Resilience against cybercrime, digital espionage or sabotage by digital means, starts with individual organizations. Due to increased and increasingly complex cyber threats from home and abroad, private or public organizations and companies must also receive appropriate support from the government in doing so. Therefore, the cabinet has decided to merge the existing cybersecurity national government organizations into one central, visible and effective national cybersecurity organization. This organization will include the National Cyber Security Center (NCSC) of the Ministry of Justice and Security (JenV), the Digital Trust Center (DTC) and the Computer Security Incident Response Team for digital service providers (CSIRT-DSP), both of the Ministry of Economic Affairs and Climate Change (EZK).
Minister Yeşilgöz-Zegerius: "Cybercriminals and hostile states are becoming smarter and more effective in digitally stealing money and information or sabotaging organizations and processes important to our society. Therefore, we must pool our knowledge and expertise to ensure that we stay one step ahead of these malefactors. The renewed organization will be founded on the strengths of the current organizations. This will enable the new organization to provide all organizations in the Netherlands, large or small, public or private, vital or non-vital, with appropriate information and knowledge and to offer assistance in the event of incidents. I am therefore pleased that the organizations are already working together as much as possible so that even now we can better defend ourselves against cyber attacks."
Minister Micky Adriaansens (Economic Affairs and Climate): "The importance of digital resilience for our society and economy is ever increasing. For example, if the Internet fails due to a cyberattack, as a result stores are empty or even industrial production fails. Digital devices and systems offer economic opportunities and consumer convenience, but also make us vulnerable. We are therefore increasing the legal cyber requirements for devices and services themselves. But also invest in knowledge sharing and expertise in large-scale incidents. That works best with a single government desk where organizations and businesses can get support."
After the integration, all organizations in the Netherlands will be able to turn to one recognizable counter for cybersecurity advice, assistance with digital incidents, and the new cybersecurity organization will be able to respond quickly and adequately to information about threats and incidents at the national and sectoral level. The first important steps have been taken. The organizations are already working together as much as possible. For example, by jointly organizing the warning of victims and targets of a cyberattack and providing action perspectives to all organizations in the Netherlands so that they can better defend themselves against attackers.
The Minister of JenV will be the owner of the revamped organization. The Ministry of JenV and EZK together fulfill the role of client.
The transition is taking place in two phases so that upcoming legislation and ongoing trajectories from the Netherlands Cybersecurity Strategy (NLCS) are taken into account as much as possible.
In the first phase until October 1, 2024, the organizations are already working together as much as possible. For example in warning about concrete cyber threats and vulnerabilities and by jointly providing action perspectives to all organizations in the Netherlands so that they can better defend themselves against attackers.
In the second phase until January 1, 2026, tasks and processes will be integrated and optimized. In any case, it must also be possible to implement the Security and Information Systems Act (Wbni), including the European Network and Information Security (NIS2) directive, sectoral legislation within which CSIRT tasks are carried out, and the Promoting Digital Resilience for Businesses Act (Wbdwb), which is currently in the Lower House. After the first phase, the current organizations no longer pursue their own independent course and exist only in a formal sense in their current form.
