The national government is strongly advised to eliminate Citrix. This is the new recommendation of the National Cyber Security Center (NCSC) of the Ministry of Justice and Security, partly based on advice from the intelligence service AIVD.
Vital organizations, such as the energy supply, the telecom and financial sectors, are also advised to deport Citrix, which is used, among other things, to make working from home possible.
“You can see Citrix as the gatekeeper standing between the public internet and the secure, internal company network,” explains researcher Frank Breedijk of the Dutch Security Reporting Point. “If the gatekeeper has a vulnerability, it’s child’s play to take over a device on that network.”
Earlier last night, NCSC advised ‘considering’ to shut down the Citrix servers due to a leak that was discovered last month. Schiphol, the House of Representatives and various educational institutions and municipalities had already eliminated the system.
The abrupt elimination of Citrix can have major consequences for the performance of important tasks of the organizations involved, warns the NCSC. The organizations will have to assess for themselves whether Citrix can continue to operate with additional safety measures.
The ‘Chief Information Officer’ of the government will, in consultation with the organizations within the government, assess which systems are switched off or can be maintained with additional security.
In December it appeared that there was a security breach in Citrix. Hackers could use that to enter and infect corporate networks. Person-sensitive information could also end up on the street.
The NCSC says it is following the situation closely and will continue to update the recommendations. The serious vulnerability in the system is a reason for the center to speak of a warning in the highest class.
Leah Kunze just graduated MBA and is proud of it. She is interested in automotive industry and innovations. She well be glad to receive a mail to leah.kunze@economicinform.com
