{"id":86831,"date":"2026-02-26T04:48:09","date_gmt":"2026-02-26T04:48:09","guid":{"rendered":"https:\/\/hanstimmerman.me\/?p=86831"},"modified":"2026-02-26T19:31:13","modified_gmt":"2026-02-26T19:31:13","slug":"onverwacht-onverzekerd","status":"publish","type":"post","link":"https:\/\/hanstimmerman.me\/nl_nl\/onverwacht-onverzekerd\/","title":{"rendered":"Onverwacht onverzekerd"},"content":{"rendered":"<article class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" tabindex=\"-1\" data-turn-id=\"request-WEB:09c9ef91-ae69-4fce-a787-79fba621b5a7-3\" data-testid=\"conversation-turn-6\" data-scroll-anchor=\"false\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto [--thread-content-margin:--spacing(4)] @w-sm\/main:[--thread-content-margin:--spacing(6)] @w-lg\/main:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"7f77ada0-460c-424d-ac09-c16bf02900c5\" data-message-model-slug=\"gpt-5-2\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[1px]\">\n<div class=\"markdown prose dark:prose-invert w-full wrap-break-word dark markdown-new-styling\">\n<p style=\"text-align: right;\" data-start=\"0\" data-end=\"25\"><span style=\"color: #000000;\"><em>English version: scroll down<\/em><\/span><\/p>\n<p data-start=\"27\" data-end=\"518\"><span style=\"color: #000000;\">Er heeft vannacht een onverwacht incident in het datacenter plaatsgevonden en wellicht is er sprake van een ernstige cyberaanval. De noodprocedures zijn in gang gezet en als bestuurder vertrouw je op je technische en security mensen om dit incident te begeleiden en op te lossen. Je hebt een noodvergadering met je medebestuursleden en laat je informeren wat er gebeurt en gebeurd is. En je meldt volgens afspraak je cyberverzekeraar dat er een incident gaande is met nog onbekende gevolgen.<\/span><\/p>\n<p data-start=\"520\" data-end=\"725\"><span style=\"color: #000000;\">De eerste uren zijn chaotisch, maar beheersbaar. De crisisorganisatie draait. Externe specialisten worden ingevlogen. Juristen kijken mee. Communicatie bereidt statements voor. Alles volgens het draaiboek. <\/span><span style=\"color: #000000;\">Totdat in de dagen daarna blijkt dat veel data is \u2018gegijzeld\u2019 en dat ook je logging- en monitoringdata ontoegankelijk is geworden. Geen SIEM-logs. Geen forensische sporen. Geen audittrail. Alsof niet alleen je bedrijfsvoering is geraakt, maar ook je geheugen is gewist.<\/span><\/p>\n<p data-start=\"998\" data-end=\"1276\"><span style=\"color: #000000;\">Geen data meer om forensisch te kunnen onderzoeken wat er precies voor en tijdens de aanval gebeurde. Hoe kwamen ze binnen? Waren ze al lange tijd binnen? Is er lateraal bewogen? Was er sprake van privilege escalation? En misschien nog belangrijker: had je signalen kunnen zien? <\/span><span style=\"color: #000000;\">En dan komt de tweede klap.<\/span><\/p>\n<p data-start=\"1307\" data-end=\"1631\"><span style=\"color: #000000;\">De verzekeraar vraagt om bewijs. Bewijs dat je v\u00f3\u00f3r de aanval je zaken op orde had. Dat je compliant was met de afgesproken normen. Dat je patchbeleid op orde was. Dat multi-factor authenticatie daadwerkelijk was afgedwongen. Dat kwetsbaarheden tijdig waren opgelost. Dat je monitoring actief was en alerts werden opgevolgd.<\/span><\/p>\n<p data-start=\"1633\" data-end=\"1663\"><span style=\"color: #000000;\">En dat bewijs . . . \u00a0zat in de logs.<\/span><\/p>\n<h3 data-start=\"1670\" data-end=\"1724\"><span style=\"color: #000000;\">De aanval op je data is ook een aanval op je bewijs<\/span><\/h3>\n<p data-start=\"1726\" data-end=\"2034\"><span style=\"color: #000000;\">Dit scenario is niet theoretisch. Het is al meerdere malen gebeurd. Ransomwaregroepen weten inmiddels dat back-ups, loggingservers en monitoringplatforms strategische doelwitten zijn. Wie het geheugen wist, ontneemt het slachtoffer niet alleen herstelmogelijkheden, maar ook juridische en financi\u00eble armslag.<\/span><\/p>\n<p data-start=\"2036\" data-end=\"2369\"><span style=\"color: #000000;\">Bij de aanval op <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Maersk<\/span><\/span> in 2017, onderdeel van de wereldwijde NotPetya-uitbraak, werd de complete IT-infrastructuur ontwricht. Duizenden servers en werkstations moesten opnieuw worden opgebouwd. Directorystructuren en configuraties gingen verloren. De schade liep in de honderden miljoenen dollars. <\/span><span style=\"color: #000000;\">Ook <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Merck &amp; Co.