Askhat - stock.adobe.com

Dutch working to promote cooperation in Europe to keep internet safe

A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks

Dutch ISPs facing a distributed denial-of-service (DDoS) attack can protect themselves by using NaWas, the centralised anti-DDoS service of the National Internet Providers Management Organisation (NBIP). NaWas, or the Dutch National Scrubbing Center, has been operational in the Netherlands since 2014, and currently has 130 members.   

Frank Dupker, European network manager for NaWas at NBIP, has managed to take the service abroad in recent years. “Our vision is to protect all of Europe’s external borders within the next five years,” he said. “That is ambitious but achievable.” To that end, the organisation seeks to have a point of presence (PoP) in every major European internet hub. “Currently, we have PoPs in Amsterdam and Copenhagen, and are working on one in London, which we hope can be operational by 2025,” added Dupker. 

The NBIP is unique in the sense that it provides a means for Dutch ISPs to work together on topics they all face, without having to share sensitive data – as they are still competitors. The organisation was set up in 2001 as an implementing organisation to carry out lawful interception under the (then new) Telecommunications Act. At the time, the cost of tap equipment was high, and the use by most individual ISPs was infrequent, so it made more sense to join forces to share the cost of the equipment equally.

Participation is voluntary for organisations that want to take these obligations off their hands. Anyone with an AS number can participate, however, current participants are mainly ISPs, hosting, cloud, and VoIP providers, telecom operators, and carriers, but there is an increasing interest from government and enterprise. Like the tap load, DDoS attacks are also a common challenge for internet, hosting and cloud providers. Purchasing equipment and acquiring the expertise to repel such attacks requires hefty investments, which is why cooperation was once again sought in this area in 2014. “This collectivity and cooperation is characteristic of the Netherlands,” said Dupker.

Today, NBIP has become the centre of expertise for DDoS mitigation, Lawful Interception and Threat Intelligence analysis for internet, hosting and cloud providers in the Netherlands and Europe.

“European legislation in the field of lawful interception – eEvidence – is forthcoming whereby the judiciary from other countries will be able to make legal assistance requests to ISPs across borders faster,” he said. “Currently, that still goes through governments who have to make requests, which takes a huge amount of time.”

NBIP is participating in a European Commission expert group to set up an online platform (as mandated in the eEvidence regulation) that works across all countries in the EU to securely deliver warrants and exchange information. “We are involved internationally to discuss what that platform should look like.”

Clean network platform 

In the area of abuse, too, ISPs must be increasingly able to demonstrate they are doing everything possible to detect security vulnerabilities or illegal or abusive content. It is possible to subscribe to various feeds sharing information on abuse. “But then, as an ISP, you still have to find out for yourself whether this information is relevant to you; whether something like this is happening on your networks that you need to act upon,” said Dupker. To serve participating ISPs in this area, NBIP developed the Clean Network Platform with co-funding from the Dutch government, on which information is collected from various feeds and tailored to the individual situation of participants. 

“We also provide action perspectives so that ISPs can take immediate action to mitigate unwanted content,” he said, adding that there are also plans for a certificate so that customers can check their hosting partner has its affairs in order in all of these areas. “Right now, participants have to sign a code of conduct pledging, among other things, to show that they receive notifications about abuse and will act upon these notifications if necessary.”

“Participants who sign the code of conduct receive a certificate that lets customers know this hosting provider is proactively acting to detect, remove and prevent abuse and is making the necessary investments to do so. In this way, a level playing field is created in which it is clear which providers proactively fight abuse and which do not. Customers can make informed security decisions based upon this information.” 

The question remains how quickly these services will find their way to Europe. NaWas is currently available in 10 countries outside of the Netherlands (Belgium, Germany, UK, Austria, Switzerland, Italy, Denmark, Norway, Sweden and Finland). The Clean Network Platform is also intended to be deployed in other European countries, however, that’ll take some time. NBIP does not lack ambition, but it’s mostly down to finding ways to cooperate, and cultivating an understanding of the multi-stakeholder approach.

“In the UK, NaWas has been picked up very well,” said Dupker. “We work together with local mid-sized ISPs and various Internet Exchanges, such as the London Internet Exchange (LINX). We have gained importance abroad, mainly because commercial alternatives are a lot more expensive. We can offer powerful services at lower costs, by and for the community, because more and more ISPs have joined us in the whole of Europe. Our mission is to better protect ISPs in Europe against greater and more complex DDoS attacks using the latest technology and connections with all large networks.”

The NBIP is currently looking into the possibility of establishing a PoP in the UK. “In the UK, too, there is sensitivity about data leaving the country,” he said. “At the moment, some – negligible – traffic still goes under the Channel to the AMS-IX, but that is becoming an increasingly thorny issue. Hence, we are now in the process of trying to get funding to formulate a business case to set up a local scrubbing centre.” The desire and ambition is to roll out NaWas throughout Europe in the coming years. “It requires a lot of time and money, but that doesn’t stop us,” said Dupker. “We are growing and working steadily towards our vision of making Europe’s internet more safe and secure.”

European cooperation 

Asked whether there should be a European version of the NBIP, Dupker said it might be desirable, but that all kinds of political interests would then come into play.

“Maybe it is just as well that we take the lead as a Dutch organisation, as collectivity and cooperation are very much in our cultural DNA,” he said. “It might be a bit of a myth, but as the Netherlands, we have always depended on working together to stop the water from coming. We are used to trusting each other quickly and solving problems together, knowing we are dependent on each other.

“Moreover, we are not a country with a strong hierarchy where things are imposed from the top,” said Dupker. “On the contrary, our government puts a very strong emphasis on public-private partnerships. That leaves a lot of room for initiatives like NaWas, where in other countries, governments may be prone to have these kinds of issues gravitated to themselves. I am quite proud that we are so unique in this respect in the Netherlands.”

Independent collective

NBIP does work a lot for and with government agencies such as the public prosecutor’s office, the police, or the National Cyber Security Center, but does not want to be dependent on government funding or control. This does not rule out applying for and receiving grants to carry out research and development. For example, recently, a grant was awarded to the organisation as part of the European IPCEI-CIS programme, which aims to build a European cloud infrastructure.  

“It is our independence that makes us strong and agile,” said Dupker, who previously sought similar organisations in Europe but came up empty-handed.

“There are commercial organisations and government-funded national cyber security centres,” he added. “But what distinguishes NBIP from these organisations is the combination of cooperation and actual implementation of services.

“With all due respect, many organisations do a lot of good work talking, planning and ensuring all stakeholders are involved, but they ultimately depend on others to get results. We pride ourselves on taking action, offering actual services, and participating in public-private initiatives.

Read more on Hackers and cybercrime prevention