DG Groep participated in Hâck The Hague in 2019 with their application GISIB online. With this application, all assets, or capital goods of the government are registered, inspected and managed. Think of roads, lampposts, but also things like grass, forest, banks and reeds. A municipality strives to deliver the highest possible quality product to its citizens and GISIB online helps them with this. We speak with Frank Jan Uittenbogaart about the importance of digital security and the benefits that participating in Hâck The Hague entails.
Read article in Dutch
Frank Jan: “Information security is a hot topic, and rightly so. We are all dealing with spam and spoofing these days, and receive weird emails from banks that turn out not to be banks. Our own system, GISIB online, contains a large amount of data that must be protected against unauthorized use, even though 80-90% of that data is simply publicly available. We must prevent this data from being manipulated and thus misused, for example, when concluding large government contracts. About 10% of the data in our system is confidential, especially results of assets quality measurements. As an IT supplier you have to realize that without adequate information security we will be heading nowhere with our ICT in 20 years. If important systems become unreliable because they are regularly unavailable or don’t function the way they are supposed, it is no longer useful to us. Hâck The Hague is a unique event in the Netherlands with a large educational aspect. It has helped us to raise awareness about digital security within our company.”
Screenshot DG Groep platform
“Our first participation in Hâck The Hague in 2019 was quite exciting, after all, you're willingly having your own software scrutinised. We had of course protected our system to the best of our knowledge, but you have no idea if that is enough when more than 100 ethical hackers are sent your way. Since we are not experts in securing data ourselves, we called in external help in preparation, who went through everything once again in advance. A number of things came to light during Hâck The Hague, with one of them being security headers on the website that were not completely secure, allowing information to leak. This was fairly easy to solve and it actually happened on the spot. Another found vulnerability was in the software itself and was immediately passed on to the development team, which quickly released a patch that solved the problem. A nice dialogue started with the hacker who brought the problem to light and he checked the delivered patch on his own initiative to see whether this solution was indeed sufficient.”
“Hâck The Hague is a professional event, you notice that during the preparations, but also on the day itself when you look at the set-up of the event, the ins and outs in the control room and, for example, the fact that a representative of the National Cyber Security Center is also present. The security officer of the Municipality of The Hague came on air three months after the event to see what had happened to the hacks that were found. All in all a very educational experience, which had so many positive effects in store for us. Shortly after our participation in Hâck The Hague in 2019, we participated in another event during which one of the requirements was that we were ISO 27001/2 certified. At that time, we were ecstatic that we had already started the data security process with our participation in Hâck The Hague. Hâck The Hague was sort of a prelude - now there are standard periodic checks of our own business operations and the quality of our software development, and data security has become an integral part of our business processes.”
Screenshot DG Groep platform
“I can therefore wholeheartedly recommend all suppliers of the Municipality of The Hague to participate in Hâck The Hague. This world is a bit of a rat race: as an IT supplier we close the gaps and while we do that others find new loopholes. By collaborating with ethical hackers, we always take each other to a higher level. They help us as a supplier to investigate the depths of the domain and thus uncover possible vulnerabilities before malicious parties do this. Do you have no knowledge of the domain of data security? Then call in a specialist for good advice, but don't let that deter you from participating in the event, because that is simply very valuable.”