<\/span><\/span> werd door NotPetya getroffen. Wat volgde was een juridische strijd met verzekeraars over de vraag of de aanval onder een \u2018oorlogsclausule\u2019 viel. Uiteindelijk kreeg Merck gelijk, maar het debat draaide om aantoonbaarheid en polisinterpretatie. <\/span><span style=\"color: #000000;\">En bij <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Colonial Pipeline<\/span><\/span> zagen we hoe een ransomware-aanval niet alleen operationele impact had, maar ook politieke en juridische druk veroorzaakte. Incident response, aansprakelijkheid en verzekering kwamen samen in een publiek debat.<\/span><\/p>\n<p data-start=\"2922\" data-end=\"3043\"><span style=\"color: #000000;\">Wat zelden wordt besproken, is de stille onderhandeling achter de schermen: kun je aantonen dat je vooraf in control was?<\/span><\/p>\n<h3 data-start=\"3050\" data-end=\"3082\"><span style=\"color: #000000;\">De parallel met de luchtvaart<\/span><\/h3>\n<p data-start=\"3084\" data-end=\"3332\"><span style=\"color: #000000;\">Na de Tweede Wereldoorlog groeide de commerci\u00eble luchtvaart explosief. Maar bij veel crashes kon achteraf niet worden vastgesteld wat de oorzaak was. Met het toestel ging ook de informatie verloren over wat er v\u00f3\u00f3r en tijdens het incident gebeurde.<\/span><\/p>\n<p data-start=\"3334\" data-end=\"3694\"><span style=\"color: #000000;\">De introductie van de flight recorder \u2013 de zwarte doos \u2013 veranderde dat fundamenteel. Uiteindelijk werd deze verplicht in commerci\u00eble vliegtuigen. Niet alleen om van incidenten te leren, maar ook als randvoorwaarde voor certificering en verzekerbaarheid. Zonder aantoonbare registratie geen luchtwaardigheidscertificaat. En zonder certificaat geen verzekering. <\/span><span style=\"color: #000000;\">Internationale standaarden, onder regie van onder meer de <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">I<\/span><\/span><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">nternational Civil Aviation Organization<\/span><\/span>, zorgden ervoor dat incidentdata werd gedeeld en geanalyseerd.<\/span><\/p>\n<p data-start=\"3860\" data-end=\"3961\"><span style=\"color: #000000;\">Geen data, geen analyse. <\/span><span style=\"color: #000000;\">Geen analyse, geen verbetering.<\/span> <span style=\"color: #000000;\">Geen verbetering, geen verzekerbaarheid.<\/span><\/p>\n<h3 data-start=\"3968\" data-end=\"4013\"><span style=\"color: #000000;\">Waar is de zwarte doos van het datacenter?<\/span><\/h3>\n<p data-start=\"4015\" data-end=\"4247\"><span style=\"color: #000000;\">In de digitale wereld zijn logging- en monitoringdata onze flight recorders. Maar ze zijn zelden crashbestendig ontworpen. Ze draaien in hetzelfde netwerk, onder hetzelfde identity-domein, soms zelfs met dezelfde beheerdersaccounts.<\/span><\/p>\n<p data-start=\"4249\" data-end=\"4461\"><span style=\"color: #000000;\">Moderne aanvallers begrijpen dat perfect. Ze verwijderen back-ups. Ze wissen logs. Ze schakelen beveiligingsagents uit. Ze bereiden hun aanval voor met het doel niet alleen te versleutelen, maar ook te ontkennen. <\/span><span style=\"color: #000000;\">Niet alleen om herstel te bemoeilijken, maar om bewijs uit te wissen. <\/span><span style=\"color: #000000;\">Wie niet kan aantonen wat er gebeurde, kan ook moeilijk aantonen dat hij compliant was.<\/span><\/p>\n<h3 data-start=\"4628\" data-end=\"4671\"><span style=\"color: #000000;\">Overleeft je logging de aanval?\u00a0<\/span><\/h3>\n<p data-start=\"4673\" data-end=\"4768\"><span style=\"color: #000000;\">Daarom moet de vraag niet zijn \u00f3f je logging hebt. De vraag is: overleeft je logging de aanval. <\/span><span style=\"color: #000000;\">Een oplossing die hier expliciet op inspeelt is de ICT Blackbox van <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">DigiCorp Labs<\/span><\/span>. <\/span><span style=\"color: #000000;\">De kern daarvan is het onuitwisbaar vastleggen van bewijs dat je compliant was \u2013 v\u00f3\u00f3r en tijdens een incident.<\/span><\/p>\n<p data-start=\"4994\" data-end=\"5252\"><span style=\"color: #000000;\">Met behulp van het gepatenteerde NFD-principe (Non-Fungible Data Entry) worden logging-acties cryptografisch verankerd op een blockchain. Niet als kopie van je volledige logbestand, maar als unieke, onveranderbare vingerafdruk van elke relevante gebeurtenis. <\/span><span style=\"color: #000000;\">Wat wordt vastgelegd?