According to our administration, your organization provides ICT services to RVO (Netherlands Enterprise Agency).
As you may know, a serious vulnerability has been found in the Apache Log4j application and it has been advised to address this vulnerability as soon as possible. This vulnerability allows unauthorized parties to add arbitrary codes to the application, thus giving access to webservers or connected systems and potentially giving full control to the alleged attacker. The National Cyber Security Center (NCSC) has drawn up an action perspective for this purpose, which is regularly adjusted to the latest developments. See the (dutch) link for additional information: NCSC handelingsperspectief.
RVO is currently investigating the possible impact of this incident on our systems, services and data. As your organization provides ICT services to RVO and/or services where personal data is used on behalf of RVO, we would like to ask you the following questions:
Could you indicate whether this incident could have an impact on the services that your organization provides to RVO and, if so, what measures will be taken?
In case your organization decides to temporarily stop providing services to RVO or takes other measures that can be relevant for the services to RVO, please inform us as soon as possible, by way of your RVO contact person and to email@example.com.
Should you have any questions, please feel free to contact us.
Peter van der Woude
Deputy director Finance, Information Management and Facility Services/CSO RVO
(Attachment RVO inquiries Apache Log4J.pdf is missing)