In the latest Studio HCSS explainer Cyber expert Arthur Laudrian breaks down the Dutch National Cyber Security Strategy.
After extensive consultations across government and with industry and civil society, the Dutch government has released its new National Cyber Security Strategy.
In 2017, the Netherlands launched its first international cyber security strategy, establishing a permanent team of cyber diplomats. But while diplomatic efforts in the EU and abroad are tremendously important, cyber security at home is also a priority for the Netherlands, a country with highly digitised infrastructures and a dynamic digital economy.
The new strategy relies on four pillars: First, a focus on societal resilience, an important mindset that brings to the table not only the government, but also the private sector, and civil society. The second pillar seeks to foster safe digital products and services, in close relation to new EU directives. The third pillar addresses digital threats. Countering malicious cyber actors requires better threat intelligence sharing across government agencies but also with industry, and an effective whole-of-government response, beyond security services. Last but not least, the fourth pillar addresses shortages of cybersecurity professionals in the labour market and citizens’ cyber risk awareness, serious topics that need to be raised young and early.
Concrete measures include the merging of several overlapping organisations into a single National Cybersecurity Incident Response Team, or CSIRT, which is long overdue. Other highlights are the extension of the government’s procurement requirements, which will be made available for companies to use for their own activities. The Public Prosecution Service will also be able to fast-track its judicial response to major incidents. And the primary and secondary school curriculum will be revised to include digital skills development and safety training.
Although this new strategy is ambitious and well designed, the real challenge will lie in its delivery, alongside the implementation of major European directives such as NIS2, the Digital Market and Service Acts, and the Digital Operational Resilience Act.