<\/span><\/p>\n<ul data-start=\"5277\" data-end=\"5576\">\n<li data-start=\"5277\" data-end=\"5323\">\n<p data-start=\"5279\" data-end=\"5323\"><span style=\"color: #000000;\">De hash van de logging- of monitoringactie<\/span><\/p>\n<\/li>\n<li data-start=\"5324\" data-end=\"5414\">\n<p data-start=\"5326\" data-end=\"5414\"><span style=\"color: #000000;\">De verwijzing naar waar de volledige data extern is opgeslagen (uitwijk of co-locatie)<\/span><\/p>\n<\/li>\n<li data-start=\"5415\" data-end=\"5473\">\n<p data-start=\"5417\" data-end=\"5473\"><span style=\"color: #000000;\">Wie op dat moment verantwoordelijk was voor het proces<\/span><\/p>\n<\/li>\n<li data-start=\"5474\" data-end=\"5544\">\n<p data-start=\"5476\" data-end=\"5544\"><span style=\"color: #000000;\">Welke governance-structuur en welk beleid op dat moment geldig was<\/span><\/p>\n<\/li>\n<li data-start=\"5545\" data-end=\"5576\">\n<p data-start=\"5547\" data-end=\"5576\"><span style=\"color: #000000;\">Onafhankelijke tijdstempels<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5578\" data-end=\"5670\"><span style=\"color: #000000;\">Daarmee ontstaat een audittrail die niet kan worden gemanipuleerd zonder sporen na te laten. <\/span><span style=\"color: #000000;\">En dit is geen theorie meer. <\/span><span style=\"color: #000000;\">Afgelopen jaar zijn meerdere ICT Blackbox-oplossingen in productie genomen bij overheidsorganisaties. De belangstelling in de markt blijkt groot te zijn. Niet alleen vanuit security-perspectief, maar ook en vooral vanuit juridisch en verzekeringstechnisch oogpunt.<\/span><\/p>\n<p data-start=\"5964\" data-end=\"6355\"><span style=\"color: #000000;\">De oplossing is ontwikkeld op het Japanse data-platform van <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Hitachi Vantara<\/span><\/span>. Daarmee bestaat er geen directe afhankelijkheid van Amerikaanse cloudproviders en geen potenti\u00eble be\u00efnvloeding door wetgeving zoals de Amerikaanse Data Act of de Patriot Act. Voor veel Europese organisaties is digitale soevereiniteit inmiddels net zo belangrijk als technische veiligheid.<\/span><\/p>\n<p data-start=\"6357\" data-end=\"6693\"><span style=\"color: #000000;\">Het betreft een volledig gecertificeerde fysieke oplossing die lokaal bij een colocator kan worden geplaatst. Desgewenst kan spreiding plaatsvinden over meerdere locaties in Europa. Decentralisatie en geografische spreiding vergroten immers de zekerheid dat logging- en monitordata behouden blijven, zelfs bij een grootschalig incident.<\/span><\/p>\n<p data-start=\"6695\" data-end=\"6743\"><span style=\"color: #000000;\">Spreiding is geen luxe. Het is risicobeheersing.<\/span><\/p>\n<h3 data-start=\"6750\" data-end=\"6800\"><span style=\"color: #000000;\">Juridische houdbaarheid: leren van het verleden<\/span><\/h3>\n<p data-start=\"6802\" data-end=\"6982\"><span style=\"color: #000000;\">Certificatie is bij dit soort oplossingen vaak het langste traject. Niet omdat de techniek zo complex is, maar omdat achteraf geen twijfel mag bestaan over de echtheid van de data.\u00a0<\/span><span style=\"color: #000000;\">De vastlegging moet aantoonbaar:<\/span><\/p>\n<ul data-start=\"7018\" data-end=\"7133\">\n<li data-start=\"7018\" data-end=\"7054\">\n<p data-start=\"7020\" data-end=\"7054\"><span style=\"color: #000000;\">Niet manipuleerbaar zijn geweest<\/span><\/p>\n<\/li>\n<li data-start=\"7055\" data-end=\"7098\">\n<p data-start=\"7057\" data-end=\"7098\"><span style=\"color: #000000;\">Niet door administrators zijn aangepast<\/span><\/p>\n<\/li>\n<li data-start=\"7099\" data-end=\"7133\">\n<p data-start=\"7101\" data-end=\"7133\"><span style=\"color: #000000;\">Niet achteraf zijn herschreven<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"7135\" data-end=\"7392\"><span style=\"color: #000000;\">De financi\u00eble wereld heeft eerder geleerd wat er gebeurt wanneer data manipuleerbaar blijkt. Denk aan de Libor-affaire rond <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">ICE Benchmark Administration<\/span><\/span>, waar rentetarieven werden be\u00efnvloed door menselijke interventie en belangenverstrengeling. <\/span><span style=\"color: #000000;\">Data die juridisch doorslaggevend is, moet boven iedere twijfel verheven zijn. <\/span><span style=\"color: #000000;\">Een gecertificeerde, cryptografisch verankerde vastlegging zorgt ervoor dat auditdata de juridische toets kan doorstaan. Niet alleen technisch aantoonbaar, maar ook bestuurlijk en juridisch verdedigbaar. <\/span><span style=\"color: #000000;\">Dat is een fundamenteel verschil met traditionele logging.