Client cases
National Cyber Security Center (NCSC)
National Cyber Security Center (NCSC)

NCSC & ML6 - Strategic AI Partnership for National Cyber Security

Impact

  • Guided the NCSC with AI use case prioritization and evaluation.
  • Enhanced the NCSC's operational efficiency through the implementation of various secure AI solutions.
  • Developed secure, reusable components allowing to reduce implementation costs of new AI assistants with 85%.
  • Facilitated faster handling of vulnerability information and writing advisory reports 3 times faster leveraging LLMs. More cyber security advisories with richer vulnerability information are written compared to before and CTI analysts gain time for complex advisory research. The summarizer allows NCSC customers to find relevant advisories more easily.
  • Supported NCSC staff in answering questions about NIS2 legislation from external organisations, aiming to reduce response time by 70%.
  • Enabled ENSOC (European consortium of SOCs) staff to quickly find answers to questions about rules and procedures within the consortium leveraging a multilingual AI agent.
  • Ensured compliance with the EU AI Act and implemented AI governance within the NCSC by establishing clear processes, responsibilities and policies.
  • Integrated an AI risk assessment methodology in the existing NCSC risk management framework.
  • Published three AI algorithms and applications in the Dutch national algorithm register for increased transparency to the public. 
  • Strengthened AI literacy and skills within the NCSC through co-creation and education.

Intro to the customer

The NCSC is facing several key challenges in its mission to provide a digitally secure Netherlands, improve cyber resilience and provide adequate cyber incident response. 

  • Scalability: The increasing scope of NIS2 and other European regulations, such as the Netcode for Cyber Security (NCCS), led to a significant rise in the number of organisations seeking guidance, putting pressure on existing resources and setting stricter security standards and reporting requirements for incidents. The NCSC aims to provide more services to its stakeholders and maintain high-quality advice with potentially limited resources.
  • Organizational change: by integrating the Digital Trust Center (DTC) and the Cyber Security Incident Response Team (CSIRT-DSP) in the NCSC, the Dutch government is creating one central cyber security organization aiming to deploy her cyber security capacity more efficiently and effectively. As a result the scope of statutory duty of the NCSC increases significantly. 
  • Intensification of cyber attacks: State and criminal actors are intensifying cyber attacks and broadening their capabilities, leveraging more sophisticated techniques and a wider toolbox, which increases the work pressure on the NCSC. European cross-border collaboration and exchange of cyber threat intelligence is required to provide swift and adequate response to security threats and increase cyber resilience in the EU region.
  • Journey to digital sovereignty: Digital sovereignty should be weighed when using cloud facilities, including AI. This should include ensuring up-skilling for becoming self-reliant and in control and providing exit strategies for continuity. It raises questions on how the dependency on hyperscalers can be reduced.

Challenge

The NCSC is facing several key challenges in its mission to provide a digitally secure Netherlands, improve cyber resilience and provide adequate cyber incident response. 

  • Scalability: The increasing scope of NIS2 and other European regulations, such as the Netcode for Cyber Security (NCCS), led to a significant rise in the number of organisations seeking guidance, putting pressure on existing resources and setting stricter security standards and reporting requirements for incidents. The NCSC aims to provide more services to its stakeholders and maintain high-quality advice with potentially limited resources.
  • Organizational change: by integrating the Digital Trust Center (DTC) and the Cyber Security Incident Response Team (CSIRT-DSP) in the NCSC, the Dutch government is creating one central cyber security organization aiming to deploy her cyber security capacity more efficiently and effectively. As a result the scope of statutory duty of the NCSC increases significantly. 
  • Intensification of cyber attacks: State and criminal actors are intensifying cyber attacks and broadening their capabilities, leveraging more sophisticated techniques and a wider toolbox, which increases the work pressure on the NCSC. European cross-border collaboration and exchange of cyber threat intelligence is required to provide swift and adequate response to security threats and increase cyber resilience in the EU region.
  • Journey to digital sovereignty: Digital sovereignty should be weighed when using cloud facilities, including AI. This should include ensuring up-skilling for becoming self-reliant and in control and providing exit strategies for continuity. It raises questions on how the dependency on hyperscalers can be reduced.

I’ve rarely worked with an external vendor where the collaboration went so smoothly and who actually managed to get things done and deliver impactful results. Especially in a challenging context and time where the NCSC is going through an organizational transformation, it was a real pleasure having a party like ML6 guiding us with how AI can be leveraged in a secure, compliant and trustworthy way and enhance our operations to provide better service to our stakeholders.

by

Daphne Kok-Huininga

Solution

The NCSC recognised AI as a transformative force with the potential to enhance their ability to protect the Netherlands in the digital domain. ML6 partnered with the NCSC in a comprehensive AI program, providing both AI advisory services and support in the implementation of specific AI solutions.

