Structural improvement in digital resilience
The digital resilience of the Netherlands is at risk of being outpaced by the ever-increasing digital threat. Moreover, the Netherlands is increasingly dependent on digital processes. The Cybersecurity Assessment Netherlands 2019 (CSBN 2019) published by the National Coordinator for Security and Counterterrorism (NCTV), recent annual reports of the intelligence services and other investigation reports paint a disturbing picture that calls for action. Ferdinand Grapperhaus, the Minister of Justice and Security, is therefore intensifying the cybersecurity approach and taking supplementary measures to boost resilience.
'The public interest in cybersecurity is so significant for both government and business that it necessitates structural supervision of the resilience of vital organisations. In the interests of national security, we must go the extra mile to protect the Netherlands against countries or cybercriminals', according to Grapperhaus.
Awareness and supervision
Our vital public utilities, such as water, gas and electricity, require a high level of resilience against digital threats. Under the direction of the NCTV, the Dutch ministries will review which critical components require protection and will examine whether organisations are sufficiently aware of vulnerabilities. The supervisory authorities must be able to assess whether the vital processes are sufficiently resilient to current threats. To help build supervision, security objectives will be defined on the basis of the latest threat assessment.
Regular exercises and tests, and intervention where necessary
Given the intractability of cybersecurity, risks can never be eliminated entirely. To this end, a broad exercise and test programme will be initiated so organisations can thoroughly prepare for incidents and obtain a clearer picture of the state of resilience. Together with the line ministries, efforts to strengthen the resilience of organisations will be monitored. If these efforts are inadequate, this fact will be reported to the line minister or supervisory authority and measures may be imposed pursuant to the new Dutch Cybersecurity Act (Cybersecuritywet).
The supplementary measures proposed are additional to the approach launched by the government last year in the Dutch Cyber Security Agenda (NCSA) and the structural, additional investment of 95 million euros for cybersecurity in the Coalition Agreement. These funds were used to recruit a considerable number of additional cybersecurity specialists for the National Cyber Security Centre (NCSC), the Ministry of Defence as well as the investigative, intelligence and security services, for example. As a result of this approach, the nature and extent of the threat will become increasingly clear.