The new administration must do more to make the Netherlands more digitally secure. The current cybersecurity efforts and investments are not enough to deal with the growing digital threats from state actors and cyber criminals. This poses a danger to our country's national security and puts increasing pressure on our freedom, democracy and prosperity. So writes the Cyber Security Council (CSR) in a letter to the informateur (1).
The digital threat to the Netherlands is unprecedented and unabated. The National Coordinator for Counterterrorism and Security (NCTV) warned of this in the report Cybersecurity Assessment of the Netherlands 2023 (NCSB)(2). Although the piece dates from July 2023, its contents are still current and relevant, according to the Cyber Security Council.
Thus, foreign powers are increasingly relying on cyber attacks to achieve their geopolitical goals. Cybercriminals are discovering that they can make a lot of money by exploiting vulnerabilities. And new technologies such as algorithms and generative AI create opportunities for our society, such as automated security, but they also bring risks.
Thus, digital attacks become possible on an even larger scale and phishing campaigns become increasingly realistic and promising. Michiel Steltman, director of the Digital Infrastructure Netherlands Foundation, therefore called artificial intelligence "a golden asset" (3) for hackers and cybercriminals.
Therefore, the Cyber Security Council believes that the new administration should invest more money to implement the Dutch Cyber Security Strategy (NLCS). For next year, an estimated 200 million euros is needed for this purpose. In 2028 and beyond, the government must set aside a sum of 550 million euros.
"Our country is one of the most digitized countries and therefore extra vulnerable. This applies to the entire digital infrastructure, from the process industry, water defenses, the energy sector and hospitals, to small and medium-sized enterprises. The tense geopolitical situation brings with it real digital threats and meanwhile cybercrime is also on the rise," says Theo Henrar, co-chairman of the council and chairman of entrepreneurial organization FME. He therefore advocates a central direction from the government to keep the Netherlands digitally safe.
CSR board member Lokke Moerel concurs with his colleague. "For companies, cybersecurity is now in the top three business risks. The new administration must also make an unequivocal commitment to more digital security." In his view, the costs involved are inevitable. He predicts that the price of under-investing in cybersecurity will ultimately be many times higher.
In its letter to the informateur, the Cyber Security Council emphasizes that many good steps have also been taken in recent years to improve our country's digital security. As an example, she cites the advent of new European regulations, including the NIS2 directive.
"NIS2 requires a greater number of companies to have their digital security in order and report incidents, including heightened oversight and administrative accountability. The EU is also going to impose strict requirements on the digital security of products and services from all EU member states." Outgoing Minister of Justice and Security Dilan Yeşilgöz-Zegerius recently reported to the House of Representatives that due to the complexity of the legislation, the implementation deadline of the NIS2 directive is not going to be met (4).
Moerel warns that more cyber risk management measures must be taken in the short term. "This requires a greater number of companies to have their digital security in order and report incidents, including heightened oversight and managerial responsibility. The EU is also going to impose strict requirements on the digital security of products and services from all EU member states." Moerel is referring to the Cyber Resilience Act (5). That requires manufacturers of smart devices, among other things, to provide at least five years of support for their products in the form of software and security updates.
Finally, the Cyber Security Council calls on the PVV, VVD, NSC and BBB to look critically at risks in the digital infrastructure, such as in the use of cloud technology. "To this end, the Netherlands must build its own technical capacity and strengthen its knowledge position in the field of cybersecurity," the Council stated.
(1) https://www.cybersecurityraad.nl/documenten/brieven/2024/02/05/brief-aan-de-informateur
(2) https://www.vpngids.nl/nieuws/nctv-verwacht-het-onverwachte/
(3) https://www.vpngids.nl/nieuws/kunstmatige-intelligentie-is-gouden-troef-voor-hackers/
(4) https://www.vpngids.nl/nieuws/nederland-gaat-deadline-voor-implementatie-nis2-en-cer-richtlijn-niet-halen/
(5) https://www.vpngids.nl/nieuws/europese-commissie-wil-iot-apparaten-met-slechte-beveiliging-weren/
