Cabinet presents new cybersecurity strategy

On behalf of the cabinet, minister Yeşilgöz-Zegerius (Justice and Security, and coordinating minister for cybersecurity), together with minister Adriaansens (Economic Affairs and Climate Policy) and state secretary Van Huffelen (Kingdom Relations and Digitalisation) will today be presenting the Netherlands’ new National Cybersecurity Strategy 2022-2028. The strategy includes an action plan setting out concrete steps for improving the digital security of the Netherlands.

Minister Yeşilgöz-Zegerius:

“As the National Coordinator for Security and Counterterrorism has found, there’s been a sharp increase in the severity of digital threats directed at our interests by criminals and enemy states. We therefore need to act now to improve our digital resilience, strengthen the system and tackle the threat. This is necessary to ensure that the Netherlands is capable of capitalising on the economic and social opportunities of digitalisation in a secure way while simultaneously protecting our national security and public values. The Netherlands is one of the most digitalised countries in the world. We work digitally, shop digitally, and socialise digitally. Digital systems are the ‘central nervous system’ of our society. That’s why we need to protect those systems and ensure that we are prepared for any possible incidents.”

Minister Adriaansens:

“Digital resilience is genuinely important, and it’s an issue that affects us all. For instance, a cyber attack can mean the internet goes down, leading to empty shelves in shops, or even industrial production grinding to a halt. We’re in an era where we need the government to actively contribute to our digital clout. Secure digital devices and systems are of course essential in their own right, but are also a driver of economic opportunity for businesses and a convenience for consumers.”

State secretary Van Huffelen:

“Security and reliability are absolutely essential in the digital world, just as they are in the physical world. Robust legislation, regulations and supervision can help us make the digital world a safer place. The government as a whole needs to take the lead on this, and to collaborate as part of a network of public and private partners.”

Strategy

Digital security still lags far behind the security of the physical world. When you buy a car, you know it has had to comply with all sorts of safety and quality standards. And as a buyer, you know exactly what’s expected of you in order to be able to safely drive that car: a driving licence, no alcohol, and an annual MOT test. The same should become common practice for digital security. In the National Cybersecurity Strategy, the cabinet sets out a vision of digital society and the role of the government, businesses and citizens. There’s also an action plan setting out concrete steps for a secure digital society. To achieve that vision, objectives have been formulated under four pillars. The first is about increasing the digital resilience of the government, businesses and civil society organisations. The second is about the provision of secure and innovative digital products and services in our country. The third is about combating digital threats from criminals and nation states. And finally, the fourth pillar is about having enough cybersecurity specialists, education on digital security, and the digital resilience of citizens.

The digital security system as a whole is being strengthened to enable us to achieve these objectives. For instance, the National Cybersecurity Centre, Digital Trust Center and the Cyber Security Incident Response Team for Digital Service Providers are being merged into a single national cybersecurity authority. Clear, verifiable legislation and regulations will also be brought in, putting a stop to the reliance on voluntary guidelines. Standards for the security of hardware and software will be set at the European level. We will also need to improve our awareness of threats themselves, because only then can we make ourselves more resilient to them.

Collaboration

The strategy is the outcome of broad engagement among a multitude of public, private and civil society organisations, particularly the Cyber Security Council, and it builds on previous cybersecurity strategies delivered by the cabinet in 2011, 2013 and 2018. All ministries are working together to adopt and implement the strategy, with the support of public and private partners.