Anibal Trejo - Fotolia

Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure

The Netherlands is one of the most digitised countries in the world. Dutch people work, live, shop and meet ever more digitally, making digital systems the beating heart of society. This offers many opportunities, but also risks as security in the digital world falls behind that in the physical world.  

Now the Netherlands government has drawn up a new national cyber security strategy that aims to provide digital protection in Dutch society. Cyber threats are ever-present and increasing, with criminals and state actors threatening organisations of all types.

That is why the Dutch government is taking action to raise the country’s digital resilience, strengthen security systems and tackle threats. This is the only way to safely achieve the economic and societal benefits of digitisation while protecting the public, businesses and services.    

Most current digital systems were not designed with security as a guiding principle. End-users such as citizens, small businesses and larger organisations have been responsible for their own digital security for decades. But only some of these users are capable of fulfilling this responsibility. Some hardly know how to update a Wi-Fi router and struggle to secure their IT systems or comply with privacy laws.

Meanwhile, the cyber threats increase. And although digital security may be more mature in larger organisations, the security of their systems often boils down to the behaviour of their employees. Serious downtime is just one employee mouse click away.  

The Netherlands government is striving for a situation in which every player in the digital ecosystem contributes to the security and stability of the entire system. This requires a collective transformation as no single organisation can do this alone, not even the government. It needs to be a joint effort between the organisations building the country’s digital infrastructure, those managing it and those using it. Responsibility for security will be shifted from end-users to government and sectors.  

The new cyber security strategy describes a Dutch government vision in which citizens and businesses can fully benefit from the digital society without worrying about cyber risk. The strategy was drawn up with the broad involvement of public, private and societal organisations.  

To realise this vision, goals have been formulated under four “pillars”. The first pillar oversees the digital resilience of the government, businesses and civil society organisations. This involves reducing risk to an acceptable level through a collection of measures to prevent cyber incidents and, when cyber incidents have occurred, to detect them, mitigate damage and make recovery easier. 

To achieve this, the Netherlands’ digital security system is being strengthened. For example, the National Cyber Security Centre, the Digital Trust Centre and the Cyber Security Incident Response Team for Digital Service Providers will be merged into a single national cyber security authority. More visibility on threats is also needed, because this is the only way to increase resilience. 

The second pillar focuses on the providers and buyers of digital products and services and the enrichment of knowledge development and innovation. Heading towards a secure and innovative digital economy will contribute to the Netherlands’ digital security and earning capacity.

As of now, there has yet to be a comprehensive system of European legislation and regulation including standards for the security of digital products, processes and services. In the months ahead, the Netherlands will make the case in the European Union for a coherent system of European laws and regulations so that buyers and consumers can rely on demonstrably safer products and services. 

Also, Dutch digital security knowledge and skills need to be continuously strengthened to counter cyber threats both now and in the future. Constantly maintaining domestic knowledge levels reduces dependence on companies, people and technology from abroad and offers economic opportunities for Dutch businesses. 

The third pillar focuses on the national and international approach to malicious actors – increasing the visibility of the digital threat. The Dutch government has a special responsibility and the tools to address the digital threat. 

But this requires a better focus on these threats. It is not just about better observation of the actions of state and non-state actors in the digital space. Third countries’ political, diplomatic, military and economic behaviour also provides insight into their views and intentions regarding the use of the digital space to achieve geopolitical influence. To promote a shared understanding of the threat, the Dutch government will proactively share cyber intelligence more often, enabling others to increase their resilience. 

The fourth pillar of the strategy focuses on the people behind the technology and the digital resilience of citizens. Society has a vital role in developing digital skills, from basic knowledge and skills to high-level expertise and specialist cyber security skills. 

To offer citizens better protection from digital threats, it is essential to make Dutch people more ICT savvy and, through awareness campaigns, alert them to the actions they can take to be more digitally secure. It is vital to have low-threshold access to tailored information and advice in familiar places to enhance digital safety skills. 

Currently, digital skills are not part of education in the Netherlands. This needs to change. Not only should digital skills aimed at security be included in the national curriculum, but teachers should also become proficient in them. The Dutch government recognises the importance of giving schools appropriate support. 

Cyber security is an investment in the future, according to the Dutch government. The National Cyber Security Strategy 2022-2028 forms the basis for a future in which the misalignment between digital threat and digital resilience is, and remains, as small as possible.  

The government is therefore investing in strengthening and transforming the digital ecosystem, where one individual or organisation can no longer be the weakest link. Realising this ambition might take multiple government terms, and some elements may even become permanent goals.  

Read more on IT risk management