Describing himself as a “career soldier and construction engineer” Koen Gijsbers (right) brings a wide range of experience from a stellar career to his role as Board Director of CyNation.
His military career meant that he saw action in Afghanistan, Iraq and Kosovo, commanding the Netherlands’ 11th Air Assault Brigade as a one-star general.
He then went into Command and Control and more IT support, initially in the US with NATO. He was responsible for the conceptual development of Command and Control concepts.
As he explains, “essentially, we developed net-centric warfare, which connected devices such as satellites and other centres. This was 10 years before business came up with the Internet of Things (IoT). The concept is to share information, but that information should not be shared along the lines of business.
“This was put into practice in Afghanistan through the Afghan Mission Network. It was the first time that all troops from the different forces could share the same network. This was a digital transformation of the military – it started in the 90s.
“I was responsible for all of the IT in the Netherlands. From there I was given the opportunity to become the first General Manager of the NATO Communications and Information Agency. That involved all of the IT for NATO. I attained the rank of two-star general. I remained there until 2017, when I started my own company.”
Advice for clients
Given his background, what advice does he offer to clients who may be under attack – or anticipating a possible breach?
“Obviously it’s vital to be prepared before a cyber crisis hits you,’ he says. “It’s necessary to apply proper risk management and to go to simulations to help do this. And this ties in closely with what CyNation does.
“In my trainings the first thing I ask is ‘are you a digital company?’ Nobody says ‘yes’! But I then ask what happens if – for example – their computer didn’t work in the morning. Could they accept orders? They then realise that, yes, they are a digital company and they are highly dependent on their IT systems.
“In those trainings I also use an evaluation of the big hacks that happen to companies. One that I often cite concerned Maersk, the Danish shipping company. The NotPetya virus was not aimed at Maersk: it came from Russia and was aimed at the Ukraine’s critical infrastructure.
“The Russians took over the data centre of the software company that built accountancy software. This software was in mandatory use by Ukrainian companies for tax evaluations. Maersk’s Ukrainian subsidiary had just one computer that used this particular software. There was a back door to that software in the company’s datacentre. Through that back door NotPetya was launched. It encrypted all of Maersk’s data, then threw away the key.
“It entered Maersk’s system, encrypting it around the world. The company could no longer process orders, its telephony stopped working, its accounting systems stopped working, so did their email. In addition, they could no longer locate the goods that they were shipping.
“Worldwide, 17 harbours were closed including Rotterdam, New York, Los Angeles, India. Cargo trucks couldn’t access the facilities. After eight days some systems were running again, but it was a disaster.
“Where CyNation comes in is we can help companies to understand the risk. In this case the attack wasn’t on Maersk, it was on the software company and the software entered Maersk’s systems without any controls. CyNation looks mainly at supply chain, but to build IT infrastructures that are resilient is vital.”