We are witnessing an increase in organised cyberattacks, including DDoS attacks, phishing, and ransomware. The government is responsible for ensuring data security and preventing cybercriminals from accessing crucial information. To raise awareness and provide guidance on handling crisis situations, CIO-Rijk and the Centre for Information Security and Privacy Protection (CIP) developed a serious game called RNSM.
Aart Jochem provides valuable insights on the topic. As the central government’s Chief Information Security Officer (CISO), Jochem oversees Information Security and Privacy (IB&P) policies and frameworks aimed at mitigating risks. “What I find interesting about this field is the challenge of making the complexities of the cyber world more logical and straightforward. Once you understand it, you can take action. Our strategic business goals require us to make informed choices regarding vendors, Big Tech companies, and our geopolitical landscape”, he says.
How did the RNSM Serious Game come about?
Jochem explains, “The RNSM Serious Game is part of our efforts to enhance digital resilience. We have developed other knowledge products, such as the Basic Digital Resilience Training. For the game, we collaborated with CIO-Rijk, who provided insight into our dilemmas, and the CIP, who contributed their expertise to help us create a realistic, instructive, and engaging game.”
According to Jochem, this game is urgently needed: “An increasing number of professional hackers are disrupting organisations, individuals, and society at large, especially through ransomware attacks. There are numerous examples, and these hacking groups often remain elusive. Therefore, we must be well-prepared on all fronts. Not only from a technical standpoint but also within the organisation.”
Jochem emphasises employees’ crucial role in safeguarding data: “To raise awareness about the risks and to educate them on how to respond during a cyberattack, we developed the serious game in collaboration with the CIP.”
What can we expect from the serious game?
Jochem: “The serious game is designed to be so immersive that you experience it as if it were real life. You can feel the emotions alongside your fellow participants, heightening your awareness of the risks involved and providing insight into the potential impact and damage caused by an attack. The game emphasises the importance of thorough preparation, such as creating and regularly testing a crisis plan. It also addresses the steps necessary to recover from a ransomware attack. Additionally, participants get to know each other better through this shared experience. Insight comes through confrontation. The new RNSM game encapsulates all this; it is both realistic and educational.”
The game doesn’t stop there: “The dialogue after the game is the most important aspect. What issues have we resolved, and what still needs to be addressed? We should discuss dilemmas during the calm phase, when we have the time to organise our thoughts. We must not allow the intense moments to turn into chaos.”
What makes resilience and awareness such essential tools in the fight against cyberattacks?
Jochem stresses that technical solutions alone will not prevent cyber incidents. “We cannot address every vulnerability. Our processes must remain effective for all employees. This is why we invest significant effort in enhancing employee awareness and resilience. We achieve this through initiatives like the Basic Digital Resilience Training and the RNSM Serious Game. By encouraging our team to recognise and report potential threats early on, we can prevent many costly repairs down the line”.
What tips can you share in advance regarding digital resilience?
Jochem: “My 1st tip would be to stay well prepared and not to panic. Ensure a contingency plan is ready. Remember, we have enough knowledge and skills among ourselves and our knowledge partners.”
As a 2nd tip, Jochem emphasises the importance of staying within your area of expertise: “Developments occur at lightning speed. Invest in training for employees, managers, and professionals.” Additionally, focus on fostering a culture where employees feel comfortable reporting incidents. And, of course, sign up for the RNSM game.” Jochem says, “It is no longer a question of whether you will face a cyberattack, such as ransomware, but rather when it will happen!”
Would you like to know more about the serious game?
The RNSM Serious Game is developed as a Dutch-language game. Please visit the RADIO website (Dutch) to learn more about the game. Or use the contact form on CIP’s website (Dutch).
