Last updated on
October was once again cybermonth at our FPS. With an awareness campaign, we are getting our employees on board when it comes to working 'cyber-safe'. And did you know that compared to our European colleagues, our FPS is among the strongest in terms of cyber security?
Digitisation has undeniably brought us a wide range of benefits. We can cite global connectivity, rapid information flows and automation. Thanks to digitisation, the government can provide better, user-friendly services to its citizens.
But this far-reaching connectivity also has an Achilles' heel. Individuals and organisations with not exactly benign intentions are constantly looking to break into the digital networks through one or other weak link.
The FPS Foreign Affairs is what you might call a beleaguered bride. Indeed, our FPS is no anodyne hobby club, we are an organisation with a lot of interesting information that cybercriminals or spies would love to get their hands on.
For example, there are parties who would stand to gain from finding out exactly what our plans are regarding the war in Ukraine or the conflict between Hamas and Israel. What is more, our FPS has reams of personal, privacy-sensitive material in its databases. For Belgians, this is primarily the data from their eID or passport; for non-Belgians, it is the visas we issue that allow people to come to our country.
In recent years, our FPS has made great strides in the area of cybersecurity. Among other things, a large-scale Modern Workplace project (MWP) has been rolled out. In this regard, all employees were given modern, mobile and secure laptops, with a comprehensive suite of office software. Furthermore, in the run-up to the MWP, we developed completely new infrastructure, including a gradual migration to the cloud.
It was a herculean task! No fewer than 3,160 employees and 114 posts (embassies and consulates) migrated. The fact that we work via our posts around the world made the challenge to achieve a robust, cyber-secure network all the more tricky. Nevertheless, we pulled it off, and moved from the rear to the front of the pack in terms of cyber security, compared to our European counterparts.
Employees the last firewall
But being alert to cybersecurity is a never-ending task. Cybercriminals are always looking for weak links. But above all: even though we have super-efficient tools that throw up robust defences against intruders, our employees are the final, absolutely crucial firewall.
Every day, around 3,000 employees log on to our network all over the world. Moreover, remote working has become the new normal. Our colleagues often work from home, or sometimes even on the train or in another public place. That all entails additional risks.
That's why thorough training and awareness on the part of our colleagues is essential. Every colleague, at whatever level, who has access to our network is a potential weak link. Everyone therefore needs to remain alert, so they don't open up a breach in the firewall that cybercriminals can exploit.
For several years now, the EU has organised the European Cybersecurity Month, or Cybermonth, in October: the perfect opportunity to promote cybersecurity among citizens and organisations. Last year, our FPS decided to get involved. Our ICT directorate subsequently organised several seminars for colleagues, including on how to secure your smartphone, cyber espionage and phishing.
This year, the ICT directorate focused on training on secure password management. Indeed, this is crucial in preventing intrusions from external actors. Besides sufficiently complex passwords that are regularly changed, it is also important to set a different password for each tool. To remember them all, our employees can now take advantage of an app that makes it straightforward to manage all the different passwords.
A seminar on artificial intelligence (AI) was also organised. There are a lot of half-truths circulating about AI. The aim of the seminar was to clearly separate fact from fiction. AI clearly offers benefits - unshackling data - but it is crucial to be mindful of the risks.
Continually raising awareness
Cybermonth is therefore an ideal opportunity for additional awareness-raising, but in fact we continually endeavour to make sure our colleagues stay alert. For example, for months now we've been sending out deliberate phishing emails, that everyone is supposed to report. After they report the email, there is a brief training about that specific phishing email, or other facets of cybersecurity. This approach seems to be working. Our staff is getting more adept at spotting phishing emails.
Furthermore, our revamped intranet features easy-to-read information about the various crucial considerations for working cyber-safely. Besides password management and phishing, there is the correct labelling of information according to the security level, how to exchange data securely, and what to watch out for when working from home or in a public place.
21 cyber incidents
All these efforts account for the fact that only 21 major cyber incidents occurred at our FPS in 2022. In 16 of these, the attackers specifically targeted our FPS's IT system, so more than once a month. All incidents were dealt with and/or neutralised to the best of our ability.
Obviously, keeping an eye on cybersecurity is a continuous task. A key aspect in this regard is continually raising awareness among our employees. With cybermonth, we are already taking another step in the right direction.