<\/span><\/p>\n<h3 data-start=\"7744\" data-end=\"7779\"><span style=\"color: #000000;\">Van herstel naar aantoonbaarheid<\/span><\/h3>\n<p data-start=\"7781\" data-end=\"7907\"><span style=\"color: #000000;\">Waar traditionele security zich richt op preventie en herstel, voegt een ICT Blackbox een derde dimensie toe: aantoonbaarheid. <\/span><span style=\"color: #000000;\">Forensisch: reconstructie blijft mogelijk, b<\/span><span style=\"color: #000000;\">estuurlijk: zorgplicht is aantoonbaar ingevuld, v<\/span><span style=\"color: #000000;\">erzekeringstechnisch: claimpositie is onderbouwd en tenslotte j<\/span><span style=\"color: #000000;\">uridisch: data is gecertificeerd en manipulatieresistent<\/span><\/p>\n<p data-start=\"8124\" data-end=\"8250\"><span style=\"color: #000000;\">In een tijd waarin cyberverzekeringen kritischer worden en premies stijgen, is aantoonbare beheersing geen luxe maar noodzaak. <\/span><span style=\"color: #000000;\">Misschien moeten we daarom de vraag anders stellen. <\/span><span style=\"color: #000000;\">Niet: hebben we logging?<\/span> <span style=\"color: #000000;\">Maar: overleeft onze logging de aanval?<\/span> <span style=\"color: #000000;\">En nog belangrijker: kunnen wij onafhankelijk aantonen dat die logging authentiek was?<\/span><\/p>\n<p data-start=\"8462\" data-end=\"8662\"><span style=\"color: #000000;\">De luchtvaart leerde dat veiligheid begint met registratie.<\/span> <span style=\"color: #000000;\">De financi\u00eble sector leerde dat manipulatie funest is.<\/span> <span style=\"color: #000000;\">De digitale wereld leert nu dat verzekerbaarheid begint met onweerlegbaar bewijs. <\/span><span style=\"color: #000000;\">Wie zijn digitale zwarte doos niet extern en gecertificeerd borgt, loopt het risico niet alleen zijn data te verliezen \u2013 maar ook zijn dekking.<\/span><\/p>\n<p data-start=\"8809\" data-end=\"8861\"><span style=\"color: #000000;\">En dan is de grootste schadepost niet de ransomware. <\/span><span style=\"color: #000000;\">Maar het moment waarop je ontdekt dat je onverwacht onverzekerd bent.<\/span><\/p>\n<p data-start=\"8809\" data-end=\"8861\"><span style=\"color: #000000;\">Photo by <\/span><a style=\"color: #000000;\" href=\"https:\/\/www.pexels.com\/photo\/magnifying-glass-and-a-document-10341357\/\">Vlad Deep<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/article>\n<article class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-(--header-height)\" dir=\"auto\" tabindex=\"-1\" data-turn-id=\"949c08d9-b6f9-4834-8ba4-8272ff3ad400\" data-testid=\"conversation-turn-7\" data-scroll-anchor=\"false\" data-turn=\"user\">\n<div class=\"text-base my-auto mx-auto pt-12 [--thread-content-margin:--spacing(4)] @w-sm\/main:[--thread-content-margin:--spacing(6)] @w-lg\/main:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"user\" data-message-id=\"949c08d9-b6f9-4834-8ba4-8272ff3ad400\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden items-end rtl:items-start\">\n<div class=\"user-message-bubble-color corner-superellipse\/1.1 relative rounded-[18px] px-4 py-1.5 data-[multiline]:py-3 max-w-[var(--user-chat-width,70%)]\" data-multiline=\"\">\n<div class=\"whitespace-pre-wrap\" style=\"text-align: center;\"><span style=\"color: #000000;\">&#8212;&#8212;&#8212;&#8212;&#8212;&#8211; \u00a0Translated by ChatGPT \u00a0 &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"z-0 flex justify-end\"><\/div>\n<\/div>\n<\/div>\n<\/article>\n<article class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" tabindex=\"-1\" data-turn-id=\"request-WEB:09c9ef91-ae69-4fce-a787-79fba621b5a7-4\" data-testid=\"conversation-turn-8\" data-scroll-anchor=\"true\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:--spacing(4)] @w-sm\/main:[--thread-content-margin:--spacing(6)] @w-lg\/main:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"add41e8b-278c-40ff-8409-5ed4d1b96cf0\" data-message-model-slug=\"gpt-5-2\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[1px]\">\n<div class=\"markdown prose dark:prose-invert w-full wrap-break-word dark markdown-new-styling\">\n<h1 data-start=\"0\" data-end=\"25\"><span style=\"color: #000000;\">Unexpectedly Uninsured<\/span><\/h1>\n<p data-start=\"27\" data-end=\"520\"><span style=\"color: #000000;\">Last night, an unexpected incident occurred in the data center, and there are indications of a serious cyberattack. Emergency procedures have been activated. As a board member, you rely on your technical and security teams to contain and resolve the incident. An emergency board meeting is convened. You are briefed on what is happening\u2014and what may already have happened. In accordance with policy, your cyber insurer is notified that an incident is underway, with consequences still unknown.