

Data centers are notorious for their power consumption. Pounding computer chips consume power and produce heat, and have to be cooled down because they don't like to get too hot. Even though most computer equipment in a data center has no moving parts, you need earplugs when you go inside. Every device has a fan, and then of course there is a large installation to dissipate all that blown-out heat. Especially the mega data centers of the tech giants, such as Google and Apple, are known for their enormous energy bills. We no longer store our photos on our phones, but in the cloud; in those data centers, that is. And all those millions of photos of the entire world population consume a lot of energy.

Artificial intelligence is a fairly new energy guzzler. With some embarrassment I asked ChatGPT the following question: “How much energy did answering this question cost?” Because it was a simple question, it estimated the consumption between 0.1 and 1 Wh (watt hour). Because it also understands* that I have no idea what that means, it gave a few examples: with 0.1 Wh you can light a 10 W LED lamp for 36 seconds, and 1 Wh is enough for 1 minute of YouTube on your phone. If the questions get more complicated than mine, the energy consumption increases tenfold, ChatGPT estimates. For a difficult question you have to give up ten minutes of YouTube if you want to keep it somewhat energy neutral.

I still remember the car-free Sundays from my youth. Because of the oil crisis, the streets were quiet on ten Sundays. Just imagine that, because of the grid congestion, you cannot use the internet at certain times, for example because the nearby industrial estate needs that power more urgently than you do. Or that the grid operator encourages you at certain times to turn on the washing machine, the tumble dryer and the dishwasher all at the same time because otherwise they cannot dissipate the generated energy. Or imagine that they take care of it themselves remotely.

The solar panels have now thawed and are supplying only a modest amount of electricity. The washing machine is running, so we are still buying electricity at the moment. We are not yet at the point where we can fully adjust our household to the weather, and it won’t be possible in the Netherlands. Not as long as there are no efficient, affordable batteries.

*) ChatGPT and its colleagues don't “understand” anything they say, but you get my drift.

 

And in the big bad world…

 

• the Chinese AI DeepSeek was poorly secured.
• DeepSeek is under fire from European privacy authorities. [DUTCH]
• you could fool ChatGPT with a historical perspective.
• AI literacy is now mandatory if you develop AI or use it in your organization. [DUTCH]
• Insider threat also plays a role in museums.
• This article calculates how serious the ransomware problem was last year.
• a police officer wrote a dissertation about ransomware. [DUTCH, with link to English dissertation]
• only a small percentage of all European privacy complaints lead to a fine.
• once again an international police coalition was successful.

 

Rope-skipping

Image by Royal Netherlands Navy

Across from me sat a lieutenant commander of the Royal Dutch Navy. Now in the vast majority of cases it is of no importance who is on the same train as me, but this time it is worth mentioning. In that train I was preparing this blog, in which I take you to sea, and even to the bottom of it. What a funny coincidence that this unsuspecting naval officer was sitting there.

There are more and more reports lately about submarine internet cables that get damaged. And not by accident, but as a deliberate action of the Russian shadow fleet. For example, an oil tanker makes a detour and drops its anchor right above one of those cables. In doing so, it tears that cable apart.

That is quite a heavy-handedly way to destroy internet connections. Very different from what we have been used to see from the Russians, because they also have masses of smart hackers in government service, who are perfectly capable of disrupting our connections digitally. That is cheaper and easier. Western navies and coast guards now keep a close eye on ships that veer off course and have their anchors in the water. So why this approach?

Well, the damage is greater, in three ways. It takes longer to repair the damage done, the repair costs many times more and the number of victims is greater. After all, a specialized ship has to be sent to physically repair the cable. And because of the greater, physical damage, the disruption is also greater – if you manage to hit the right cable, it can have major consequences for internet users at both ends of that cable, far into their hinterlands. And as we know, disruption is one of the tools that Russia likes to use in this Second Cold War. That disruption goes much further than your children not being able to play their online game for a while or TikTok being down. International payment transactions can be disrupted, the economy takes a hit and fear grows among the population – if the Russians can do this, what else can they destroy?

Wait a minute, you might be thinking, I'm on wifi, why should I care about those cables on the bottom of the sea? Well look, that wifi network that you use, ends somewhere at a wifi router: that box at home in your meter cupboard. Offices, shops, restaurants, airports, hotels and all other wifi providers also have a device somewhere that is the beginning and end of that network. From there, in the other direction, everything goes with cables. From your meter cupboard, a cable goes underground to your internet provider, and from there on to the internet and to nodes. These nodes are also connected to each other, and so there is a whole network of cables across the globe. And because the earth consists largely of seas, many of those cables run over the seabed. When you are on the internet, your searches zoom through the seas and oceans at dizzying speed. So yes, you too can experience problems if they manage to hit the right cable.

What about Starlink, Elon Musk’s network, which consists of thousands of satellites? Starlink customers have their own antenna, which picks up the signal from space. But ultimately these radio signals come together in Musk 's meter cupboard, which has a cabled connection to the internet. In that respect, Starlink is nothing more than a kind of overgrown wifi network. (Of course, Musk's meter cupboard is a joke. In reality, there are ground stations that listen to the signals from space with large antennas). By the way, this interactive map nicely shows how immense the Starlink network is, and it makes you also understand why the satellites have to be able to perform maneuvers to avoid collisions with their peers.

