SURF Security and Privacy Award 2022 for National Cyber Security Centre

The National Cyber Security Centre (NCSC) is the winner of the SURF Security and Privacy Award 2022. The NCSC receives the award for the way in which it organised the information around the serious Log4j vulnerability, which came to light in late 2021. The chosen approach stimulated low-threshold and international cooperation.
Cheque Security- en privacy-award 2022
"The speed with which the list of vulnerable applications was published in Github has helped our members - education and research - and many other organisations worldwide to take the right measures in time."
Wim Biemolt, chairman SURFcert.

This year's award consists of a security hackathon that the University of Twente and SURF will be organising especially for the NCSC, plus all the new knowledge and insights about the international threat landscape that will result from it. The award was presented to the NCSC during the annual SURF Security and Privacy Conference organised by SURFcert, SCIPR and SCIRT.

GitHub platform with up-to-date information on vulnerable applications

The NCSC launched a platform on GitHub to support organisations worldwide in taking action in response to the published Log4J vulnerability. This publicly accessible platform contained an overview of vulnerable applications, scanning and mitigation tools and Indicators of Compromise (IoCs - technical attack characteristics of an incident). The NCSC then called on national and international partners, organisations and companies to share additional information on this platform. This was done en masse. This led to one of the most complete overviews of vulnerable applications. The NCSC received international praise for this approach.

Hackathon: new knowledge and insights into international threat landscape

This year's award consists of a hackathon that will generate new knowledge and insights about the international threat landscape. During the hackathon, participants research the security and resilience of critical infrastructures and use visualisations to provide creative insights. The results and insights from the hackathon will be made available to the NCSC after the event.

The University of Twente and SURF will develop and organise the hackathon, with the University of Twente making scientific data available from OpenINTEL - the largest DNS measurement in the world. NCSC staff, researchers, scientists and students are welcome to participate in this event, which will take place at the University of Twente in the autumn.

About the SURF Security and Privacy Award

The SURF Security and Privacy Award is presented annually to an organisation, person, initiative, or idea that contributes to an internet that is as open, accessible, privacy-friendly, and reliable as possible. An Internet where researchers, students, and staff can do their work in complete safety.