These solutions are aimed at increasing the productivity of the NCSC teams and employees by smart task automation and efficient information retrieval leveraging innovative AI technology. ML6 collaborated with NCSC on the development and deployment of several AI solutions, such as:

  • A system to collect and process information about common vulnerabilities and exposures (CVEs) from various sources to generate advisories for NCSC's public platforms. This aims to make the process of handling vulnerability information faster and more efficient. A human-in-the-loop is validating the output and checks whether information is correct.
  • An internal virtual assistant designed to support NCSC staff in answering specific questions about NIS2 legislation from external organisations. This helps to maintain the quality of service in the face of an increased number of inquiries.
  • A virtual assistant that helps ENSOC staff quickly find answers to questions about rules, procedures, agreements and meeting notes within the ENSOC consortium and present this information clearly. This tool aims to save time for ENSOC staff and support the onboarding of new consortium members.

In that process, ML6 focused on the implementation of a secure and scalable architecture, fully compliant with the NCSC’s strict security policies. For scalability and future-proofness, some reusable components or building blocks were developed. Organizational self-reliance and solution ownership was promoted by further developing capabilities of the NCSC’s own staff through AI training and upskilling.

Reliability, trustworthy AI and legal compliance with European and national regulations was embedded into the organization and technology by setting up an AI governance framework to structure responsibilities and identify and manage legal, ethical and security risks.This involved establishing processes for AI risk analysis, AI Board oversight, and the implementation of mitigation measures.

Supporting the NCSC in their journey to responsibly and securely integrate AI in their operations has been a privilege. We are particularly proud to have contributed to the foundational elements of their AI governance framework and to have developed multiple AI applications that directly enhance the NCSC’s operational capabilities and contribute to a more secure digital environment for the Netherlands.

by

Bruno Borghmans (ML6)

Results

The partnership between ML6 and the NCSC on AI initiatives has yielded several key outcomes, building a strong foundation for future advancements:

  • Enhanced Operational Efficiency: AI initiatives are contributing to increased operational efficiency, such as the application designed to accelerate the collection and processing of cybersecurity vulnerability information. This allows the NCSC to generate summaries and reports for public platforms 3 times more rapidly. Furthermore, the development of internal AI chatbots is aimed at improving the speed and efficiency with which NCSC staff can access critical information regarding regulations, procedures, and NIS2 legislation. One internal chatbot, in particular, is intended to support NCSC staff in responding to the anticipated increase in queries related to NIS2, thereby safeguarding the quality of service.
  • Improved Quality of Service: By providing NCSC employees with quicker access to information, tools like the internal chatbot and ENSOC virtual assistant directly contribute to an improved quality of service, both internally and externally. Being able to process vulnerability data faster also enhances the timeliness and relevance of information shared with the public, contributing to a more digitally secure Netherlands.
  • Strengthened AI Governance and Compliance: Significant progress has been made in establishing AI Governance within the NCSC, including the definition of a tailored AI Governance framework. The implementation of the Three Lines of Defence model is structuring responsibilities for AI risk management. The development and initial roll-out of AI training programs are increasing AI literacy across the NCSC. These efforts collectively ensure a more responsible and compliant approach to AI adoption, aligning with ethical considerations, security requirements, and legal frameworks such as the EU AI Act.
  • Development of Scalable and Reusable Components: Initiatives focused on developing scalable and reusable AI components aimed at creating efficiencies and accelerate the deployment of future AI applications within the NCSC.

Advancement in AI Literacy: Targeted training programs have been developed and are being implemented to raise the overall AI literacy within the NCSC at various levels, including introductory trainings on AI, generative AI, trustworthy AI, AI adoption, and AI governance.


The Collaboration


ML6 partnered with the NCSC to provide AI expertise and support across a range of AI initiatives, focusing on both strategic advisory and practical implementation. The collaboration involved close engagement with various NCSC teams to understand their specific needs and challenges in leveraging AI. This collaborative approach ensured that AI solutions were developed and implemented in alignment with the NCSC's mission of creating a digitally secure Netherlands.

The partnership encompassed a range of activities, including initial exploratory discussions to understand requirements, the co-development of AI governance frameworks and processes, and the development of specific AI applications. ML6 also played a role in facilitating AI risk assessments and defining mitigation strategies, working in tandem with NCSC product owners and the CIO office. The emphasis throughout the collaboration was on building internal capabilities within the NCSC, with ML6 providing guidance and support to enable the NCSC to independently manage and evolve its AI initiatives.