Luxembourg’s digital achievements are significant, but no nation is immune to cybersecurity threats. Widely regarded as a thriving digital hub, the Grand Duchy faces a series of silent and lesser-known threats in an increasingly complex cybersecurity landscape.
While digital connectivity enables innovation and growth, it also exposes individuals, businesses, and institutions to a rising tide of risks. Understanding how cybercrime manifests – particularly through the dark web – is the first step towards meaningful resilience.
In our new series Dark Web Diaries, we will explore specific cases uncovered by INCERT, an organisation launched by the Ministry of the Economy in 2012 that has since been working diligently behind the scenes to monitor, protect, and strengthen Luxembourg’s digital infrastructure. Future articles will delve deeper into cybercriminal methods and some of the real-life cases tracked right here in the Grand Duchy.
“Technology alone won’t win this war. We need to collaborate, to educate, and to act”, underlines Benoît Poletti, INCERT’s CEO and member of INTERPOL’s Global Cybercrime Group, in conversation with RTL Today.
Initially tasked with safeguarding cryptographic security and instilling trust in electronic identity systems, including identity management of Luxembourgish passports, the organisation has since evolved to meet a broader cybersecurity mandate. Today, INCERT serves as a technical authority overseeing secure identity and travel document systems, while also functioning as a cyber threat intelligence centre.
It thereby plays a key role in identifying and mitigating risks to Luxembourg’s digital ecosystem. “We began with a focus on identity and trust technologies. But as threats evolved, so too did our mission”, Poletti explains.
INCERT’s core functions now include cryptographic infrastructure management, in other words ensuring the secure issuance and validation of identity and travel documents. It manages sensitive systems that authenticate citizens both at physical borders and in online environments.
By adopting a proactive posture, INCERT also monitors a range of online environments – including non-indexed or hidden segments of the internet – in search of emerging threats. Where necessary, incidents are reported to relevant authorities.
As a recognised certification authority, INCERT further assists public and private bodies in adopting recognised cybersecurity standards, with particular emphasis on encryption, digital identity, and data integrity.
And through outreach campaigns and media collaboration, INCERT seeks to promote greater public understanding of cybersecurity, supporting a nationwide culture of digital responsibility.
Cybersecurity is now a core societal challenge. As cyber threats become more sophisticated, coordinated efforts are required to defend digital infrastructure and ensure public trust.
INCERT is therefore advocating for a more centralised national cybersecurity authority. Such an entity would streamline incident response and coordination between government and industry stakeholders.
“We’ve built a strong ecosystem. But to achieve long-term resilience, we need structured leadership. Fragmentation is no longer an option”, says Poletti.
Thanks to organisations such as INCERT, Luxembourg is taking proactive steps – not only to secure its systems, but to inform and empower its citizens.
Upcoming installments in this series will delve deeper into the various kinds of cyber attacks that INCERT encounters, including the curious case of a hacked toothbrush.
