Background
The Centre for Cybersecurity Belgium (CCB) is the national authority for cybersecurity in Belgium. The CCB supervises, coordinates, and monitors the application of the Belgian cybersecurity strategy. The CCB’s mission is to ensure coordination and information exchange so that Belgian companies, the government, providers of essential services, and the population can protect themselves appropriately.
The CCB also plays a key role in the realization of Belgium’s Cybersecurity Strategy 2.0, which was approved by the country’s National Security Council in 2021. It is a framework for the country’s cross-cutting approach to cyber threats and opportunities. Its intention is to make Belgium one of the least vulnerable countries in Europe. The CCB plays a key role in helping Belgium achieve this objective.
Specifically, the CCB needed:
- An objective, independent measurement of threats, vulnerabilities, and attacks on information systems in Belgium’s vital sectors (including critical infrastructure and government systems).
- The ability to measure the impact of the CCB’s efforts to remediate and mitigate these threats.
- Benchmarking capabilities to compare Belgium’s security performance to other EU countries and entities.
“Bitsight delivers factual, near real-time data and insights into Belgium’s security performance that we simply didn’t have before” said De Bruycker.
Bitsight is a critical partner to helping the CCB achieve this vision.
Before Bitsight, we lacked visibility into Belgium’s cybersecurity posture – both at a national level and compared with other countries in the European Union (EU).
The CCB uses Bitsight as one of their strategic tools to measure the country’s security posture against an objective, independent, externally validated standard.
With Bitsight, the CCB:
- Evaluates the security maturity of government organizations and public institutions using Bitsight Security Ratings. For example, more mature entities are less likely to have a breach or ransomware risk. Companies with lower Bitsight ratings are proven to correlate with breach and ransomware risk.
- Discovers vulnerabilities and threats, including malware infections, in the information and communication systems of critical infrastructure sectors.
- Keeps a constant eye on emerging threats through integrated views of portfolio organizations and near-real-time alerts.
- Shares findings and best practices with impacted organizations for rapid remediation.
- Communicates Belgium's cybersecurity reality in an easy-to-digest manner to the country's prime minister and parliament.
- Makes meaningful policy decisions based on data-driven measurement.
- Benchmarks security performance against other EU countries.
Explained De Bruycker: “One of the reasons the CCB has been given a national remit is because Bitsight helps us better understand how we’re doing in the battle against cyber threats, independently verifies results, and presents them in easily understandable metrics.”
We receive weekly questions from the prime minister about how Belgium is doing and where we need to improve. With Bitsight we can easily and clearly communicate the country’s cybersecurity reality – in terms that non-technical leaders can understand.
Achieve a more coordinated, shared approach to national cybersecurity and emerging threats
The CCB uses Bitsight to monitor the cyber health of 144 organizations, with plans to nearly quadruple that number in the future and to drive insights about emerging threats and vulnerabilities. When an issue is detected, the CCB initiates its "Spear Warning'' procedure – a warning sent to impacted organizations about an infection or vulnerability to facilitate rapid remediation.
For example, during the COVID-19 pandemic, the CCB received an automatic alert about a hospital with a low Bitsight security rating. CCB analysts shared Bitsight’s findings with the hospital’s security team and quickly explained the most pressing issues. Using this information, the hospital's executive management prioritized investments and resources for maximum impact. Soon after, the CCB observed that the hospital’s security rating had improved by more than 150 points.
Bitsight also helped the CCB detect 2,500 open Remote Desktop Protocol (RDP) open access points. RDP is often exploited by attackers, most notably through the BlueKeep vulnerability. The CCB alerted Internet service providers to its findings. An alert to a single provider resulted in 74 percent of the leaks being closed.
“Bitsight helps us see where opportunities to improve the country’s cyber health exist, build trust with the communities we serve, and support quick cybersecurity wins,” said De Bruycker.
Clearly communicate the country’s cyber reality to country leaders with easy-to-understand metrics
The CCB’s cybersecurity performance is closely monitored by top government officials. Bitsight provides easily consumable metrics that makes it easier for De Bruycker to show progressive success.
“We receive questions from the prime minister and brief parliament about Belgium’s security posture. Using Bitsight Security Ratings we can easily and clearly communicate the country’s cybersecurity reality and benchmark performance versus other EU countries – in terms that non-technical leaders can understand,” said De Bruycker. “The prime minister and parliament can also see how Belgium’s security ratings have improved over time, placing Belgium among Europe’s top cybersecurity performers.”
Continually improve critical infrastructure cybersecurity
As part of its ongoing relationship with Bitsight, the CCB is working with a Bitsight Critical National Infrastructure (CNI) Advisor to continue accelerating Belgium’s national cybersecurity strategy. The dedicated advisor supports the CCB’s goal of expanding security monitoring capabilities to hundreds more organizations, increasing access to the Bitsight solution across vital sectors, and educating users how to use Bitsight to continuously improve their security programs.