‘Universities and government should take the lead in the fight against cybercrime’
From ransomware to Citrix traffic jams: over the past few months Dutch organisations were regularly brought to a standstill by serious cyber attacks. We can only face these threats by standing as one, and universities and government should take the lead. These are the words of Leiden professors Bibi van den Berg and Aske Plaat at the Dies Natalis of Leiden University on 7 February.
The Dutch language recently acquired a new word: Citrixfile or Citrix traffic jam. When a major leak was discovered in Citrix’s popular remote access software in mid-January, the employees of numerous Dutch companies and institutions had to swap the kitchen table for the office. The result: chock-a-block roads and public transport as everyone made their way to work. Not to mention a new word.
Cyberspace as critical infrastructure
The Citrix traffic jam and similar incidents have made it clear how vulnerable digital systems are, said Leiden professors Bibi van den Berg (Cybersecurity Governance) and Aske Plaat (Artificial Intelligence). In their joint lecture at the Dies Natalis of Leiden University, they showed that the internet has become a ‘critical infrastructure’. With hospitals, airports and waterworks increasingly reliant on digital technology, they are also more vulnerable to system problems and cybercrime. This can seriously disrupt public life. In the worst-case scenario it even endangers human lives – witness June 2019 when 112, the emergency number in the Netherlands, went down throughout the country.
We will only be able to face these threats if we all work together, said the two professors. This means citizens, companies and government. Citizens can be seen as the pedestrians of the internet, said Van den Berg. ‘Just as we expect pedestrians to know the rules of the road [...] we can equally expect end-users to have a basic set of skills to ensure that they use networked technologies safety.’ Universities can take a leading role in increasing people’s digital resilience. The universities and medical centres in Leiden, Delft and Rotterdam recently announced, for instance, that they were giving a major boost to their joint teaching and research into artificial intelligence.
Government should take the lead
But we can’t leave our cybersecurity to citizens and businesses alone, said Van den Berg and Plaat, because it is obvious that citizens will also take to the internet even if they aren’t sufficiently au fait with the ‘rules of the road’, and this can spell danger. Nor can we rely on the tech giants because strict regulations threaten their income model. Their bread and butter is the data that we generate the minute we venture on to Instagram, Facebook or Snapchat. This leaves one party that can take the lead with this complex dossier: the government.
‘Now the internet has in effect become a basic need, citizens and consumers have to be able to assume it is safe,’ said Van den Berg. ‘Compare it with food safety. When I go to the supermarket in the Netherlands, I should be able to assume that the food [...] is safe and won’t make me ill. The government plays a key role in this by making rules, ensuring they are adhered to and exercising control.’ It is like a food safety authority for the worldwide web.
When it comes to cybersecurity and privacy, the European Union in particular has made excellent progress in recent years said the professors. A shining example is the European General Data Protection Act (GDPR), which is helping make cyberspace safer for consumers and citizens. The new act has made itself felt way beyond the borders of the EU. Van den Berg: ‘Once companies such as Google, Microsoft and Facebook had adapted to the demands of the GDPR, this also applied to consumers in other parts of the world. Facebook won’t be offering two platforms, after all: one for Europe and one for the rest of the world.’ European legislation has thus reached the entire world.
Broad universities at an advantage
Cybersecurity is being studied within different disciplines at Leiden University. This is because it is much more than a technical issue alone. Good knowledge of computer science is essential of course, but so too is an insight into societal, legal, organisational and ethical aspects, said Plaat. ‘It is only if we look at the problem from a multidisciplinary perspective that we will be able to fully understand it.’
What the professors are implying is that cybersecurity is best studied at a broad university such as Leiden. A multidisciplinary approach is central to the Executive Master’s in Cyber Security, for instance. Not only two Leiden faculties but also Delft University of Technology and The Hague University of Applied Sciences are all working together on this programme. Plaat: ‘And research is being conducted in various parts of our university into propaganda in cyberspace. The journalism students from Nieuwscheckers fact-check statements made in the news and on social media.’