The way in which the government responded to the DigiNotar incident, had ‘weak points’. That sets the National Co lwa coordinator for Counterterrorism, Erik Akerboom. According to the terrorismebestrijder is the ssl-system in addition to ‘weak’.
Terrorismebestrijder Erik Akerboom gave at the symposium of government ict-security guard Govcert.nl that the response of the government on the issues that the hacked ssl-authority DigiNotar were caused, was not perfect. “There is, within a couple of hours to respond to the incident, but it is also about what happened after that,” says Akerboom at the symposium, where Tweakers.net present.
“We were able to within a few days all the certificates to find? And we had enough specialists? That’s were the problems lie,” said the terrorismejager. A large part of the government relied on certificates of DigiNotar, but it took a long time before all the affected certificates were replaced. “It was difficult to get all the certificates to find. Therefore, it is important to have your own systems to know and not all of your expertise to outsource,” says Akerboom. In the Netherlands, it was an update for Windows, that the DigiNotar certificates used, even a week postponed to avoid problems; it was not possible for all the certificates in time to be replaced.
The coordinator for counter-terrorism says that 100 percent security is not possible, but that there is an ‘adequate response’ to threats. According to Akerboom is the ssl-system in themselves ‘weak’. The system relies on certificate authorities for all domains certificates may issue, while the process of revoking certificates is complicated and browser-updates relies. If a certificate authority is hacked and fraudulent certificates issuing, as with DigiNotar happened, is wrong.
Akerboom, who from the beginning of next year, part of the national Cyber Security Council, says that the most important ict-threats and espionage, cybercrime and “hacktivism”. That last phenomenon is fueled by loose connections as Anonymous, which, for activist reasons, say to hack.
The now bankrupt declared DigiNotar was in trouble after an Iranian hacker fake ssl certificates had been made. When it later turned out that the certificates of the Dutch government is no longer to be trusted, the government decided to trust in DigiNotar and other certificate authority to choose.