The European Network and Information Security Agency (ENISA) analysed the case ‘Operation Black Tulip’ where false certificates were created following a successful cyber-attack against Diginotar, the Dutch Certificate Authority. In its analysis, ENISA identifies the major issues and suggests remedies.
The main issues identified are that Diginotar did not immediately report the cyber-attack to customers or government authorities, and that basic security measures were not taken. Additionally, there exist weaknesses in the design of HTTPS. Incident management is crucial in information security and organizations should pro-actively detect and investigate incidents and quickly inform the relevant parties. The agency also points out that existing certifications and audit schemes may need to be revised considering that Diginotar was audited yearly against the ETSI standards for CAs.
Read the full analysis report here: