With digital threats on the rise and our resilience lagging, over 120 organizations participated in the cyber exercise ISIDOOR 2023, aiming to simulate cyber scenarios and draw valuable lessons. More than 3000 individuals from diverse sectors, including water, telecom, energy, finance, and transport, engaged in the exercise, emphasizing the importance of coordinated cybersecurity efforts.
Key Insights:
- Increasing Cyber Threats: The exercise highlighted the escalating impact of cyberattacks on systems, organizations, and society, emphasizing the need for improved cybersecurity measures.
- National Cyber Security Center’s Role: Participants acknowledged the National Cyber Security Center (NCSC) as a crucial source for validated information during cyber crises.
- Lessons Learned: ISIDOOR contributed to broad awareness, dispelling the notion that the cyber crisis is remote for many sectors. The exercise underscored the swift physical repercussions a cyber crisis can unleash.
- Sector Collaboration: The exercise facilitated cross-sector collaboration, enabling participants to familiarize themselves with each other’s crisis response strategies for effective real-time coordination.
- Challenges and Opportunities: Participants recognized challenges in understanding the national escalation structure, roles, and responsibilities. Awareness of the Digital National Crisis Plan varied among participants.
The simulated scenario revolved around a fictional software supplier, Sysmetrics, facing a cyber intrusion, leading to disruptions in services across participating organizations. The exercise culminated in activating the national crisis structure to address the evolving cyber threat.
Next Steps: Upon completion of the evaluation, the findings will be presented to the Parliament, offering insights for potential updates to the Digital National Crisis Plan. The lessons from ISIDOOR will contribute to enhancing the nation’s digital resilience against cyber threats.
Looking Ahead: ISIDOOR serves as one of the measures for organizations in the Netherlands to prepare for cyber crises. Cybersecurity should be a top priority, given the increasing risks and potential societal disruptions. European regulations (NIS2) will compel many organizations to prioritize cybersecurity or face legal consequences. ISIDOOR’s lessons emphasize the urgency for all organizations to fortify their cybersecurity now.