Accessible government desk for cyber security advice

Resilience against cybercrime, digital espionage or sabotage via digital means begins with individual organisations. With heightened and increasingly complex cyber threats from home and abroad, private or public organisations and companies must also receive appropriate support from the government in this effort. Therefore, the government has decided to merge the existing cybersecurity central government organisations into a single central, visible and effective national cybersecurity organisation. This organisation will include the National Cyber Security Centre (NCSC) within of the Ministry of Justice and Security (JenV) as well as the Digital Trust Centre (DTC) and the Computer Security Incident Response Team for Digital Service Providers (CSIRT-DSP), both within the Ministry of Economic Affairs and Climate Policy (EZK).

Minister Yesilgoz-Zegerius (JenV):

"Cybercriminals and enemy states are becoming increasingly cunning and effective in the digital theft of money and information or the sabotage of organisations and processes vital to our society. We therefore need to pool our knowledge and skills to ensure that we stay one step ahead of these malicious parties. The revamped organisation will be founded upon the strengths of the current organisations. This will enable the new organisation to provide all organisations in the Netherlands, large or small, public or private, vital or non-vital, with relevant information and knowledge and provide assistance in the event of incidents. I am therefore pleased that the organisations are already collaborating to the greatest extent possible so that we are better equipped to defend against cyber attacks."

Minister Adriaansens (EZK):

"The importance of digital resilience for our society and economy is steadily increasing. If the internet is down due to a cyber-attack, for example, that leaves shops empty or even halts industrial production. Digital devices and systems offer economic opportunities and consumer convenience, but also make us vulnerable. We are therefore increasing the legal cyber requirements on devices and services themselves. On the other hand, we are investing in knowledge sharing and expertise in large-scale incidents. This operates most effectively with a single government desk where organisations and businesses can receive support."

Accessible government desk

After integration, all organisations in the Netherlands will be able to turn to a single central desk for cybersecurity advice and assistance in digital incidents, while the new cybersecurity organisation can also respond quickly and adequately to intelligence on threats and incidents at national and sectoral level. The first significant steps have been taken. Organisations are already working together to the greatest extent possible. This includes jointly organising the process of alerting victims and targets of a cyber-attack and providing action perspectives to all organisations in the Netherlands, enabling them to better defend themselves against attackers.

The minister of JenV will have ownership of the revamped organisation. The Ministry of JenV and EZK will jointly assume responsibility as commissioning authority.

The transition will take place in two phases so that upcoming legislation and ongoing processes from the Netherlands Cybersecurity Strategy (NLCS) are taken into account wherever possible.

In this first phase leading up to 1 October 2024, the organisations have already been working together wherever possible. This includes alerting parties regarding concrete cyber threats and vulnerabilities as well as jointly providing action perspectives to all organisations in the Netherlands, enabling them to better defend themselves against attacks.

In the second phase up to 1 January 2026, tasks and processes will be integrated and optimised. The implementation of the Security and Information Systems Act (Wbni), including the European Network and Information Security (NIS2) Directive, sectoral legislation within which CSIRT tasks are performed and the Act on Promoting Digital Resilience for Businesses (Wbdwb), pending approval by the Lower House of Parliament, will also be implemented. Following the first phase, the current organisations no longer pursue their own independent trajectories and will continue to exist only in a formal sense in their current form.