<\/span><\/p>\n<p data-start=\"522\" data-end=\"733\"><span style=\"color: #000000;\">The first hours are chaotic, but manageable. The crisis structure is operational. External specialists are engaged. Legal counsel is involved. Communications prepares statements. Everything follows the playbook.<\/span><\/p>\n<p data-start=\"735\" data-end=\"1045\"><span style=\"color: #000000;\">Until, in the following days, it becomes clear that large volumes of data have been \u201cheld hostage\u201d\u2014and that your logging and monitoring data is inaccessible as well. No SIEM logs. No forensic traces. No audit trail. It is as if not only your operations were attacked, but your organizational memory was erased.<\/span><\/p>\n<p data-start=\"1047\" data-end=\"1255\"><span style=\"color: #000000;\">There is no data left to reconstruct what happened before and during the attack. How did they gain entry? How long were they inside? Was there lateral movement? Privilege escalation? Were there warning signs?<\/span><\/p>\n<p data-start=\"1257\" data-end=\"1288\"><span style=\"color: #000000;\">And then comes the second blow.<\/span><\/p>\n<p data-start=\"1290\" data-end=\"1634\"><span style=\"color: #000000;\">Your insurer requests evidence. Proof that, prior to the attack, you had your controls in place. That you were compliant with agreed standards. That patch management functioned. That multi-factor authentication was enforced. That vulnerabilities were addressed within required timeframes. That monitoring was active and alerts were followed up.<\/span><\/p>\n<p data-start=\"1636\" data-end=\"1671\"><span style=\"color: #000000;\">And that evidence\u2026 was in the logs.<\/span><\/p>\n<h3 data-start=\"1678\" data-end=\"1725\"><span style=\"color: #000000;\">An Attack on Data Is Also an Attack on Proof<\/span><\/h3>\n<p data-start=\"1727\" data-end=\"1785\"><span style=\"color: #000000;\">This scenario is not hypothetical. It has happened before.<\/span><\/p>\n<p data-start=\"1787\" data-end=\"2015\"><span style=\"color: #000000;\">Ransomware groups understand that backups, logging servers, and monitoring platforms are strategic targets. Erasing the memory of an organization weakens not only its ability to recover\u2014but also its legal and financial position.<\/span><\/p>\n<p data-start=\"2017\" data-end=\"2296\"><span style=\"color: #000000;\">When <strong data-start=\"2022\" data-end=\"2063\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Maersk<\/span><\/span><\/strong> was hit by the NotPetya attack in 2017, its global IT infrastructure was effectively wiped. Thousands of servers and workstations had to be rebuilt. Core directory services were lost. Damages reached hundreds of millions of dollars.<\/span><\/p>\n<p data-start=\"2298\" data-end=\"2632\"><span style=\"color: #000000;\"><strong data-start=\"2298\" data-end=\"2339\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Merck &amp; Co.<\/span><\/span><\/strong> suffered a similar fate. What followed was a legal battle over whether the attack qualified as an act of war under the insurance policy. Ultimately, the court ruled in Merck\u2019s favor\u2014but the case illustrated how central evidence and policy interpretation become when large claims are at stake.<\/span><\/p>\n<p data-start=\"2634\" data-end=\"2875\"><span style=\"color: #000000;\">In the case of <strong data-start=\"2649\" data-end=\"2690\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Colonial Pipeline<\/span><\/span><\/strong>, ransomware led to operational shutdown and geopolitical consequences. The attack demonstrated how cybersecurity incidents rapidly evolve into legal, regulatory, and insurance matters.<\/span><\/p>\n<p data-start=\"2877\" data-end=\"3003\"><span style=\"color: #000000;\">What is rarely discussed publicly is the negotiation behind closed doors: can you prove you were in control before the attack?<\/span><\/p>\n<h3 data-start=\"3010\" data-end=\"3034\"><span style=\"color: #000000;\">The Aviation Parallel<\/span><\/h3>\n<p data-start=\"3036\" data-end=\"3203\"><span style=\"color: #000000;\">After World War II, commercial aviation expanded rapidly. But in many early crashes, investigators could not determine the cause. With the aircraft, the data was lost.<\/span><\/p>\n<p data-start=\"3205\" data-end=\"3551\"><span style=\"color: #000000;\">The introduction of the flight recorder\u2014the \u201cblack box\u201d\u2014changed aviation permanently. Eventually, it became mandatory. Not only for safety improvements, but as a prerequisite for certification and insurability. Without recorded data, there could be no reconstruction. Without reconstruction, no certification. Without certification, no insurance.