Security Operations Center - Dutch Tax and Customs Administration
In accordance with RFC 2350 you will find more information about the Security Operations Center - Dutch Tax and Customs Administration (BD-SOC), its channels of communication, and its roles and responsibilities.
Version 1.0 – 31 January 2024
General information about the BD-SOC can be found at belastingdienst.nl/security.
Contact details
Visiting address
Laan van Westenenk 490-492
7334 DS Apeldoorn
The Netherlands
Postal Address
Postbus 9050
7300 GM Apeldoorn
The Netherlands
Email address
In any case use BD-SOC email address: soc@belastingdienst.nl
Information about reaching out to the BD-SOC can also be found at Data leak, vulnerability, or abuse of our computer systems? Please report it.
Our regular response hours (local time) are everyday of the week from 08:00 – 17:00h. In addition to regular opening hours, the BD-SOC also has a standby construction, which achieves 24/7 accessibility. The standby is automatically activated for high priority incidents. Outside office hours, the BD-SOC can also be reached on the aforementioned email address for high-priority security incidents (Priority 1 (PRIO 1)). Within the standby, it is ensured that sufficient representation of the various disciplines is present in the BD-SOC.
Time Zone
UTC+0100 in winter and UTC+0200 in summer (DST). Daylight savings time is according to EC rules, central European time.
Public keys and encryption information
The BD-SOC uses PGP for encryption and signing. The PGP key can be found on the PGP‑keyserver.
Team members
A full list of the BD-SOC team members is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.
Other information
General information about the BD-SOC can be found at belastingdienst.nl/security.
Charter
Mission Statement
The mission of the BD-SOC is as follows:
Contribute to increasing the cyber resilience of the Dutch Tax, Benefits and Customs Administration and adjacent services through high-quality prevention, detection and response.
Constituents
BD-SOC's constituency consists of all citizens and businesses in the Kingdom of the Netherlands. Also, the constituency includes all government organizations. All can report security incidents related to the infrastructure, applications of the Dutch Tax and Customs Administration to the BD-SOC. These can be vulnerabilities, but also threats and phishing reports.
Sponsorship and/or Affiliation
The IT department of the Dutch Tax and Customs Administration will fund the work of the BD-SOC and will fund the technical provisions needed in order to gain and maintain maximum reachability
Authority
The authority of the BD-SOC is restricted to advising and assisting its constituents by monitoring and coordinating the response to cyber-related incidents.
Policies
Types of Incidents and Level of Support
The SOC-BD handles various types of security incidents. The level of support is best effort and depends on the type of the incident and the severity as determined by the SOC-BD team members.
Co-operation, Interaction and Disclosure of Information
All incoming information is handled confidentially by the BD-SC team members, regardless of its priority. Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. The BD-SOC will use the information you provide to help solve security incidents. Information will only be distributed further to other teams and members on a need-to-know base, and preferably in an anonymized fashion. The BD-SOC understands the Traffic Light Protocol (TLP) for sharing sensitive information.
Communication and Authentication
The preferred method of communication is via e-mail. When the content is sensitive enough or
requires authentication, the BD-SOC PGP key is used for signing e-mail messages. All sensitive
communication to the BD-SOC should be encrypted with the team’s PGP key. The current PGP key can be found on the PGP key servers or on belastingdienst.nl/security. Please use the PGP key belonging to the email address soc@belastingdienst.nl.
Services
Incident Response
Incident response is available 7x24 for PRIO1 security incidents. For non PRIO1 security incident, incident response is available during business hours.
Incident Triage
- Assessing whether indeed an incident occurred.
- Determining the extent of the incident.
Incident Coordination
- Determining the initial cause of the incident (vulnerability exploited).
- Facilitating contact with other sites which may be involved.
- Facilitating contacts with the affected constituent and/or appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
Proactive Activities
The BD-SOC only grants capacity pro-active activities for its internal constituency. Only exceptionally is capacity released for pro-active activities for the rest of the constituency. This may be, for example, when there is a social interest.
Incident Reporting Forms
There are no special forms required to report an incident.
Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, the BD-SOC assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
Changes to this webpage are not distributed by a mailing list. Please address any specific questions or remarks to the BD-SOC email address: soc@belastingdienst.nl.