In the middle of the night on September 2, 2011, the Dutch Minister of the Interior and Kingdom Relations held an emergency press conference. DigiNotar, a Certificate Authority (CA), had been electronically ‘broken into’ and as a result intruders had managed to generate falsified certificates. As a CA, DigiNotar issued digital certificates to secure digital communication, but as a result of the breach the authenticity of such certificates could no longer be verified. The Dutch government subsequently revoked its trust in all certificates issued by DigiNotar. This was the beginning of the first digital disaster in the Netherlands. As a pioneering disaster, this article focuses on the implications of DigiNotar as a vital case study for future scenarios of digital disaster management.
The main focus of this article is on the underlying ‘weaknesses’ of the DigiNotar incident, which allowed the situation to evolve from a problem into a disaster. These include lack of oversight, lack of security attention and risk awareness and the absence of an effective mitigation strategy. By identifying and subsequently analyzing the underlying problems, this article aims to demonstrate how future situations can be better contained if sufficient attention is granted to these factors and subsequent changes are introduced.
- DigiNotar: Dissecting the First Dutch Digital Disaster door Nicole van der Meulen in Journal of Strategic Security Volume 6 number 2 2013