<\/span><\/p>\n<p data-start=\"3553\" data-end=\"3721\"><span style=\"color: #000000;\">Under frameworks coordinated by organizations such as the <strong data-start=\"3611\" data-end=\"3652\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">International Civil Aviation Organization<\/span><\/span><\/strong>, incident data became the foundation for global safety improvements.<\/span><\/p>\n<p data-start=\"3723\" data-end=\"3810\"><span style=\"color: #000000;\">No data, no analysis.<\/span><br data-start=\"3744\" data-end=\"3747\" \/><span style=\"color: #000000;\">No analysis, no improvement.<\/span><br data-start=\"3775\" data-end=\"3778\" \/><span style=\"color: #000000;\">No improvement, no insurability.<\/span><\/p>\n<h3 data-start=\"3817\" data-end=\"3857\"><span style=\"color: #000000;\">Where Is the Data Center\u2019s Black Box?<\/span><\/h3>\n<p data-start=\"3859\" data-end=\"4150\"><span style=\"color: #000000;\">In the digital world, logging and monitoring systems are our flight recorders. Yet they are rarely designed to survive the incident they are meant to document. They often run in the same domain, under the same administrative structure, sometimes even managed by the same privileged accounts.<\/span><\/p>\n<p data-start=\"4152\" data-end=\"4332\"><span style=\"color: #000000;\">Modern attackers exploit exactly that weakness. They disable security agents. Delete backups. Erase logs. They prepare their attack to eliminate not only systems\u2014but also evidence.<\/span><\/p>\n<p data-start=\"4334\" data-end=\"4396\"><span style=\"color: #000000;\">Without evidence, compliance becomes difficult to demonstrate.<\/span><\/p>\n<p data-start=\"4398\" data-end=\"4472\"><span style=\"color: #000000;\">And without demonstrable compliance, insurance coverage becomes uncertain.<\/span><\/p>\n<h3 data-start=\"4479\" data-end=\"4521\"><span style=\"color: #000000;\">The Digital Black Box: The ICT Blackbox<\/span><\/h3>\n<p data-start=\"4523\" data-end=\"4580\"><span style=\"color: #000000;\">The question, therefore, is not whether you have logging.<\/span><\/p>\n<p data-start=\"4582\" data-end=\"4644\"><span style=\"color: #000000;\">The real question is whether your logging survives the attack.<\/span><\/p>\n<p data-start=\"4646\" data-end=\"4792\"><span style=\"color: #000000;\">This is where the ICT Blackbox developed by <strong data-start=\"4690\" data-end=\"4731\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">DigiCorp Labs<\/span><\/span><\/strong> introduces a fundamentally different architectural approach.<\/span><\/p>\n<p data-start=\"4794\" data-end=\"5101\"><span style=\"color: #000000;\">At its core lies the patented NFD principle\u2014Non-Fungible Data Entry. Instead of merely storing logs, each critical logging and monitoring event is cryptographically anchored on a blockchain. Not by uploading entire datasets, but by registering unique, immutable fingerprints (hashes) of each relevant entry.<\/span><\/p>\n<p data-start=\"5103\" data-end=\"5130\"><span style=\"color: #000000;\">Each registration captures:<\/span><\/p>\n<ul data-start=\"5132\" data-end=\"5437\">\n<li data-start=\"5132\" data-end=\"5190\">\n<p data-start=\"5134\" data-end=\"5190\"><span style=\"color: #000000;\">The cryptographic hash of the log or monitoring action<\/span><\/p>\n<\/li>\n<li data-start=\"5191\" data-end=\"5278\">\n<p data-start=\"5193\" data-end=\"5278\"><span style=\"color: #000000;\">A reference to where the full dataset is externally stored (failover or colocation)<\/span><\/p>\n<\/li>\n<li data-start=\"5279\" data-end=\"5341\">\n<p data-start=\"5281\" data-end=\"5341\"><span style=\"color: #000000;\">The accountable role or individual at that specific moment<\/span><\/p>\n<\/li>\n<li data-start=\"5342\" data-end=\"5408\">\n<p data-start=\"5344\" data-end=\"5408\"><span style=\"color: #000000;\">The governance framework and policy version valid at that time<\/span><\/p>\n<\/li>\n<li data-start=\"5409\" data-end=\"5437\">\n<p data-start=\"5411\" data-end=\"5437\"><span style=\"color: #000000;\">Independent timestamping<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5439\" data-end=\"5508\"><span style=\"color: #000000;\">This creates an audit trail that cannot be altered without detection.