Collaboration between government and business strengthened in new cyber security strategy

The Minister of Security and Justice Ivo Opstelten today unveiled the government’s second National Cyber Security Strategy in a letter to the House of Representatives. Under the new strategy the public and private sectors will work together more closely to boost resilience to IT breakdowns and cyber attacks.

The Strategy provides for additional necessary enhancement of the cyber architecture. With structures like the National Cyber Security Centre (NCSC) now in place, networks and strategic coalitions must be further expanded. Together with its partners, the Netherlands is committed to a safe and secure digital domain, where we can seize opportunities for digitisation, tackle threats and protect fundamental rights. We will seek the right balance between security, freedom and social growth, with the aim of making the Netherlands a world leader in the field of cyber security.

Private sector partners have an important duty. Whereas the first strategy was premised on public-private partnership, the new strategy emphasises private-public participation. Around 150 parties were involved in developing the strategy: public and private parties, knowledge institutions and civil society organisations. Advice on the aims of the new strategy was also provided by the Cyber Security Council, which is composed of representatives of public and private parties and academia.

Cyberspace includes many different actors who are becoming increasingly interconnected and interdependent. To foster security in cyberspace, members of the public, businesses, organisations and government authorities must actively take part, on the basis of a clear division of responsibilities. The governing principle is that responsibilities that apply in the physical domain also apply in the digital domain.

To foster this more mature approach to dealing with cybersecurity (moving from awareness to capability), the government must be allowed to take charge whenever necessary, establishing rules and standards (e.g. for critical infrastructure). Consumers should be expected to possess certain skills and exhibit good judgment when using IT, such as being careful with personal data, installing necessary software updates and devising strong passwords. IT providers and manufacturers also bear certain responsibilities. In the future, security and privacy ‘by design’ need to become industry standards. With IT services becoming ever more complicated, the public can no longer be expected to fathom all their complexities and assess them on the basis of security and privacy considerations.

To put this ambition in a strategic framework, the government is seeking to enhance its own cyber security capabilities. The NCSC, already a computer emergency response team, is now being transformed into an operations centre for all collaborating parties. This transformation is meant to bring about better risk analysis, tighter security and freer sharing of crucial information. Usefully, the new strategy refrains from using the term ‘vital sectors’, but rather aims to actually explore which IT-dependent systems, services and processes are vital. That provides a clearer overview, so the authorities can focus on what is genuinely important. Through the Taskforce on Cyber Security Education and the Netherlands Organisation for Scientific Research, investment will also be made in education and research in the field of cyber security. Furthermore, the government will take a more active role in this area wherever possible and necessary.

The new strategy is necessitated by rapid developments in cyber security, which is also a fast-growing policy area internationally. Over the past few years cyber security has expanded to include a number of additional dimensions, such as ensuring an open and free internet and reaping economic benefits. In other words, cyber security is no longer just a response to a threat but also a gateway to fresh opportunities. Cyberspace is a part of Dutch society, and it has made a major contribution to the growth of productivity and innovation. The Netherlands has invested a great deal in capitalising on technological trends and the effective use of IT skills and resources. Thanks in part to this effort, the Netherlands is now an international internet hub, with the most competitive internet market and one of the highest densities of internet users in the world. Ensuring the security of cyberspace is a prerequisite for taking full advantage of the opportunities that digitisation offers our society.