In 2018, the CCB, together with the stakeholders involved, carried out a number of projects.
A Cyber Security Reference Guide for Businesses
In order to better arm companies and organisations against cyber-attacks, we published an online reference guide in January 2018.
Criminals who are looking for financial gain or who want to inflict damage on businesses are increasingly active online. At the same time, companies are increasingly dependent on ICT and online sales, making them vulnerable to cybercrime.
For some companies and organisations, the step towards a full cyber security policy seems insurmountable.
With the Cyber Security Reference Guide, we want to help companies gain insight into the dangers and provide targeted solutions. More than 150 security measures are listed in a 'Basic' part, which every company should apply, and an 'Advanced' part, where the tips depend on the sensitivity of the industry you work inMiguel De Bruycker, Director of the Centre for Cyber Security Belgium
This reference guide will help you get started. The guide was developed by the Centre for Cyber Security Belgium in collaboration with the FPS Economy and the Cyber Security Coalition Belgium and is available on the CCB website.
Belgian Cyber Security Challenge 2018
The fourth Belgian Cyber Security Challenge took place in March 2018. A record number of 511 students in 198 teams participated in the preparatory rounds of the Challenge. 146 participants were able to make it through to the two-day, nerve-racking elimination round.
For the students, this was an opportunity to find a job or an internship. The winners of the CSCBE were offered a trip to and access to DEF CON, one of the largest hacker conferences held annually in Las Vegas. In addition, as winners of the BCSC 2018, they were selected to represent Belgium at the European Cyber Security Challenge.
The Belgian NIS Act
In 2018, the CCB worked hard to transpose the European NIS Directive into Belgian law, for the security of network and information systems of general interest for public security.
Thanks to the efforts made in 2018, this new Act was adopted at the beginning of 2019.
This new Act, also known as the 'NIS Act', provides for the identification of the essential services in our country and the providers that depend on NIS, and ensures that these providers take adequate security measures. In addition, the Act stipulates that these providers of essential services must report significant incidents, such as cyber-attacks, to the national cybersecurity authorities.
Providers of essential services
The NIS Act is intended for providers who deliver essential services in six industries: energy, transport, finance, healthcare, drinking water and digital infrastructure. Providers of digital services such as online marketplaces, online search engines or cloud computing services are also covered by the Act.
Within the first six months after the entry into force of this law, the sectoral authorities will contact a first set of operators concerned and, following a dialogue, officially designate them as providers of essential services. The sectoral authorities will inform them of their obligations and the deadlines set.
A large part of the entities that provide essential services in our country are increasingly dependent on network and information systems (NIS). Therefore, any disruption or degradation of NIS could also cause significant disruption to these essential services and thus to the normal functioning of the country.
The NIS Act aims to ensure that providers of such essential services take technical and organisational security measures to prevent incidents or limit their impact, thus ensuring the safety and continuity of life of Belgian citizens and businesses.
Providers of essential services that fall victim to a cyber-attack must report this to a central body. A digital platform will be set up for this purpose. Reporting incidents will allow us to better work together and identify threats.
Baseline Information Security Guidelines
The Baseline Security Guidelines (BSG) provide minimal guidelines for the implementation or evaluation of an information security plan, thus providing assistance to data controllers as well as to security advisors, data managers and IT managers.
These BSG were developed by the Centre for Cybersecurity Belgium in consultation with experts from various FPSs and external consultants and take into account existing standards such as ISO 27001 and ISO 27002.
Cyber Security Convention Belgium (BCSC)
Together with a number of private partners, the CCB organised the Belgian Cyber Security Convention (BCSC) in October 2018, which encouraged companies to invest in the protection of their data by bringing together the entire field of IT specialists in a unique and focused one-day event.
This excellent conference was organized by Brewery Of Ideas, in a co-creation with the following premium partners: the Federal Centre for Cyber Security Belgium, the Belgian Cyber Coalition, AGORIA, LSEC, KUL and Solvay Business School (ULB).
For visiting companies, this was a unique opportunity to get in touch and stay up to date with the latest IT developments. BCSC was aimed at the following audience: CEOs, COOs, Strategists, CTOs, CIOs, IT consultants, Data Security Experts and anyone else involved in avoiding cybercrime.
Websites in German: Cyber-Sicherheit!
In 2018, we stepped up our commitment to German-speaking Belgians.
We took the Federal Truck to Eupen during the national awareness-raising campaign to educate German-speaking Belgians about the importance of cyber security. Through cooperation with the local police, we circulated the campaign material, which was of course available in German, among as many people as possible.
National Awareness Campaign 2018
As part of the annual European Cyber Security Month in October, the CCB conducts a national cyber security awareness campaign. October 2018 was the fourth campaign and we wanted to encourage internet users to make regular backups and updates.
An overview of our previous campaigns can be found here. In 2015 we urged the Belgian population to use secure passwords, in 2016 we organised a campaign on computer viruses, and in 2017 on phishing.
During the October campaign, we wanted to draw attention to the topic via radio commercials and videos on social media. We launched a campaign website where we offer not only information but also a digital health index. We also literally took our message to our citizens: we organised an event in 5 major train stations and we drove the Federal Truck across the country in 10 days.
Security certification of information and communication systems
In 2018, the CCB took the first steps towards certifying the security of information and communication systems by becoming an official member of the Senior Officials Group Information Systems Security (SOG-IS). SOG-IS is a European network whose members recognise each other's Information Technology Security Evaluation certificates on the basis of shared criteria.
Digital technologies provide new opportunities for citizens to connect with each other, make it easier to disseminate information and form the backbone of the European economy. However, they have also created new risks as non-state actors increasingly seek to steal data, commit fraud or even destabilise governments.
In order to equip Europe with the right tools to deal with cyber-attacks, the European authorities are working on a new directive or 'Cyber Security Act'. This soon-to-be directive proposes a new European certification framework to ensure that ICT products, services and processes can be trusted in the EU's internal market.
The CCB is actively involved in getting the Cyber Security Act operational.
European Cyber Security Challenge: the Red Demons in London
In 2018, the Centre for Cyber Security Belgium sent the first Belgian delegation to the European Cyber Security Challenge (ECSC), which took place in London in October 2018. The team representing Belgium, known as the Red Demons, consisted of the winning team of the Cyber Security Challenge Belgium, complemented by the top 5 participating students under the age of 21, meaning we could send 10 participants to LondonDemons.
The European Cyber Security Challenge is a competition for young cyber security talent. 18 European countries compete against each other in various trials and challenges. The ECSC participants have to show strong technical and soft skills to win the competition. Teamwork and good verbal qualities are also essential in solving complex and diverse cybersecurity challenges.
ECSC is an initiative of several European countries, supported and facilitated by ENISA, which aims to attract cybersecurity talent from throughout Europe and bring actors from the cybersecurity industry into contact with high-potential young talents.
The Red Demons finished in an impressive 8th place...
More information: https://www.europeancybersecuritychallenge.eu/