<\/span><\/p>\n<p data-start=\"5510\" data-end=\"5590\"><span style=\"color: #000000;\">Even if the primary environment is destroyed, it remains independently provable:<\/span><\/p>\n<ul data-start=\"5592\" data-end=\"5730\">\n<li data-start=\"5592\" data-end=\"5616\">\n<p data-start=\"5594\" data-end=\"5616\"><span style=\"color: #000000;\">That the log existed<\/span><\/p>\n<\/li>\n<li data-start=\"5617\" data-end=\"5640\">\n<p data-start=\"5619\" data-end=\"5640\"><span style=\"color: #000000;\">When it was created<\/span><\/p>\n<\/li>\n<li data-start=\"5641\" data-end=\"5677\">\n<p data-start=\"5643\" data-end=\"5677\"><span style=\"color: #000000;\">Under which governance structure<\/span><\/p>\n<\/li>\n<li data-start=\"5678\" data-end=\"5730\">\n<p data-start=\"5680\" data-end=\"5730\"><span style=\"color: #000000;\">Where the complete dataset was stored externally<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5732\" data-end=\"5787\"><span style=\"color: #000000;\">This is not backup.<\/span><br data-start=\"5751\" data-end=\"5754\" \/><span style=\"color: #000000;\">This is evidentiary architecture.<\/span><\/p>\n<h3 data-start=\"5794\" data-end=\"5837\"><span style=\"color: #000000;\">Production-Ready and Sovereign by Design<\/span><\/h3>\n<p data-start=\"5839\" data-end=\"6100\"><span style=\"color: #000000;\">Over the past year, several ICT Blackbox implementations have gone live in production at large governmental organizations. Market interest has proven significant\u2014not only from security leaders, but also from compliance officers, legal departments, and insurers.<\/span><\/p>\n<p data-start=\"6102\" data-end=\"6440\"><span style=\"color: #000000;\">The solution is built on the Japanese data platform of <strong data-start=\"6157\" data-end=\"6198\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Hitachi Vantara<\/span><\/span><\/strong>, deliberately avoiding direct dependencies on U.S.-based cloud providers. For European organizations concerned about exposure to legislation such as the U.S. Data Act or Patriot Act, digital sovereignty is no longer optional\u2014it is strategic.<\/span><\/p>\n<p data-start=\"6442\" data-end=\"6750\"><span style=\"color: #000000;\">The ICT Blackbox is delivered as a fully certified physical appliance that can be deployed locally at a colocation facility. If required, it can be replicated across multiple European locations. Geographic distribution and decentralization increase resilience and assurance. Dispersion reduces systemic risk.<\/span><\/p>\n<p data-start=\"6752\" data-end=\"6809\"><span style=\"color: #000000;\">Decentralization is not a trend.<\/span><br data-start=\"6784\" data-end=\"6787\" \/><span style=\"color: #000000;\">It is risk management.<\/span><\/p>\n<h3 data-start=\"6816\" data-end=\"6867\"><span style=\"color: #000000;\">Legal Integrity: Learning from Financial History<\/span><\/h3>\n<p data-start=\"6869\" data-end=\"7044\"><span style=\"color: #000000;\">Certification is often the longest part of implementing such solutions. Not because the technology is immature\u2014but because the evidentiary value must withstand legal scrutiny.<\/span><\/p>\n<p data-start=\"7046\" data-end=\"7078\"><span style=\"color: #000000;\">Audit data must be demonstrably:<\/span><\/p>\n<ul data-start=\"7080\" data-end=\"7180\">\n<li data-start=\"7080\" data-end=\"7100\">\n<p data-start=\"7082\" data-end=\"7100\"><span style=\"color: #000000;\">Tamper-resistant<\/span><\/p>\n<\/li>\n<li data-start=\"7101\" data-end=\"7147\">\n<p data-start=\"7103\" data-end=\"7147\"><span style=\"color: #000000;\">Protected from administrative manipulation<\/span><\/p>\n<\/li>\n<li data-start=\"7148\" data-end=\"7180\">\n<p data-start=\"7150\" data-end=\"7180\"><span style=\"color: #000000;\">Immutable after registration<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"7182\" data-end=\"7455\"><span style=\"color: #000000;\">Financial history provides cautionary lessons. During the LIBOR manipulation scandal involving benchmark administrators such as <strong data-start=\"7310\" data-end=\"7351\"><span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">ICE Benchmark Administration<\/span><\/span><\/strong>, trust in recorded data proved fragile when human intervention influenced supposedly objective metrics.<\/span><\/p>\n<p data-start=\"7457\" data-end=\"7564\"><span style=\"color: #000000;\">If data determines liability, accountability, or insurance payout, its authenticity must be beyond dispute.<\/span><\/p>\n<p data-start=\"7566\" data-end=\"7708\"><span style=\"color: #000000;\">Certified, cryptographically anchored evidence ensures that audit trails can withstand judicial examination\u2014not only technically, but legally.