No matter how you look at it, we depend on those cables for the internet. A dozen of them come ashore in the Netherlands. Most of them connect us to England and from there to the US, a few to Scandinavia; one, with a stopover at the westernmost point of England, continues to the US. A single cable break will not immediately isolate us from the rest of the world, but it is always disruptive.

This blog started with a coincidence, and maybe another coincidence will follow. It is not unthinkable that the lieutenant commander also reads this blog and thinks: hey, opposite me sat a man typing away on his iPad. Could this be about me? And it would be even more coincidental if that officer is involved in the protection of our submarine cables.

 

And in the big bad world…

• In order to use the Internet, we also need to properly protect the electricity network.
• The exchange of personal data between Europe and the US is once again in jeopardy.
• Someone developed a weapon against AI bots that want to get  information from websites
• the hack at TU Eindhoven started with stolen login details. [DUTCH]
• AI can harm end -to -end encryption
• another brand of cars got hacked (via starlink , but that is something completely different from the Starlink in this blog). [DUTCH]
• of course you can also hack a charging station. [DUTCH]
• Cybersecurity is taking a beating under Trump.

 

The invisible king

Image from Pixabay

His Majesty the King has been pleased to honor us with a visit. Although I myself had a meeting at the office yesterday, I didn’t see him. The traces of the royal visit were visible though: I was awaited by many security guards in the morning and in the afternoon there were almost no seats in the canteen because most chairs were still arranged in theater style. But most importantly, the theme of the visit was indeed digital security.

The king followed more or less the same program that all dignitaries are presented with: the printing line, the data center and the Security Operations Center (SOC). Because, well, those are the only tangible things we can show - the rest consists of knowledge and offices. I wasn’t there myself, but luckily some tv shows were present so we can watch some footage of the visit.

Our printing line is quite impressive (the enthusiastic team manager has also shown me around once). Large rolls of blank paper are printed with all kinds of documents. At the back of the meter-long machine, they come out of the printer as individual letters, to then be pushed into blue envelopes at dizzying speed in the envelope inserter. Mainly because of that speed, it is important that the equipment monitors the smooth running of things. The letters are weighed – not to determine how many stamps should be on them, but to check whether there is accidentally one sheet too many or too few in an envelope somewhere. Each letter has an optically readable code, so the letter itself knows how many sheets of paper long it is.

The data center is another place that you as a normal mortal cannot enter. You only enter if you have business there. The king was on a working visit and was therefore allowed in (at least, that is what I assume – I have not seen any images of it). Hopefully they kept royal earplugs available, because if they really did enter the corridors where hundreds of servers are blowing, then they certainly came in handy. It is well outside my area of expertise, but this form of safelty is also important. And for the rest, as I said, it is mainly a matter of keeping out everyone who has no business being there. We have various physical security measures for that.

On the other hand, there are the logical security measures, which ensure that employees can only do the things they are authorized to do, that potential intruders are kept out and that attackers who want to make our lives miserable are disappointed. But these measures are not visible, so why did the king visit the SOC anyway? Well, the SOC is not a normal space. The workstations are arranged in battle order, each with no fewer than four screens. A large video wall draws everybody’s attention and SOC employees notice immediately if a value goes into the red somewhere. There really is something to see at the SOC, even if you hardly understand what you are seeing.

When the king goes somewhere, he is surrounded by visible and invisible security measures. We also have to deal with this in information security. The security of the print line and the data center comprises, just like the space of the SOC, visible components. But in addition to that, we have many more things and especially people who ensure that not only our information security, but also our continuity and privacy are guaranteed. There is little to see in such a system, even for a layman of royal blood, and those many colleagues who deal with these matters on a daily basis – well, they are also just ordinary, hardly worth seeing people. And that is why the king did not join our team for tea.

Therefore, here is a generous shout-out to all those colleagues who, when managing their system or creating their application, are not only concerned with the actual functionality, but also take into account all the security requirements that are set (I know how difficult that can be). And also to all colleagues who realize in their daily work that adequate security is a matter for all of us. And, last but not least, to the colleagues in my own team, who do their best every day to make the rest of the organization color within the lines. All that work is invisible, no king comes to look at it. But that doesn’t make it any less important.

 

And in the big bad world…

• the press reported on the royal visit. [DUTCH]
• the Dutch General Audit Office delivered a harsh judgment on cloud use by the central government. [DUTCH]
• the United Nations Security Council met to discuss spyware.
• The UK government is considering a ban on ransomware payments across the public sector.
• Chinese companies have been charged with sending user data to China.
• President Biden gave cybersecurity a last-minute boost.
• The FBI cleverly exploits a self-destruct function in certain malware.
• From a legal perspective, you don't have to worry that your company data in the cloud will end up in the US anyway. [DUTCH]