With support from the SIDN Fund, Connect2Trust and NBIP are launching a project to significantly simplify the collection of technical data needed to receive tailored threat information. The project, called Connect2Data, is intended for organizations that wish to receive threat information from the NCSC or through intermediaries such as Connect2Trust and NBIP. By automating the collection of the necessary technical data, registrations become more up-to-date and simpler, enabling the delivery of much more relevant threat information.
Vulnerabilities in hardware and software can give cybercriminals access to an organization’s network and information systems. Fortunately, organizations like the Dutch Institute for Vulnerability Disclosure (DIVD) scour the internet for organizations with vulnerabilities in their networks, ensuring they are notified as quickly as possible through organizations like the NCSC, Connect2Trust, NBIP, and, until the end of 2025, the Digital Trust Center.
Connect2data helps to collect the right data quickly
To send these alerts, organizations must also provide technical data such as IP addresses and domain names. Collecting and keeping this data up-to-date proves to be a significant challenge in practice. In many organizations, this data is fragmented across parent and subsidiary organizations, departments, or suppliers both within and outside the Netherlands, and it also changes frequently due to reorganizations and domain name acquisitions.
Incorrect registrations lead to an organization receiving a false warning or, conversely, the victim being unable to be reached. This creates significant additional work and delays, allowing cybercriminals to strike. Connect2Trust, NBIP, and the SIDN Fund are therefore launching the Connect2Data project to help organizations collect this data more easily, independently, and automatically from their own systems using open-source tools.
Target audience
More than 3,000 organizations are already receiving reports of vulnerabilities and abuse from Connect2Trust and NBIP, several of which will participate in the project. Together, they are investigating which tools are needed to collect the data and how it can be securely shared and maintained through the open-source community. This way, each organization maintains control over the data collection process without the intervention of a third party. Organizations that fall under the NIS-2 Directive through the Cbw can more easily comply with their legal registration obligations. ISACs (Information Sharing and Analysis Centers) and partnerships can also assist their participants by connecting with intermediary organizations such as Connect2Trust or NBIP.
Collecting and maintaining this data is not the responsibility of the NCSC, Connect2Trust, or NBIP. However, these organizations are collaborating on this project to support the implementation of the Cbw and the Cyber Resilience Network, as recently announced in the government’s approach to economic security. Organizations that fall under NIS2/Cbw and/or wish to actively participate in the Cyber Resilience Network can use the tools developed in this project to provide technical data to designated parties in a more automated manner, with accuracy checks where possible. This increases their cyber resilience and ensures compliance with laws and regulations.
By supporting this collaborative initiative, the SIDN Fund contributes to an open, free, and reliable internet with Connect2Trust and NBIP. Any organization, partnership, or ISAC interested in learning more about this project can contact us at info@connect2trust.nl or bureau@nbip.nl.
