April 15, 2024

The Dutch work to promote cooperation in Europe to keep the Internet safe

Dutch ISPs face a Distributed denial of service (DDoS) attack can be protected using nawasthe centralized anti-DDoS service of the National Organization for the Management of Internet Providers (NBIP). NaWas, or the dutch national Depuration Centerhas It has been operational in the Netherlands since 2014, and currently has 130 members.

Frank dupkerEuropean network administrator nawas at NBIP, has managed to take the service abroad in recent years. “Our vision is to protect all of Europe’s external borders in the next five years,” she said. “That’s ambitious but achievable.” To do this, the organization seeks to have a point of presence (Pop) in all major European Internet centers. “Actually we have pops in Amsterdam and Copenhagen, and we are working on one in London, which we hope can be operational in 2025,” Dupker added.

The NBIP is unique in that it provides a means for Dutch ISPs to work together on issues they all face, without having to share sensitive data as they remain competitors. The organization was created in 2001 as an implementing organization to carry out legal interception under the (then new) Telecommunications Law. At that time, the cost of faucet equipment was high and the use for most Individual ISPs It was rare, so It made more sense to join forces. to share the cost of the equipment equally.

Participation is voluntary for organizations. that They want to get rid of these obligations. Someone with an AS number you can participate, however, current The participants are mainly ISP, hosting., cloudand VoIP providers, telecommunications operators and operators, but there is a growing interest from government and businesses. Like click loading, DDoS attacks are also a common challenge for the Internet and hosting. and cloud providers. Purchase of equipment and gain experience Repelling such attacks requires heavy investments, which is why cooperation was one more time searched in this area in 2014. “This community and cooperation is characteristicstick of The Netherlands,Dupker said.

Today, NBIP has become the center of experience in DDoS mitigation, lawful interception and threat intelligence analysis for internet, hosting and cloud providers in the Netherlands and Europe.

“European legislation in the field of legal interception – eEvidence – is to come whereby the judiciary of other countries will be able to make requests for legal assistance to ISPs across borders more quickly,” he said. “Currently, this still goes through governments, who have to submit applications, which takes an enormous amount of time.”

NBIP participates in a group of experts from the European Commission to create an online platform (as provided in the eEvidence regulation) that works in all EU countries to provide guarantees and exchange information securely. “We are involved internationally to discuss what that platform should be like.”

Clean network platform

Also in the area of ​​abuse, ISPs must increasingly be able to demonstrate that they are doing everything possible to detect security vulnerabilities or illegal or abusive content. It is possible to subscribe to various feeds that share information about abuse. “But then, as an ISP, you still have to find out for yourself whether this information is relevant to you; If something like this is happening on your networks, it is necessary to act. to the,” saying dupker. To serve participating ISPs in this area, NBIP developed the Clean Network Platform with co-fDutch government supportin which information is collected from various feeds and tailored to the individual situation of participants.

“We also provide action perspectives so that ISPs can take immediate action to mitigate unwanted content”he said and added that There are also plans for a certificate so that customers can check hego hostcoworker has his affairs in order all these areas. “Good now, Participants must sign a code of conduct committing, among other things, to show that “They receive notifications about abuse and will act on these notifications if necessary.”

“Participants who sign the code of conduct receive a certificate that lets customers knowis The hosting provider acts proactively to detect, remove and prevent abuses and is making the necessary investments to do so. This creates a level playing field where it is clear which providers proactively fight abuse and which do not. Clients can do informed security decisions based on this information.”

The question remains how quickly these services will reach Europe. nawas It is currently available in 10 countries outside the Netherlands (Belgium, Germany, United Kingdom, Austria, Switzerland, Italy, Denmark, Norway, Sweden and Finland). The clean network platform It is also Destined to be deployed in others European countries, however, that will take sometimes. The NBIP does not lack ambition, butis mainly due to find ways to cooperate and cultivate an understanding of the multi-stakeholder approach.

“In the United Kingdom, nawas It has been adopted very well,” Dupker said. “We work together with Medium-sized local ISPs and various Internet exchanges, such as the London Internet Exchange (LINX). We have gained importance abroad, mainly because commercial alternatives are much more expensive. Us can offer powerful services in lower costsby and for the community, because more and more ISPs have joined us throughout Europe. Our mission is to better protect ISPs in Europe against “Larger and more complex DDoS attacks using the latest technology and connections to all major networks.”

The NBIP is currently studying the possibility of establishing a Pop in the United Kingdom. “In the UK there is also sensitivity about data leaving the country,” she said. “At the moment, some (insignificant) traffic still passes through the Channel to AMS-IX, but it is becoming an increasingly thorny issue. Therefore, we are now in the process of trying to secure funding to formulate a business case for establishing a local purge. center.” Desire and ambition is deploy nawas throughout Europe in the coming years. “It takes a lot of time and money, but that doesn’t stop us,” Dupker said. “We are constantly growing and working towards our vision of making the Internet in Europe more secure.”

european cooperation

When asked if there should be a European version of the NBIP, dupker said It might be desirable, but then all kinds of political interests would come into play.

“Perhaps it is better that we take the initiative as a Dutch organization, as community and cooperation are very much in our cultural DNA,” he said. “It may be a myth, but as the Netherlands, we have always depended on working together to stop the water from coming. We are used to trusting each other quickly and solving problems together, knowing that we depend on each other.

“Also, we are not a country with a strong hierarchy where things are imposed from above,” Dupker said. “In contrast, our government places a lot of emphasis on public-private partnerships. This leaves a lot of room for initiatives such as nawas, while in other countries, governments may be prone to having these types of issues weigh on themselves. “I am very proud that we are so unique in this sense in the Netherlands.”

independent collective

NBIP works a lot for and with government agencies such as the prosecutor’s office, the police or the National Cyber ​​Security Center, but does not want to depend on government funding or control. This does not rule out applying for and receiving grants to carry out research and development. For example, the organization was recently awarded a grant as part of the European IPCEI-CIS program, which aims to build a European cloud infrastructure.

“It is our independence that makes us strong and agile,” he said Dupker, who We had previously looked for similar organizations in Europe, but went up with empty hands.

“There are commercial organizations and national cybersecurity organizations funded by the government. centers,” he added. “But what sets NBIP apart from these organizations is the combination of cooperation and actual implementation. of services.

“With all due respect, many organizations do a good job talking, planning and ensure that all stakeholders participate, but ultimately depend on others to have results. We are proud of taking actionoffering real services, and participating in public-private initiatives.

Leave a Reply

Your email address will not be published. Required fields are marked *