<\/span><\/p>\n<h3 data-start=\"7715\" data-end=\"7750\"><span style=\"color: #000000;\">From Recovery to Demonstrability<\/span><\/h3>\n<p data-start=\"7752\" data-end=\"7813\"><span style=\"color: #000000;\">Traditional cybersecurity focuses on prevention and recovery.<\/span><\/p>\n<p data-start=\"7815\" data-end=\"7881\"><span style=\"color: #000000;\">A digital black box introduces a third dimension: demonstrability.<\/span><\/p>\n<ul data-start=\"7883\" data-end=\"8047\">\n<li data-start=\"7883\" data-end=\"7928\">\n<p data-start=\"7885\" data-end=\"7928\"><span style=\"color: #000000;\">Forensic: reconstruction remains possible<\/span><\/p>\n<\/li>\n<li data-start=\"7929\" data-end=\"7969\">\n<p data-start=\"7931\" data-end=\"7969\"><span style=\"color: #000000;\">Governance: duty of care is provable<\/span><\/p>\n<\/li>\n<li data-start=\"7970\" data-end=\"8009\">\n<p data-start=\"7972\" data-end=\"8009\"><span style=\"color: #000000;\">Insurance: claims are substantiated<\/span><\/p>\n<\/li>\n<li data-start=\"8010\" data-end=\"8047\">\n<p data-start=\"8012\" data-end=\"8047\"><span style=\"color: #000000;\">Legal: evidence survives scrutiny<\/span><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"8049\" data-end=\"8170\"><span style=\"color: #000000;\">In an era of rising cyber premiums and stricter underwriting, demonstrable control is not a luxury. It is a prerequisite.<\/span><\/p>\n<p data-start=\"8172\" data-end=\"8404\"><span style=\"color: #000000;\">The aviation industry learned that safety begins with recording.<\/span><br data-start=\"8236\" data-end=\"8239\" \/><span style=\"color: #000000;\">The financial sector learned that integrity must be protected from manipulation.<\/span><br data-start=\"8319\" data-end=\"8322\" \/><span style=\"color: #000000;\">The digital economy is now learning that insurability begins with immutable proof.<\/span><\/p>\n<p data-start=\"8406\" data-end=\"8528\"><span style=\"color: #000000;\">If tonight not only your data\u2014but your digital memory\u2014is held hostage, can you still independently demonstrate compliance?<\/span><\/p>\n<p data-start=\"8530\" data-end=\"8587\"><span style=\"color: #000000;\">Or will you discover that you are unexpectedly uninsured?<\/span><\/p>\n<p data-start=\"8589\" data-end=\"8726\" data-is-last-node=\"\" data-is-only-node=\"\">\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n","protected":false},"excerpt":{"rendered":"<p>In an era of rising cyber premiums and stricter underwriting, demonstrable control is not a luxury. It is a prerequisite.<\/p>\n<p>The aviation industry learned that safety begins with recording.<br \/>\nThe financial sector learned that integrity must be protected from manipulation.<br \/>\nThe digital economy is now learning that insurability begins with immutable proof.<\/p>\n<p>If tonight not only your data\u2014but your digital memory\u2014is held hostage, can you still independently demonstrate compliance?<\/p>\n<p>Or will you discover that you are unexpectedly uninsured?<\/p>\n","protected":false},"author":3,"featured_media":86835,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[275,280,338,520,521,232,70,75,78,80],"tags":[84,188,339,508,517,714,742,974,975],"class_list":["post-86831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-architectuur","category-blockchain","category-cybersecurity","category-digitale-soevereiniteit","category-european-tech","category-digicorp-labs","category-data-ownership","category-innovation","category-storage","category-trusted-it","tag-compliance","tag-blockchain","tag-cybersecurity","tag-datagovernance","tag-digitalsovereignty","tag-riskmanagement","tag-infosec","tag-cyberinsurance","tag-audittrail"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/hanstimmerman.me\/wp-content\/uploads\/2026\/02\/pexels-vlad-deep-29415806-10341357-scaled-e1772081002569.jpg?fit=1698%2C1220&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/posts\/86831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/comments?post=86831"}],"version-history":[{"count":13,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/posts\/86831\/revisions"}],"predecessor-version":[{"id":86849,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/posts\/86831\/revisions\/86849"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/media\/86835"}],"wp:attachment":[{"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/media?parent=86831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/categories?post=86831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hanstimmerman.me\/nl_nl\/wp-json\/wp\/v2\/tags?post=86831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}