Nicole S. van der Meulen is Assistant Professor in Internet Governance at VU University Amsterdam. She completed both her BA (University of Maryland, Baltimore County) and her MSc. (VU University Amsterdam) in Political Science. She finished her PhD on digital financial identity theft at the Faculty of Law of Tilburg University in 2010. Her present research focus is cyber security policy.
Cybersecurity, Europe and EU, Global trends and risks, Governance and rule of law, Security policy
In the middle of the night on September 2, 2011, the Dutch Minister of the Interior and Kingdom Relations held an emergency press conference. DigiNotar, a Certificate Authority (CA), had been electronically ‘broken into’ and as a result intruders had managed to generate falsified certificates. As a CA, DigiNotar issued digital certificates to secure digital communication, but as a result of the breach the authenticity of such certificates could no longer be verified. The Dutch government subsequently revoked its trust in all certificates issued by DigiNotar. This was the beginning of the first digital disaster in the Netherlands. As a pioneering disaster, this article focuses on the implications of DigiNotar as a vital case study for future scenarios of digital disaster management. The main focus of this article is on the underlying ‘weaknesses’ of the DigiNotar incident, which allowed the situation to evolve from a problem into a disaster. These include lack of oversight, lack of security attention and risk awareness and the absence of an effective mitigation strategy. By identifying and subsequently analyzing the underlying problems, this article aims to demonstrate how future situations can be better contained if sufficient attention is granted to these factors and subsequent changes are introduced.
van der Meulen, Nicole. “DigiNotar: Dissecting the First Dutch Digital Disaster.” Journal of Strategic Security 6, no. 2 (2013): 46-58.